Show Table of Contents
Network operation persists when
Sending big files through
Flushing
Using
Device reference held by
The
The
The
Chapter 32. Networking
Network operation persists when ip6mr unregisters an already unregistered device
Previously, the
IPv6 multicast routing (ip6mr) code tried to unregister an already unregistered device. As a consequence, a bug was reported in the syslog causing the network operation to stop. With this update, ip6mr no longer unregisters devices that are already marked as unregistered. As a result, no more bugs are reported in syslog, and the network operation persists in the described scenario. (BZ#1445046)
Sending big files through VTI no longer fails
Previously, when sending a big file through
Virtual Tunnel Interface (VTI) failed because VTI did not handle Path Maximum Transmission Unit (PMTU). As a consequence, files with greater size than the PMTU size could not be sent. This update adds PMTU handling. As a result, PMTU can be updated in Tx path, and the described problem no longer occurs. (BZ#1467521)
L2TP with IPv6 encapsulation now works in name space
Previously, using
Layer 2 Tunneling Protocol (L2TP) with IPv6 encapsulation did not support name space. As a consequence, L2TP could not be used in name space. With this update, L2TP with IPv6 encapsulation is now aware of name space, and the described problem no longer occurs. (BZ#1465711)
Flushing ARP entries no longer fails
Previously, trying to flush an incomplete or failed
Address Resolution Protocol (ARP) entry had no effect. As a consequence, the incomplete ARP entry remained there, and in some cases caused problems for debugging systems or networks. This update allows for the removal of an incomplete or failed ARP entry. As a result, users can now get an ARP table as expected. (BZ#1383691, BZ#1469945)
Using cls_matchall with classful queue disciplines no longer causes the kernel to crash
Previously, the matchall classifier
(cls_matchall) did not assign the classic option to a packet. As a consequence, the kernel terminated unexpectedly when trying to use cls_matchall with classful queueing disciplines (classful qdiscs), such as Hierarchical Token Bucket (HTB) or Class Based Queueing (CBQ). With this update, when cls_matchall processes classid, classid is assigned to a packet. As a result, cls_matchall with classful qdiscs can now be used successfully and the user-provided value of classid is no longer ignored in the described scenario.
For more details on the kernel actions related to
classid, see the OPTIONS section in the tc-matchall (8) man page. (BZ#1460213)
ICMP error packets are no longer lost when a user connects to a closed SCTP port
Previously, when trying to connect to a closed Stream Control Transmission Protocol (SCTP) port, an
Internet Control Message Protocol (ICMP) error reply from the server was lost. This occurred only with Network Interface Cards (NICs) that used non-linear buffers to receive data. As a consequence, for a connection to a closed SCTP port, the user was waiting until a timeout instead of getting the connection refused error message from the server immediately. With this update, the received data is handled in a linear way and the ICMP error reply is not lost. As a result, the user receives the corresponding ICMP error in the described situation. (BZ#1450529)
SCTP now selects the right source address
Previously, when using a secondary IPv6 address, Stream Control Transmission Protocol (SCTP) selected the source address based on the best prefix matching with the destination address. As a consequence, in some cases, a packet was sent through an interface with the wrong IPv6 address. With this update, SCTP uses the address that already exists in the routing table for this specific route. As a result, SCTP uses the expected IPv6 address as the source address when secondary addresses are used on a host. (BZ#1460106)
Device reference held by iptables CLUSTERIP target is now properly released on namespace deletion
Previously, the
iptables CLUSTERIP target held a direct reference to the network device specified as input device in the associated rule. When that rule inside a namespace was deleted, the corresponding reference was not released. As a consequence, upon namespace deletion, dangling references held by the CLUSTERIP target sometimes prevented deletion of network devices contained in the namespace. For this reason, it was not possible to create a device with the same name and the related memory was not freed. With this update, the CLUSTERIP target rule reference does not hold the related device but its index. As a result, when deleting a namespace, all the rules and references related to this namespace are also cleared properly. (BZ#1472892)
The nftables configuration files are no longer publicly readable
Previously, during installation in the
RPM file, the nftables configuration file mode bits were not adjusted accordingly. As a consequence, the configuration templates in the /etc/nftables directory and the etc/sysconfig/nftables.conf main configuration file were publicly readable. With this update, the file mode bits are explicitly set to correct values when installing the configuration files. As a result, the user can now install the configuration files with the correct permissions.
Note that the configuration files which are not modified by the administrator, are replaced with configuration files with the correct permissions.
The modified configuration files are not replaced. In that case, for
/etc/sysconfig/nftables.conf, an rpmnew file is created which has the correct permissions. For any files in /etc/nftables, no rpmnew file is created, and the user must manually set the permissions. (BZ#1451404)
The Ready to read events are now correctly sent to an application when SENDER_DRY_EVENTS is enabled
Previously, when enabling the
SENDER_DRY_EVENTS notifications or when the Stream Control Transmission Protocol (SCTP) Partial Reliability triggered the removal of a chunk, the SCTP stack flagged an event that it was already generated and sent it to an application. However, the flag was not removed afterwards. As a consequence, the application missed the ready to read event. With this update, the stack does not flag the event in such cases anymore. As a result, the ready to read events are now correctly dispatched to an application. (BZ#1442784)
SCTP statistics now available
Previously, the stream control transmission protocol (SCTP) statistics parser could not handle the
/proc/net/sctp/snmp source file. As a consequence, users were not able to see the statistic information. Parsing of the SCTP statistics has been fixed. As a result, the SCTP statistics are now available to users. (BZ#1329338)
The firewalld service daemon no longer hangs in the rmmod process
Previously, some network device drivers, specifically some
wi-fi and IP over InfiniBand Network Interface Cards (IPoIB NICs) drivers, held conntrack entries associated with untracked packets for an unlimited amount of time. As a consequence, at removal time, the conntrack kernel module was in a busy loop waiting for these entries to be freed. This led to the rmmod nf_conntrack module consuming 100% of the CPU usage causing firewalld to hang at shutdown time. With this update, the new kernel removes support for the notrack conntrack entries, and conntrack no longer waits for such entries to be freed. As a result, the firewalld shutdown no longer hangs. (BZ#1317099)
Where did the comment section go?
Red Hat's documentation publication system recently went through an upgrade to enable speedier, more mobile-friendly content. We decided to re-evaluate our commenting platform to ensure that it meets your expectations and serves as an optimal feedback mechanism. During this redesign, we invite your input on providing feedback on Red Hat documentation via the discussion platform.