NFNETLINK answers: No such file or directory

NFNETLINK answers: No such file or directory

[Adelson O. Junior]

Hi netfiltel mail list,
it's my first time here.

My question is:
I'm trying to delete a entry in the conntrack and an Error is shown:

"NFNETLINK answers: No such file or directory"

I did a "small" search on the Internet, mail list and I saw that this
is a bug and is already fixed.
Can you tell if this is true, and if is, what the version of
libnfnetlink, libnetfilter_conntrack or
conntrack packets (and witch of them have a problem) that the bug is fixed?

Thanks.

Sorry for the Bad English.

-- 
[]'s

Re: NFNETLINK answers: No such file or directory

[Pablo Neira Ayuso]

Adelson O. Junior wrote:
> Hi netfiltel mail list,
> it's my first time here.
> 
> My question is:
> I'm trying to delete a entry in the conntrack and an Error is shown:
> 
> "NFNETLINK answers: No such file or directory"
> 
> I did a "small" search on the Internet, mail list and I saw that this
> is a bug and is already fixed.
> Can you tell if this is true, and if is, what the version of
> libnfnetlink, libnetfilter_conntrack or
> conntrack packets (and witch of them have a problem) that the bug is fixed?

Which version of the tools are you using? It seems to me that you're
using a pretty old one. Please see:

http://www.netfilter.org/news.html#2008-05-31

-- 
"Los honestos son inadaptados sociales" -- Les Luthiers

Re: NFNETLINK answers: No such file or directory

[Adelson O. Junior]

Hi, thanks for reply

I'm using the versions:

libnfnetlink-0.0.25-1
libnetfilter_conntrack-0.0.50-2
conntrack-1.0-0.1.beta2

We have an application Java based that uses this tools, and uses these versions.
I need to know which of this packets is causing the problem, and which
version is fixing it, before a apply new versions on the Java App.
There are any place thats show the problems fixed in each version?

Thanks again!

Adelson.

On Thu, Jun 19, 2008 at 8:09 AM, Pablo Neira Ayuso <pablo@netfilter.org> wrote:
> Adelson O. Junior wrote:
>> Hi netfiltel mail list,
>> it's my first time here.
>>
>> My question is:
>> I'm trying to delete a entry in the conntrack and an Error is shown:
>>
>> "NFNETLINK answers: No such file or directory"
>>
>> I did a "small" search on the Internet, mail list and I saw that this
>> is a bug and is already fixed.
>> Can you tell if this is true, and if is, what the version of
>> libnfnetlink, libnetfilter_conntrack or
>> conntrack packets (and witch of them have a problem) that the bug is fixed?
>
> Which version of the tools are you using? It seems to me that you're
> using a pretty old one. Please see:
>
> http://www.netfilter.org/news.html#2008-05-31
>
> --
> "Los honestos son inadaptados sociales" -- Les Luthiers
>



-- 
[]'s

Re: NFNETLINK answers: No such file or directory

[Pablo Neira Ayuso]

Adelson O. Junior wrote:
> Hi, thanks for reply
> 
> I'm using the versions:
> 
> libnfnetlink-0.0.25-1
> libnetfilter_conntrack-0.0.50-2
> conntrack-1.0-0.1.beta2
> 
> We have an application Java based that uses this tools, and uses these versions.
> I need to know which of this packets is causing the problem, and which
> version is fixing it, before a apply new versions on the Java App.
> There are any place thats show the problems fixed in each version?

Yes, you can look for the changes on Netfilter's git [1] and the
website. However, those versions are from the caveman era and the amount
of changes is cumbersome. I strongly recommend you to upgrade. Make sure
you use a Linux kernel version >= 2.6.18.

-- 
"Los honestos son inadaptados sociales" -- Les Luthiers

Re: NFNETLINK answers: No such file or directory

[Adelson O. Junior]

Hey Pablo, thanks.
Really, as you said, we use a very old version, but these versions was
approved with the app.
I tried to find any report of this problem in the netfilter's
bugzilla, without success.
We will test the most recent versions with our app, but I would just
to understand the bug, if really is a bug this problem, to know the
impact on the system.
I never used git before, but I will learn to try see the changes on
the releases.

