All of lore.kernel.org
 help / color / mirror / Atom feed
* nftables cgroup accounting problem
@ 2020-09-30 17:27 azurit
  2020-10-05  6:16 ` azurit
  2020-10-05  9:34 ` Florian Westphal
  0 siblings, 2 replies; 8+ messages in thread
From: azurit @ 2020-09-30 17:27 UTC (permalink / raw)
  To: netfilter

Hi,

i'm migrating from iptables to nftables and i'm having problem with  
accounting using cgroups. Everything was working on iptables but is  
printing weird errors with nftables (chain 'accounting' exists):

# mkdir /sys/fs/cgroup/net_cls,net_prio/12345
# echo 0x000112345 > /sys/fs/cgroup/net_cls,net_prio/12345/net_cls.classid
# nfacct add 12345
# iptables -I accounting -m cgroup --cgroup 0x000112345 -m nfacct  
--nfacct-name 12345
iptables: No space left on device.

# uname -a
Linux server 4.9.236 #2 SMP Thu Sep 17 16:32:19 CEST 2020 x86_64 GNU/Linux
# iptables --version
iptables v1.8.2 (nf_tables)


What am i doing wrong?

azur



^ permalink raw reply	[flat|nested] 8+ messages in thread
* Re: nftables cgroup accounting problem
  2020-09-30 17:27 nftables cgroup accounting problem azurit
@ 2020-10-05  6:16 ` azurit
  2020-10-05  7:53   ` Daniel
  2020-10-05  9:34 ` Florian Westphal
  1 sibling, 1 reply; 8+ messages in thread
From: azurit @ 2020-10-05  6:16 UTC (permalink / raw)
  To: netfilter

Anyone?




> Hi,
>
> i'm migrating from iptables to nftables and i'm having problem with  
> accounting using cgroups. Everything was working on iptables but is  
> printing weird errors with nftables (chain 'accounting' exists):
>
> # mkdir /sys/fs/cgroup/net_cls,net_prio/12345
> # echo 0x000112345 > /sys/fs/cgroup/net_cls,net_prio/12345/net_cls.classid
> # nfacct add 12345
> # iptables -I accounting -m cgroup --cgroup 0x000112345 -m nfacct  
> --nfacct-name 12345
> iptables: No space left on device.
>
> # uname -a
> Linux server 4.9.236 #2 SMP Thu Sep 17 16:32:19 CEST 2020 x86_64 GNU/Linux
> # iptables --version
> iptables v1.8.2 (nf_tables)
>
>
> What am i doing wrong?
>
> azur




^ permalink raw reply	[flat|nested] 8+ messages in thread
* Re: nftables cgroup accounting problem
  2020-10-05  6:16 ` azurit
@ 2020-10-05  7:53   ` Daniel
  2020-10-05  8:15     ` azurit
  0 siblings, 1 reply; 8+ messages in thread
From: Daniel @ 2020-10-05  7:53 UTC (permalink / raw)
  To: netfilter

Hello

Le 05/10/2020 à 08:16, azurit@pobox.sk a écrit :
> Anyone?
>
>> [...]
>> iptables: No space left on device.
Perhaps this ...

[...]

-- 
Daniel

^ permalink raw reply	[flat|nested] 8+ messages in thread
* Re: nftables cgroup accounting problem
  2020-10-05  7:53   ` Daniel
@ 2020-10-05  8:15     ` azurit
  2020-10-05  9:08       ` Daniel
  0 siblings, 1 reply; 8+ messages in thread
From: azurit @ 2020-10-05  8:15 UTC (permalink / raw)
  Cc: netfilter


Citát Daniel <tech@tootai.net>:

> Hello
>
> Le 05/10/2020 à 08:16, azurit@pobox.sk a écrit :
>> Anyone?
>>
>>> [...]
>>> iptables: No space left on device.
> Perhaps this ...


Sorry but i don't understand. What do you mean?

