Note: This bug is displayed in read-only format because the product is no longer active in Red Hat Bugzilla.
RHEL Engineering is moving the tracking of its product development work on RHEL 6 through RHEL 9 to Red Hat Jira (issues.redhat.com). If you're a Red Hat customer, please continue to file support cases via the Red Hat customer portal. If you're not, please head to the "RHEL project" in Red Hat Jira and file new tickets here. Individual Bugzilla bugs in the statuses "NEW", "ASSIGNED", and "POST" are being migrated throughout September 2023. Bugs of Red Hat partners with an assigned Engineering Partner Manager (EPM) are migrated in late September as per pre-agreed dates. Bugs against components "kernel", "kernel-rt", and "kpatch" are only migrated if still in "NEW" or "ASSIGNED". If you cannot log in to RH Jira, please consult article #7032570. That failing, please send an e-mail to the RH Jira admins at rh-issues@redhat.com to troubleshoot your issue as a user management inquiry. The email creates a ServiceNow ticket with Red Hat. Individual Bugzilla bugs that are migrated will be moved to status "CLOSED", resolution "MIGRATED", and set with "MigratedToJIRA" in "Keywords". The link to the successor Jira issue will be found under "Links", have a little "two-footprint" icon next to it, and direct you to the "RHEL project" in Red Hat Jira (issue links are of type "https://issues.redhat.com/browse/RHEL-XXXX", where "X" is a digit). This same link will be available in a blue banner at the top of the page informing you that that bug has been migrated.

Bug 1221653

Summary: netfilter pmda uses (probably) outdated /proc API
Product: Red Hat Enterprise Linux 6 Reporter: Miloš Prchlík <mprchlik>
Component: pcpAssignee: Nathan Scott <nathans>
Status: CLOSED ERRATA QA Contact: Miloš Prchlík <mprchlik>
Severity: unspecified Docs Contact:
Priority: unspecified    
Version: 6.7CC: brolley, lberk, mbenitez, mcermak
Target Milestone: rc   
Target Release: ---   
Hardware: Unspecified   
OS: Unspecified   
Whiteboard:
Fixed In Version: pcp-3.10.9-2.el6 Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2016-05-10 21:12:44 UTC Type: Bug
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:

Description Miloš Prchlík 2015-05-14 13:53:45 UTC 
Description of problem:

I'm not familiar with the development of netfilter and related APIs but it seems to me that netfilter pmda uses the old, (now removed?) /proc files, and therefore does not work on RHEL6.

[root@hp-dl388g8-17 netfilter]# cd /var/lib/pcp/pmdas/netfilter/
[root@hp-dl388g8-17 netfilter]# service pmcd start
Waiting for pmcd to terminate ...
Starting pmcd ... 
[root@hp-dl388g8-17 netfilter]# ./Install 
IP connection tracking not enabled in your kernel
[root@hp-dl388g8-17 netfilter]# 

But connection tracking works:

[root@hp-dl388g8-17 netfilter]# lsmod | grep conn
nf_conntrack_ipv4       9506  0 
nf_conntrack           80390  1 nf_conntrack_ipv4
nf_defrag_ipv4          1483  1 nf_conntrack_ipv4
[root@hp-dl388g8-17 netfilter]# 
[root@hp-dl388g8-17 netfilter]# cat /proc/net/nf_conntrack
ipv4     2 udp      17 22 src=10.73.4.201 dst=10.73.5.255 sport=138 dport=138 [UNREPLIED] src=10.73.5.255 dst=10.73.4.201 sport=138 dport=138 mark=0 secmark=0 use=2
ipv4     2 tcp      6 431999 ESTABLISHED src=10.73.4.227 dst=10.40.3.185 sport=22 dport=50269 src=10.40.3.185 dst=10.73.4.227 sport=50269 dport=22 [ASSURED] mark=0 secmark=0 use=2
ipv4     2 udp      17 6 src=10.73.5.254 dst=255.255.255.255 sport=67 dport=68 [UNREPLIED] src=255.255.255.255 dst=10.73.5.254 sport=68 dport=67 mark=0 secmark=0 use=2
ipv4     2 udp      17 7 src=10.73.4.227 dst=10.66.78.111 sport=33814 dport=53 src=10.66.78.111 dst=10.73.4.227 sport=53 dport=33814 [ASSURED] mark=0 secmark=0 use=2
ipv4     2 udp      17 6 src=0.0.0.0 dst=255.255.255.255 sport=68 dport=67 [UNREPLIED] src=255.255.255.255 dst=0.0.0.0 sport=67 dport=68 mark=0 secmark=0 use=2
ipv4     2 udp      17 7 src=10.73.4.227 dst=10.66.78.111 sport=54901 dport=53 src=10.66.78.111 dst=10.73.4.227 sport=53 dport=54901 [ASSURED] mark=0 secmark=0 use=2
[root@hp-dl388g8-17 netfilter]# 
[root@hp-dl388g8-17 netfilter]# 
[root@hp-dl388g8-17 netfilter]# 

Also, other conntrack-related files are located at different places:

[root@hp-dl388g8-17 netfilter]# ls /proc/sys/net/netfilter/
nf_conntrack_acct      nf_conntrack_events_retry_timeout  nf_conntrack_max                nf_conntrack_tcp_timeout_close_wait   nf_conntrack_tcp_timeout_syn_recv        nf_conntrack_udp_timeout_stream
nf_conntrack_buckets   nf_conntrack_expect_max            nf_conntrack_tcp_be_liberal     nf_conntrack_tcp_timeout_established  nf_conntrack_tcp_timeout_syn_sent        nf_log
nf_conntrack_checksum  nf_conntrack_generic_timeout       nf_conntrack_tcp_loose          nf_conntrack_tcp_timeout_fin_wait     nf_conntrack_tcp_timeout_time_wait
nf_conntrack_count     nf_conntrack_icmp_timeout          nf_conntrack_tcp_max_retrans    nf_conntrack_tcp_timeout_last_ack     nf_conntrack_tcp_timeout_unacknowledged
nf_conntrack_events    nf_conntrack_log_invalid           nf_conntrack_tcp_timeout_close  nf_conntrack_tcp_timeout_max_retrans  nf_conntrack_udp_timeout
[root@hp-dl388g8-17 netfilter]# cat /proc/sys/net/netfilter/nf_conntrack_count
1
[root@hp-dl388g8-17 netfilter]# cat /proc/sys/net/netfilter/nf_conntrack_max
65536
[root@hp-dl388g8-17 netfilter]# 


Version-Release number of selected component (if applicable):

kernel-2.6.32-504.el6
pcp-3.10.3-3.el6


How reproducible:


Steps to Reproduce:
1.
2.
3.

Actual results:


Expected results:


Additional info:
Comment 2 Lukas Berk 2015-12-11 14:40:46 UTC 
This has been fixed upstream (including testcases) with commits:

29966799ce50fd0e6314f92a922bf6ced8f8d016
b18388ac141fcff5d5aa876d123c2e76a231878e
bc673023367685367f3134d8a46b99a2e9f0767e

It should make the next PCP release.
Comment 4 Miloš Prchlík 2016-02-08 09:52:30 UTC 
Verified for build pcp-3.10.9-5.el6.
Comment 6 errata-xmlrpc 2016-05-10 21:12:44 UTC 
Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory, and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.

https://rhn.redhat.com/errata/RHBA-2016-0825.html