Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

nftables, error applying interception rules: Receive: netlink receive: recvmsg: no buffer space available #648

Closed
hissssst opened this issue Apr 11, 2022 · 5 comments
Closed

nftables, error applying interception rules: Receive: netlink receive: recvmsg: no buffer space available #648

hissssst opened this issue Apr 11, 2022 · 5 comments

Comments

@hissssst
Copy link

hissssst commented Apr 11, 2022
edited
Loading

Describe the bug
Long running connections keep being opened, but at some point just stop transmitting data

Include the following information:

  • OpenSnitch 1.5.0
  • NixOS unstable
  • sway (irrelevant)
  • Linux 5.15.30 NixOS SMP Sat Mar 19 12:47:51 UTC 2022 x86_64 GNU/Linux

To Reproduce

  • Start opensnitchd
  • Try downloading some big file
  • Check the transfer speed

Post error logs:

journalctl is full of this kind of logs. Note that the number (1274 on the first line) is increased by 2 every 30 secs.

opensnitchd[2098]: [2022-04-11 13:57:10]  WAR  nftables mangle rules not loaded: 1274
opensnitchd[2098]: [2022-04-11 13:57:10]  IMP  nftables firewall rules changed, reloading
opensnitchd[2098]: [2022-04-11 13:57:10]  WAR  nftables, error applying interception rules: Receive: netlink receive: recvmsg: no buffer space available
opensnitchd[2098]: [2022-04-11 13:57:40]  WAR  nftables mangle rules not loaded: 1276
opensnitchd[2098]: [2022-04-11 13:57:40]  IMP  nftables firewall rules changed, reloading
opensnitchd[2098]: [2022-04-11 13:57:40]  WAR  nftables, error applying interception rules: Receive: netlink receive: recvmsg: no buffer space available
opensnitchd[2098]: [2022-04-11 13:58:10]  WAR  nftables mangle rules not loaded: 1278
opensnitchd[2098]: [2022-04-11 13:58:10]  IMP  nftables firewall rules changed, reloading
opensnitchd[2098]: [2022-04-11 13:58:10]  WAR  nftables, error applying interception rules: Receive: netlink receive: recvmsg: no buffer space available
opensnitchd[2098]: [2022-04-11 13:58:40]  WAR  nftables mangle rules not loaded: 1280
opensnitchd[2098]: [2022-04-11 13:58:40]  IMP  nftables firewall rules changed, reloading
opensnitchd[2098]: [2022-04-11 13:58:40]  WAR  nftables, error applying interception rules: Receive: netlink receive: recvmsg: no buffer space available
opensnitchd[2098]: [2022-04-11 13:59:10]  WAR  nftables mangle rules not loaded: 1282
opensnitchd[2098]: [2022-04-11 13:59:10]  IMP  nftables firewall rules changed, reloading
opensnitchd[2098]: [2022-04-11 13:59:10]  WAR  nftables, error applying interception rules: Receive: netlink receive: recvmsg: no buffer space available
opensnitchd[2098]: [2022-04-11 13:59:40]  WAR  nftables mangle rules not loaded: 1284
opensnitchd[2098]: [2022-04-11 13:59:40]  IMP  nftables firewall rules changed, reloading
opensnitchd[2098]: [2022-04-11 13:59:40]  WAR  nftables, error applying interception rules: Receive: netlink receive: recvmsg: no buffer space available
opensnitchd[2098]: [2022-04-11 14:00:10]  WAR  nftables mangle rules not loaded: 1286
opensnitchd[2098]: [2022-04-11 14:00:10]  IMP  nftables firewall rules changed, reloading
opensnitchd[2098]: [2022-04-11 14:00:10]  WAR  nftables, error applying interception rules: Receive: netlink receive: recvmsg: no buffer space available
opensnitchd[2098]: [2022-04-11 14:00:32]  WAR  nftables, error applying interception rules: Receive: netlink receive: recvmsg: no buffer space available

Config:

{
  "DefaultAction": "allow",
  "DefaultDuration": "always",
  "Firewall": "nftables",
  "InterceptUnknown": true,
  "LogLevel": 2,
  "ProcMonitorMethod": "ebpf",
  "Server": {
    "Address": "unix:///tmp/osui.sock",
    "LogFile": "/dev/stdout"
  },
  "Stats": {
    "MaxEvents": 10000,
    "MaxStats": 100
  }
}
@gustavo-iniguez-goya
Copy link
Collaborator

hi @hissssst !

Thank you for reporting this error. Are you using latest sources from master branch?

@hissssst
Copy link
Author

@gustavo-iniguez-goya It's 1.5.0

buildGoModule rec {
  pname = "opensnitch";
  version = "1.5.0";

  src = fetchFromGitHub {
    owner = "evilsocket";
    repo = "opensnitch";
    rev = "v${version}";
    sha256 = "sha256-vtD82v0VlaJtCICXduD3IxJ0xjlBuzGKLWLoCiwPX2I=";
  };
  ...
}

@gustavo-iniguez-goya
Copy link
Collaborator

thank you. Ok, if understand it correctly it's getting the sources from the tag v1.5.0.
If that's the case, this error is fixed on master branch. Is there any way you could build the daemon from the master branch? Just to confirm that the error is fixed.

@hissssst
Copy link
Author

Build fails with

building
make: Entering directory '/build/source/proto'
protoc -I. ui.proto --go_out=../daemon/ui/protocol/ --go-grpc_out=../daemon/ui/protocol/ --go_opt=path>
make: Leaving directory '/build/source/proto'
Building subPackage .
go: inconsistent vendoring in /build/source/daemon:
        github.com/google/nftables@v0.0.0-20220210072902-edf9fe8cd04f: is explicitly required in go.mo>
        github.com/google/nftables@v0.0.0-20210514154851-a285acebcad3: is marked as explicit in vendor>

        To ignore the vendor directory, use -mod=readonly or -mod=mod.
        To sync the vendor directory, run:
                go mod vendor

Could you please share commits with fixes for this issue?

@gustavo-iniguez-goya
Copy link
Collaborator

yep, here it is:
1f79b3a

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@gustavo-iniguez-goya @hissssst