Ubuntu
conntrack-tools package

focal: conntrack (1.4.5) does not filter -L output with -f (family) argument

Bug #1936963 reported by Matthias Ferdinand
6
This bug affects 1 person
Affects Status Importance Assigned to Milestone
conntrack-tools (Ubuntu)
New
Undecided
Unassigned

Bug Description

Hi,

on Ubuntu focal 20.04, "conntrack -L" fails to restrict output to
a specific layer three protocol family (-f).

Output of
   - conntrack -L
   - conntrack -L -f ipv4
   - conntrack -L -f ipv6
is always the same, containing output of both ipv4 and ipv6 families.

Using the conntrack 1.4.4 binary from bionic 18.04 (not the libraries)
on focal 20.04, output gets properly filtered.

Tried conntrack 1.4.6 on a Debian Testing installation, filtering
for address family works as with 1.4.4.

Perhaps conntrack 1.4.6 should be backported to Ubuntu focal.

Regards
Matthias Ferdinand

--------------------------------------------------

root@ninio:~# lsb_release -a
No LSB modules are available.
Distributor ID: Ubuntu
Description: Ubuntu 20.04.2 LTS
Release: 20.04
Codename: focal

root@ninio:~# traceroute -n 2a02:2e0:3fe:1001:302::
traceroute to 2a02:2e0:3fe:1001:302:: (2a02:2e0:3fe:1001:302::), 30 hops max, 80 byte packets
 1 2a04:6c0:4:10:ffff:ffff:ffff:ffff 0.438 ms 0.370 ms 0.348 ms
 2 2a04:6c0:4:aaaa:ffff:ffff:ffff:ffff 0.329 ms 0.494 ms 0.469 ms
 3 2a02:5a0:ff00:902::1 0.820 ms 0.802 ms 0.781 ms
 4 2a02:5a0:301:13::236:18 0.762 ms 0.734 ms 0.690 ms
 5 2001:7f8::3012:0:1 5.782 ms * *
 6 * 2a02:2e0:12:20::1 5.373 ms *
 7 2a02:2e0:12:32::2 5.193 ms 5.416 ms 5.397 ms
 8 2a02:2e0:3fe:0:c::1 5.130 ms !X 5.131 ms !X 5.240 ms !X

# this should not show any ipv6 entries
root@ninio:~# conntrack -L -f ipv4 | tail
conntrack v1.4.5 (conntrack-tools): 31 flow entries have been shown.
tcp 6 6 TIME_WAIT src=212.82.32.26 dst=212.82.33.135 sport=42798 dport=22 src=212.82.33.135 dst=212.82.32.26 sport=22 dport=42798 [ASSURED] mark=0 use=1
udp 17 26 src=2a04:6c0:4:1f::1 dst=2a02:2e0:3fe:1001:302:: sport=58141 dport=33436 [UNREPLIED] src=2a02:2e0:3fe:1001:302:: dst=2a04:6c0:4:1f::1 sport=33436 dport=58141 mark=0 use=1
udp 17 6 src=212.82.33.135 dst=212.82.32.238 sport=59716 dport=123 src=212.82.32.238 dst=212.82.33.135 sport=123 dport=59716 mark=0 use=1
udp 17 26 src=2a04:6c0:4:1f::1 dst=2a02:2e0:3fe:1001:302:: sport=35405 dport=33445 [UNREPLIED] src=2a02:2e0:3fe:1001:302:: dst=2a04:6c0:4:1f::1 sport=33445 dport=35405 mark=0 use=1
udp 17 26 src=2a04:6c0:4:1f::1 dst=2a02:2e0:3fe:1001:302:: sport=37446 dport=33461 [UNREPLIED] src=2a02:2e0:3fe:1001:302:: dst=2a04:6c0:4:1f::1 sport=33461 dport=37446 mark=0 use=1
udp 17 26 src=2a04:6c0:4:1f::1 dst=2a02:2e0:3fe:1001:302:: sport=42273 dport=33451 [UNREPLIED] src=2a02:2e0:3fe:1001:302:: dst=2a04:6c0:4:1f::1 sport=33451 dport=42273 mark=0 use=1
udp 17 26 src=2a04:6c0:4:1f::1 dst=2a02:2e0:3fe:1001:302:: sport=40011 dport=33440 [UNREPLIED] src=2a02:2e0:3fe:1001:302:: dst=2a04:6c0:4:1f::1 sport=33440 dport=40011 mark=0 use=1
udp 17 26 src=2a04:6c0:4:1f::1 dst=2a02:2e0:3fe:1001:302:: sport=33583 dport=33447 [UNREPLIED] src=2a02:2e0:3fe:1001:302:: dst=2a04:6c0:4:1f::1 sport=33447 dport=33583 mark=0 use=1
udp 17 26 src=2a04:6c0:4:1f::1 dst=2a02:2e0:3fe:1001:302:: sport=52819 dport=33453 [UNREPLIED] src=2a02:2e0:3fe:1001:302:: dst=2a04:6c0:4:1f::1 sport=33453 dport=52819 mark=0 use=1
udp 17 26 src=2a04:6c0:4:1f::1 dst=2a02:2e0:3fe:1001:302:: sport=48589 dport=33439 [UNREPLIED] src=2a02:2e0:3fe:1001:302:: dst=2a04:6c0:4:1f::1 sport=33439 dport=48589 mark=0 use=1

root@ninio:~# which conntrack
/usr/sbin/conntrack

root@ninio:~# dpkg -S /usr/sbin/conntrack
conntrack: /usr/sbin/conntrack

root@ninio:~# dpkg -l conntrack | grep conntrack
ii conntrack 1:1.4.5-2 amd64 Program to modify the conntrack tables

To post a comment you must log in.
This report contains Public information  
Everyone can see this information.
Subscribing...

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.