Bug#896716: libnetfilter-conntrack3: Event filtering does not take effect on MIPS.

Mon, 23 Apr 2018 22:03:53 -0700 

Package: libnetfilter-conntrack3
Version: 1.0.6-2
Severity: normal
Tags: upstream

Dear Maintainer,

Attaching a filter to a conntrack handle has no effect when compiled/run on a
MIPS machine.

I have included the source of a test case demonstrating the issue which prints a
summary when the state of an applicable connection changes. The filter applied
should ensure the callback is only called for TCP connections.

This works as expected on an x64 machine, but on a MIPS machine the filter has
no effect, the callback is triggered for all connections.

I have tried different filter types other than NFCT_FILTER_L4PROTO with the same
outcome.

-- System Information:
Debian Release: 9.4
  APT prefers stable-updates
  APT policy: (500, 'stable-updates'), (500, 'stable')
Architecture: mips

Kernel: Linux 4.9.0-6-4kc-malta
Locale: LANG=en_AU.UTF-8, LC_CTYPE=en_AU.UTF-8 (charmap=UTF-8), 
LANGUAGE=en_AU:en (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash
Init: systemd (via /run/systemd/system)

Versions of packages libnetfilter-conntrack3 depends on:
ii  libc6          2.24-11+deb9u3
ii  libmnl0        1.0.4-2
ii  libnfnetlink0  1.0.1-3

libnetfilter-conntrack3 recommends no packages.

libnetfilter-conntrack3 suggests no packages.

-- no debconf information

#include <stdio.h>
#include <libnetfilter_conntrack/libnetfilter_conntrack.h>
#include <libnetfilter_conntrack/libnetfilter_conntrack_tcp.h>

static int cb(enum nf_conntrack_msg_type type, struct nf_conntrack *ct, void 
*data) {
        char buf[1024];

        nfct_snprintf(buf, sizeof(buf), ct, type, NFCT_O_PLAIN, NFCT_OF_TIME);
        printf("%s\n", buf);

        return NFCT_CB_CONTINUE;
}

int main() {
        struct nfct_handle *h = nfct_open(CONNTRACK, NFCT_ALL_CT_GROUPS);
        if (!h) {
                perror("nfct_open");
                return 1;
        }

        struct nfct_filter *filter = nfct_filter_create();
        if (!filter) {
                perror("nfct_create_filter");
                return 1;
        }

        nfct_filter_add_attr_u32(filter, NFCT_FILTER_L4PROTO, IPPROTO_TCP);

        if (nfct_filter_attach(nfct_fd(h), filter) == -1) {
                perror("nfct_filter_attach");
                return 1;
        }

        nfct_callback_register(h, NFCT_T_ALL, cb, NULL);
        nfct_catch(h);
        nfct_filter_destroy(filter);
        nfct_close(h);
}

Reply via email to