Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Receive: netlink receive: numerical result out of range #111

Open
greenpau opened this issue Aug 7, 2020 · 5 comments
Open

Receive: netlink receive: numerical result out of range #111

greenpau opened this issue Aug 7, 2020 · 5 comments

Comments

@greenpau
Copy link
Contributor

greenpau commented Aug 7, 2020

Getting the following error:

Receive: netlink receive: numerical result out of range

It is somehow kernel related. It appeared when I was testing on CentoOS 7 with Linux test1.local 3.10.0-1127.18.2.el7.x86_64 #1 SMP Sun Jul 26 15:27:06 UTC 2020 x86_64 x86_64 x86_64 GNU/Linux. It was not happening with CentOS 8.

The code triggering the issue:

            // Add a new chain
            // defaultDropPolicy := nftables.ChainPolicyDrop
            chain := p.conn.AddChain(&nftables.Chain{
                Name: chainName,
                //Table:    addr.table,
                Table: &nftables.Table{Name: addr.table.Name, Family: addr.table.Family},
                //Type:     nftables.ChainTypeFilter,
                //Hooknum:  nftables.ChainHookForward,
                //Priority: nftables.ChainPriorityFilter,
                //Policy:   &defaultDropPolicy,
            })
            if err := p.conn.Flush(); err != nil {
                return fmt.Errorf(
                    "failed adding chain %s for address %v of interface %s: %s",
                    chainName, addr.conf, intfName, err,
                )
            }

It looks related to: #62
@greenpau
Copy link
Contributor Author

greenpau commented Aug 7, 2020

Further, it is somehow related to chainName. If it is short, e.g. cnins-3-4026535195-dummy0, things work and it gets added. However, if it is longer, e.g. cnins-3-4026535425-dummy0-dummy-9714e150-b953-9224-a988-185420908de0, then it fails.

The max len for the name is 31 characters ...

@greenpau
Copy link
Contributor Author

greenpau commented Aug 7, 2020

Version info:

nftables v0.8 (Joe Btfsplk)

@greenpau
Copy link
Contributor Author

greenpau commented Aug 7, 2020

Once a chain gets created, I am running into the issue #109 . These are connected somehow.

@stapelberg
Copy link
Collaborator

Linux 3.10 is pretty old.

There may well be kernel bugs or changes that you’re running into.

Is CentOS one of the distributions that ships a heavily modified kernel? Might be another thing to check/consider.

You could try using the nft command line tool before translating your expressions/code to the nftables Go package, just to narrow down what’s related to the kernel vs. the Go implementation.

@greenpau
Copy link
Contributor Author

greenpau commented Aug 9, 2020

Is CentOS one of the distributions that ships a heavily modified kernel? Might be another thing to check/consider.

@stapelberg , yes. Those are RHEL kernels. The number is a bit misleading.

You could try using the nft command line tool before translating your expressions/code to the nftables Go package, just to narrow down what’s related to the kernel vs. the Go implementation.

Will do.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@stapelberg @greenpau