Bug 2067272
| Summary: | conntrackd returns "[ERROR] unknown layer 3 protocol" | |||
|---|---|---|---|---|
| Product: | Red Hat Enterprise Linux 9 | Reporter: | Phil Sutter <psutter> | |
| Component: | conntrack-tools | Assignee: | Phil Sutter <psutter> | |
| Status: | CLOSED ERRATA | QA Contact: | yiche <yiche> | |
| Severity: | unspecified | Docs Contact: | ||
| Priority: | unspecified | |||
| Version: | 9.1 | CC: | bperkins, egarver, mleitner, shuali, yiche | |
| Target Milestone: | rc | Keywords: | Triaged, Upstream, ZStream | |
| Target Release: | 9.1 | Flags: | pm-rhel:
mirror+
|
|
| Hardware: | Unspecified | |||
| OS: | Unspecified | |||
| Whiteboard: | ||||
| Fixed In Version: | conntrack-tools-1.4.5-14.el9 | Doc Type: | No Doc Update | |
| Doc Text: | Story Points: | --- | ||
| Clone Of: | ||||
| : | 2127125 (view as bug list) | Environment: | ||
| Last Closed: | 2022-11-15 09:59:02 UTC | Type: | Bug | |
| Regression: | --- | Mount Type: | --- | |
| Documentation: | --- | CRM: | ||
| Verified Versions: | Category: | --- | ||
| oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | ||
| Cloudforms Team: | --- | Target Upstream Version: | ||
| Embargoed: | ||||
| Bug Depends On: | ||||
| Bug Blocks: | 2127125 | |||
Jiji, feel free to reassign to Yiche (he found the bug) and/or set qa_ack+ and ITM as you see fit. Thanks! Above patch conflicts due to context changes. With the following one, it
applies cleanly. Since it is a related fix, backport it too:
commit ce06fb6069065c3d68475356c0728a5fa0a4ab74
Author: Pablo Neira Ayuso <pablo>
Date: Wed Mar 20 08:19:18 2019 +0100
conntrackd: use strncpy() to unix path
Make sure we don't go over the buffer boundary.
Reported-by: Rijnard van Tonder <rvt>
Signed-off-by: Pablo Neira Ayuso <pablo>
Yiche, please verify and set Tested:Verified field accordingly. Requesting z-stream for RHEL9.0.0 since this is a regression from RHEL8. Oh, sorry. I missed a follow-up from upstream:
commit b47e00e8a579519b163cb4faed017463bf64c40d
Author: Michal Kubecek <mkubecek>
Date: Mon Jul 15 08:46:23 2019 +0200
conntrackd: use correct max unix path length
When copying value of "Path" option for unix socket, target buffer size is
UNIX_MAX_PATH so that we must not copy more bytes than that. Also make sure
that the path is null terminated and bail out if user provided path is too
long rather than silently truncate it.
Fixes: ce06fb606906 ("conntrackd: use strncpy() to unix path")
Signed-off-by: Michal Kubecek <mkubecek>
Signed-off-by: Pablo Neira Ayuso <pablo>
conntrack-tools-1.4.5-14.el9.x86_64 passed the test. Since the problem described in this bug report should be resolved in a recent advisory, it has been closed with a resolution of ERRATA. For information on the advisory (conntrack-tools bug fix and enhancement update), and where to find the updated files, follow the link below. If the solution does not work for you, open a new bug report. https://access.redhat.com/errata/RHBA-2022:7980 |
Conntrackd in RHEL9 contains commit ff843bcb3b905 ("conntrackd: config: Do not strdup() tokens") which is problematic and fixed upstream by: commit c12fa8df76752b0a011430f069677b52e4dad164 Author: Ash Hughes <sehguh.hsa> Date: Thu May 30 21:49:56 2019 +0100 conntrackd: Use strdup in lexer Use strdup in the config file lexer to copy strings to yylval.string. This should solve the "[ERROR] unknown layer 3 protocol" problem here: https://www.spinics.net/lists/netfilter/msg58628.html. Signed-off-by: Ash Hughes <sehguh.hsa> Signed-off-by: Pablo Neira Ayuso <pablo> This one in turn is missing, it needs to be backported.