[CentOS] Conntrackd - fail at startup.

Mon Nov 26 13:02:01 UTC 2012
Rafał Radecki <radecki.rafal at gmail.com>

Thanks for the tip, it works now :)

Best regards,
Rafal.

2012/11/21 Marcin Lage <marcin.lage at gmail.com>

> I'm not sure, but in UDP { ..... Interface "some -interface" .... }
>
> 2012/11/21 Rafał Radecki <radecki.rafal at gmail.com>
>
> > Hi all.
> >
> > I currently try to start conntrackd to test it.
> > CentOS release 6.3 (Final)
> > Linux lb1.local 2.6.32-279.11.1.el6.x86_64 #1 SMP Tue Oct 16 15:57:10 UTC
> > 2012 x86_64 x86_64 x86_64 GNU/Linux
> > This is a VirtualBox vm.
> >
> > I try:
> > /usr/sbin/conntrackd -C /etc/conntrackd/conntrackd.conf -d
> >
> > My config:
> >
> > [root at lb1 log]# egrep -v '^\s*#|^$' /etc/conntrackd/conntrackd.conf |
> less
> > Sync {
> >         Mode FTFW {
> >         }
> >          UDP {
> >                 IPv4_address 192.168.100.11
> >                 IPv4_Destination_Address 192.168.100.12
> >                 Port 3780
> >                 SndSocketBuffer 1249280
> >                 RcvSocketBuffer 1249280
> >                 Checksum on
> >         }
> >         Options {
> >         }
> > }
> > General {
> >         Nice -20
> >         HashSize 32768
> >         HashLimit 131072
> >         LogFile on
> >         LockFile /var/lock/conntrack.lock
> >         UNIX {
> >                 Path /var/run/conntrackd.ctl
> >                 Backlog 20
> >         }
> >         NetlinkBufferSize 2097152
> >         NetlinkBufferSizeMaxGrowth 8388608
> >         Filter From Kernelspace {
> >                 Protocol Accept {
> >                         TCP
> >                 }
> >                 Address Ignore {
> >                         IPv4_address 127.0.0.1 # loopback
> >                         IPv4_address 192.168.100.11 # virtual IP 1
> >                         IPv4_address 192.168.100.12 # virtual IP 2
> >                         IPv4_address 10.0.2.111
> >                         IPv4_address 10.0.2.112
> >                 }
> >                 State Accept {
> >                         ESTABLISHED CLOSED TIME_WAIT CLOSE_WAIT for TCP
> >                 }
> >         }
> > }
> >
> > With strace (I haven't found an obvious problem in its output):
> > strace /usr/sbin/conntrackd -C /etc/conntrackd/conntrackd.conf -d
> >
> > execve("/usr/sbin/conntrackd", ["/usr/sbin/conntrackd", "-C",
> > "/etc/conntrackd/conntrackd.conf", "-d"], [/* 27 vars */]) = 0
> > brk(0)                                  = 0x1c57000
> > mmap(NULL, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0)
> =
> > 0x7fa29ca4d000
> > access("/etc/ld.so.preload", R_OK)      = -1 ENOENT (No such file or
> > directory)
> > open("/etc/ld.so.cache", O_RDONLY)      = 3
> > fstat(3, {st_mode=S_IFREG|0644, st_size=25665, ...}) = 0
> > mmap(NULL, 25665, PROT_READ, MAP_PRIVATE, 3, 0) = 0x7fa29ca46000
> > close(3)                                = 0
> > open("/usr/lib64/libnetfilter_conntrack.so.3", O_RDONLY) = 3
> > read(3, "\177ELF\2\1\1\0\0\0\0\0\0\0\0\0\3\0>\0\1\0\0\0 at G
> \0\0\0\0\0\0"...,
> > 832) = 832
> > fstat(3, {st_mode=S_IFREG|0755, st_size=85240, ...}) = 0
> > mmap(NULL, 2180848, PROT_READ|PROT_EXEC, MAP_PRIVATE|MAP_DENYWRITE, 3,
> 0) =
> > 0x7fa29c61a000
> > mprotect(0x7fa29c62d000, 2097152, PROT_NONE) = 0
> > mmap(0x7fa29c82d000, 8192, PROT_READ|PROT_WRITE,
> > MAP_PRIVATE|MAP_FIXED|MAP_DENYWRITE, 3, 0x13000) = 0x7fa29c82d000
> > close(3)                                = 0
> > open("/usr/lib64/libnfnetlink.so.0", O_RDONLY) = 3
> > read(3,
> > "\177ELF\2\1\1\0\0\0\0\0\0\0\0\0\3\0>\0\1\0\0\0000\30\0\0\0\0\0\0"...,
> 832)
> > = 832
> > fstat(3, {st_mode=S_IFREG|0755, st_size=24840, ...}) = 0
