[Bug 448] New: IPv6 conntrack does not work on a tunnel interface

bugzilla-daemon at bugzilla.netfilter.org bugzilla-daemon at bugzilla.netfilter.org
Tue Feb 14 00:13:29 CET 2006 

https://bugzilla.netfilter.org/bugzilla/show_bug.cgi?id=448

           Summary: IPv6 conntrack does not work on a tunnel interface
           Product: netfilter/iptables
           Version: unspecified
          Platform: All
        OS/Version: All
            Status: NEW
          Severity: major
          Priority: P2
         Component: ip_conntrack
        AssignedTo: laforge at netfilter.org
        ReportedBy: p167v76dkmomieumt9aoacs372 at dgd.no-ip.com


I am using kernel 2.6.16-rc3 with the new IPv6 connection tracking. The
conntrack works when I test it with local IPv6 connections, but does not work
with connections that go through a tunnel interface. Incoming packets are marked
as INVALID and outgoing packets are marked as NEW.

I don't think it has any connection, but I have applied the nth, osf, and random
patches from patch-o-matic. I can test without these patches if needed.

Here is a snippet of a log; 7N means outgoing NEW packet and 6I means incoming
INVALID packet.

Feb 13 16:48:15 gamma kernel: 7N IN= OUT=tun6
SRC=2002:4071:4c37:0000:0000:0000:0000:0001
DST=2001:1418:0013:0001:0000:0000:0000:0025 LEN=72 TC=0 HOPLIMIT=64 FLOWLBL=0
PROTO=TCP SPT=55560 DPT=6667 SEQ=2855237330 ACK=2296150387 WINDOW=16736 RES=0x00
ACK URGP=0 OPT (0101080A000A3B4F1834B2D1) UID=1001
Feb 13 16:48:15 gamma kernel: 6I IN=tun6 OUT=
MAC=00:02:b3:5f:61:e8:00:05:dc:1f:3f:fc:08:00:45:00:00:df:29:d6:00:00:ef:29:3c:6c:d5:fe:02:0d:40:71:4c:37:60:00:00:00:00:a3:06:3e:20:01:14:18:00:13:00:01:00:00
TUNNEL=213.254.2.13->64.113.76.55 SRC=2001:1418:0013:0001:0000:0000:0000:0025
DST=2002:4071:4c37:0000:0000:0000:0000:0001 LEN=203 TC=0 HOPLIMIT=62 FLOWLBL=0
PROTO=TCP SPT=6667 DPT=55560 SEQ=2296150387 ACK=2855237330 WINDOW=1696 RES=0x00
ACK PSH URGP=0 OPT (0101080A1834B2FD000A3B4F)
Feb 13 16:48:15 gamma kernel: 7N IN= OUT=tun6
SRC=2002:4071:4c37:0000:0000:0000:0000:0001
DST=2001:1418:0013:0001:0000:0000:0000:0025 LEN=72 TC=0 HOPLIMIT=64 FLOWLBL=0
PROTO=TCP SPT=55560 DPT=6667 SEQ=2855237330 ACK=2296150518 WINDOW=16736 RES=0x00
ACK URGP=0 OPT (0101080A000A3CFE1834B2FD) UID=1001

-- 
Configure bugmail: https://bugzilla.netfilter.org/bugzilla/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug, or are watching the assignee.

More information about the netfilter-buglog mailing list