iptables has broken libxt_conntrack: --ctproto always 0

Bug #1020490 reported by Guillaume Castagnino
This bug affects 3 people
Affects Status Importance Assigned to Milestone
iptables (Ubuntu)
Fix Released

Bug Description

When using the --ctproto option of the libxt_conntrack iptables module, whatever you pass as the layer4 protocol, it's always recorded as 0.

This this in fact this known bug : http://marc.info/?l=netfilter-devel&m=131392499328928&w=2
Clean patch is available on netfilter git repos : http://git.netfilter.org/cgi-bin/gitweb.cgi?p=iptables.git;a=commit;h=bca5b9afbe4b3823989f1e78f178203eb3bfa37d
Applaying this patch fixed this, and allow to use --ctproto again. Please apply it !


ProblemType: Bug
DistroRelease: Ubuntu 12.04
Package: iptables 1.4.12-1ubuntu4
ProcVersionSignature: Ubuntu 3.2.0-26.41-generic-pae 3.2.19
Uname: Linux 3.2.0-26-generic-pae i686
ApportVersion: 2.0.1-0ubuntu8
Architecture: i386
Date: Tue Jul 3 11:50:26 2012
InstallationMedia: Ubuntu 12.04 LTS "Precise Pangolin" - Release i386 (20120423.2)
SourcePackage: iptables
UpgradeStatus: No upgrade log present (probably fresh install)

Revision history for this message
Guillaume Castagnino (casta+ubuntu) wrote :
Revision history for this message
Launchpad Janitor (janitor) wrote :

This bug was fixed in the package iptables - 1.4.12-2ubuntu1

iptables (1.4.12-2ubuntu1) quantal; urgency=low

  * Merge from Debian unstable. Remaining changes:
    - 9000-howtos.patch: add howtos/ and install them
    - 9001-Fixed-FTBS-by-copying-linux-types.h-from-linux-3.2.patch: Fix FTBS
      against linux 3.2 headers
    - 9002-libxt_recent-Add-support-for-reap-option.patch: add --reap support.
      Merge in changes from 1.4.12-1ubuntu4 into this patch
    - debian/control: Build-Depends on linuxdoc-tools
    - debian/iptables.install: install NAT and packetfilter howtos into
    - debian/iptables-dev.install: install netfilter howto into /usr/share/doc
    - debian/iptables-dev.doc-base.netfilter-extensions,
      debian/iptables.doc-base.nat, debian/iptables.doc-base.packet-filter: add
  * Drop libipq support since it has been obsoleted in 3.5 and later kernels.
    Per upstream, users of libipq should transition to nfnetlink_queue (from
    libnfnetlink0) instead. (LP: #1020598)
    - debian/control: remove reference to libipq
    - debian/rules: compile with --disable-libipq
    - debian/iptables.lintian-overrides: remove reference to libipq0
    - debian/iptables-dev.install: remove usr/share/man/man3 only used with
      libipq manpages
    - dropped 9001-build-libipq_pic.la.patch, no longer required
  * 9003-lp1020490.patch: fix --ctproto 0 output (LP: #1020490)
  * 9004-argv-is-null.patch: ip(6)tables-restore: make sure argv is NULL
  * debian/patches/9005-lp1027252-fixrestore.patch: fix iptables-restore with
    gcc-4.7 and -O1 or higher (LP: #1027252)

iptables (1.4.14-2) unstable; urgency=low

  * Added missing 1.4.13-1.1 NMU fix
 -- Jamie Strandboge <email address hidden> Fri, 20 Jul 2012 15:45:01 -0500

Changed in iptables (Ubuntu):
status: New → Fix Released
Revision history for this message
Nelson H (neffezzle) wrote :

this bug is still in the 12.04 LTS version of iptables - 1.4.12-1ubuntu5 is there anyway that you can port the fix down to 64bit 12.04 Precise LTS?

To post a comment you must log in.
This report contains Public information  
Everyone can see this information.

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.