If you are talking about error message 'No space left on device.' then  
there is definitely LOTS of space on all devices, that's why i wrote  
that this error message is 'weird'. Anyway, iptables/nftables has  
nothing to do with storage, so it still would be weird if there's  
really no space left.



^ permalink raw reply	[flat|nested] 8+ messages in thread
* Re: nftables cgroup accounting problem
  2020-10-05  8:15     ` azurit
@ 2020-10-05  9:08       ` Daniel
  2020-10-05  9:11         ` azurit
  0 siblings, 1 reply; 8+ messages in thread
From: Daniel @ 2020-10-05  9:08 UTC (permalink / raw)
  To: netfilter


Le 05/10/2020 à 10:15, azurit@pobox.sk a écrit :
>
> Citát Daniel <tech@tootai.net>:
>
>> Hello
>>
>> Le 05/10/2020 à 08:16, azurit@pobox.sk a écrit :
>>> Anyone?
>>>
>>>> [...]
>>>> iptables: No space left on device.
>> Perhaps this ...
>
>
> Sorry but i don't understand. What do you mean?
>
> If you are talking about error message 'No space left on device.' then 
> there is definitely LOTS of space on all devices, that's why i wrote 
> that this error message is 'weird'. Anyway, iptables/nftables has 
> nothing to do with storage, so it still would be weird if there's 
> really no space left.
This message also appears if you run out of inode. Run df -i to check

-- 
Daniel

^ permalink raw reply	[flat|nested] 8+ messages in thread
* Re: nftables cgroup accounting problem
  2020-10-05  9:08       ` Daniel
@ 2020-10-05  9:11         ` azurit
  0 siblings, 0 replies; 8+ messages in thread
From: azurit @ 2020-10-05  9:11 UTC (permalink / raw)
  Cc: netfilter


Citát Daniel <tech@tootai.net>:

> Le 05/10/2020 à 10:15, azurit@pobox.sk a écrit :
>>
>> Citát Daniel <tech@tootai.net>:
>>
>>> Hello
>>>
>>> Le 05/10/2020 à 08:16, azurit@pobox.sk a écrit :
>>>> Anyone?
>>>>
>>>>> [...]
>>>>> iptables: No space left on device.
>>> Perhaps this ...
>>
>>
>> Sorry but i don't understand. What do you mean?
>>
>> If you are talking about error message 'No space left on device.'  
>> then there is definitely LOTS of space on all devices, that's why i  
>> wrote that this error message is 'weird'. Anyway, iptables/nftables  
>> has nothing to do with storage, so it still would be weird if  
>> there's really no space left.
> This message also appears if you run out of inode. Run df -i to check
>
> -- 
> Daniel




# df -i
Filesystem       Inodes   IUsed    IFree IUse% Mounted on
/dev/root      19660800  326821 19333979    2% /
devtmpfs        1020722     347  1020375    1% /dev
tmpfs           1021029       1  1021028    1% /dev/shm
tmpfs           1021029     640  1020389    1% /run
tmpfs           1021029       4  1021025    1% /run/lock
tmpfs           1021029      17  1021012    1% /sys/fs/cgroup
/dev/vdd        2621440   60315  2561125    3% /flash
/dev/vdc       19660800 3999257 15661543   21% /home
tmpfs           1021029      10  1021019    1% /run/user/0




# df -h
Filesystem      Size  Used Avail Use% Mounted on
/dev/root       296G  9.8G  274G   4% /
devtmpfs        3.9G     0  3.9G   0% /dev
tmpfs           3.9G     0  3.9G   0% /dev/shm
tmpfs           3.9G  387M  3.6G  10% /run
tmpfs           5.0M     0  5.0M   0% /run/lock
tmpfs           3.9G     0  3.9G   0% /sys/fs/cgroup
/dev/vdd         40G   24G   16G  60% /flash
/dev/vdc        295G  214G   81G  73% /home
tmpfs           798M     0  798M   0% /run/user/0



