From: Arturo Borrero <aborrero@cica.es>
To: Pablo Neira Ayuso <pablo@netfilter.org>
Cc: netfilter@vger.kernel.org
Subject: Re: Conntrackd issue with bonding
Date: Fri, 10 Aug 2012 12:02:54 +0200 [thread overview]
Message-ID: <5024DC4E.1080201@cica.es> (raw)
In-Reply-To: <20120810091927.GB1729@1984>
[-- Attachment #1: Type: text/plain, Size: 6251 bytes --]
On 10/08/12 11:19, Pablo Neira Ayuso wrote:
> On Fri, Aug 10, 2012 at 09:09:02AM +0200, Arturo Borrero wrote:
>> Hi there!
>>
>> It's seem that there is a issue with Conntrackd using a bonding as
>> dedicated interface.
>>
>> The log:
>>
>> [Thu Aug 9 14:14:23 2012] (pid=3819) [notice] -- starting in daemon mode --
>> [Thu Aug 9 14:14:23 2012] (pid=3819) [ERROR] no dedicated links available!
>> [Thu Aug 9 14:14:23 2012] (pid=3819) [ERROR] no dedicated links available!
>> [Thu Aug 9 14:14:23 2012] (pid=3819) [ERROR] no dedicated links available!
>> [Thu Aug 9 14:19:54 2012] (pid=3819) [notice] ---- shutdown received ----
>>
>>
>> Or maybe i'm missing something important in the configuration:
>>
>> /etc/conntrackd/conntrackd.conf
>>
>> Sync {
>> Mode ALARM {
>> RefreshTime 15
>> CacheTimeout 180
>> }
>> Multicast {
>> IPv4_address 225.0.0.50
>> Group 3780
>> IPv4_interface 172.16.0.1
>> Interface bond2
>> SndSocketBuffer 1249280
>> RcvSocketBuffer 1249280
>> Checksum on
>> }
>> }
>> General {
>> HashSize 8192
>> HashLimit 65535
>> LogFile on
>> Syslog on
>> LockFile /var/lock/conntrackd.lock
>> UNIX {
>> Path /var/run/conntrackd.sock
>> Backlog 20
>> }
>> SocketBufferSize 262142
>> SocketBufferSizeMaxGrown 655355
>> Filter {
>> Protocol Accept {
>> TCP
>> }
>> Address Ignore
>> {
>> IPv4_address 127.0.0.1 # loopback
>> IPv4_address 172.16.0.1 # cluster link
>> IPv4_address 172.16.0.2 # cluster link
>> IPv4_address xx.40
>> IPv4_address xx.41
>> IPv6_address xx::40
>> IPv6_address xx::41
>> IPv6_address xx::41
>> }
>> }
>> }
>>
>> Bond2 is up and running:
>>
>> bond2 Link encap:Ethernet HWaddr 00:xx:xx:57:b8:xx
>> inet addr:172.16.0.1 Bcast:172.16.255.255 Mask:255.255.0.0
>> inet6 addr: fe80::215:xx::/64 Scope:Link
>> UP BROADCAST RUNNING MASTER MULTICAST MTU:1500 Metric:1
>> RX packets:7405527 errors:0 dropped:0 overruns:0 frame:0
>> TX packets:3935915 errors:0 dropped:0 overruns:0 carrier:0
>> collisions:0 txqueuelen:0
>> RX bytes:7812500663 (7.2 GiB) TX bytes:651422232 (621.2 MiB)
>>
>>
>> Any idea?
> Somoething is wrong with the link state checking.
>
> Please, get a working copy of libnfnetlink:
>
> git clone git://git.netfilter.org/libnfnetlink
> autoreconf -fi
> ./configure --prefix=/usr
> make
> make check
>
> [no need to make install]
>
> Then go to utils/ directory, run ./iftest and get back to the list to
> report what it says.
>
>> I'm using this version (Debian amd64)
> You didn't mention kernel version, I guess it is standalone Linux
> kernel in Debian? (2.6.32). Using a recent Linux kernel version of the
> 3.x branch is really recommended to run conntrackd.
>
>> :~$ conntrackd -v
>> Connection tracking userspace daemon v1.2.1. Licensed under GPLv2.
> BTW, it's a good idea if you upgrade to 1.2.2. There was a bug in the
> commit operation that is resolved in lastest version.
