[Bug 1138] New: icmpv6 mld-listener-query not detcted
bugzilla-daemon at netfilter.org
bugzilla-daemon at netfilter.org
Sat Mar 25 11:54:04 CET 2017
https://bugzilla.netfilter.org/show_bug.cgi?id=1138
Bug ID: 1138
Summary: icmpv6 mld-listener-query not detcted
Product: nftables
Version: unspecified
Hardware: x86_64
OS: SuSE Linux
Status: NEW
Severity: normal
Priority: P5
Component: kernel
Assignee: pablo at netfilter.org
Reporter: bratislav.ilic at prointer.rs
It seems that nftables in Linux 4.10.4-1-default #1 SMP PREEMPT Sat Mar 18
12:29:57 UTC 2017 (e2ef894) x86_64 x86_64 x86_64 GNU/Linux just does not detect
icmpv6 mld-listener-query packets.
With following ruleset
table inet filter {
chain INPUT {
type filter hook input priority 0; policy drop;
iif "lo" accept
ct state { related, established} accept
ct state invalid counter packets 8 bytes 411 drop
iif "ens192" icmpv6 type mld-listener-query counter packets 0
bytes 0 drop
iif "ens192" icmpv6 type mld-listener-report counter packets 22
bytes 1408 drop
iif "ens192" counter packets 65 bytes 4680 log prefix "UNKOWN
Scanner!: " reject
}
I get type 131 (mld-listener-report) packets dropped, but not 130
(mld-listener-query) ...
dmesg
[45184.023825] UNKOWN Scanner!: IN=ens192 OUT=
MAC=33:33:00:00:00:01:64:66:b3:80:77:42:86:dd
SRC=fe80:0000:0000:0000:6666:b3ff:fe80:7742
DST=ff02:0000:0000:0000:0000:0000:0000:0001 LEN=72 TC=0 HOPLIMIT=1 FLOWLBL=0
PROTO=ICMPv6 TYPE=130 CODE=0
Also it seems that this issue has been around for quite some time and I have
found it reported before:
https://www.spinics.net/lists/netfilter/msg55746.html
Best regards,
Bratislav ILIC
--
You are receiving this mail because:
You are watching all bug changes.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.netfilter.org/pipermail/netfilter-buglog/attachments/20170325/ba2fa536/attachment.html>
More information about the netfilter-buglog
mailing list