'cutter' utility doesn't work anymore because it depends on kernel module 'ip_conntrack' which is obsolete

I can confirm this problem. It occurs when the module ip_conntrack is not loaded into the kernel. "sudo modprobe ip_conntrack" does this. IN order to load this module at every boot time you can inlcude a line "ip_conntrack" into the file /etc/modules.

FIxing this problem by creating install script that will add ip_conntrack to the module list to be loaded by the kernel when the package is installed (and remove it when it is removed)

What is the status on this bug? It's been some time since it was marked "In Progress". Also, the install script should also manually load the module after install so cutter can be used immediately (without a restart).

this is in progress for far too long..
what's wrong?

Problem still present in Ubuntu 10.10.

This doesn't seem to work at all :(. Even after manually loading the ip_conntrack, it says "No matching connections found", even though a grep on /proc/net/ip_conntrack shows the targeted connection.

hey all,

I am new and was working with the iptables and could not find the

/proc/net/ip_conntrack file

I did

user@my-pc $ sudo modprobe ip_conntrack

and the file was created.
thnx Ralph Janke

-vishal garg

I'm having the same problem as Cd-MaN (x-at-y-or-z).

Luke-Jr and Cd-MaN (x-at-y-or-z) : You are having a different issue, please report it as seperate bug. Your issue seems to be the same one as reported in Debian as bug no. 446343 (not providing the full URL to prevent Launchpad to add a tracker)

Unfortunately, loading the module ip_conntrack will not work in recent 3.5.x and above kernels because this module is obsolete, and has been replaced by nf_conntrack which does not create /proc/net/ip_conntrack

Could I suggest making cutter use the "conntrack" tool which provides similar information to /proc/net/ip_conntrack?

I have the bug too...

I use Ubuntu 13.04 with Linux kernel 3.11 . Is a workaround exist?

I search on others community like Archlinux and Debian and I found a possible workaround. But for that, we need the file /proc/net/nf_conntrack! I don't have this file on my computer... Have you this file? Or how can I create a nf_conntrack file?

The workaround used on Archlinux and Debian is just this simple patch (in attachment)... But I believe Ubuntu doesn't create the nf_conntrack file..

From Archlinux:
   - Bug probably solved with Cutter 1.03-5: https://bugs.archlinux.org/task/29978
   - Changelog about Cutter 1.03-5 on Archlinux: https://projects.archlinux.org/svntogit/community.git/commit/trunk?h=packages/cutter&id=b80cc1c8c744f52f155adeae7a98c78c4d66ef5a

The attachment "Patch created by me with Cutter 1.03-5 from Archlinux" seems to be a patch. If it isn't, please remove the "patch" flag from the attachment, remove the "patch" tag, and if you are a member of the ~ubuntu-reviewers, unsubscribe the team.

[This is an automated message performed by a Launchpad user owned by ~brian-murray, for any issues please contact him.]

Sorry for my previous patch, it will be not a patch until I'll have found how to create the nf_conntrack file..
For now, I made the second version of my patch. Now I respect the kernel before 3.5 (for example in Ubuntu LTS 12.04) or after 3.5 (Ubuntu 12.10/13.04).

Cf. Chapter 5 from this page: http://conntrack-tools.netfilter.org/manual.html
The command "conntrack -L > output" returns the same file which used in previous version of kernel ( <3.5)

I don't know exactly how this program runs but with my newer patch, I get all time this output from cutter: "No matching connections found"
But maybe that's normal because I'm not in the right condition to run the program!

Now we need a dependency: conntrack and we need to execute the program with root privilege to execute the command conntrack. Anyone can test it? And I don't know how to implement the condition "program executes in root privilege?" in a C program..

Since 'cutter' is meant to be a sysadmin tool only, it should be run by root only and therefore does not need extra privileges.

So we don't have a lot of solutions:
(1) This package have a workaround to be used
(2) Remove this package from Ubuntu.. If it can't be used, anyone can use it! In addition, it exists an other software to do that cutter does, his name is tcpkill.

So anyone can test my patch on his server? I think cutter is only work on computer hosting connections between others computers (like server) but it's just my thought.

i tried your patch and i made sure the connection exists in the conntrack_output file
but just get:

conntrack v1.4.2 (conntrack-tools): 24 flow entries have been shown.
No matching connections found

A new version of "cutter" has been released today. It ..
* resolves the "no matching connection" issues on recent kernels
* provides more useful error messages when things dont work out
* improves reliability
You can download the source from www.digitage.co.uk/cutter

Version 1.04 still doesn't work.

# ./cutter 10.0.0.100
openning ip_conntrack or nf_conntrack (is kernel module 'conntrack' loaded?): No such file or directory
root@install:~/cutter-1.04# modprobe ip_conntrack
root@install:~/cutter-1.04# modprobe nf_conntrack
root@install:~/cutter-1.04# ./cutter 10.0.0.100
openning ip_conntrack or nf_conntrack (is kernel module 'conntrack' loaded?): No such file or directory
root@install:~/cutter-1.04# ./cutter

cutter - TCP/IPv4 connection cutter for linux firewalls

Version : 1.04
Home page : http://www.digitage.co.uk/cutter

usage is: cutter ip [ port [ ip [ port ] ] ]

This still happens on Ubuntu 16.04 with Cutter 1.04. Has a broken package really been in the repos for nine years?