Bug 867688 - sysctl table check failed: /net/ipv6/nf_conntrack_frag6_low_thresh Unknown sysctl binary path
sysctl table check failed: /net/ipv6/nf_conntrack_frag6_low_thresh Unknown sy...
Status: CLOSED ERRATA
Product: Red Hat Enterprise Linux 6
Classification: Red Hat
Component: kernel (Show other bugs)
6.3
x86_64 Linux
medium Severity low
: rc
: ---
Assigned To: Cong Wang
Hangbin Liu
:
Depends On:
Blocks:
  Show dependency treegraph
 
Reported: 2012-10-18 01:28 EDT by Cong Wang
Modified: 2013-02-21 01:51 EST (History)
2 users (show)

See Also:
Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Environment:
Last Closed: 2013-02-21 01:51:03 EST
Type: Bug
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---


Attachments (Terms of Use)
Proposed patch (1.20 KB, patch)
2012-10-18 01:38 EDT, Cong Wang
no flags Details | Diff

  None (edit)
Description Cong Wang 2012-10-18 01:28:30 EDT
Description of problem:
On kernel-debug, I got the following error:

ip_tables: (C) 2000-2006 Netfilter Core Team
nf_conntrack version 0.5.0 (16384 buckets, 65536 max)
ip6_tables: (C) 2000-2006 Netfilter Core Team
sysctl table check failed: /net/ipv6/nf_conntrack_frag6_low_thresh .3.12.30 Unkn
own sysctl binary path
Pid: 5079, comm: modprobe Not tainted 2.6.32-333.el6.x86_64.debug #1
Call Trace:
 [<ffffffff810a3ca9>] ? set_fail+0x59/0x60
 [<ffffffff810a4054>] ? sysctl_check_table+0x3a4/0x6c0
 [<ffffffff810a406e>] ? sysctl_check_table+0x3be/0x6c0
 [<ffffffff810a406e>] ? sysctl_check_table+0x3be/0x6c0
 [<ffffffff8107a6ad>] ? __register_sysctl_paths+0x11d/0x350
 [<ffffffff810b1d1d>] ? trace_hardirqs_on_caller+0x14d/0x190
 [<ffffffff8153aefa>] ? __mutex_lock_common+0x2ca/0x400
 [<ffffffff8146c56f>] ? register_pernet_subsys+0x1f/0x50
 [<ffffffff8151de31>] ? register_net_sysctl_table+0x61/0x70
 [<ffffffffa03061ab>] ? nf_ct_net_init+0x5b/0xe0 [nf_defrag_ipv6]
 [<ffffffff8146c2ea>] ? register_pernet_operations+0x6a/0xe0
 [<ffffffffa030b000>] ? nf_defrag_init+0x0/0x54 [nf_defrag_ipv6]
 [<ffffffff8146c57e>] ? register_pernet_subsys+0x2e/0x50
 [<ffffffffa03062ab>] ? nf_ct_frag6_init+0x7b/0xa0 [nf_defrag_ipv6]
 [<ffffffff8109f10b>] ? __blocking_notifier_call_chain+0x6b/0x90
 [<ffffffffa030b00e>] ? nf_defrag_init+0xe/0x54 [nf_defrag_ipv6]
 [<ffffffff8100204c>] ? do_one_initcall+0x3c/0x1d0
 [<ffffffff810c4d03>] ? sys_init_module+0xe3/0x260
 [<ffffffff8100b072>] ? system_call_fastpath+0x16/0x1b
nown sysctl binary path
Pid: 5079, comm: modprobe Not tainted 2.6.32-333.el6.x86_64.debug #1
Call Trace:
 [<ffffffff810a3ca9>] ? set_fail+0x59/0x60
 [<ffffffff810a4054>] ? sysctl_check_table+0x3a4/0x6c0
 [<ffffffff810a406e>] ? sysctl_check_table+0x3be/0x6c0
 [<ffffffff810a406e>] ? sysctl_check_table+0x3be/0x6c0
 [<ffffffff8107a6ad>] ? __register_sysctl_paths+0x11d/0x350
 [<ffffffff810b1d1d>] ? trace_hardirqs_on_caller+0x14d/0x190
 [<ffffffff8153aefa>] ? __mutex_lock_common+0x2ca/0x400
 [<ffffffff8146c56f>] ? register_pernet_subsys+0x1f/0x50
 [<ffffffff8151de31>] ? register_net_sysctl_table+0x61/0x70
 [<ffffffffa03061ab>] ? nf_ct_net_init+0x5b/0xe0 [nf_defrag_ipv6]
 [<ffffffff8146c2ea>] ? register_pernet_operations+0x6a/0xe0
 [<ffffffffa030b000>] ? nf_defrag_init+0x0/0x54 [nf_defrag_ipv6]
 [<ffffffff8146c57e>] ? register_pernet_subsys+0x2e/0x50
 [<ffffffffa03062ab>] ? nf_ct_frag6_init+0x7b/0xa0 [nf_defrag_ipv6]
 [<ffffffff8109f10b>] ? __blocking_notifier_call_chain+0x6b/0x90
 [<ffffffffa030b00e>] ? nf_defrag_init+0xe/0x54 [nf_defrag_ipv6]
 [<ffffffff8100204c>] ? do_one_initcall+0x3c/0x1d0
 [<ffffffff810c4d03>] ? sys_init_module+0xe3/0x260
 [<ffffffff8100b072>] ? system_call_fastpath+0x16/0x1b
nf_defrag_ipv6: can't initialize frag6.
can't load conntrack support for proto=10


