bugzilla-daemon@bugzilla.netfilter.org
2006-Feb-14 00:13 UTC
[Bug 448] New: IPv6 conntrack does not work on a tunnel interface
https://bugzilla.netfilter.org/bugzilla/show_bug.cgi?id=448
Summary: IPv6 conntrack does not work on a tunnel interface
Product: netfilter/iptables
Version: unspecified
Platform: All
OS/Version: All
Status: NEW
Severity: major
Priority: P2
Component: ip_conntrack
AssignedTo: laforge@netfilter.org
ReportedBy: p167v76dkmomieumt9aoacs372@dgd.no-ip.com
I am using kernel 2.6.16-rc3 with the new IPv6 connection tracking. The
conntrack works when I test it with local IPv6 connections, but does not work
with connections that go through a tunnel interface. Incoming packets are marked
as INVALID and outgoing packets are marked as NEW.
I don't think it has any connection, but I have applied the nth, osf, and
random
patches from patch-o-matic. I can test without these patches if needed.
Here is a snippet of a log; 7N means outgoing NEW packet and 6I means incoming
INVALID packet.
Feb 13 16:48:15 gamma kernel: 7N IN= OUT=tun6
SRC=2002:4071:4c37:0000:0000:0000:0000:0001
DST=2001:1418:0013:0001:0000:0000:0000:0025 LEN=72 TC=0 HOPLIMIT=64 FLOWLBL=0
PROTO=TCP SPT=55560 DPT=6667 SEQ=2855237330 ACK=2296150387 WINDOW=16736 RES=0x00
ACK URGP=0 OPT (0101080A000A3B4F1834B2D1) UID=1001
Feb 13 16:48:15 gamma kernel: 6I IN=tun6
OUTMAC=00:02:b3:5f:61:e8:00:05:dc:1f:3f:fc:08:00:45:00:00:df:29:d6:00:00:ef:29:3c:6c:d5:fe:02:0d:40:71:4c:37:60:00:00:00:00:a3:06:3e:20:01:14:18:00:13:00:01:00:00
TUNNEL=213.254.2.13->64.113.76.55 SRC=2001:1418:0013:0001:0000:0000:0000:0025
DST=2002:4071:4c37:0000:0000:0000:0000:0001 LEN=203 TC=0 HOPLIMIT=62 FLOWLBL=0
PROTO=TCP SPT=6667 DPT=55560 SEQ=2296150387 ACK=2855237330 WINDOW=1696 RES=0x00
ACK PSH URGP=0 OPT (0101080A1834B2FD000A3B4F)
Feb 13 16:48:15 gamma kernel: 7N IN= OUT=tun6
SRC=2002:4071:4c37:0000:0000:0000:0000:0001
DST=2001:1418:0013:0001:0000:0000:0000:0025 LEN=72 TC=0 HOPLIMIT=64 FLOWLBL=0
PROTO=TCP SPT=55560 DPT=6667 SEQ=2855237330 ACK=2296150518 WINDOW=16736 RES=0x00
ACK URGP=0 OPT (0101080A000A3CFE1834B2FD) UID=1001
--
Configure bugmail:
https://bugzilla.netfilter.org/bugzilla/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug, or are watching the assignee.
Reasonably Related Threads
- [Bug 448] IPv6 conntrack does not work on a tunnel interface
- Samba and ufw (mmcg29440@frontier.com)
- [Bug 761] New: Bug in ICMPv6 type and code fields processing
- [Bug 742] New: ip6tables "-m iprange" ipv6 range detection
- GeForce 6100 (NV4E) & nouveau regression in 3.12
Wisdom of the Ancients
