Project

General

Profile

Actions

Bug #5200

closed

ipf_stack_destroy error messages when halting zones

Added by Robert Mustacchi about 7 years ago. Updated almost 7 years ago.

Status:
Closed
Priority:
Normal
Assignee:
Category:
networking
Start date:
2014-10-01
Due date:
% Done:

100%

Estimated time:
Difficulty:
Medium
Tags:
Gerrit CR:

Description

Halting a zone with ipfilter running dumps the message "ipf: ipf_stack_destroy: ipldetach failed" to the console. This seems to happen even if there are no rules in ipf.conf or ipnat.conf. So:

  • Is this actually an error? Looking at ipf/solaris.c, it definitely looks like it.
  • If this is an error, does it matter since the zone is halting?
  • If it doesn't matter, can we suppress the message in this case?

---
This is happening in ipldetach() when the function returns -1.
There are three places that can happen, but I debugged that this is
happening at the 3rd spot, this block of code:

if (ifs->ifs_hook4_physical_in || ifs->ifs_hook4_physical_out ||
ifs->ifs_hook4_nic_events || ifs->ifs_hook4_loopback_in ||
ifs->ifs_hook4_loopback_out || ifs->ifs_hook6_nic_events ||
ifs->ifs_hook6_physical_in || ifs->ifs_hook6_physical_out ||
ifs->ifs_hook6_loopback_in || ifs->ifs_hook6_loopback_out)
return -1;

This block is checking to see if any of the UNDO_HOOK macros above failed.
Looking at that macro definition we see it does the following:

ifs->_b = (net_hook_unregister(ifs->_f, \\
_e, ifs->_h) != 0);

This is what is setting the value of each flag that the 3rd check is failing on.
net_hook_unregister() eventually works its way into hook_unregister(). This
function could fail to unregister the hook in a number of spots. It looks like
we don't necessarily have to fail if it returned ENXIO. I need to do more debugging
to track this to the next level.


The hooks were torn down when the zone's exclusive stack was torn down. This happens in the code path
ip_stack_finis -> ipv4_hook_destroy -> net_family_unregister

When the ipfilter stack is torn down in the following code
path:

ipf_stack_destroy _> ipldetach

The UNDO_HOOK macro fails because net_hook_unregister can ENXIO if the hooks are already torn down. This leaves the flags in the struct still set to true which causes the final test right before we would return 0 to fail, leading us to return -1.

Actions #1

Updated by Electric Monk almost 7 years ago

  • Status changed from New to Closed

git commit c67987612cd8324e1f3d1b5110086552d19a2d89

commit  c67987612cd8324e1f3d1b5110086552d19a2d89
Author: Jerry Jelinek <jerry.jelinek@joyent.com>
Date:   2014-12-11T02:00:28.000Z

    5200 ipf_stack_destroy error messages when halting zones
    Reviewed by: Robert Mustacchi <rm@joyent.com>
    Reviewed by: Igor Kozhukhov <ikozhukhov@gmail.com>
    Reviewed by: Dan McDonald <danmcd@omniti.com>
    Reviewed by: Darren Reed <darrenr@fastmail.net>
    Approved by: Richard Lowe <richlowe@richlowe.net>

Actions

Also available in: Atom PDF