#244 instDialog::opError

open
nobody
None
5
2012-12-10
2012-12-10
MasteRehm
No

Hi,

we are working in a group on the same file with the current fwbuilder (5.1.0.3599), but recently some of us getting an "progress error" after the compile. Others don't. Everything looks fine and there are no compile errors in the log. In the debug mode there is an error: instDialog::opError [1].
OS in use: Debian Wheezy (unstable) or Xubuntu 12.10.
Installed Package: http://packages.debian.org/wheezy/fwbuilder
or via "deb http://www.fwbuilder.org/deb/stable/ maverick contrib"
Makes no difference. Same error.

Mentionable: In the same file are different firewalls to compile. Some work, some do not (getting an error after compile / getting no error)

Do you have an idea what be causing the problem?

Thanks in advance.
Regards,

Thorsten

[1]
iinstDialog::interpretLogLine Output file name: <NAME>

instDialog::interpretLogLine words[0]='Output'
instDialog::interpretLogLine words[1]='file'
instDialog::interpretLogLine words[2]='name:'
instDialog::interpretLogLine words[3]='<NAME>'
instDialog::readFromStdout: read_status=23 buf= Compiled successfully

instDialog::interpretLogLine Compiled successfully

instDialog::interpretLogLine words[0]='Compiled'
instDialog::interpretLogLine words[1]='successfully'
instDialog::interpretLogLine set progress bar to max
instDialog::readFromStdout: read_status=23 buf=Compile time: 00:01:08

instDialog::interpretLogLine Compile time: 00:01:08

instDialog::interpretLogLine words[0]='Compile'
instDialog::interpretLogLine words[1]='time:'
instDialog::interpretLogLine words[2]='00:01:08'
instDialog::compilerFinished exit code = 0 exit_status=1
instDialog::opError fw= <NAME>

Discussion

  • MasteRehm
    MasteRehm
    2012-12-11

    Hmpf, today I updated some lib packages and the problem is gone.
    libxml2:amd64 2.8.0+dfsg1-7
    libsnmp-base:all 5.4.3~dfsg-2.7
    libsnmp15:amd64 5.4.3~dfsg-2.7

     
  • MasteRehm
    MasteRehm
    2012-12-12

    Damn, it was just a coincidence. Same problem today. Funny thing, the ruleset didn't change. Same ruleset as yesterday. So, I think, it's a bug :-(

     
  • Vadim Kurland
    Vadim Kurland
    2012-12-13

    It looks like this error means compiler has crashed. If this is the case, it should have produced core file. Can you find it ?

     
  • MasteRehm
    MasteRehm
    2012-12-13

    I checked it twice and forced one core dump (kill -3 fwbuilder) to check the right ulimit seetings, but sorry, no core file after the progress error. FYI, after the progress error you can still use fwbuilder. The application doesn't hang or similar.
    I made another obversation: If I start fwbuilder as root (e.g. sudo fwbuilder -f <filename>) it works perfectly. Afterwards I started fwbuilder with strace and trace open (strace -o fwbuilder_strace -ff -e open fwbuilder -f <filename>), but I can't find a permission denied or something like that.

    Under what circumstances does fwbuilder need root privileges? To remind, sometimes the compile process ends successfully, started as normal user without root privileges.

     
  • Vadim Kurland
    Vadim Kurland
    2012-12-13

    compiler is an external process so, if it crashes, the GUI will continue to run. If you want to run strace, you need to run it with -f or -ff flag to capture child processes too.

    neither the GUI nor the compiler need root privileges and I do not recommend running it as root. However if you ever did that, the file produced by the compiler will belong to root and if you then run fwbuilder as a regular user, compiler won't be able to overwrite it. It should not crash even in this situation though.

    do you store .fwb file and generated configuration on a shared filesystem by any chance ?

     
  • MasteRehm
    MasteRehm
    2012-12-13

    As you can see in my previous post, I used the -ff option.
    Both no. Neither the files belong to root nor the fwb file is on a shared filesystem.

     
  • Vadim Kurland
    Vadim Kurland
    2012-12-13

    sorry I missed -ff

    compiler sets its current directory to where .fwb file is located. If it ever dumps core, it should be there.

    also, does it create new firewall script even in the case where this error is reported? Double check that the script file is really new and not the old one. May be delete the file, then recompile the policy and see if the file is created. also generated script has timestamp in the comment at the top

     
  • MasteRehm
    MasteRehm
    2012-12-14

    As you can see below, the ulimit is correct, there isn't a core dump after fwbuilder has finished and all *.fw files created, without a permission or similar problem. Afterwards you can see the log and additionally a screenshot as attachment.