Version-Release number of selected component (if applicable):
2.6.32-333.el6.x86_64.debug

How reproducible:
Always

Steps to Reproduce:
1. Configure conntrack for ip6tables
2. service ip6tables restart
3. Check dmesg
  

Additional info:
Only kernel-debug has CONFIG_SYSCTL_SYSCALL_CHECK=y, so this doesn't appear on non-debug kernel.
Comment 1 Cong Wang 2012-10-18 01:30:15 EDT
The following patch could probably fix it.


diff --git a/kernel/sysctl_check.c b/kernel/sysctl_check.c
index c914448..ae7b5fc 100644
--- a/kernel/sysctl_check.c
+++ b/kernel/sysctl_check.c
@@ -538,6 +538,9 @@ static const struct trans_ctl_table trans_net_ipv6_table[] = {
        { NET_IPV6_IP6FRAG_LOW_THRESH,  "ip6frag_low_thresh" },
        { NET_IPV6_IP6FRAG_TIME,        "ip6frag_time" },
        { NET_IPV6_IP6FRAG_SECRET_INTERVAL,     "ip6frag_secret_interval" },
+       { NET_NF_CONNTRACK_FRAG6_TIMEOUT,       "nf_conntrack_frag6_timeout" },
+       { NET_NF_CONNTRACK_FRAG6_LOW_THRESH,    "nf_conntrack_frag6_low_thresh" } ,
+       { NET_NF_CONNTRACK_FRAG6_HIGH_THRESH,   "nf_conntrack_frag6_high_thresh" },
        { NET_IPV6_MLD_MAX_MSF,         "mld_max_msf" },
        { 2088 /* IPQ_QMAX */,          "ip6_queue_maxlen" },
        {}
diff --git a/net/ipv6/netfilter/nf_conntrack_reasm.c b/net/ipv6/netfilter/nf_conntrack_reasm.c
index 3b69838..f975f03 100644
--- a/net/ipv6/netfilter/nf_conntrack_reasm.c
+++ b/net/ipv6/netfilter/nf_conntrack_reasm.c
@@ -64,6 +64,7 @@ static struct inet_frags nf_frags;
 #ifdef CONFIG_SYSCTL
 struct ctl_table nf_ct_frag6_sysctl_table[] = {
        {
+               .ctl_name       = NET_NF_CONNTRACK_FRAG6_TIMEOUT,
                .procname       = "nf_conntrack_frag6_timeout",
                .data           = &init_net.nf_frag.frags.timeout,
                .maxlen         = sizeof(unsigned int),
Comment 3 Cong Wang 2012-10-18 01:38:48 EDT
Created attachment 629168 [details]
Proposed patch

Untested.
Comment 4 RHEL Product and Program Management 2012-10-18 01:50:49 EDT
This request was evaluated by Red Hat Product Management for
inclusion in a Red Hat Enterprise Linux release.  Product
Management has requested further review of this request by
Red Hat Engineering, for potential inclusion in a Red Hat
Enterprise Linux release for currently deployed products.
This request is not yet committed for inclusion in a release.
Comment 5 Jarod Wilson 2012-10-23 16:24:06 EDT
Patch(es) available on kernel-2.6.32-336.el6
Comment 10 errata-xmlrpc 2013-02-21 01:51:03 EST
Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory, and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.

http://rhn.redhat.com/errata/RHSA-2013-0496.html

Note You need to log in before you can comment on or make changes to this bug.