You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
The reason will be displayed to describe this comment to others. Learn more.
Any idea why this broke some of our tests? I tested that reverting this would fix nixos.tests.nat.standalone.x86_64-linux; the other NAT test is probably the same and there might be more (these two are now blocking unstable-small).
The reason will be displayed to describe this comment to others. Learn more.
This is a new thing in the log:
client# [ 4.777473] nf_conntrack: automatic helper assignment is deprecated and it will be removed soon. Use the iptables CT target to attach helpers instead.
router# [ 5.021706] nf_conntrack: automatic helper assignment is deprecated and it will be removed soon. Use the iptables CT target to attach helpers instead.
The reason will be displayed to describe this comment to others. Learn more.
Have you checked that this isn't just a transient failure? It seems very odd that an application-level FTP issue (illegal command) would be caused by a kernel bump...
0fdef7d
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Yay!
0fdef7d
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
🎉
0fdef7d
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Pity ZFS doesn't have 4.9 support in stable release yet.
0fdef7d
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Any idea why this broke some of our tests? I tested that reverting this would fix
nixos.tests.nat.standalone.x86_64-linux
; the other NAT test is probably the same and there might be more (these two are now blocking unstable-small).0fdef7d
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
This seems to be the root symptom (it's an FTP session):
0fdef7d
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
That is, active FTP stops working while passive seems still OK.
0fdef7d
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
This is a new thing in the log:
0fdef7d
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Have you checked that this isn't just a transient failure? It seems very odd that an application-level FTP issue (illegal command) would be caused by a kernel bump...
0fdef7d
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I did, of course. Hydra tried several times and I also tried locally once (and once with kernel reverted).
0fdef7d
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I suspect some changes in netfilter might've broken our firewall rules, but my knowledge around these things is almost void.
0fdef7d
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Probably to do with https://github.com/NixOS/nixpkgs/blob/master/nixos/modules/services/networking/firewall.nix#L427-L444
0fdef7d
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
@vcunat regarding zfs: #21578
0fdef7d
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
(I didn't mention ZFS.)
0fdef7d
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
@dwe11er regarding zfs: #21578