Hi! After updating my firewalls to Debiab Etch + conntrackd (R.I.P. ct_sync!) we saw conntrackd segfaulting on one of the machines. (I used backported packages from Debian unstable for conntrackd + the two libraries.) We're using ALARM base synchronization. This came out by hunting the bug: | root@fw1[~]$ gdb /usr/sbin/conntrackd | GNU gdb 6.4.90-debian | Copyright (C) 2006 Free Software Foundation, Inc. | GDB is free software, covered by the GNU General Public License, and you are | welcome to change it and/or distribute copies of it under certain conditions. | Type "show copying" to see the conditions. | There is absolutely no warranty for GDB. Type "show warranty" for details. | This GDB was configured as "i486-linux-gnu"...Using host libthread_db | library "/lib/tls/libthread_db.so.1". | | (gdb) run | Starting program: /usr/sbin/conntrackd | | Program received signal SIGSEGV, Segmentation fault. | 0x00000000 in ?? () | (gdb) bt | #0 0x00000000 in ?? () | #1 0xb7f21b89 in nfct_get_attr (ct=0x80f31a0, type=ATTR_MASTER_IPV4_SRC) at api.c:292 | #2 0xb7f21c04 in nfct_get_attr_u32 (ct=0x80f31a0, type=ATTR_MASTER_IPV4_SRC) at api.c:339 | #3 0x08050cdc in __build_u32 (ct=0xb7f2a6a0, pld=0x25, attr=5) at build.c:56 | #4 0x0805120e in build_netpld (ct=0x80f31a0, pld=0xbfa42254, query=0) at build.c:119 | #5 0x0804e9ad in mcast_send_sync (u=0x80be26c, ct=0x80f31a0, query=0) at sync-mode.c:346 | #6 0x0804caee in event_handler (type=NFCT_T_NEW, ct=0x80f31a0, data=0x0) at netlink.c:66 | #7 0xb7f21d2e in __callback (nlh=0xbfa43380, nfa=0xbfa432c0, data=0x807a9a8) at callback.c:33 | #8 0xb7f16d1b in nfnl_step (h=<value optimized out>, nlh=0xbfa43380) at libnfnetlink.c:1289 | #9 0xb7f16ef6 in nfnl_process (h=0x807a7f8, buf=0xbfa43380 "�, len=192) at libnfnetlink.c:1334 | #10 0xb7f18278 in nfnl_catch (h=0x807a7f8) at libnfnetlink.c:1487 | #11 0xb7f21153 in nfct_catch (h=0x807a940) at api.c:588 | #12 0x0804a71d in run () at run.c:195 | #13 0x0804a1bd in main (argc=1, argv=Cannot access memory at address 0x9 | ) at main.c:259 | (gdb) The program is running. Exit anyway? (y or n) y The problem seems to be that in libnetfilter-conntrack /src/conntrack/getter.c in line 225 get_attr get_attr_array[] has no entry for ATTR_MASTER_IPV4_SRC Maybe anybody who's in this magic can fix it :) Ciao & Thanks Max -- Follow the white penguin. -- To unsubscribe from this list: send the line "unsubscribe netfilter-devel" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html
