Ubuntu
conntrack-tools package

RPC helper segfault - Ubuntu 18.04LTS

Bug #1803718 reported by Aidan Walton
6
This bug affects 1 person
Affects Status Importance Assigned to Milestone
conntrack-tools (Ubuntu)
New
Undecided
Unassigned

Bug Description

I created a very simple RPC helper configuration as described in
http://conntrack-tools.netfilter.org/manual.html

After starting conntrackd, the ct_helper.so causes a segmentation fault as soon as a packet hits the -j CT target in iptables.
conntrackd crashes ungracefully with lock files preventing restart.

conntrackd config:
# Default debian config. Please, take a look at conntrackd.conf(5)

General {
 HashSize 8192
 HashLimit 65535

 Syslog on

 LockFile /var/lock/conntrackd.lock

 UNIX {
  Path /var/run/conntrackd.sock
  Backlog 20
 }

 SocketBufferSize 262142
 SocketBufferSizeMaxGrown 655355

 # default debian service unit file is of Type=notify
 Systemd on
}

Stats {
 LogFile on
}

Helper {
 Type rpc inet udp {
                QueueNum 1
  QueueLen 10240
                Policy rpc {
                        ExpectMax 1
                        ExpectTimeout 300
                }
        }
        Type rpc inet tcp {
                QueueNum 2
  QueueLen 10240
                Policy rpc {
                        ExpectMax 1
                        ExpectTimeout 300
                }
        }
}

nfct list helper
{
 .name = rpc,
 .queuenum = 2,
 .l3protonum = 2,
 .l4protonum = 6,
 .priv_data_len = 0,
 .status = enabled,
};
{
 .name = rpc,
 .queuenum = 1,
 .l3protonum = 2,
 .l4protonum = 17,
 .priv_data_len = 0,
 .status = enabled,
};

iptables rule:
-A OUTPUT -d 10.0.0.0/24 -p udp -m udp --dport 111 -m comment --comment "Load RPC user space helper for outgoing calls to RPC on other local machines (See /etc/conntrackd/conntrackd.conf)" -j CT --helper rpc
-A OUTPUT -d 10.0.0.0/24 -p tcp -m tcp --dport 111 -m comment --comment "Load RPC user space helper for outgoing calls to RPC on other local machines (See /etc/conntrackd/conntrackd.conf)" -j CT --helper rpc

syslog:

Nov 16 15:06:54 mx systemd[1]: Started Conntrack Daemon.
Nov 16 15:06:54 mx conntrack-tools[17623]: netlink event socket buffer size has been set to 262142 bytes
Nov 16 15:06:54 mx conntrack-tools[17623]: configuring helper `rpc' with queuenum=2 and queuelen=10240
Nov 16 15:06:54 mx conntrack-tools[17623]: policy name=rpc expect_timeout=300 expect_max=1
Nov 16 15:06:54 mx conntrack-tools[17623]: helper `rpc' configured successfully
Nov 16 15:06:54 mx conntrack-tools[17623]: configuring helper `rpc' with queuenum=1 and queuelen=10240
Nov 16 15:06:54 mx conntrack-tools[17623]: policy name=rpc expect_timeout=300 expect_max=1
Nov 16 15:06:54 mx conntrack-tools[17623]: helper `rpc' configured successfully
Nov 16 15:06:54 mx conntrack-tools[17623]: initialization completed
Nov 16 15:06:54 mx conntrack-tools[17623]: -- starting in console mode --
Nov 16 15:07:12 mx kernel: [73016.216826] conntrackd[17623]: segfault at 4 ip 00007f7a25091eab sp 00007ffee3341cb0 error 6 in ct_helper_rpc.so[7f7a25091000+2000]

To post a comment you must log in.
This report contains Public information  
Everyone can see this information.
Subscribing...

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.