> > mmap(NULL, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0)
> =
> > 0x7fa29ca45000
> > mmap(NULL, 2120560, PROT_READ|PROT_EXEC, MAP_PRIVATE|MAP_DENYWRITE, 3,
> 0) =
> > 0x7fa29c414000
> > mprotect(0x7fa29c41a000, 2093056, PROT_NONE) = 0
> > mmap(0x7fa29c619000, 4096, PROT_READ|PROT_WRITE,
> > MAP_PRIVATE|MAP_FIXED|MAP_DENYWRITE, 3, 0x5000) = 0x7fa29c619000
> > close(3)                                = 0
> > open("/lib64/libc.so.6", O_RDONLY)      = 3
> > read(3,
> > "\177ELF\2\1\1\3\0\0\0\0\0\0\0\0\3\0>\0\1\0\0\0\360\355\1\0\0\0\0\0"...,
> > 832) = 832
> > fstat(3, {st_mode=S_IFREG|0755, st_size=1916528, ...}) = 0
> > mmap(NULL, 3745960, PROT_READ|PROT_EXEC, MAP_PRIVATE|MAP_DENYWRITE, 3,
> 0) =
> > 0x7fa29c081000
> > mprotect(0x7fa29c20a000, 2097152, PROT_NONE) = 0
> > mmap(0x7fa29c40a000, 20480, PROT_READ|PROT_WRITE,
> > MAP_PRIVATE|MAP_FIXED|MAP_DENYWRITE, 3, 0x189000) = 0x7fa29c40a000
> > mmap(0x7fa29c40f000, 18600, PROT_READ|PROT_WRITE,
> > MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x7fa29c40f000
> > close(3)                                = 0
> > open("/lib64/libdl.so.2", O_RDONLY)     = 3
> > read(3,
> > "\177ELF\2\1\1\0\0\0\0\0\0\0\0\0\3\0>\0\1\0\0\0\340\r\0\0\0\0\0\0"...,
> 832)
> > = 832
> > fstat(3, {st_mode=S_IFREG|0755, st_size=19536, ...}) = 0
> > mmap(NULL, 2109696, PROT_READ|PROT_EXEC, MAP_PRIVATE|MAP_DENYWRITE, 3,
> 0) =
> > 0x7fa29be7d000
> > mprotect(0x7fa29be7f000, 2097152, PROT_NONE) = 0
> > mmap(0x7fa29c07f000, 8192, PROT_READ|PROT_WRITE,
> > MAP_PRIVATE|MAP_FIXED|MAP_DENYWRITE, 3, 0x2000) = 0x7fa29c07f000
> > close(3)                                = 0
> > mmap(NULL, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0)
> =
> > 0x7fa29ca44000
> > mmap(NULL, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0)
> =
> > 0x7fa29ca43000
> > mmap(NULL, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0)
> =
> > 0x7fa29ca42000
> > arch_prctl(ARCH_SET_FS, 0x7fa29ca43700) = 0
> > mprotect(0x7fa29c07f000, 4096, PROT_READ) = 0
> > mprotect(0x7fa29c40a000, 16384, PROT_READ) = 0
> > mprotect(0x7fa29ca4e000, 4096, PROT_READ) = 0
> > munmap(0x7fa29ca46000, 25665)           = 0
> > uname({sys="Linux", node="lb1.local", ...}) = 0
> > umask(0177)                             = 022
> > brk(0)                                  = 0x1c57000
> > brk(0x1c78000)                          = 0x1c78000
> > open("/etc/conntrackd/conntrackd.conf", O_RDONLY) = 3
> > ioctl(3, SNDCTL_TMR_TIMEBASE or TCGETS, 0x7fff09f67e50) = -1 ENOTTY
> > (Inappropriate ioctl for device)
> > fstat(3, {st_mode=S_IFREG|0644, st_size=13618, ...}) = 0
> > mmap(NULL, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0)
> =
> > 0x7fa29ca4c000
> > read(3, "#\n# Synchronizer settings\n#\nSync"..., 8192) = 8192
> > read(3, "# since the daemon may keep some"..., 8192) = 5426
> > read(3, "", 4096)                       = 0
> > open("/etc/nsswitch.conf", O_RDONLY)    = 4
> > fstat(4, {st_mode=S_IFREG|0644, st_size=1688, ...}) = 0
> > mmap(NULL, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0)
> =
> > 0x7fa29ca4b000
> > read(4, "#\n# /etc/nsswitch.conf\n#\n# An ex"..., 4096) = 1688
> > read(4, "", 4096)                       = 0
> > close(4)                                = 0
> > munmap(0x7fa29ca4b000, 4096)            = 0
> > open("/etc/ld.so.cache", O_RDONLY)      = 4
> > fstat(4, {st_mode=S_IFREG|0644, st_size=25665, ...}) = 0
> > mmap(NULL, 25665, PROT_READ, MAP_PRIVATE, 4, 0) = 0x7fa29ca3b000
> > close(4)                                = 0
> > open("/lib64/libnss_files.so.2", O_RDONLY) = 4
> > read(4,
> > "\177ELF\2\1\1\0\0\0\0\0\0\0\0\0\3\0>\0\1\0\0\0\360!\0\0\0\0\0\0"...,
> 832)
