[Bug 1936963] [NEW] focal: conntrack (1.4.5) does not filter -L output with -f (family) argument
Matthias Ferdinand
1936963 at bugs.launchpad.net
Tue Jul 20 17:07:29 UTC 2021
Public bug reported:
Hi,
on Ubuntu focal 20.04, "conntrack -L" fails to restrict output to
a specific layer three protocol family (-f).
Output of
- conntrack -L
- conntrack -L -f ipv4
- conntrack -L -f ipv6
is always the same, containing output of both ipv4 and ipv6 families.
Using the conntrack 1.4.4 binary from bionic 18.04 (not the libraries)
on focal 20.04, output gets properly filtered.
Tried conntrack 1.4.6 on a Debian Testing installation, filtering
for address family works as with 1.4.4.
Perhaps conntrack 1.4.6 should be backported to Ubuntu focal.
Regards
Matthias Ferdinand
--------------------------------------------------
root at ninio:~# lsb_release -a
No LSB modules are available.
Distributor ID: Ubuntu
Description: Ubuntu 20.04.2 LTS
Release: 20.04
Codename: focal
root at ninio:~# traceroute -n 2a02:2e0:3fe:1001:302::
traceroute to 2a02:2e0:3fe:1001:302:: (2a02:2e0:3fe:1001:302::), 30 hops max, 80 byte packets
1 2a04:6c0:4:10:ffff:ffff:ffff:ffff 0.438 ms 0.370 ms 0.348 ms
2 2a04:6c0:4:aaaa:ffff:ffff:ffff:ffff 0.329 ms 0.494 ms 0.469 ms
3 2a02:5a0:ff00:902::1 0.820 ms 0.802 ms 0.781 ms
4 2a02:5a0:301:13::236:18 0.762 ms 0.734 ms 0.690 ms
5 2001:7f8::3012:0:1 5.782 ms * *
6 * 2a02:2e0:12:20::1 5.373 ms *
7 2a02:2e0:12:32::2 5.193 ms 5.416 ms 5.397 ms
8 2a02:2e0:3fe:0:c::1 5.130 ms !X 5.131 ms !X 5.240 ms !X
# this should not show any ipv6 entries
root at ninio:~# conntrack -L -f ipv4 | tail
conntrack v1.4.5 (conntrack-tools): 31 flow entries have been shown.
tcp 6 6 TIME_WAIT src=212.82.32.26 dst=212.82.33.135 sport=42798 dport=22 src=212.82.33.135 dst=212.82.32.26 sport=22 dport=42798 [ASSURED] mark=0 use=1
udp 17 26 src=2a04:6c0:4:1f::1 dst=2a02:2e0:3fe:1001:302:: sport=58141 dport=33436 [UNREPLIED] src=2a02:2e0:3fe:1001:302:: dst=2a04:6c0:4:1f::1 sport=33436 dport=58141 mark=0 use=1
udp 17 6 src=212.82.33.135 dst=212.82.32.238 sport=59716 dport=123 src=212.82.32.238 dst=212.82.33.135 sport=123 dport=59716 mark=0 use=1
udp 17 26 src=2a04:6c0:4:1f::1 dst=2a02:2e0:3fe:1001:302:: sport=35405 dport=33445 [UNREPLIED] src=2a02:2e0:3fe:1001:302:: dst=2a04:6c0:4:1f::1 sport=33445 dport=35405 mark=0 use=1
udp 17 26 src=2a04:6c0:4:1f::1 dst=2a02:2e0:3fe:1001:302:: sport=37446 dport=33461 [UNREPLIED] src=2a02:2e0:3fe:1001:302:: dst=2a04:6c0:4:1f::1 sport=33461 dport=37446 mark=0 use=1
udp 17 26 src=2a04:6c0:4:1f::1 dst=2a02:2e0:3fe:1001:302:: sport=42273 dport=33451 [UNREPLIED] src=2a02:2e0:3fe:1001:302:: dst=2a04:6c0:4:1f::1 sport=33451 dport=42273 mark=0 use=1
udp 17 26 src=2a04:6c0:4:1f::1 dst=2a02:2e0:3fe:1001:302:: sport=40011 dport=33440 [UNREPLIED] src=2a02:2e0:3fe:1001:302:: dst=2a04:6c0:4:1f::1 sport=33440 dport=40011 mark=0 use=1
udp 17 26 src=2a04:6c0:4:1f::1 dst=2a02:2e0:3fe:1001:302:: sport=33583 dport=33447 [UNREPLIED] src=2a02:2e0:3fe:1001:302:: dst=2a04:6c0:4:1f::1 sport=33447 dport=33583 mark=0 use=1
udp 17 26 src=2a04:6c0:4:1f::1 dst=2a02:2e0:3fe:1001:302:: sport=52819 dport=33453 [UNREPLIED] src=2a02:2e0:3fe:1001:302:: dst=2a04:6c0:4:1f::1 sport=33453 dport=52819 mark=0 use=1
udp 17 26 src=2a04:6c0:4:1f::1 dst=2a02:2e0:3fe:1001:302:: sport=48589 dport=33439 [UNREPLIED] src=2a02:2e0:3fe:1001:302:: dst=2a04:6c0:4:1f::1 sport=33439 dport=48589 mark=0 use=1
root at ninio:~# which conntrack
/usr/sbin/conntrack
root at ninio:~# dpkg -S /usr/sbin/conntrack
conntrack: /usr/sbin/conntrack
root at ninio:~# dpkg -l conntrack | grep conntrack
ii conntrack 1:1.4.5-2 amd64 Program to modify the conntrack tables
** Affects: conntrack-tools (Ubuntu)
Importance: Undecided
Status: New
--
You received this bug notification because you are a member of Ubuntu
Foundations Bugs, which is subscribed to conntrack-tools in Ubuntu.
https://bugs.launchpad.net/bugs/1936963
Title:
focal: conntrack (1.4.5) does not filter -L output with -f (family)
argument
Status in conntrack-tools package in Ubuntu:
New
Bug description:
Hi,
on Ubuntu focal 20.04, "conntrack -L" fails to restrict output to
a specific layer three protocol family (-f).