[]'s

On Thu, Jun 19, 2008 at 11:03 AM, Pablo Neira Ayuso <pablo@netfilter.org> wrote:
>
> Adelson O. Junior wrote:
> > Hi, thanks for reply
> >
> > I'm using the versions:
> >
> > libnfnetlink-0.0.25-1
> > libnetfilter_conntrack-0.0.50-2
> > conntrack-1.0-0.1.beta2
> >
> > We have an application Java based that uses this tools, and uses these versions.
> > I need to know which of this packets is causing the problem, and which
> > version is fixing it, before a apply new versions on the Java App.
> > There are any place thats show the problems fixed in each version?
>
> Yes, you can look for the changes on Netfilter's git [1] and the
> website. However, those versions are from the caveman era and the amount
> of changes is cumbersome. I strongly recommend you to upgrade. Make sure
> you use a Linux kernel version >= 2.6.18.
>
> --
> "Los honestos son inadaptados sociales" -- Les Luthiers



--
[]'s

Re: NFNETLINK answers: No such file or directory

[Pablo Neira Ayuso]

Adelson O. Junior wrote:
> Hi netfiltel mail list,
> it's my first time here.
> 
> My question is:
> I'm trying to delete a entry in the conntrack and an Error is shown:
> 
> "NFNETLINK answers: No such file or directory"
> 
> I did a "small" search on the Internet, mail list and I saw that this
> is a bug and is already fixed.
> Can you tell if this is true, and if is, what the version of
> libnfnetlink, libnetfilter_conntrack or
> conntrack packets (and witch of them have a problem) that the bug is fixed?

Could you post the command line invocation of `conntrack' that you're
using? It seems to me that you're omitting some required values. Old
versions require source and destination IP plus port source and
destination to work, ie.

conntrack -D -s 140.x.x.90 -d 213.x.x.117 -p tcp --sport 34075 --dport 993

As said, probably you're omitting any of those parameters. Some old
versions of the tool do not perform strict checking on the input
parameters. Thus, leading to this sort of errors.

The current version (0.9.7) supports more flexible conntrack deletion, eg.

conntrack -D -d 213.x.x.117

This invocation destroys all entries that match that.

-- 
"Los honestos son inadaptados sociales" -- Les Luthiers

Re: NFNETLINK answers: No such file or directory

[Adelson O. Junior]

The command sounds like this:

/usr/sbin/conntrack -D --p udp --orig-src 202.x.x.47 --orig-port-src
14276 --orig-dst 202.x.x.155 --orig-port-dst 20000 --reply-src
202.x.x.89 --reply-port-src 28246 --reply-dst 202.x.x.155
--reply-port-dst 20002

but, I think that there's no bug. Simply there's no conntrack entry.

Error: NFNETLINK answers: No such file or directory
Error: Operation failed: such conntrack doesn't exist
No contrack entry where found on from->to way trying to->from

I think that don't came packets that match with the iptables rule and
conntrack was not created. And can't be deleted.
I will search for bug in the application.

Thanks Pablo.
Adelson


On Fri, Jun 20, 2008 at 8:43 AM, Pablo Neira Ayuso <pablo@netfilter.org> wrote:
> Adelson O. Junior wrote:
>> Hi netfiltel mail list,
>> it's my first time here.
>>
>> My question is:
>> I'm trying to delete a entry in the conntrack and an Error is shown:
>>
>> "NFNETLINK answers: No such file or directory"
>>
>> I did a "small" search on the Internet, mail list and I saw that this
>> is a bug and is already fixed.
>> Can you tell if this is true, and if is, what the version of
>> libnfnetlink, libnetfilter_conntrack or
>> conntrack packets (and witch of them have a problem) that the bug is fixed?
>
> Could you post the command line invocation of `conntrack' that you're
> using? It seems to me that you're omitting some required values. Old
> versions require source and destination IP plus port source and
> destination to work, ie.
>
> conntrack -D -s 140.x.x.90 -d 213.x.x.117 -p tcp --sport 34075 --dport 993
>
> As said, probably you're omitting any of those parameters. Some old
> versions of the tool do not perform strict checking on the input
> parameters. Thus, leading to this sort of errors.
>
> The current version (0.9.7) supports more flexible conntrack deletion, eg.
>
> conntrack -D -d 213.x.x.117
>
> This invocation destroys all entries that match that.
>
> --
> "Los honestos son inadaptados sociales" -- Les Luthiers
>



-- 
[]'s