On 10/08/12 11:19, Pablo Neira Ayuso wrote: > On Fri, Aug 10, 2012 at 09:09:02AM +0200, Arturo Borrero wrote: >> Hi there! >> >> It's seem that there is a issue with Conntrackd using a bonding as >> dedicated interface. >> >> The log: >> >> [Thu Aug 9 14:14:23 2012] (pid=3819) [notice] -- starting in daemon mode -- >> [Thu Aug 9 14:14:23 2012] (pid=3819) [ERROR] no dedicated links available! >> [Thu Aug 9 14:14:23 2012] (pid=3819) [ERROR] no dedicated links available! >> [Thu Aug 9 14:14:23 2012] (pid=3819) [ERROR] no dedicated links available! >> [Thu Aug 9 14:19:54 2012] (pid=3819) [notice] ---- shutdown received ---- >> >> >> Or maybe i'm missing something important in the configuration: >> >> /etc/conntrackd/conntrackd.conf >> >> Sync { >> Mode ALARM { >> RefreshTime 15 >> CacheTimeout 180 >> } >> Multicast { >> IPv4_address 225.0.0.50 >> Group 3780 >> IPv4_interface 172.16.0.1 >> Interface bond2 >> SndSocketBuffer 1249280 >> RcvSocketBuffer 1249280 >> Checksum on >> } >> } >> General { >> HashSize 8192 >> HashLimit 65535 >> LogFile on >> Syslog on >> LockFile /var/lock/conntrackd.lock >> UNIX { >> Path /var/run/conntrackd.sock >> Backlog 20 >> } >> SocketBufferSize 262142 >> SocketBufferSizeMaxGrown 655355 >> Filter { >> Protocol Accept { >> TCP >> } >> Address Ignore >> { >> IPv4_address 127.0.0.1 # loopback >> IPv4_address 172.16.0.1 # cluster link >> IPv4_address 172.16.0.2 # cluster link >> IPv4_address xx.40 >> IPv4_address xx.41 >> IPv6_address xx::40 >> IPv6_address xx::41 >> IPv6_address xx::41 >> } >> } >> } >> >> Bond2 is up and running: >> >> bond2 Link encap:Ethernet HWaddr 00:xx:xx:57:b8:xx >> inet addr:172.16.0.1 Bcast:172.16.255.255 Mask:255.255.0.0 >> inet6 addr: fe80::215:xx::/64 Scope:Link >> UP BROADCAST RUNNING MASTER MULTICAST MTU:1500 Metric:1 >> RX packets:7405527 errors:0 dropped:0 overruns:0 frame:0 >> TX packets:3935915 errors:0 dropped:0 overruns:0 carrier:0 >> collisions:0 txqueuelen:0 >> RX bytes:7812500663 (7.2 GiB) TX bytes:651422232 (621.2 MiB) >> >> >> Any idea? > Somoething is wrong with the link state checking. > > Please, get a working copy of libnfnetlink: > > git clone git://git.netfilter.org/libnfnetlink > autoreconf -fi > ./configure --prefix=/usr > make > make check > > [no need to make install] > > Then go to utils/ directory, run ./iftest and get back to the list to > report what it says. > >> I'm using this version (Debian amd64) > You didn't mention kernel version, I guess it is standalone Linux > kernel in Debian? (2.6.32). Using a recent Linux kernel version of the > 3.x branch is really recommended to run conntrackd. > >> :~$ conntrackd -v >> Connection tracking userspace daemon v1.2.1. Licensed under GPLv2. > BTW, it's a good idea if you upgrade to 1.2.2. There was a bug in the > commit operation that is resolved in lastest version. This is the result of iftest: root@debian:~/git/libnfnetlink/utils# ./iftest index (1) is lo (RUNNING) (UP) index (2) is eth5 (NOT RUNNING) (DOWN) index (3) is eth2 (RUNNING) (UP) This is the list of interfaces: root@debian:~/git/libnfnetlink/utils# ip link show 1: lo: mtu 16436 qdisc noqueue state UNKNOWN mode DEFAULT link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00 2: eth5: mtu 1500 qdisc noop state DOWN mode DEFAULT qlen 1000 link/ether 00:asdasd brd ff:ff:ff:ff:ff:ff 3: eth2: mtu 1500 qdisc mq master bond0 state UP mode DEFAULT qlen 1000 link/ether 00:asdasd brd ff:ff:ff:ff:ff:ff 4: eth4: mtu 1500 qdisc noop state DOWN mode DEFAULT qlen 1000 link/ether 00:asdasd brd ff:ff:ff:ff:ff:ff 5: eth3: mtu 1500 qdisc mq master bond0 state UP mode DEFAULT qlen 1000 link/ether 00:asdasd brd ff:ff:ff:ff:ff:ff 6: eth6: mtu 1500 qdisc noop state DOWN mode DEFAULT qlen 1000 link/ether 00:asdasd brd ff:ff:ff:ff:ff:ff 7: eth0: mtu 1500 qdisc mq master bond0 state UP mode DEFAULT qlen 1000 link/ether 00:asdasd brd ff:ff:ff:ff:ff:ff 8: eth7: mtu 1500 qdisc noop state DOWN mode DEFAULT qlen 1000 link/ether 00:asdasd brd ff:ff:ff:ff:ff:ff 9: eth1: mtu 1500 qdisc mq master bond0 state UP mode DEFAULT qlen 1000 link/ether 00:asdasd brd ff:ff:ff:ff:ff:ff 10: eth8: mtu 1500 qdisc pfifo_fast master bond2 state UP mode DEFAULT qlen 1000 link/ether 00:asdasd brd ff:ff:ff:ff:ff:ff 11: eth9: mtu 1500 qdisc pfifo_fast master bond2 state DOWN mode DEFAULT qlen 1000 link/ether 00:asdasd brd ff:ff:ff:ff:ff:ff 12: bond0: mtu 1500 qdisc noqueue state UP mode DEFAULT link/ether 00:asdasd brd ff:ff:ff:ff:ff:ff 13: bond1: mtu 1500 qdisc noqueue state DOWN mode DEFAULT link/ether 00:00:00:00:00:00 brd ff:ff:ff:ff:ff:ff 14: bond2: mtu 1500 qdisc noqueue state UP mode DEFAULT link/ether 00:asdasd brd ff:ff:ff:ff:ff:ff The kernel version is: # uname -r 3.2.0-3-amd64 Regards -- Arturo Borrero González Departamento de Seguridad Informática Centro Informático Científico de Andalucía (CICA) Avda. Reina Mercedes s/n - 41012 - Sevilla (Spain) Tfno.: +34 955 056 600 / FAX: +34 955 056 650 Consejería de Economía, Innovación, Ciencia y Empleo Junta de Andalucía