On Tue, Feb 14, 2012 at 12:16:44AM +0200, abirvalg@xxxxxxxxxxx wrote:
> Hello,
> As root I try to set marks on all packets originating from my machine with
>
> conntrack -U -s 192.168.1.114 --mark 10
>
> It does set marks on some udp connections but ignores the icmp one.
> Upon the issue of this command it lists all updated udp connections with mark=10 and \
> eventually gives
> ...
> conntrack v0.9.14 (conntrack-tools): Operation failed: invalid parameters
>
> After that conntrack -L shows that all udp connections that preceed in the list the icmp one \
> where updated, but the icmp connection and all udp connections following it in the \
> list were not updated. Seems like conntrack choked on icmp.
>
> Could you please help me.
> uname -a
> Linux 2.6.35-30-generic #60-Ubuntu SMP Mon Sep 19 20:45:08 UTC 2011 i686 \
> GNU/Linux
The problem seems to be in libnetfilter_conntrack.
I have pushed the following patch, it seems to resolve the issue here
for me.
commit 3a39278a56d12ad13a41973cd0b50238206f11ef
Author: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
Date: Fri Mar 23 02:07:41 2012 +0100
conntrack: fix wrong building of ICMP reply tuple
--
To unsubscribe from this list: send the line "unsubscribe netfilter-devel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
