Re: problems with libnetfilter_conntrack / cntl_test

All of lore.kernel.org
 help / color / mirror / Atom feed

From: "Paweł Sikora" <pluto@agmk.net>
To: Pablo Neira <pablo@eurodev.net>
Cc: Netfilter Development Mailinglist <netfilter-devel@lists.netfilter.org>
Subject: Re: problems with libnetfilter_conntrack / cntl_test
Date: Thu, 17 Nov 2005 04:21:43 +0100	[thread overview]
Message-ID: <200511170421.43664.pluto@agmk.net> (raw)
In-Reply-To: <437BDF1B.1050107@eurodev.net>

Dnia czwartek, 17 listopada 2005 02:38, Pablo Neira napisał:
> Paweł Sikora wrote:
> > Dnia środa, 16 listopada 2005 16:44, napisałeś:
> >>Pawel Sikora wrote:
> >>>I have installed a 2.6.14.2 kernel + grsecurity-2.1.7-2.6.14.2-$latest,
> >>>libnfnetlink-0.0.13 and libnetfilter_conntrack-0.0.28.
> >>>
> >>>./ctnl_test fails:
> >>>
> >>>Test for libnetfilter_conntrack
> >>>
> >>>NFNETLINK answers: Invalid argument
> >>>TEST 1: create conntrack (-22)
> >>>TEST 2: dump conntrack table and reset (-22)
> >>>TEST 3: dump conntrack table (-22)
> >>>TEST 4: get conntrack (-22)
> >>>TEST 5: update conntrack (-22)
> >>>NFNETLINK answers: Invalid argument
> >>>TEST 6: delete conntrack (-22)
> >>>nfnl_open: bind(netlink): Operation not permitted
> >>>Can't open handler
> >>>Test failed with error -2. Errors=7
> >>>
> >>>Is this a grsec issue?
> >>
> >>Hard to say, my last contact with grsec was years ago. That output is
> >>kind of weird. Could you try reverting the grsec patch?
> >
> > currently I get the same error on 2.6.14.2 without grsec on root account.
> > first failure occurs at first call of nfnl_talk().
>
> There's nothing wrong in nfnl_talk. It is the kernel that is returning
> -EINVAL to userspace. (...)

sorry for the noise, /me is brainless :)
`modprobe ip_conntrack_netlink` solved problem.

-- 
The only thing necessary for the triumph of evil
  is for good men to do nothing.
                                           - Edmund Burke

next prev parent reply	other threads:[~2005-11-17  3:21 UTC|newest]

Thread overview: 6+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2005-11-16 13:39 problems with libnetfilter_conntrack / cntl_test Paweł Sikora
2005-11-16 15:44 ` Pablo Neira
2005-11-16 17:09   ` Paweł Sikora
2005-11-17  1:38     ` Pablo Neira
2005-11-17  3:21       ` Paweł Sikora [this message]
2005-11-17 12:49         ` Harald Welte

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=200511170421.43664.pluto@agmk.net \
    --to=pluto@agmk.net \
    --cc=netfilter-devel@lists.netfilter.org \
    --cc=pablo@eurodev.net \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link

Be sure your reply has a Subject: header at the top and a blank line before the message body.

This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.