On 13/08/12 20:01, Pablo Neira Ayuso wrote: > On Mon, Aug 13, 2012 at 12:35:21PM +0200, Jan Engelhardt wrote: >> On Monday 2012-08-13 11:46, Pablo Neira Ayuso wrote: >>> Please, git pull again, run make check, run the test and send me the >>> results. >> The problem is that nlif_receive is only called once by nlif_catch, >> and ignores RTM_F_MULTI, therefore missing most interfaces. > Thanks Jan. That was indeed the problem. > > I have committed the fix for this issue: > > http://git.netfilter.org/cgi-bin/gitweb.cgi?p=libnfnetlink.git;a=commit;h=8b15e485c0d5f4a1e56b2148a34995ed1fa9e95b > > @Arturo: Please, install a fresh working copy of libnfnetlink and let > me know if the problem persists. > > Before that, check that ./iftest bond1 displays valid device > information. Here is iftest with new git code: root@debian:~/git/libnfnetlink/utils# ./iftest bond0 index (12) is bond0 (RUNNING) (UP) root@debian:~/git/libnfnetlink/utils# ./iftest bond1 index (13) is bond1 (RUNNING) (UP) root@debian:~/git/libnfnetlink/utils# ./iftest eth8 index (10) is eth8 (RUNNING) (UP) root@debian:~/git/libnfnetlink/utils# ./iftest eth0 index (7) is eth0 (NOT RUNNING) (UP) root@debian:~/git/libnfnetlink/utils# ip link show bond0 12: bond0: mtu 1500 qdisc noqueue state UP mode DEFAULT link/ether xx:ff:30 brd ff:ff:ff:ff:ff:ff root@debian:~/git/libnfnetlink/utils# ip link show bond1 13: bond1: mtu 1500 qdisc noqueue state UP mode DEFAULT link/ether xx:f0:20 brd ff:ff:ff:ff:ff:ff root@debian:~/git/libnfnetlink/utils# ip link show eth8 10: eth8: mtu 1500 qdisc pfifo_fast state UP mode DEFAULT qlen 1000 link/ether xx:b8:f8 brd ff:ff:ff:ff:ff:ff root@debian:~/git/libnfnetlink/utils# ip link show eth0 7: eth0: mtu 1500 qdisc mq master bond0 state DOWN mode DEFAULT qlen 1000 link/ether xx:ff:30 brd ff:ff:ff:ff:ff:ff And using the new libnfnetlink: root@debian:~/git/libnfnetlink# mv /usr/lib/libnfnetlink.so.0 /usr/lib/libnfnetlink.so.0.backup root@debian:~/git/libnfnetlink# ln -s /usr/local/lib/libnfnetlink.so.0 /usr/lib/libnfnetlink.so.0 root@debian:~/git/libnfnetlink# tailf /var/log/conntrackd.log & [1] 13423 root@debian:~/git/libnfnetlink# conntrackd -d [Tue Aug 14 09:44:55 2012] (pid=13425) [notice] using user-space event filtering [Tue Aug 14 09:44:55 2012] (pid=13425) [notice] netlink event socket buffer size has been set to 262142 bytes [Tue Aug 14 09:44:55 2012] (pid=13425) [notice] initialization completed [Tue Aug 14 09:44:55 2012] (pid=13428) [notice] -- starting in daemon mode -- root@debian:~/git/libnfnetlink# conntrackd -s cache internal: current active connections: 2 connections created: 2 failed: 0 connections updated: 0 failed: 0 connections destroyed: 0 failed: 0 cache external: current active connections: 0 connections created: 0 failed: 0 connections updated: 0 failed: 0 connections destroyed: 0 failed: 0 traffic processed: 0 Bytes 0 Pckts multicast traffic (active device=eth8): 1296 Bytes sent 0 Bytes recv 18 Pckts sent 0 Pckts recv 0 Error send 0 Error recv message tracking: 0 Malformed msgs 0 Lost msgs It seems fine. I will do more tests. I will contact Debian, so they update the package and it's easy for us to use the new version. -- Arturo Borrero González Departamento de Seguridad Informática Centro Informático Científico de Andalucía (CICA) Avda. Reina Mercedes s/n - 41012 - Sevilla (Spain) Tfno.: +34 955 056 600 / FAX: +34 955 056 650 Consejería de Economía, Innovación, Ciencia y Empleo Junta de Andalucía