Output of
- conntrack -L
- conntrack -L -f ipv4
- conntrack -L -f ipv6
is always the same, containing output of both ipv4 and ipv6 families.
Using the conntrack 1.4.4 binary from bionic 18.04 (not the libraries)
on focal 20.04, output gets properly filtered.
Tried conntrack 1.4.6 on a Debian Testing installation, filtering
for address family works as with 1.4.4.
Perhaps conntrack 1.4.6 should be backported to Ubuntu focal.
Regards
Matthias Ferdinand
--------------------------------------------------
root at ninio:~# lsb_release -a
No LSB modules are available.
Distributor ID: Ubuntu
Description: Ubuntu 20.04.2 LTS
Release: 20.04
Codename: focal
root at ninio:~# traceroute -n 2a02:2e0:3fe:1001:302::
traceroute to 2a02:2e0:3fe:1001:302:: (2a02:2e0:3fe:1001:302::), 30 hops max, 80 byte packets
1 2a04:6c0:4:10:ffff:ffff:ffff:ffff 0.438 ms 0.370 ms 0.348 ms
2 2a04:6c0:4:aaaa:ffff:ffff:ffff:ffff 0.329 ms 0.494 ms 0.469 ms
3 2a02:5a0:ff00:902::1 0.820 ms 0.802 ms 0.781 ms
4 2a02:5a0:301:13::236:18 0.762 ms 0.734 ms 0.690 ms
5 2001:7f8::3012:0:1 5.782 ms * *
6 * 2a02:2e0:12:20::1 5.373 ms *
7 2a02:2e0:12:32::2 5.193 ms 5.416 ms 5.397 ms
8 2a02:2e0:3fe:0:c::1 5.130 ms !X 5.131 ms !X 5.240 ms !X
# this should not show any ipv6 entries
root at ninio:~# conntrack -L -f ipv4 | tail
conntrack v1.4.5 (conntrack-tools): 31 flow entries have been shown.
tcp 6 6 TIME_WAIT src=212.82.32.26 dst=212.82.33.135 sport=42798 dport=22 src=212.82.33.135 dst=212.82.32.26 sport=22 dport=42798 [ASSURED] mark=0 use=1
udp 17 26 src=2a04:6c0:4:1f::1 dst=2a02:2e0:3fe:1001:302:: sport=58141 dport=33436 [UNREPLIED] src=2a02:2e0:3fe:1001:302:: dst=2a04:6c0:4:1f::1 sport=33436 dport=58141 mark=0 use=1
udp 17 6 src=212.82.33.135 dst=212.82.32.238 sport=59716 dport=123 src=212.82.32.238 dst=212.82.33.135 sport=123 dport=59716 mark=0 use=1
udp 17 26 src=2a04:6c0:4:1f::1 dst=2a02:2e0:3fe:1001:302:: sport=35405 dport=33445 [UNREPLIED] src=2a02:2e0:3fe:1001:302:: dst=2a04:6c0:4:1f::1 sport=33445 dport=35405 mark=0 use=1
udp 17 26 src=2a04:6c0:4:1f::1 dst=2a02:2e0:3fe:1001:302:: sport=37446 dport=33461 [UNREPLIED] src=2a02:2e0:3fe:1001:302:: dst=2a04:6c0:4:1f::1 sport=33461 dport=37446 mark=0 use=1
udp 17 26 src=2a04:6c0:4:1f::1 dst=2a02:2e0:3fe:1001:302:: sport=42273 dport=33451 [UNREPLIED] src=2a02:2e0:3fe:1001:302:: dst=2a04:6c0:4:1f::1 sport=33451 dport=42273 mark=0 use=1
udp 17 26 src=2a04:6c0:4:1f::1 dst=2a02:2e0:3fe:1001:302:: sport=40011 dport=33440 [UNREPLIED] src=2a02:2e0:3fe:1001:302:: dst=2a04:6c0:4:1f::1 sport=33440 dport=40011 mark=0 use=1
udp 17 26 src=2a04:6c0:4:1f::1 dst=2a02:2e0:3fe:1001:302:: sport=33583 dport=33447 [UNREPLIED] src=2a02:2e0:3fe:1001:302:: dst=2a04:6c0:4:1f::1 sport=33447 dport=33583 mark=0 use=1
udp 17 26 src=2a04:6c0:4:1f::1 dst=2a02:2e0:3fe:1001:302:: sport=52819 dport=33453 [UNREPLIED] src=2a02:2e0:3fe:1001:302:: dst=2a04:6c0:4:1f::1 sport=33453 dport=52819 mark=0 use=1
udp 17 26 src=2a04:6c0:4:1f::1 dst=2a02:2e0:3fe:1001:302:: sport=48589 dport=33439 [UNREPLIED] src=2a02:2e0:3fe:1001:302:: dst=2a04:6c0:4:1f::1 sport=33439 dport=48589 mark=0 use=1
root at ninio:~# which conntrack
/usr/sbin/conntrack
root at ninio:~# dpkg -S /usr/sbin/conntrack
conntrack: /usr/sbin/conntrack
root at ninio:~# dpkg -l conntrack | grep conntrack
ii conntrack 1:1.4.5-2 amd64 Program to modify the conntrack tables
To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/conntrack-tools/+bug/1936963/+subscriptions
More information about the foundations-bugs
mailing list