[Bug 1464] Trying to populate a set raises a netlink error "Could not process rule: No space left on device"
bugzilla-daemon at netfilter.org
bugzilla-daemon at netfilter.org
Wed Dec 2 22:42:25 CET 2020
https://bugzilla.netfilter.org/show_bug.cgi?id=1464
--- Comment #8 from Pablo Neira Ayuso <pablo at netfilter.org> ---
(In reply to kfm from comment #7)
> Created attachment 618 [details]
> bug-1464-strace-r1.txt
>
> # strace -obug-1464-strace-r1.txt nft -f bug-1464-nft-input-stream.txt
Netlink message is sent:
sendmsg(3, {msg_name={sa_family=AF_NETLINK, nl_pid=0, nl_groups=00000000},
msg_namelen=12, msg_iov=[{iov_base=[{{len=20, type=NFNL_MSG_BATCH_BEGIN,
flags=NLM_F_REQUEST, seq=0, pid=0}, {nfgen_family=AF_UNSPEC,
version=NFNETLINK_V0, res_id=htons(2560)}, {{len=40,
type=NFNL_SUBSYS_NFTABLES<<8|NFT_MSG_DELSETELEM, flags=NLM_F_REQUEST, seq=1,
pid=0}, {nfgen_family=AF_INET, version=NFNETLINK_V0, res_id=htons(0),
[{{nla_len=11, nla_type=0x2}, "\x62\x6f\x67\x6f\x6e\x73\x00"}, {{nla_len=8,
nla_type=NFNETLINK_V1}, "\x72\x61\x77\x00"}]}, {{len=51440,
type=NFNL_SUBSYS_NFTABLES<<8|NFT_MSG_NEWSETELEM,
flags=NLM_F_REQUEST|NLM_F_CREATE, seq=2, pid=0}, {nfgen_family=AF_INET,
version=NFNETLINK_V0, res_id=htons(0), [{{nla_len=11, nla_type=0x2},
"\x62\x6f\x67\x6f\x6e\x73\x00"}, {{nla_len=8, nla_type=0x4},
"\x00\x00\x00\x1d"}, {{nla_len=8, nla_type=NFNETLINK_V1}, "\x72\x61\x77\x00"},
{{nla_len=51392, nla_type=NLA_F_NESTED|0x3},
"\x10\x00\x01\x80\x0c\x00\x01\x80\x08\x00\x01\x00\x00\x00\x00\x00\x18\x00\x02\x80\x08\x00\x03\x00\x00\x00\x00\x01\x0c\x00\x01\x80"...}]},
{{len=20, type=NFNL_MSG_BATCH_END, flags=NLM_F_REQUEST, seq=3, pid=0},
{nfgen_family=AF_UNSPEC, version=NFNETLINK_V0, res_id=htons(2560)}],
iov_len=51520}], msg_iovlen=1, msg_controllen=0, msg_flags=0}, 0) = 51520
Then, select() reports a reply message:
select(4, [3], NULL, NULL, {tv_sec=0, tv_usec=0}) = 1 (in [3], left {tv_sec=0,
tv_usec=0})
And userspace gets it via recvmsg():
recvmsg(3, {msg_name={sa_family=AF_NETLINK, nl_pid=0, nl_groups=00000000},
msg_namelen=12, msg_iov=[{iov_base={{len=51460, type=NLMSG_ERROR, flags=0,
seq=2, pid=11881}, {error=-EEXIST, msg={{len=51440,
type=NFNL_SUBSYS_NFTABLES<<8|NFT_MSG_NEWSETELEM,
flags=NLM_F_REQUEST|NLM_F_CREATE, seq=2, pid=0}, {nfgen_family=AF_INET,
version=NFNETLINK_V0, res_id=htons(0), [{{nla_len=11, nla_type=0x2},
"\x62\x6f\x67\x6f\x6e\x73\x00"}, {{nla_len=8, nla_type=0x4},
"\x00\x00\x00\x1d"}, {{nla_len=8, nla_type=NFNETLINK_V1}, "\x72\x61\x77\x00"},
{{nla_len=51392, nla_type=NLA_F_NESTED|0x3},
"\x10\x00\x01\x80\x0c\x00\x01\x80\x08\x00\x01\x00\x00\x00\x00\x00\x18\x00\x02\x80\x08\x00\x03\x00\x00\x00\x00\x01\x0c\x00\x01\x80"...}]}}},
iov_len=4096}], msg_iovlen=1, msg_controllen=0, msg_flags=MSG_TRUNC}, 0) = 4096
Kernel is sending a netlink message to userspace whose nlmsg_len is 51460 (?)
Userspace only has a 4096 buffer to receive, so libmnl gets the MSG_TRUNC flag
and turn it into ENOSPC.
--
You are receiving this mail because:
You are watching all bug changes.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.netfilter.org/pipermail/netfilter-buglog/attachments/20201202/ec2cfb2b/attachment.html>
More information about the netfilter-buglog
mailing list