Bug 1829820
| Summary: | nfnl_osf fails to load signatures | |||
|---|---|---|---|---|
| Product: | Red Hat Enterprise Linux 7 | Reporter: | Lev Veyde <lveyde> | |
| Component: | iptables | Assignee: | Phil Sutter <psutter> | |
| Status: | CLOSED ERRATA | QA Contact: | Tomas Dolezal <todoleza> | |
| Severity: | medium | Docs Contact: | ||
| Priority: | unspecified | |||
| Version: | 7.8 | CC: | iptables-maint-list, sbonazzo, todoleza | |
| Target Milestone: | rc | Keywords: | Regression | |
| Target Release: | --- | |||
| Hardware: | x86_64 | |||
| OS: | Linux | |||
| Whiteboard: | ||||
| Fixed In Version: | iptables-1.4.21-35.el7 | Doc Type: | If docs needed, set a value | |
| Doc Text: | Story Points: | --- | ||
| Clone Of: | ||||
| : | 1837367 (view as bug list) | Environment: | ||
| Last Closed: | 2020-09-29 20:39:23 UTC | Type: | Bug | |
| Regression: | --- | Mount Type: | --- | |
| Documentation: | --- | CRM: | ||
| Verified Versions: | Category: | --- | ||
| oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | ||
| Cloudforms Team: | --- | Target Upstream Version: | ||
| Embargoed: | ||||
| Bug Depends On: | ||||
| Bug Blocks: | 1837367 | |||
Hi! Yes, I broke it. :( Fix sent upstream: https://lore.kernel.org/netfilter-devel/20200509115200.19480-2-phil@nwl.cc/ Found another problem in delete functionality while debugging the above, fixed as well: https://lore.kernel.org/netfilter-devel/20200509115200.19480-3-phil@nwl.cc/ Since the problem described in this bug report should be resolved in a recent advisory, it has been closed with a resolution of ERRATA. For information on the advisory (iptables bug fix and enhancement update), and where to find the updated files, follow the link below. If the solution does not work for you, open a new bug report. https://access.redhat.com/errata/RHBA-2020:4023 |
Description of problem: nfnl_osf seems to halt right at the first signature, and thus fails to load them into the kernel. Version-Release number of selected component (if applicable): iptables-utils-1.4.21-34.el7.x86_64 How reproducible: Steps to Reproduce: 1. install iptables-utils in order to get the nfnl_osf tool # yum install iptables-utils 2. run the nfnl_osf to load the signatures # nfnl_osf -f /usr/share/xtables/pf.os 3. the tool seems to show the first signature and stuck there Actual results: tool get stuck at the first signature rule loading Expected results: all rules from the signature file should be loaded successfully Additional info: After the failed load attempt, the first attempt of signature rule removal w/: nfnl_osf -f /usr/share/xtables/pf.os -d will also get stuck. Then on additional attempts it seems not to hang, but returns w/ returncode of 255. strace says it's get stuck on loads w/: sendto(3, {{len=616, type=NFNL_SUBSYS_OSF<<8|OSF_MSG_ADD, flags=NLM_F_REQUEST|0x400, seq=1588249244, pid=0}, {nfgen_family=AF_UNSPEC, version=NFNETLINK_V0, res_id=htons(0), {{nla_len=596, nla_type=NFNETLINK_V1}, "\x00\x00\x00\x00\x00\x40\x00\x00\x40\x00\x3c\x00\x00\x00\x06\x00\x41\x49\x58\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"...}}, 616, 0, {sa_family=AF_NETLINK, nl_pid=0, nl_groups=00000000}, 12) = 616 recvfrom(3, 0x7ffc95bd5790, 8192, 0, 0x7ffc95bd5760, [12]) = ? ERESTARTSYS (To be restarted if SA_RESTART is set) first remove attempt: sendto(3, {{len=616, type=NFNL_SUBSYS_OSF<<8|OSF_MSG_REMOVE, flags=NLM_F_REQUEST, seq=1588249531, pid=0}, {nfgen_family=AF_UNSPEC, version=NFNETLINK_V0, res_id=htons(0), {{nla_len=596, nla_type=NFNETLINK_V1}, "\x00\x00\x00\x00\x00\x40\x00\x00\x40\x00\x3c\x00\x00\x00\x06\x00\x41\x49\x58\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"...}}, 616, 0, {sa_family=AF_NETLINK, nl_pid=0, nl_groups=00000000}, 12) = 616 recvfrom(3, 0x7ffc5a7e9d80, 8192, 0, 0x7ffc5a7e9d50, [12]) = ? ERESTARTSYS (To be restarted if SA_RESTART is set) second remove attempt: sendto(3, {{len=616, type=NFNL_SUBSYS_OSF<<8|OSF_MSG_REMOVE, flags=NLM_F_REQUEST, seq=1588249615, pid=0}, {nfgen_family=AF_UNSPEC, version=NFNETLINK_V0, res_id=htons(0), {{nla_len=596, nla_type=NFNETLINK_V1}, "\x00\x00\x00\x00\x00\x40\x00\x00\x40\x00\x3c\x00\x00\x00\x06\x00\x41\x49\x58\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"...}}, 616, 0, {sa_family=AF_NETLINK, nl_pid=0, nl_groups=00000000}, 12) = 616 recvfrom(3, {{len=636, type=NLMSG_ERROR, flags=0, seq=1588249615, pid=17599}, {error=-ENOENT, msg={{len=616, type=NFNL_SUBSYS_OSF<<8|OSF_MSG_REMOVE, flags=NLM_F_REQUEST, seq=1588249615, pid=0}, {nfgen_family=AF_UNSPEC, version=NFNETLINK_V0, res_id=htons(0), {{nla_len=596, nla_type=NFNETLINK_V1}, "\x00\x00\x00\x00\x00\x40\x00\x00\x40\x00\x3c\x00\x00\x00\x06\x00\x41\x49\x58\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"...}}}}, 8192, 0, {sa_family=AF_NETLINK, nl_pid=0, nl_groups=00000000}, [12]) = 636 close(4) = 0 munmap(0x7f335b112000, 4096) = 0 close(3) = 0 exit_group(-1) = ? +++ exited with 255 +++