^ permalink raw reply	[flat|nested] 8+ messages in thread
* Re: nftables cgroup accounting problem
  2020-09-30 17:27 nftables cgroup accounting problem azurit
  2020-10-05  6:16 ` azurit
@ 2020-10-05  9:34 ` Florian Westphal
  2020-10-05 10:32   ` azurit
  1 sibling, 1 reply; 8+ messages in thread
From: Florian Westphal @ 2020-10-05  9:34 UTC (permalink / raw)
  To: azurit; +Cc: netfilter

azurit@pobox.sk <azurit@pobox.sk> wrote:
> Hi,
> 
> i'm migrating from iptables to nftables and i'm having problem with
> accounting using cgroups. Everything was working on iptables but is printing
> weird errors with nftables (chain 'accounting' exists):
> 
> # mkdir /sys/fs/cgroup/net_cls,net_prio/12345
> # echo 0x000112345 > /sys/fs/cgroup/net_cls,net_prio/12345/net_cls.classid
> # nfacct add 12345
> # iptables -I accounting -m cgroup --cgroup 0x000112345 -m nfacct
> --nfacct-name 12345
> iptables: No space left on device.
> 
> # uname -a
> Linux server 4.9.236 #2 SMP Thu Sep 17 16:32:19 CEST 2020 x86_64 GNU/Linux
> # iptables --version
> iptables v1.8.2 (nf_tables)

Use legacy version.  4.9 lacks several fixes that might account for
this.  Also, there is no advantage of iptables-over-nft vs.
iptables-legacy except it avoids race conditions with parallel rule
updates (plus a few advantages of the greater flexibility of the
nf_tables framework, but that has almost no bearing a this time).

^ permalink raw reply	[flat|nested] 8+ messages in thread
* Re: nftables cgroup accounting problem
  2020-10-05  9:34 ` Florian Westphal
@ 2020-10-05 10:32   ` azurit
  0 siblings, 0 replies; 8+ messages in thread
From: azurit @ 2020-10-05 10:32 UTC (permalink / raw)
  Cc: netfilter


Cit√°t Florian Westphal <fw@strlen.de>:

> azurit@pobox.sk <azurit@pobox.sk> wrote:
>> Hi,
>>
>> i'm migrating from iptables to nftables and i'm having problem with
>> accounting using cgroups. Everything was working on iptables but is printing
>> weird errors with nftables (chain 'accounting' exists):
>>
>> # mkdir /sys/fs/cgroup/net_cls,net_prio/12345
>> # echo 0x000112345 > /sys/fs/cgroup/net_cls,net_prio/12345/net_cls.classid
>> # nfacct add 12345
>> # iptables -I accounting -m cgroup --cgroup 0x000112345 -m nfacct
>> --nfacct-name 12345
>> iptables: No space left on device.
>>
>> # uname -a
>> Linux server 4.9.236 #2 SMP Thu Sep 17 16:32:19 CEST 2020 x86_64 GNU/Linux
>> # iptables --version
>> iptables v1.8.2 (nf_tables)
>
> Use legacy version.  4.9 lacks several fixes that might account for
> this.  Also, there is no advantage of iptables-over-nft vs.
> iptables-legacy except it avoids race conditions with parallel rule
> updates (plus a few advantages of the greater flexibility of the
> nf_tables framework, but that has almost no bearing a this time).


Thank you for info.



^ permalink raw reply	[flat|nested] 8+ messages in thread
end of thread, other threads:[~2020-10-05 10:32 UTC | newest]

Thread overview: 8+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2020-09-30 17:27 nftables cgroup accounting problem azurit
2020-10-05  6:16 ` azurit
2020-10-05  7:53   ` Daniel
2020-10-05  8:15     ` azurit
2020-10-05  9:08       ` Daniel
2020-10-05  9:11         ` azurit
2020-10-05  9:34 ` Florian Westphal
2020-10-05 10:32   ` azurit

This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.