Re: ulogd.c:522 error during propagate_results

Eric Leblond <eric@xxxxxxxxx> · Thu, 28 Jul 2016 15:18:40 +0200

Hi,

On Wed, 2016-07-27 at 15:47 -0400, Saeed Abbassi wrote:
> Hello all
> 
> I thank you for the great package you provided for logging of
> iptables
> flow/policy.

Thanks :)

> #Issue
>  I'm getting a lot of "ulogd.c:522 error during propagate_results" in
> the /var/log/ulogd/ulogd.log file.
> Which sometimes breaks the ulogd logging functionality.
> 
> #Specs
>   In my lab, I'm using ulogd-2.0.4-3.el7.lux.1.x86_64 on CentOS 7,
> 4.6.3-1.el7.elrepo.x86_64.
> Mostly, it works, and logs the packets into
> /var/log/ulogd/ulogd_syslogemu.log file.
> The command to enable NFLOG in iptables
> sudo ip netns exec namespace1 iptables -A FORWARD -j NFLOG
> --nflog-group 1 --nflog-prefix namespace1
> 
> #Config
> Here's the configuration I'm using in
> /etc/netns/namespace1/ulogd.conf
> stack=log1:NFLOG,base1:BASE,ifi1:IFINDEX,ip2str1:IP2STR,mac2str1:HWHD
> R,print1:PRINTPKT,emu1:LOGEMU
> 
> [log1]
> group=1
> netlink_socket_buffer_size=1736704
> netlink_socket_buffer_maxsize=1085440
> netlink_qthreshold=10
> netlink_qtimeout=5
> 
> #Question
> Is there anything I'm missing, or is this a known bug?

That is looking a bit strange maybe there is something forwarded that
causes the error.

Is it possible for you to run it in debug ? For that set loglevel to 1
(line exist at start of ulogd.conf).

If nothing interesting comes out, it would be great if you have the
possibility to build a new version with the attached patch. And do the
same test.

BR,
-- 
Eric Leblond <eric@xxxxxxxxx>
From 7e9833c3c24b53ed5866218885e24ae9a9e726e8 Mon Sep 17 00:00:00 2001
From: Eric Leblond <eric@xxxxxxxxx>
Date: Thu, 28 Jul 2016 15:16:13 +0200
Subject: [PATCH] ulogd: print plugin causing propagation error

Signed-off-by: Eric Leblond <eric@xxxxxxxxx>
---
 src/ulogd.c | 4 +++-
 1 file changed, 3 insertions(+), 1 deletion(-)

diff --git a/src/ulogd.c b/src/ulogd.c
index 5b9a586..74f2e3a 100644
--- a/src/ulogd.c
+++ b/src/ulogd.c
@@ -616,7 +616,9 @@ void ulogd_propagate_results(struct ulogd_pluginstance *pi)
 		switch (ret) {
 		case ULOGD_IRET_ERR:
 			ulogd_log(ULOGD_NOTICE,
-				  "error during propagate_results\n");
+				  "error during propagate_results by plugin %s\n",
+				  cur->plugin->name
+				  );
 			/* fallthrough */
 		case ULOGD_IRET_STOP:
 			/* we shall abort further iteration of the stack */
-- 
2.8.1





