[Bug 1138] New: icmpv6 mld-listener-query not detcted

bugzilla-daemon at netfilter.org bugzilla-daemon at netfilter.org
Sat Mar 25 11:54:04 CET 2017


            Bug ID: 1138
           Summary: icmpv6 mld-listener-query not detcted
           Product: nftables
           Version: unspecified
          Hardware: x86_64
                OS: SuSE Linux
            Status: NEW
          Severity: normal
          Priority: P5
         Component: kernel
          Assignee: pablo at netfilter.org
          Reporter: bratislav.ilic at prointer.rs

It seems that nftables in Linux 4.10.4-1-default #1 SMP PREEMPT Sat Mar 18
12:29:57 UTC 2017 (e2ef894) x86_64 x86_64 x86_64 GNU/Linux just does not detect
icmpv6 mld-listener-query packets.
With following ruleset
table inet filter {
        chain INPUT {
                type filter hook input priority 0; policy drop;
                iif "lo" accept
                ct state { related, established} accept
                ct state invalid counter packets 8 bytes 411 drop
                iif "ens192" icmpv6 type mld-listener-query counter packets 0
bytes 0 drop
                iif "ens192" icmpv6 type mld-listener-report counter packets 22
bytes 1408 drop
                iif "ens192" counter packets 65 bytes 4680 log prefix "UNKOWN
Scanner!: " reject
I get type 131 (mld-listener-report) packets dropped, but not 130
(mld-listener-query) ...
[45184.023825] UNKOWN Scanner!: IN=ens192 OUT=
DST=ff02:0000:0000:0000:0000:0000:0000:0001 LEN=72 TC=0 HOPLIMIT=1 FLOWLBL=0

Also it seems that this issue has been around for quite some time and I have
found it reported before:

Best regards,
Bratislav ILIC

You are receiving this mail because:
You are watching all bug changes.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.netfilter.org/pipermail/netfilter-buglog/attachments/20170325/ba2fa536/attachment.html>

More information about the netfilter-buglog mailing list