Public bug reported:
Hi,
on Ubuntu focal 20.04, "conntrack -L" fails to restrict output to
a specific layer three protocol family (-f).
Output of
- conntrack -L
- conntrack -L -f ipv4
- conntrack -L -f ipv6
is always the same, containing output of both ipv4 and ipv6 families.
Using the conntrack 1.4.4 binary from bionic 18.04 (not the libraries)
on focal 20.04, output gets properly filtered.
Tried conntrack 1.4.6 on a Debian Testing installation, filtering
for address family works as with 1.4.4.
Perhaps conntrack 1.4.6 should be backported to Ubuntu focal.
Regards
Matthias Ferdinand
--------------------------------------------------
root@ninio:~# lsb_release -a
No LSB modules are available.
Distributor ID: Ubuntu
Description: Ubuntu 20.04.2 LTS
Release: 20.04
Codename: focal
root@ninio:~# traceroute -n 2a02:2e0:3fe:1001:302::
traceroute to 2a02:2e0:3fe:1001:302:: (2a02:2e0:3fe:1001:302::), 30 hops max,
80 byte packets
1 2a04:6c0:4:10:ffff:ffff:ffff:ffff 0.438 ms 0.370 ms 0.348 ms
2 2a04:6c0:4:aaaa:ffff:ffff:ffff:ffff 0.329 ms 0.494 ms 0.469 ms
3 2a02:5a0:ff00:902::1 0.820 ms 0.802 ms 0.781 ms
4 2a02:5a0:301:13::236:18 0.762 ms 0.734 ms 0.690 ms
5 2001:7f8::3012:0:1 5.782 ms * *
6 * 2a02:2e0:12:20::1 5.373 ms *
7 2a02:2e0:12:32::2 5.193 ms 5.416 ms 5.397 ms
8 2a02:2e0:3fe:0:c::1 5.130 ms !X 5.131 ms !X 5.240 ms !X
# this should not show any ipv6 entries
root@ninio:~# conntrack -L -f ipv4 | tail
conntrack v1.4.5 (conntrack-tools): 31 flow entries have been shown.
tcp 6 6 TIME_WAIT src=212.82.32.26 dst=212.82.33.135 sport=42798 dport=22
src=212.82.33.135 dst=212.82.32.26 sport=22 dport=42798 [ASSURED] mark=0 use=1
udp 17 26 src=2a04:6c0:4:1f::1 dst=2a02:2e0:3fe:1001:302:: sport=58141
dport=33436 [UNREPLIED] src=2a02:2e0:3fe:1001:302:: dst=2a04:6c0:4:1f::1
sport=33436 dport=58141 mark=0 use=1
udp 17 6 src=212.82.33.135 dst=212.82.32.238 sport=59716 dport=123
src=212.82.32.238 dst=212.82.33.135 sport=123 dport=59716 mark=0 use=1
udp 17 26 src=2a04:6c0:4:1f::1 dst=2a02:2e0:3fe:1001:302:: sport=35405
dport=33445 [UNREPLIED] src=2a02:2e0:3fe:1001:302:: dst=2a04:6c0:4:1f::1
sport=33445 dport=35405 mark=0 use=1
udp 17 26 src=2a04:6c0:4:1f::1 dst=2a02:2e0:3fe:1001:302:: sport=37446
dport=33461 [UNREPLIED] src=2a02:2e0:3fe:1001:302:: dst=2a04:6c0:4:1f::1
sport=33461 dport=37446 mark=0 use=1
udp 17 26 src=2a04:6c0:4:1f::1 dst=2a02:2e0:3fe:1001:302:: sport=42273
dport=33451 [UNREPLIED] src=2a02:2e0:3fe:1001:302:: dst=2a04:6c0:4:1f::1
sport=33451 dport=42273 mark=0 use=1
udp 17 26 src=2a04:6c0:4:1f::1 dst=2a02:2e0:3fe:1001:302:: sport=40011
dport=33440 [UNREPLIED] src=2a02:2e0:3fe:1001:302:: dst=2a04:6c0:4:1f::1
sport=33440 dport=40011 mark=0 use=1
udp 17 26 src=2a04:6c0:4:1f::1 dst=2a02:2e0:3fe:1001:302:: sport=33583
dport=33447 [UNREPLIED] src=2a02:2e0:3fe:1001:302:: dst=2a04:6c0:4:1f::1
sport=33447 dport=33583 mark=0 use=1
udp 17 26 src=2a04:6c0:4:1f::1 dst=2a02:2e0:3fe:1001:302:: sport=52819
dport=33453 [UNREPLIED] src=2a02:2e0:3fe:1001:302:: dst=2a04:6c0:4:1f::1
sport=33453 dport=52819 mark=0 use=1
udp 17 26 src=2a04:6c0:4:1f::1 dst=2a02:2e0:3fe:1001:302:: sport=48589
dport=33439 [UNREPLIED] src=2a02:2e0:3fe:1001:302:: dst=2a04:6c0:4:1f::1
sport=33439 dport=48589 mark=0 use=1
root@ninio:~# which conntrack
/usr/sbin/conntrack
root@ninio:~# dpkg -S /usr/sbin/conntrack
conntrack: /usr/sbin/conntrack
root@ninio:~# dpkg -l conntrack | grep conntrack
ii conntrack 1:1.4.5-2 amd64 Program to modify the conntrack
tables
** Affects: conntrack-tools (Ubuntu)
Importance: Undecided
Status: New
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1936963
Title:
focal: conntrack (1.4.5) does not filter -L output with -f (family)
argument
To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/conntrack-tools/+bug/1936963/+subscriptions
--
ubuntu-bugs mailing list
[email protected]
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
