Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

shadowsocks-libev: ss-rules fails to start #12095

Closed
amezin opened this issue May 6, 2020 · 4 comments
Closed

shadowsocks-libev: ss-rules fails to start #12095

amezin opened this issue May 6, 2020 · 4 comments
Assignees
@yousong

Comments

@amezin
Copy link
Contributor

amezin commented May 6, 2020

Maintainer: @yousong
Environment: ZyXEL NBG6817, OpenWrt SNAPSHOT r13136+15-ad27c133eb / LuCI Master git-20.125.70452-f0a0d28 (built from master today). Maybe the problem was present for a long time, I haven't been using ss-redir recently

Description:
ss-rules fails at line ip route flush table 100 in ss_rules_flush with message Flush terminated.
Does not create any iptables chains or ipsets
@yousong yousong self-assigned this May 6, 2020
@yousong
Copy link
Member

yousong commented May 6, 2020

With ip-tiny installed, I can reproduce the issue

root@OpenWrt:/# ip route flush table 100
Error: ipv4: FIB table does not exist.
Flush terminated

Likely it was caused by iproute2 package. Will take a look anyway

@yousong yousong closed this as completed in 2f73c48 May 6, 2020
@yousong
Copy link
Member

yousong commented May 6, 2020

Hi @amezin , I pushed a one line fix to address the behavior change in iproute2 and kernel. Please check if it works for you. Thank you.

@amezin
Copy link
Contributor Author

amezin commented May 7, 2020

Yes, it works. Actually I did the same change as a "quick fix" locally. I'm only a bit worried that ignoring all errors may be not the best approach in the long term.

@yousong
Copy link
Member

yousong commented May 7, 2020

Yes, it works. Actually I did the same change as a "quick fix" locally. I'm only a bit worried that ignoring all errors may be not the best approach in the long term.

I had the same concern but go ahead with current change, hoping that if the errexit way of shell scripting will catch most if not all unexpected errors later in the "ip route add" command.

1715173329 pushed a commit to immortalwrt/packages that referenced this issue May 10, 2020
@yousong @1715173329
shadowsocks-libev: ignore error from flushing route table
4c77ba8 
Linux kernel and iproute2 together now implement strict checking of the
existence of route tables.

Previously kernel does not support filtering by table id, now it does
and will error with nlmsgerr "ipv4: FIB table does not exist".

Previously iproute2 dump all routes and filter by table id in userspace,
now this has changed with iproute2 commit c7e6371bc4af ("ip route: Add
protocol, table id and device to dump request")

Error scene

	root@OpenWrt:/# ip route flush table 100
	Error: ipv4: FIB table does not exist.
	Flush terminated
	root@OpenWrt:/# echo $?
	2

Fixes: openwrt/packages#12095
Ref: https://lists.openwall.net/netdev/2019/05/02/105
Signed-off-by: Yousong Zhou <yszhou4tech@gmail.com>
jekkos pushed a commit to jekkos/packages that referenced this issue May 22, 2020
@yousong @jekkos
shadowsocks-libev: ignore error from flushing route table
e976349 
Linux kernel and iproute2 together now implement strict checking of the
existence of route tables.

Previously kernel does not support filtering by table id, now it does
and will error with nlmsgerr "ipv4: FIB table does not exist".

Previously iproute2 dump all routes and filter by table id in userspace,
now this has changed with iproute2 commit c7e6371bc4af ("ip route: Add
protocol, table id and device to dump request")

Error scene

	root@OpenWrt:/# ip route flush table 100
	Error: ipv4: FIB table does not exist.
	Flush terminated
	root@OpenWrt:/# echo $?
	2

Fixes: openwrt#12095
Ref: https://lists.openwall.net/netdev/2019/05/02/105
Signed-off-by: Yousong Zhou <yszhou4tech@gmail.com>
farmergreg pushed a commit to farmergreg/packages that referenced this issue Sep 8, 2020
@yousong @farmergreg
shadowsocks-libev: ignore error from flushing route table
237fda1 
Linux kernel and iproute2 together now implement strict checking of the
existence of route tables.

Previously kernel does not support filtering by table id, now it does
and will error with nlmsgerr "ipv4: FIB table does not exist".

Previously iproute2 dump all routes and filter by table id in userspace,
now this has changed with iproute2 commit c7e6371bc4af ("ip route: Add
protocol, table id and device to dump request")

Error scene

	root@OpenWrt:/# ip route flush table 100
	Error: ipv4: FIB table does not exist.
	Flush terminated
	root@OpenWrt:/# echo $?
	2

Fixes: openwrt#12095
Ref: https://lists.openwall.net/netdev/2019/05/02/105
Signed-off-by: Yousong Zhou <yszhou4tech@gmail.com>
farmergreg pushed a commit to farmergreg/packages that referenced this issue Sep 8, 2020
@yousong @farmergreg
shadowsocks-libev: ignore error from flushing route table
c20dd57 
Linux kernel and iproute2 together now implement strict checking of the
existence of route tables.

Previously kernel does not support filtering by table id, now it does
and will error with nlmsgerr "ipv4: FIB table does not exist".

Previously iproute2 dump all routes and filter by table id in userspace,
now this has changed with iproute2 commit c7e6371bc4af ("ip route: Add
protocol, table id and device to dump request")

Error scene

	root@OpenWrt:/# ip route flush table 100
	Error: ipv4: FIB table does not exist.
	Flush terminated
	root@OpenWrt:/# echo $?
	2

Fixes: openwrt#12095
Ref: https://lists.openwall.net/netdev/2019/05/02/105
Signed-off-by: Yousong Zhou <yszhou4tech@gmail.com>
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@yousong yousong

Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@amezin @yousong