focal: conntrack (1.4.5) does not filter -L output with -f (family) argument
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
conntrack-tools (Ubuntu) |
New
|
Undecided
|
Unassigned |
Bug Description
Hi,
on Ubuntu focal 20.04, "conntrack -L" fails to restrict output to
a specific layer three protocol family (-f).
Output of
- conntrack -L
- conntrack -L -f ipv4
- conntrack -L -f ipv6
is always the same, containing output of both ipv4 and ipv6 families.
Using the conntrack 1.4.4 binary from bionic 18.04 (not the libraries)
on focal 20.04, output gets properly filtered.
Tried conntrack 1.4.6 on a Debian Testing installation, filtering
for address family works as with 1.4.4.
Perhaps conntrack 1.4.6 should be backported to Ubuntu focal.
Regards
Matthias Ferdinand
-------
root@ninio:~# lsb_release -a
No LSB modules are available.
Distributor ID: Ubuntu
Description: Ubuntu 20.04.2 LTS
Release: 20.04
Codename: focal
root@ninio:~# traceroute -n 2a02:2e0:
traceroute to 2a02:2e0:
1 2a04:6c0:
2 2a04:6c0:
3 2a02:5a0:
4 2a02:5a0:
5 2001:7f8::3012:0:1 5.782 ms * *
6 * 2a02:2e0:12:20::1 5.373 ms *
7 2a02:2e0:12:32::2 5.193 ms 5.416 ms 5.397 ms
8 2a02:2e0:3fe:0:c::1 5.130 ms !X 5.131 ms !X 5.240 ms !X
# this should not show any ipv6 entries
root@ninio:~# conntrack -L -f ipv4 | tail
conntrack v1.4.5 (conntrack-tools): 31 flow entries have been shown.
tcp 6 6 TIME_WAIT src=212.82.32.26 dst=212.82.33.135 sport=42798 dport=22 src=212.82.33.135 dst=212.82.32.26 sport=22 dport=42798 [ASSURED] mark=0 use=1
udp 17 26 src=2a04:
udp 17 6 src=212.82.33.135 dst=212.82.32.238 sport=59716 dport=123 src=212.82.32.238 dst=212.82.33.135 sport=123 dport=59716 mark=0 use=1
udp 17 26 src=2a04:
udp 17 26 src=2a04:
udp 17 26 src=2a04:
udp 17 26 src=2a04:
udp 17 26 src=2a04:
udp 17 26 src=2a04:
udp 17 26 src=2a04:
root@ninio:~# which conntrack
/usr/sbin/conntrack
root@ninio:~# dpkg -S /usr/sbin/conntrack
conntrack: /usr/sbin/conntrack
root@ninio:~# dpkg -l conntrack | grep conntrack
ii conntrack 1:1.4.5-2 amd64 Program to modify the conntrack tables