This is the result of iftest:
root@debian:~/git/libnfnetlink/utils# ./iftest
index (1) is lo (RUNNING) (UP)
index (2) is eth5 (NOT RUNNING) (DOWN)
index (3) is eth2 (RUNNING) (UP)
This is the list of interfaces:
root@debian:~/git/libnfnetlink/utils# ip link show
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 16436 qdisc noqueue state UNKNOWN mode
DEFAULT
link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
2: eth5: <BROADCAST,MULTICAST> mtu 1500 qdisc noop state DOWN mode
DEFAULT qlen 1000
link/ether 00:asdasd brd ff:ff:ff:ff:ff:ff
3: eth2: <BROADCAST,MULTICAST,SLAVE,UP,LOWER_UP> mtu 1500 qdisc mq
master bond0 state UP mode DEFAULT qlen 1000
link/ether 00:asdasd brd ff:ff:ff:ff:ff:ff
4: eth4: <BROADCAST,MULTICAST> mtu 1500 qdisc noop state DOWN mode
DEFAULT qlen 1000
link/ether 00:asdasd brd ff:ff:ff:ff:ff:ff
5: eth3: <BROADCAST,MULTICAST,SLAVE,UP,LOWER_UP> mtu 1500 qdisc mq
master bond0 state UP mode DEFAULT qlen 1000
link/ether 00:asdasd brd ff:ff:ff:ff:ff:ff
6: eth6: <BROADCAST,MULTICAST> mtu 1500 qdisc noop state DOWN mode
DEFAULT qlen 1000
link/ether 00:asdasd brd ff:ff:ff:ff:ff:ff
7: eth0: <BROADCAST,MULTICAST,SLAVE,UP,LOWER_UP> mtu 1500 qdisc mq
master bond0 state UP mode DEFAULT qlen 1000
link/ether 00:asdasd brd ff:ff:ff:ff:ff:ff
8: eth7: <BROADCAST,MULTICAST> mtu 1500 qdisc noop state DOWN mode
DEFAULT qlen 1000
link/ether 00:asdasd brd ff:ff:ff:ff:ff:ff
9: eth1: <BROADCAST,MULTICAST,SLAVE,UP,LOWER_UP> mtu 1500 qdisc mq
master bond0 state UP mode DEFAULT qlen 1000
link/ether 00:asdasd brd ff:ff:ff:ff:ff:ff
10: eth8: <BROADCAST,MULTICAST,SLAVE,UP,LOWER_UP> mtu 1500 qdisc
pfifo_fast master bond2 state UP mode DEFAULT qlen 1000
link/ether 00:asdasd brd ff:ff:ff:ff:ff:ff
11: eth9: <NO-CARRIER,BROADCAST,MULTICAST,SLAVE,UP> mtu 1500 qdisc
pfifo_fast master bond2 state DOWN mode DEFAULT qlen 1000
link/ether 00:asdasd brd ff:ff:ff:ff:ff:ff
12: bond0: <BROADCAST,MULTICAST,MASTER,UP,LOWER_UP> mtu 1500 qdisc
noqueue state UP mode DEFAULT
link/ether 00:asdasd brd ff:ff:ff:ff:ff:ff
13: bond1: <NO-CARRIER,BROADCAST,MULTICAST,MASTER,UP> mtu 1500 qdisc
noqueue state DOWN mode DEFAULT
link/ether 00:00:00:00:00:00 brd ff:ff:ff:ff:ff:ff
14: bond2: <BROADCAST,MULTICAST,MASTER,UP,LOWER_UP> mtu 1500 qdisc
noqueue state UP mode DEFAULT
link/ether 00:asdasd brd ff:ff:ff:ff:ff:ff
The kernel version is:
# uname -r
3.2.0-3-amd64
Regards
--
Arturo Borrero González
Departamento de Seguridad Informática
Centro Informático Científico de Andalucía (CICA)
Avda. Reina Mercedes s/n - 41012 - Sevilla (Spain)
Tfno.: +34 955 056 600 / FAX: +34 955 056 650
Consejería de Economía, Innovación, Ciencia y Empleo
Junta de Andalucía
[-- Attachment #2: S/MIME Cryptographic Signature --]
[-- Type: application/pkcs7-signature, Size: 4238 bytes --]
next prev parent reply other threads:[~2012-08-10 10:02 UTC|newest]
Thread overview: 10+ messages / expand[flat|nested] mbox.gz Atom feed top
2012-08-10 7:09 Conntrackd issue with bonding Arturo Borrero
2012-08-10 9:19 ` Pablo Neira Ayuso
2012-08-10 10:02 ` Arturo Borrero [this message]
2012-08-12 19:05 ` Pablo Neira Ayuso
2012-08-13 7:14 ` Arturo Borrero
2012-08-13 9:46 ` Pablo Neira Ayuso
2012-08-13 10:35 ` Jan Engelhardt
2012-08-13 18:01 ` Pablo Neira Ayuso
2012-08-14 7:54 ` Arturo Borrero
2012-08-13 12:00 ` Arturo Borrero
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=5024DC4E.1080201@cica.es \
--to=aborrero@cica.es \
--cc=netfilter@vger.kernel.org \
--cc=pablo@netfilter.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).