    ---snip---
    user@hostname:~/tmp/fwerror$ ulimit -c
    unlimited

    user@hostname:~/tmp/fwerror$ ls -alhF
    insgesamt 576K
    drwxr-xr-x 2 user user 25 Dez 14 10:22 ./
    drwxr-xr-x 5 user user 4,0K Dez 14 10:20 ../
    -rw-r--r-- 1 user user 572K Dez 14 10:21 firewall.fwb

    user@hostname:~/tmp/fwerror$ date -u
    Fr 14. Dez 09:27:38 UTC 2012

    user@hostname:~/tmp/fwerror$ fwbuilder -f firewall.fwb
    Firewall Builder GUI 5.1.0.3599

    user@hostname:~/tmp/fwerror$ ls -alhF
    insgesamt 1,1M
    drwxr-xr-x 2 user user 131 Dez 14 10:30 ./
    drwxr-xr-x 5 user user 4,0K Dez 14 10:30 ../
    -rw-r--r-- 1 user user 572K Dez 14 10:27 firewall.fwb
    -rwxr-xr-x 1 user user 121K Dez 14 10:28 fw1.fw*
    -rwxr-xr-x 1 user user 121K Dez 14 10:29 fw2.fw*
    -rwxr-xr-x 1 user user 121K Dez 14 10:29 fw3.fw*
    -rwxr-xr-x 1 user user 121K Dez 14 10:30 fw4.fw*

    user@hostname:~/tmp/fwerror$ date -u
    Fr 14. Dez 09:30:59 UTC 2012

    user@hostname:~/tmp/fwerror$
    ---snap---

    ---snip---
    Compiling rule sets for firewall: gw
    fwb_ipt -v -f /home/user/tmp/fwerror/firewall.fwb -d /home/user/tmp/fwerror -O id24484X2396,fw1.fw,id353829X7137,fw2.fw -i id17510X14284
    *** Loading data ...
    done

    Firewall fw1 member of cluster gw
    Compiling ruleset Policy for 'mangle' table
    Detecting rule shadowing
    Compiling ruleset Policy for 'filter' table
    Detecting rule shadowing
    processing 126 rules
    rule -2 CONNTRACK (automatic)
    rule -1 CONNTRACK (automatic)
    rule 0 (eth0)
    rule 1 (eth1)
    rule 2 (eth2)
    rule 3 (eth2)
    rule 4 (eth3)
    rule 5 (eth4)
    rule 6 (global)
    rule 7 (global)
    rule 8 (eth2)
    rule 9 (global)
    <TRUNCATED>
    rule 124 (global)
    processing 126 rules
    rule -2 CONNTRACK (automatic)
    rule -1 CONNTRACK (automatic)
    rule 0 (eth0)
    rule 1 (eth1)
    rule 2 (eth2)
    rule 3 (eth2)
    rule 4 (eth3)
    rule 5 (eth4)
    rule 6 (global)
    rule 7 (global)
    rule 8 (eth2)
    rule 9 (global)
    <TRUNCATED>
    rule 124 (global)
    Output file name: fw1.fw
    Compiled successfully

    Firewall fw2 member of cluster gw
    Compiling ruleset Policy for 'mangle' table
    Detecting rule shadowing
    Compiling ruleset Policy for 'filter' table
    Detecting rule shadowing
    processing 126 rules
    rule -2 CONNTRACK (automatic)
    rule -1 CONNTRACK (automatic)
    rule 0 (eth0)
    rule 1 (eth1)
    rule 2 (eth2)
    rule 3 (eth2)
    rule 4 (eth3)
    rule 5 (eth4)
    rule 6 (global)
    rule 7 (global)
    rule 8 (eth2)
    rule 9 (global)
    <TRUNCATED>
    rule 124 (global)
    processing 126 rules
    rule -2 CONNTRACK (automatic)
    rule -1 CONNTRACK (automatic)
    rule 0 (eth0)
    rule 1 (eth1)
    rule 2 (eth2)
    rule 3 (eth2)
    rule 4 (eth3)
    rule 5 (eth4)
    rule 6 (global)
    rule 7 (global)
    rule 8 (eth2)
    rule 9 (global)
    <TRUNCATED>
    rule 124 (global)
    Output file name: fw2.fw
    Compiled successfully
    Compile time: 00:01:01
    ---snap---

     
  • Vadim Kurland
    Vadim Kurland
    2012-12-15

    this all looks ok to me, yet Qt reports that external process has crashed. I am out of ideas.