Public bug reported:
I created a very simple RPC helper configuration as described in
http://conntrack-tools.netfilter.org/manual.html
After starting conntrackd, the ct_helper.so causes a segmentation fault as soon
as a packet hits the -j CT target in iptables.
conntrackd crashes ungracefully with lock files preventing restart.
conntrackd config:
# Default debian config. Please, take a look at conntrackd.conf(5)
General {
HashSize 8192
HashLimit 65535
Syslog on
LockFile /var/lock/conntrackd.lock
UNIX {
Path /var/run/conntrackd.sock
Backlog 20
}
SocketBufferSize 262142
SocketBufferSizeMaxGrown 655355
# default debian service unit file is of Type=notify
Systemd on
}
Stats {
LogFile on
}
Helper {
Type rpc inet udp {
QueueNum 1
QueueLen 10240
Policy rpc {
ExpectMax 1
ExpectTimeout 300
}
}
Type rpc inet tcp {
QueueNum 2
QueueLen 10240
Policy rpc {
ExpectMax 1
ExpectTimeout 300
}
}
}
nfct list helper
{
.name = rpc,
.queuenum = 2,
.l3protonum = 2,
.l4protonum = 6,
.priv_data_len = 0,
.status = enabled,
};
{
.name = rpc,
.queuenum = 1,
.l3protonum = 2,
.l4protonum = 17,
.priv_data_len = 0,
.status = enabled,
};
iptables rule:
-A OUTPUT -d 10.0.0.0/24 -p udp -m udp --dport 111 -m comment --comment "Load
RPC user space helper for outgoing calls to RPC on other local machines (See
/etc/conntrackd/conntrackd.conf)" -j CT --helper rpc
-A OUTPUT -d 10.0.0.0/24 -p tcp -m tcp --dport 111 -m comment --comment "Load
RPC user space helper for outgoing calls to RPC on other local machines (See
/etc/conntrackd/conntrackd.conf)" -j CT --helper rpc
syslog:
Nov 16 15:06:54 mx systemd[1]: Started Conntrack Daemon.
Nov 16 15:06:54 mx conntrack-tools[17623]: netlink event socket buffer size has
been set to 262142 bytes
Nov 16 15:06:54 mx conntrack-tools[17623]: configuring helper `rpc' with
queuenum=2 and queuelen=10240
Nov 16 15:06:54 mx conntrack-tools[17623]: policy name=rpc expect_timeout=300
expect_max=1
Nov 16 15:06:54 mx conntrack-tools[17623]: helper `rpc' configured successfully
Nov 16 15:06:54 mx conntrack-tools[17623]: configuring helper `rpc' with
queuenum=1 and queuelen=10240
Nov 16 15:06:54 mx conntrack-tools[17623]: policy name=rpc expect_timeout=300
expect_max=1
Nov 16 15:06:54 mx conntrack-tools[17623]: helper `rpc' configured successfully
Nov 16 15:06:54 mx conntrack-tools[17623]: initialization completed
Nov 16 15:06:54 mx conntrack-tools[17623]: -- starting in console mode --
Nov 16 15:07:12 mx kernel: [73016.216826] conntrackd[17623]: segfault at 4 ip
00007f7a25091eab sp 00007ffee3341cb0 error 6 in
ct_helper_rpc.so[7f7a25091000+2000]
** Affects: conntrack-tools (Ubuntu)
Importance: Undecided
Status: New
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1803718
Title:
RPC helper segfault - Ubuntu 18.04LTS
To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/conntrack-tools/+bug/1803718/+subscriptions
--
ubuntu-bugs mailing list
[email protected]
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
