Control: tags -1 patch On Tue, Aug 14, 2012 at 10:29:37AM +0200, Alexander Wirt wrote: > On Tue, 14 Aug 2012, Arturo Borrero wrote: > > > > Triying to start conntrackd in daemon mode result on this: > > > > [Thu Aug 9 14:14:23 2012] (pid=3819) [notice] -- starting in daemon mode -- > > [Thu Aug 9 14:14:23 2012] (pid=3819) [ERROR] no dedicated links available! > > [Thu Aug 9 14:14:23 2012] (pid=3819) [ERROR] no dedicated links available! > > [Thu Aug 9 14:14:23 2012] (pid=3819) [ERROR] no dedicated links available! > > [Thu Aug 9 14:19:54 2012] (pid=3819) [notice] ---- shutdown received ---- > > > > I contacted netfilter list and they found a bug in libnfnetlink that > > strongly affects conntrackd.
> I'll backport > http://git.netfilter.org/cgi-bin/gitweb.cgi?p=libnfnetlink.git;a=commit;h=8b15e485c0d5f4a1e56b2148a34995ed1fa9e95b > > to libnfnetlink and do an upload as soon as I can. The patch applies cleanly to the current Debian package, proposed debdiff attached. > Also this bug does not affect everybody so > it is possible to argue if it is really grave, but I'll leave it now as it > is. I'm not a conntrackd user, nor am I affected by this bug when I try to reproduce it, so I can't really be sure if the bug is fixed, nor if this patch causes any regression. Arturo, can you at least confirm that the bug is fixed with the proposed patch? The fixed package is available online: http://people.debian.org/~taffit/libnfnetlink/libnfnetlink0_1.0.0-1.1_amd64.deb Regards David
diff -u libnfnetlink-1.0.0/debian/changelog libnfnetlink-1.0.0/debian/changelog
--- libnfnetlink-1.0.0/debian/changelog
+++ libnfnetlink-1.0.0/debian/changelog
@@ -1,3 +1,14 @@
+libnfnetlink (1.0.0-1.1) UNRELEASED; urgency=low
+
+ * Non-maintainer upload.
+ * iftable: fix incomplete list of interfaces via nlif_query. RTM_GETLINK
+ with NLM_F_DUMP returns a multi-part netlink message. The existing code
+ only handled the first message of it, thus, ignoring the remaining
+ interfaces. This causes a bug in conntrackd. Report 8b15e48 from upstream.
+ (Closes: #684863).
+
+ -- David Prévot <taf...@debian.org> Sat, 01 Dec 2012 21:29:54 -0400
+
libnfnetlink (1.0.0-1) unstable; urgency=low
[ Max Kellermann ]
only in patch2:
unchanged:
--- libnfnetlink-1.0.0.orig/src/iftable.c
+++ libnfnetlink-1.0.0/src/iftable.c
@@ -295,6 +295,16 @@
return -1;
}
+static int nlif_catch_multi(struct nlif_handle *h)
+{
+ assert(h != NULL);
+
+ if (h->rtnl_handle)
+ return rtnl_receive_multi(h->rtnl_handle);
+
+ return -1;
+}
+
/**
* nlif_query - request a dump of interfaces available in the system
* @h: pointer to a valid nlif_handler
@@ -306,7 +316,7 @@
if (rtnl_dump_type(h->rtnl_handle, RTM_GETLINK) < 0)
return -1;
- return nlif_catch(h);
+ return nlif_catch_multi(h);
}
/** Returns socket descriptor for the netlink socket
only in patch2:
unchanged:
--- libnfnetlink-1.0.0.orig/src/rtnl.c
+++ libnfnetlink-1.0.0/src/rtnl.c
@@ -193,6 +193,15 @@
return 1;
}
+int rtnl_receive_multi(struct rtnl_handle *rtnl_handle)
+{
+ while (1) {
+ if (rtnl_receive(rtnl_handle) <= 0)
+ break;
+ }
+ return 1;
+}
+
/* rtnl_open - constructor of rtnetlink module */
struct rtnl_handle *rtnl_open(void)
{
only in patch2:
unchanged:
--- libnfnetlink-1.0.0.orig/src/rtnl.h
+++ libnfnetlink-1.0.0/src/rtnl.h
@@ -32,5 +32,6 @@
struct rtnl_handle *rtnl_open(void);
void rtnl_close(struct rtnl_handle *rtnl_handle);
int rtnl_receive(struct rtnl_handle *rtnl_handle);
+int rtnl_receive_multi(struct rtnl_handle *rtnl_handle);
#endif
signature.asc
Description: Digital signature
