iptables has broken libxt_conntrack: --ctproto always 0

Bug #1020490 reported by Guillaume Castagnino on 2012-07-03
This bug affects 3 people
Affects Status Importance Assigned to Milestone
iptables (Ubuntu)

Bug Description

When using the --ctproto option of the libxt_conntrack iptables module, whatever you pass as the layer4 protocol, it's always recorded as 0.

This this in fact this known bug : http://marc.info/?l=netfilter-devel&m=131392499328928&w=2
Clean patch is available on netfilter git repos : http://git.netfilter.org/cgi-bin/gitweb.cgi?p=iptables.git;a=commit;h=bca5b9afbe4b3823989f1e78f178203eb3bfa37d
Applaying this patch fixed this, and allow to use --ctproto again. Please apply it !


ProblemType: Bug
DistroRelease: Ubuntu 12.04
Package: iptables 1.4.12-1ubuntu4
ProcVersionSignature: Ubuntu 3.2.0-26.41-generic-pae 3.2.19
Uname: Linux 3.2.0-26-generic-pae i686
ApportVersion: 2.0.1-0ubuntu8
Architecture: i386
Date: Tue Jul 3 11:50:26 2012
InstallationMedia: Ubuntu 12.04 LTS "Precise Pangolin" - Release i386 (20120423.2)
SourcePackage: iptables
UpgradeStatus: No upgrade log present (probably fresh install)

Related branches

Launchpad Janitor (janitor) wrote :

This bug was fixed in the package iptables - 1.4.12-2ubuntu1

iptables (1.4.12-2ubuntu1) quantal; urgency=low

  * Merge from Debian unstable. Remaining changes:
    - 9000-howtos.patch: add howtos/ and install them
    - 9001-Fixed-FTBS-by-copying-linux-types.h-from-linux-3.2.patch: Fix FTBS
      against linux 3.2 headers
    - 9002-libxt_recent-Add-support-for-reap-option.patch: add --reap support.
      Merge in changes from 1.4.12-1ubuntu4 into this patch
    - debian/control: Build-Depends on linuxdoc-tools
    - debian/iptables.install: install NAT and packetfilter howtos into
    - debian/iptables-dev.install: install netfilter howto into /usr/share/doc
    - debian/iptables-dev.doc-base.netfilter-extensions,
      debian/iptables.doc-base.nat, debian/iptables.doc-base.packet-filter: add
  * Drop libipq support since it has been obsoleted in 3.5 and later kernels.
    Per upstream, users of libipq should transition to nfnetlink_queue (from
    libnfnetlink0) instead. (LP: #1020598)
    - debian/control: remove reference to libipq
    - debian/rules: compile with --disable-libipq
    - debian/iptables.lintian-overrides: remove reference to libipq0
    - debian/iptables-dev.install: remove usr/share/man/man3 only used with
      libipq manpages
    - dropped 9001-build-libipq_pic.la.patch, no longer required
  * 9003-lp1020490.patch: fix --ctproto 0 output (LP: #1020490)
  * 9004-argv-is-null.patch: ip(6)tables-restore: make sure argv is NULL
  * debian/patches/9005-lp1027252-fixrestore.patch: fix iptables-restore with
    gcc-4.7 and -O1 or higher (LP: #1027252)

iptables (1.4.14-2) unstable; urgency=low

  * Added missing 1.4.13-1.1 NMU fix
 -- Jamie Strandboge <email address hidden> Fri, 20 Jul 2012 15:45:01 -0500

Changed in iptables (Ubuntu):
status: New → Fix Released
Nelson H (neffezzle) wrote :

this bug is still in the 12.04 LTS version of iptables - 1.4.12-1ubuntu5 is there anyway that you can port the fix down to 64bit 12.04 Precise LTS?

To post a comment you must log in.
This report contains Public information  Edit
Everyone can see this information.

Other bug subscribers