* libnetfilter_conntrack: ABI breakage error
@ 2021-05-21 17:55 Psyspy 22
2021-05-21 21:56 ` Pablo Neira Ayuso
0 siblings, 1 reply; 5+ messages in thread
From: Psyspy 22 @ 2021-05-21 17:55 UTC (permalink / raw)
To: netfilter
Hello,
I am trying to dump conntrack entries from my application. When I run
the binary, it throws the following error and exits:
# ./dump
ctnetlink kernel ABI is broken, contact your vendor.
../../source_subfolder/src/conntrack/parse_mnl.c:824 reason: Numerical
result out of range
I looked at the source code of the library, it seems to be this line:
case CTA_SYNPROXY_TSOFF:
if (mnl_attr_validate(attr, MNL_TYPE_U32) < 0)
abi_breakage();
break;
}
I am not sure why this issue occurs or how to fix it. I appreciate any help!
Kind Regards!
^ permalink raw reply [flat|nested] 5+ messages in thread
* Re: libnetfilter_conntrack: ABI breakage error
2021-05-21 17:55 libnetfilter_conntrack: ABI breakage error Psyspy 22
@ 2021-05-21 21:56 ` Pablo Neira Ayuso
2021-05-22 0:55 ` Psyspy 22
0 siblings, 1 reply; 5+ messages in thread
From: Pablo Neira Ayuso @ 2021-05-21 21:56 UTC (permalink / raw)
To: Psyspy 22; +Cc: netfilter
On Fri, May 21, 2021 at 11:55:11AM -0600, Psyspy 22 wrote:
> Hello,
>
> I am trying to dump conntrack entries from my application. When I run
> the binary, it throws the following error and exits:
>
> # ./dump
> ctnetlink kernel ABI is broken, contact your vendor.
> ../../source_subfolder/src/conntrack/parse_mnl.c:824 reason: Numerical
> result out of range
>
> I looked at the source code of the library, it seems to be this line:
>
> case CTA_SYNPROXY_TSOFF:
> if (mnl_attr_validate(attr, MNL_TYPE_U32) < 0)
> abi_breakage();
> break;
> }
>
> I am not sure why this issue occurs or how to fix it. I appreciate any help!
Strange. Could you provide more details regarding your setup?
Thanks.
^ permalink raw reply [flat|nested] 5+ messages in thread
* Re: libnetfilter_conntrack: ABI breakage error
2021-05-21 21:56 ` Pablo Neira Ayuso
@ 2021-05-22 0:55 ` Psyspy 22
2021-05-22 11:14 ` Florian Westphal
0 siblings, 1 reply; 5+ messages in thread
From: Psyspy 22 @ 2021-05-22 0:55 UTC (permalink / raw)
To: Pablo Neira Ayuso; +Cc: netfilter
Hello Pablo,
I cross compiled the application. Host/Build: Ubuntu 20,10, x86_64.
Target machine: aarch64, Linux kernel: 4.1. I am using other netfilter
libraries like libnetfilter_queue, libmnl. They work fine. Instead of
using the dump example from libnetfilter_conntrack, I can try using
the example from libmnl. The conntrack library uses nfct_nlmsg_parse()
(which causes the issue) whereas the libmnl parses the netlink message
by itself. I can try to avoid parsing the CTA_SYNPROXY_TSOFF
attribute.
Thanks!
On Fri, May 21, 2021 at 3:56 PM Pablo Neira Ayuso <pablo@netfilter.org> wrote:
>
> On Fri, May 21, 2021 at 11:55:11AM -0600, Psyspy 22 wrote:
> > Hello,
> >
> > I am trying to dump conntrack entries from my application. When I run
> > the binary, it throws the following error and exits:
> >
> > # ./dump
> > ctnetlink kernel ABI is broken, contact your vendor.
> > ../../source_subfolder/src/conntrack/parse_mnl.c:824 reason: Numerical
> > result out of range
> >
> > I looked at the source code of the library, it seems to be this line:
> >
> > case CTA_SYNPROXY_TSOFF:
> > if (mnl_attr_validate(attr, MNL_TYPE_U32) < 0)
> > abi_breakage();
> > break;
> > }
> >
> > I am not sure why this issue occurs or how to fix it. I appreciate any help!
>
> Strange. Could you provide more details regarding your setup?
>
> Thanks.
^ permalink raw reply [flat|nested] 5+ messages in thread
* Re: libnetfilter_conntrack: ABI breakage error
2021-05-22 0:55 ` Psyspy 22
@ 2021-05-22 11:14 ` Florian Westphal
2021-05-22 18:04 ` Psyspy 22
0 siblings, 1 reply; 5+ messages in thread
From: Florian Westphal @ 2021-05-22 11:14 UTC (permalink / raw)
To: Psyspy 22; +Cc: Pablo Neira Ayuso, netfilter
Psyspy 22 <psyspy2020@gmail.com> wrote:
> Hello Pablo,
>
> I cross compiled the application. Host/Build: Ubuntu 20,10, x86_64.
> Target machine: aarch64, Linux kernel: 4.1.
4.1? There is no synproxy support in that version.
Are you passing unitialised garbage data to the library by mistake?
^ permalink raw reply [flat|nested] 5+ messages in thread
* Re: libnetfilter_conntrack: ABI breakage error
2021-05-22 11:14 ` Florian Westphal
@ 2021-05-22 18:04 ` Psyspy 22
0 siblings, 0 replies; 5+ messages in thread
From: Psyspy 22 @ 2021-05-22 18:04 UTC (permalink / raw)
To: Florian Westphal; +Cc: Pablo Neira Ayuso, netfilter
Hello Florian,
I found the issue. You are right, there is no synproxy in 4.1. Yet, it
still hits that switch case and tries to validate it as u32 type and
then fails. Good thing that the vendor distributes kernel sources in
their forum. They have modified ctattr_type and appended a new
attribute: CTA_MARK2_64. This clashes with CTA_SYNPROXY. Never
imagined something like this would ever happen.
I used the libmnl example and parsed the netlink message myself. It works.
Thank you! I was able to find the issue based on your clue. Have a
great weekend.
On Sat, May 22, 2021 at 5:14 AM Florian Westphal <fw@strlen.de> wrote:
>
> Psyspy 22 <psyspy2020@gmail.com> wrote:
> > Hello Pablo,
> >
> > I cross compiled the application. Host/Build: Ubuntu 20,10, x86_64.
> > Target machine: aarch64, Linux kernel: 4.1.
>
> 4.1? There is no synproxy support in that version.
>
> Are you passing unitialised garbage data to the library by mistake?
^ permalink raw reply [flat|nested] 5+ messages in thread
end of thread, other threads:[~2021-05-22 18:04 UTC | newest]
Thread overview: 5+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2021-05-21 17:55 libnetfilter_conntrack: ABI breakage error Psyspy 22
2021-05-21 21:56 ` Pablo Neira Ayuso
2021-05-22 0:55 ` Psyspy 22
2021-05-22 11:14 ` Florian Westphal
2021-05-22 18:04 ` Psyspy 22
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.