From: Arturo Borrero <aborrero@cica.es>
To: Pablo Neira Ayuso <pablo@netfilter.org>
Cc: netfilter@vger.kernel.org
Subject: Re: Conntrackd issue with bonding
Date: Fri, 10 Aug 2012 12:02:54 +0200 [thread overview]
Message-ID: <5024DC4E.1080201@cica.es> (raw)
In-Reply-To: <20120810091927.GB1729@1984>
[-- Attachment #1: Type: text/plain, Size: 6251 bytes --]
On 10/08/12 11:19, Pablo Neira Ayuso wrote:
> On Fri, Aug 10, 2012 at 09:09:02AM +0200, Arturo Borrero wrote:
>> Hi there!
>>
>> It's seem that there is a issue with Conntrackd using a bonding as
>> dedicated interface.
>>
>> The log:
>>
>> [Thu Aug 9 14:14:23 2012] (pid=3819) [notice] -- starting in daemon mode --
>> [Thu Aug 9 14:14:23 2012] (pid=3819) [ERROR] no dedicated links available!
>> [Thu Aug 9 14:14:23 2012] (pid=3819) [ERROR] no dedicated links available!
>> [Thu Aug 9 14:14:23 2012] (pid=3819) [ERROR] no dedicated links available!
>> [Thu Aug 9 14:19:54 2012] (pid=3819) [notice] ---- shutdown received ----
>>
>>
>> Or maybe i'm missing something important in the configuration:
>>
>> /etc/conntrackd/conntrackd.conf
>>
>> Sync {
>> Mode ALARM {
>> RefreshTime 15
>> CacheTimeout 180
>> }
>> Multicast {
>> IPv4_address 225.0.0.50
>> Group 3780
>> IPv4_interface 172.16.0.1
>> Interface bond2
>> SndSocketBuffer 1249280
>> RcvSocketBuffer 1249280
>> Checksum on
>> }
>> }
>> General {
>> HashSize 8192
>> HashLimit 65535
>> LogFile on
>> Syslog on
>> LockFile /var/lock/conntrackd.lock
>> UNIX {
>> Path /var/run/conntrackd.sock
>> Backlog 20
>> }
>> SocketBufferSize 262142
>> SocketBufferSizeMaxGrown 655355
>> Filter {
>> Protocol Accept {
>> TCP
>> }
>> Address Ignore
>> {
>> IPv4_address 127.0.0.1 # loopback
>> IPv4_address 172.16.0.1 # cluster link
>> IPv4_address 172.16.0.2 # cluster link
>> IPv4_address xx.40
>> IPv4_address xx.41
>> IPv6_address xx::40
>> IPv6_address xx::41
>> IPv6_address xx::41
>> }
>> }
>> }
>>
>> Bond2 is up and running:
>>
>> bond2 Link encap:Ethernet HWaddr 00:xx:xx:57:b8:xx
>> inet addr:172.16.0.1 Bcast:172.16.255.255 Mask:255.255.0.0
>> inet6 addr: fe80::215:xx::/64 Scope:Link
>> UP BROADCAST RUNNING MASTER MULTICAST MTU:1500 Metric:1
>> RX packets:7405527 errors:0 dropped:0 overruns:0 frame:0
>> TX packets:3935915 errors:0 dropped:0 overruns:0 carrier:0
>> collisions:0 txqueuelen:0
>> RX bytes:7812500663 (7.2 GiB) TX bytes:651422232 (621.2 MiB)
>>
>>
>> Any idea?
> Somoething is wrong with the link state checking.
>
> Please, get a working copy of libnfnetlink:
>
> git clone git://git.netfilter.org/libnfnetlink
> autoreconf -fi
> ./configure --prefix=/usr
> make
> make check
>
> [no need to make install]
>
> Then go to utils/ directory, run ./iftest and get back to the list to
> report what it says.
>
>> I'm using this version (Debian amd64)
> You didn't mention kernel version, I guess it is standalone Linux
> kernel in Debian? (2.6.32). Using a recent Linux kernel version of the
> 3.x branch is really recommended to run conntrackd.
>
>> :~$ conntrackd -v
>> Connection tracking userspace daemon v1.2.1. Licensed under GPLv2.
> BTW, it's a good idea if you upgrade to 1.2.2. There was a bug in the
> commit operation that is resolved in lastest version.
