Invalid argument on 1.4.4 w/DisableExternalCache On (Kernel 4.7.4)

Invalid argument on 1.4.4 w/DisableExternalCache On (Kernel 4.7.4)

[Lee Burton]

Are there known issues with DisableExternalCache currently?  I was
trying it earlier and got a ton of:
[ERROR] inject-upd1: Invalid argument
[ERROR] inject-add2: Invalid argument
etc
A quick strace looking @ sendto,recvfrom of what libnetfilter is
sending is @ http://pastebin.com/XFSs5cQ6

Thanks,
Lee Burton
lburton@mrow.org

Re: Invalid argument on 1.4.4 w/DisableExternalCache On (Kernel 4.7.4)

[Arturo Borrero Gonzalez]

On 21 September 2016 at 12:00, Lee Burton <lburton@mrow.org> wrote:
> Are there known issues with DisableExternalCache currently?  I was
> trying it earlier and got a ton of:
> [ERROR] inject-upd1: Invalid argument
> [ERROR] inject-add2: Invalid argument
> etc
> A quick strace looking @ sendto,recvfrom of what libnetfilter is
> sending is @ http://pastebin.com/XFSs5cQ6
>

Hi,

any idea of what kind of traffic is triggering this?

I would like to know a bit more about your environment.

Could you please paste the complete conntrackd config, plus the kernel config?
Is a custom kernel?

regards
-- 
Arturo Borrero Gonz√°lez

Re: Invalid argument on 1.4.4 w/DisableExternalCache On (Kernel 4.7.4)

[Lee Burton]

It's not a custom kernel just Archlinux's standard kernel -- config:
https://paste.pound-python.org/show/n9iDruPANle9wi7szQkX/
lsmod: https://paste.pound-python.org/show/j4zCGcsKywUdrKpWqVSV/
config file (mostly borrowed from somewhere):
https://paste.pound-python.org/show/FqXslDwXlhn50jBKA6Tk/
I believe the traffic to be fairly normal.. I don't see anything
non-local when running conntrack -L on a machine so it looks like it's
all traffic having an issue?
Thanks,
Lee

On Wed, Sep 21, 2016 at 3:19 AM, Arturo Borrero Gonzalez
<arturo.borrero.glez@gmail.com> wrote:
> On 21 September 2016 at 12:00, Lee Burton <lburton@mrow.org> wrote:
>> Are there known issues with DisableExternalCache currently?  I was
>> trying it earlier and got a ton of:
>> [ERROR] inject-upd1: Invalid argument
>> [ERROR] inject-add2: Invalid argument
>> etc
>> A quick strace looking @ sendto,recvfrom of what libnetfilter is
>> sending is @ http://pastebin.com/XFSs5cQ6
>>
>
> Hi,
>
> any idea of what kind of traffic is triggering this?
>
> I would like to know a bit more about your environment.
>
> Could you please paste the complete conntrackd config, plus the kernel config?
> Is a custom kernel?
>
> regards
> --
> Arturo Borrero Gonz√°lez



-- 
Lee Burton
lburton@mrow.org
301 910 0246

Re: Invalid argument on 1.4.4 w/DisableExternalCache On (Kernel 4.7.4)

[Lee Burton]

Oh, to be clear with DisableExternalCache Off things work as
expected.. entries show up on the standby machine w/conntrackd -e and
conntrackd -c correctly makes them appear in the kernel according to
conntrack -L... the only problem being with my being active-passive on
V4.. and sort of active-active on V6 (both routers advertise their V6
link-local so I'd like to just have entries hot in both's kernel
tables so I don't need to active/passive-ify .. although that still
might be the /right/ thing to do).  Anyway in my attempt I ran across
DisableExternalCache not seeming to work..
Thanks,
Lee

