[Bug 795] New: RELATED doesn't accommodate multicast UDP solicitation resulting in unicast reply

bugzilla-daemon at bugzilla.netfilter.org bugzilla-daemon at bugzilla.netfilter.org
Wed Jun 27 22:23:13 CEST 2012 

http://bugzilla.netfilter.org/show_bug.cgi?id=795

           Summary: RELATED doesn't accommodate multicast UDP solicitation
                    resulting in unicast reply
           Product: netfilter/iptables
           Version: unspecified
          Platform: All
        OS/Version: All
            Status: NEW
          Severity: enhancement
          Priority: P5
         Component: ip_conntrack
        AssignedTo: netfilter-buglog at lists.netfilter.org
        ReportedBy: philipp at redfish-solutions.com
   Estimated Hours: 0.0


If I send out a packet like (tcpdump output):

16:37:56.642134 IP 192.168.1.25.34699 > 239.255.255.250.ssdp: UDP, length 135
..^....'.Y8...E..... at ................l..AQM-SEARCH * HTTP/1.1
HOST: 239.255.255.250:1900
MAN: "ssdp:discover"
MX: 2
ST: urn:schemas-upnp-org:device:WANConnectionDevice:1


And a unicast response comes back to the same source tuple (UDP,
192.168.1.25.34699)...


16:37:56.645110 IP 192.168.1.1.ssdp > 192.168.1.25.34699: UDP, length 310
.'.Y8.h.t.{...E..R. @. at ............l...>2.HTTP/1.1 200 OK
CACHE-CONTROL: max-age=130
DATE: Sat, 16 Jun 2012 16:37:49 GMT
EXT:
LOCATION: http://192.168.1.1:2869/gatedesc.xml
SERVER: Linux/2.6.15 UPnP/1.0 
ST: urn:schemas-upnp-org:device:WANConnectionDevice:1
USN:
uuid:687f7406-7b12-627f-740::urn:schemas-upnp-org:device:WANConnectionDevice:1


yet I see the firewall sending back a REJECT, rather than seeing the inbound
packet as being "related".


16:37:56.645145 IP 192.168.1.25 > 192.168.1.1: ICMP host 192.168.1.25
unreachable - admin prohibited, length 346
h.t.{..'.Y8...E..n.... at .RH.........
......E..R. @. at ............l...>2.HTTP/1.1 200 OK
CACHE-CONTROL: max-age=130
DATE: Sat, 16 Jun 2012 16:37:49 GMT
EXT:
LOCATION: http://192.168.1.1:2869/gatedesc.xml
SERVER: Linux/2.6.15 UPnP/1.0 
ST: urn:schemas-upnp-org:device:WANConnectionDevice:1
USN:
uuid:687f7406-7b12-627f-740::urn:schemas-upnp-org:device:WANConnectionDevice:1



A new value like "MRELATED" should be added to handle multicast requests
resulting in unicast replies.


See also:

https://bugzilla.redhat.com/show_bug.cgi?id=832733

-- 
Configure bugmail: http://bugzilla.netfilter.org/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug.
You are watching all bug changes.

More information about the netfilter-buglog mailing list