This is the result of iftest:
root@debian:~/git/libnfnetlink/utils# ./iftest
index (1) is lo (RUNNING) (UP)
index (2) is eth5 (NOT RUNNING) (DOWN)
index (3) is eth2 (RUNNING) (UP)
This is the list of interfaces:
root@debian:~/git/libnfnetlink/utils# ip link show
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 16436 qdisc noqueue state UNKNOWN mode
DEFAULT
link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
2: eth5: <BROADCAST,MULTICAST> mtu 1500 qdisc noop state DOWN mode
DEFAULT qlen 1000
link/ether 00:asdasd brd ff:ff:ff:ff:ff:ff
3: eth2: <BROADCAST,MULTICAST,SLAVE,UP,LOWER_UP> mtu 1500 qdisc mq
master bond0 state UP mode DEFAULT qlen 1000
link/ether 00:asdasd brd ff:ff:ff:ff:ff:ff
4: eth4: <BROADCAST,MULTICAST> mtu 1500 qdisc noop state DOWN mode
DEFAULT qlen 1000
link/ether 00:asdasd brd ff:ff:ff:ff:ff:ff
5: eth3: <BROADCAST,MULTICAST,SLAVE,UP,LOWER_UP> mtu 1500 qdisc mq
master bond0 state UP mode DEFAULT qlen 1000
link/ether 00:asdasd brd ff:ff:ff:ff:ff:ff
6: eth6: <BROADCAST,MULTICAST> mtu 1500 qdisc noop state DOWN mode
DEFAULT qlen 1000
link/ether 00:asdasd brd ff:ff:ff:ff:ff:ff
7: eth0: <BROADCAST,MULTICAST,SLAVE,UP,LOWER_UP> mtu 1500 qdisc mq
master bond0 state UP mode DEFAULT qlen 1000
link/ether 00:asdasd brd ff:ff:ff:ff:ff:ff
8: eth7: <BROADCAST,MULTICAST> mtu 1500 qdisc noop state DOWN mode
DEFAULT qlen 1000
link/ether 00:asdasd brd ff:ff:ff:ff:ff:ff
9: eth1: <BROADCAST,MULTICAST,SLAVE,UP,LOWER_UP> mtu 1500 qdisc mq
master bond0 state UP mode DEFAULT qlen 1000
link/ether 00:asdasd brd ff:ff:ff:ff:ff:ff
10: eth8: <BROADCAST,MULTICAST,SLAVE,UP,LOWER_UP> mtu 1500 qdisc
pfifo_fast master bond2 state UP mode DEFAULT qlen 1000
link/ether 00:asdasd brd ff:ff:ff:ff:ff:ff
11: eth9: <NO-CARRIER,BROADCAST,MULTICAST,SLAVE,UP> mtu 1500 qdisc
pfifo_fast master bond2 state DOWN mode DEFAULT qlen 1000
link/ether 00:asdasd brd ff:ff:ff:ff:ff:ff
12: bond0: <BROADCAST,MULTICAST,MASTER,UP,LOWER_UP> mtu 1500 qdisc
noqueue state UP mode DEFAULT
link/ether 00:asdasd brd ff:ff:ff:ff:ff:ff
13: bond1: <NO-CARRIER,BROADCAST,MULTICAST,MASTER,UP> mtu 1500 qdisc
noqueue state DOWN mode DEFAULT
link/ether 00:00:00:00:00:00 brd ff:ff:ff:ff:ff:ff
14: bond2: <BROADCAST,MULTICAST,MASTER,UP,LOWER_UP> mtu 1500 qdisc
noqueue state UP mode DEFAULT
link/ether 00:asdasd brd ff:ff:ff:ff:ff:ff
The kernel version is:
# uname -r
3.2.0-3-amd64
Regards
--
Arturo Borrero González
Departamento de Seguridad Informática
Centro Informático Científico de Andalucía (CICA)
Avda. Reina Mercedes s/n - 41012 - Sevilla (Spain)
Tfno.: +34 955 056 600 / FAX: +34 955 056 650
Consejería de Economía, Innovación, Ciencia y Empleo
Junta de Andalucía
[-- Attachment #2: S/MIME Cryptographic Signature --]
[-- Type: application/pkcs7-signature, Size: 4238 bytes --]
next prev parent reply other threads:[~2012-08-10 10:02 UTC|newest]
Thread overview: 10+ messages / expand[flat|nested] mbox.gz Atom feed top
2012-08-10 7:09 Conntrackd issue with bonding Arturo Borrero
2012-08-10 9:19 ` Pablo Neira Ayuso
2012-08-10 10:02 ` Arturo Borrero [this message]
2012-08-12 19:05 ` Pablo Neira Ayuso
2012-08-13 7:14 ` Arturo Borrero
2012-08-13 9:46 ` Pablo Neira Ayuso
2012-08-13 10:35 ` Jan Engelhardt
2012-08-13 18:01 ` Pablo Neira Ayuso
2012-08-14 7:54 ` Arturo Borrero
2012-08-13 12:00 ` Arturo Borrero
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=5024DC4E.1080201@cica.es \
--to=aborrero@cica.es \
--cc=netfilter@vger.kernel.org \
--cc=pablo@netfilter.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.