On Wed, Sep 21, 2016 at 3:30 AM, Lee Burton <lburton@mrow.org> wrote:
> It's not a custom kernel just Archlinux's standard kernel -- config:
> https://paste.pound-python.org/show/n9iDruPANle9wi7szQkX/
> lsmod: https://paste.pound-python.org/show/j4zCGcsKywUdrKpWqVSV/
> config file (mostly borrowed from somewhere):
> https://paste.pound-python.org/show/FqXslDwXlhn50jBKA6Tk/
> I believe the traffic to be fairly normal.. I don't see anything
> non-local when running conntrack -L on a machine so it looks like it's
> all traffic having an issue?
> Thanks,
> Lee
>
> On Wed, Sep 21, 2016 at 3:19 AM, Arturo Borrero Gonzalez
> <arturo.borrero.glez@gmail.com> wrote:
>> On 21 September 2016 at 12:00, Lee Burton <lburton@mrow.org> wrote:
>>> Are there known issues with DisableExternalCache currently?  I was
>>> trying it earlier and got a ton of:
>>> [ERROR] inject-upd1: Invalid argument
>>> [ERROR] inject-add2: Invalid argument
>>> etc
>>> A quick strace looking @ sendto,recvfrom of what libnetfilter is
>>> sending is @ http://pastebin.com/XFSs5cQ6
>>>
>>
>> Hi,
>>
>> any idea of what kind of traffic is triggering this?
>>
>> I would like to know a bit more about your environment.
>>
>> Could you please paste the complete conntrackd config, plus the kernel config?
>> Is a custom kernel?
>>
>> regards
>> --
>> Arturo Borrero González
>
>
>
> --
> Lee Burton
> lburton@mrow.org
> 301 910 0246



-- 
Lee Burton
lburton@mrow.org
301 910 0246

Re: Invalid argument on 1.4.4 w/DisableExternalCache On (Kernel 4.7.4)

[Pablo Neira Ayuso]

On Wed, Sep 21, 2016 at 03:00:00AM -0700, Lee Burton wrote:
> Are there known issues with DisableExternalCache currently?  I was
> trying it earlier and got a ton of:
> [ERROR] inject-upd1: Invalid argument

What is the line that just follows after this? You should get a line
printing the conntrack in the log file, similar format to what you get
via conntrack -L.

> [ERROR] inject-add2: Invalid argument

This EINVAL means the kernel is rejecting the command because an
attribute is missing. With the conntrack line I mentioned, we can
guess what attribute is actually triggering the problem.

What kernel version are you using BTW?

Re: Invalid argument on 1.4.4 w/DisableExternalCache On (Kernel 4.7.4)

[Lee Burton]

As in the subject kernel 4.7.4:
[Wed Sep 21 02:00:15 2016] (pid=48068) [ERROR] inject-add2: Invalid argument
Wed Sep 21 02:00:15 2016        udp      17 src=192.168.1.10
dst=8.8.4.4 sport=57856 dport=53 [UNREPLIED]
[Wed Sep 21 02:00:15 2016] (pid=48068) [ERROR] inject-upd1: Invalid argument
Wed Sep 21 02:00:15 2016        udp      17 src=192.168.1.10
dst=8.8.4.4 sport=57856 dport=53
is an example of both.
Lee

On Wed, Sep 21, 2016 at 10:40 AM, Pablo Neira Ayuso <pablo@netfilter.org> wrote:
> On Wed, Sep 21, 2016 at 03:00:00AM -0700, Lee Burton wrote:
>> Are there known issues with DisableExternalCache currently?  I was
>> trying it earlier and got a ton of:
>> [ERROR] inject-upd1: Invalid argument
>
> What is the line that just follows after this? You should get a line
> printing the conntrack in the log file, similar format to what you get
> via conntrack -L.
>
>> [ERROR] inject-add2: Invalid argument
>
> This EINVAL means the kernel is rejecting the command because an
> attribute is missing. With the conntrack line I mentioned, we can
> guess what attribute is actually triggering the problem.
>
> What kernel version are you using BTW?



-- 
Lee Burton
lburton@mrow.org
301 910 0246

Re: Invalid argument on 1.4.4 w/DisableExternalCache On (Kernel 4.7.4)

[Pablo Neira Ayuso]

On Wed, Sep 21, 2016 at 12:02:10PM -0700, Lee Burton wrote:
> As in the subject kernel 4.7.4:
> [Wed Sep 21 02:00:15 2016] (pid=48068) [ERROR] inject-add2: Invalid argument
> Wed Sep 21 02:00:15 2016        udp      17 src=192.168.1.10
> dst=8.8.4.4 sport=57856 dport=53 [UNREPLIED]
> [Wed Sep 21 02:00:15 2016] (pid=48068) [ERROR] inject-upd1: Invalid argument
> Wed Sep 21 02:00:15 2016        udp      17 src=192.168.1.10
> dst=8.8.4.4 sport=57856 dport=53
> is an example of both.

Please, file a bug to netfilter's bugzilla, so hopefully someone can
fit this.

Thanks!