On 13/08/12 20:01, Pablo Neira Ayuso wrote:
On Mon, Aug 13, 2012 at 12:35:21PM +0200, Jan Engelhardt wrote:On Monday 2012-08-13 11:46, Pablo Neira Ayuso wrote:Please, git pull again, run make check, run the test and send me the results.The problem is that nlif_receive is only called once by nlif_catch, and ignores RTM_F_MULTI, therefore missing most interfaces.Thanks Jan. That was indeed the problem. I have committed the fix for this issue: http://git.netfilter.org/cgi-bin/gitweb.cgi?p=libnfnetlink.git;a=commit;h=8b15e485c0d5f4a1e56b2148a34995ed1fa9e95b @Arturo: Please, install a fresh working copy of libnfnetlink and let me know if the problem persists. Before that, check that ./iftest bond1 displays valid device information.
Here is iftest with new git code: root@debian:~/git/libnfnetlink/utils# ./iftest bond0 index (12) is bond0 (RUNNING) (UP) root@debian:~/git/libnfnetlink/utils# ./iftest bond1 index (13) is bond1 (RUNNING) (UP) root@debian:~/git/libnfnetlink/utils# ./iftest eth8 index (10) is eth8 (RUNNING) (UP) root@debian:~/git/libnfnetlink/utils# ./iftest eth0 index (7) is eth0 (NOT RUNNING) (UP) root@debian:~/git/libnfnetlink/utils# ip link show bond012: bond0: <BROADCAST,MULTICAST,MASTER,UP,LOWER_UP> mtu 1500 qdisc noqueue state UP mode DEFAULT
link/ether xx:ff:30 brd ff:ff:ff:ff:ff:ff
root@debian:~/git/libnfnetlink/utils# ip link show bond1
13: bond1: <BROADCAST,MULTICAST,MASTER,UP,LOWER_UP> mtu 1500 qdisc
noqueue state UP mode DEFAULT
link/ether xx:f0:20 brd ff:ff:ff:ff:ff:ff
root@debian:~/git/libnfnetlink/utils# ip link show eth8
10: eth8: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast
state UP mode DEFAULT qlen 1000
link/ether xx:b8:f8 brd ff:ff:ff:ff:ff:ff
root@debian:~/git/libnfnetlink/utils# ip link show eth0
7: eth0: <NO-CARRIER,BROADCAST,MULTICAST,SLAVE,UP> mtu 1500 qdisc mq
master bond0 state DOWN mode DEFAULT qlen 1000
link/ether xx:ff:30 brd ff:ff:ff:ff:ff:ff
And using the new libnfnetlink:
root@debian:~/git/libnfnetlink# mv /usr/lib/libnfnetlink.so.0
/usr/lib/libnfnetlink.so.0.backup
root@debian:~/git/libnfnetlink# ln -s /usr/local/lib/libnfnetlink.so.0
/usr/lib/libnfnetlink.so.0
root@debian:~/git/libnfnetlink# tailf /var/log/conntrackd.log & [1] 13423 root@debian:~/git/libnfnetlink# conntrackd -d[Tue Aug 14 09:44:55 2012] (pid=13425) [notice] using user-space event filtering [Tue Aug 14 09:44:55 2012] (pid=13425) [notice] netlink event socket buffer size has been set to 262142 bytes
[Tue Aug 14 09:44:55 2012] (pid=13425) [notice] initialization completed[Tue Aug 14 09:44:55 2012] (pid=13428) [notice] -- starting in daemon mode --
root@debian:~/git/libnfnetlink# conntrackd -s
cache internal:
current active connections: 2
connections created: 2 failed: 0
connections updated: 0 failed: 0
connections destroyed: 0 failed: 0
cache external:
current active connections: 0
connections created: 0 failed: 0
connections updated: 0 failed: 0
connections destroyed: 0 failed: 0
traffic processed:
0 Bytes 0 Pckts
multicast traffic (active device=eth8):
1296 Bytes sent 0 Bytes recv
18 Pckts sent 0 Pckts recv
0 Error send 0 Error recv
message tracking:
0 Malformed msgs 0 Lost msgs
It seems fine. I will do more tests.
I will contact Debian, so they update the package and it's easy for us
to use the new version.
-- Arturo Borrero González Departamento de Seguridad Informática Centro Informático Científico de Andalucía (CICA) Avda. Reina Mercedes s/n - 41012 - Sevilla (Spain) Tfno.: +34 955 056 600 / FAX: +34 955 056 650 Consejería de Economía, Innovación, Ciencia y Empleo Junta de Andalucía
Attachment:
smime.p7s
Description: S/MIME Cryptographic Signature