> > = 832
> > fstat(4, {st_mode=S_IFREG|0755, st_size=65928, ...}) = 0
> > mmap(NULL, 2151824, PROT_READ|PROT_EXEC, MAP_PRIVATE|MAP_DENYWRITE, 4,
> 0) =
> > 0x7fa29bc6f000
> > mprotect(0x7fa29bc7b000, 2097152, PROT_NONE) = 0
> > mmap(0x7fa29be7b000, 8192, PROT_READ|PROT_WRITE,
> > MAP_PRIVATE|MAP_FIXED|MAP_DENYWRITE, 4, 0xc000) = 0x7fa29be7b000
> > close(4)                                = 0
> > mprotect(0x7fa29be7b000, 4096, PROT_READ) = 0
> > munmap(0x7fa29ca3b000, 25665)           = 0
> > open("/etc/protocols", O_RDONLY|O_CLOEXEC) = 4
> > fcntl(4, F_GETFD)                       = 0x1 (flags FD_CLOEXEC)
> > fstat(4, {st_mode=S_IFREG|0644, st_size=6455, ...}) = 0
> > mmap(NULL, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0)
> =
> > 0x7fa29ca4b000
> > read(4, "# /etc/protocols:\n# $Id: protoco"..., 4096) = 4096
> > close(4)                                = 0
> > munmap(0x7fa29ca4b000, 4096)            = 0
> > read(3, "", 8192)                       = 0
> > ioctl(3, SNDCTL_TMR_TIMEBASE or TCGETS, 0x7fff09f674d0) = -1 ENOTTY
> > (Inappropriate ioctl for device)
> > close(3)                                = 0
> > munmap(0x7fa29ca4c000, 4096)            = 0
> > open("/var/log/conntrackd.log", O_RDWR|O_CREAT|O_APPEND, 0666) = 3
> > open("/var/lock/conntrack.lock", O_RDONLY|O_CREAT|O_EXCL|O_TRUNC, 0600)
> = 4
> > close(4)                                = 0
> > getpriority(PRIO_PROCESS, 0)            = 20
> > setpriority(PRIO_PROCESS, 0, 4294967276) = 0
> > getpriority(PRIO_PROCESS, 0)            = 40
> > mmap(NULL, 528384, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1,
> 0)
> > = 0x7fa29c9c1000
> > mmap(NULL, 528384, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1,
> 0)
> > = 0x7fa29c940000
> > open("/etc/localtime", O_RDONLY)        = 4
> > fstat(4, {st_mode=S_IFREG|0644, st_size=2679, ...}) = 0
> > fstat(4, {st_mode=S_IFREG|0644, st_size=2679, ...}) = 0
> > mmap(NULL, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0)
> =
> > 0x7fa29ca4c000
> > read(4, "TZif2\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\n\0\0\0\n\0\0\0\0"...,
> > 4096) = 2679
> > lseek(4, -1698, SEEK_CUR)               = 981
> > read(4, "TZif2\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\v\0\0\0\v\0\0\0\0"...,
> > 4096) = 1698
> > close(4)                                = 0
> > munmap(0x7fa29ca4c000, 4096)            = 0
> > getpid()                                = 4564
> > fstat(3, {st_mode=S_IFREG|0600, st_size=86240, ...}) = 0
> > mmap(NULL, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0)
> =
> > 0x7fa29ca4c000
> > write(3, "[Wed Nov 21 15:52:16 2012] (pid="..., 72) = 72
> > stat("/etc/localtime", {st_mode=S_IFREG|0644, st_size=2679, ...}) = 0
> > write(3, "[Wed Nov 21 15:52:16 2012] (pid="..., 68) = 68
> > close(3)                                = 0
> > munmap(0x7fa29ca4c000, 4096)            = 0
> > write(2, "ERROR: conntrackd cannot start, "..., 71ERROR: conntrackd
> cannot
> > start, please check the logfile for more info
> > ) = 71
> > unlink("/var/lock/conntrack.lock")      = 0
> > exit_group(1)
> >
> > In /var/log/conntrackd.log:
> > [Wed Nov 21 15:52:16 2012] (pid=4564) [ERROR] can't open channel socket
> > [Wed Nov 21 15:52:16 2012] (pid=4564) [ERROR] initialization failed
> >
> > I haven't found anything interesting about "can't open channel socket".
> Can
> > anyone help?
> > _______________________________________________
> > CentOS mailing list
> > CentOS at centos.org
> > http://lists.centos.org/mailman/listinfo/centos
> >
> _______________________________________________
> CentOS mailing list
> CentOS at centos.org
> http://lists.centos.org/mailman/listinfo/centos
>