Hi Eric, On Tue, Jul 17, 2012 at 11:11:09PM +0200, Eric Leblond wrote: > Hello, > > I was working on ulogd2 and getting mad with connection filtering in > IPv6 (IPv4 being ok). After analysis, it seems there is a problem. > > I've modified the conntrack_filter in utils by applying the following > patch. It does nothing but inverting the logic of filtering and adding > filtering to destination. > > If I do : > > $ telnet 2::1 > > then > > root@tiger:/home/eric/git/netfilter/libnetfilter_conntrack/utils# ./conntrack_filter > TEST: waiting for 10 events... > [UPDATE] tcp 6 432000 ESTABLISHED src=2::1 dst=2::1 sport=35738 dport=22 src=2::1 dst=2::1 sport=22 dport=35738 [ASSURED] > > Am I missing something ? It's a bug in libnetfilter_conntrack autogenerated BPF code to filter IPv6. This should fix it: http://git.netfilter.org/cgi-bin/gitweb.cgi?p=libnetfilter_conntrack.git;a=commit;h=4b6df760e3b19ec522b66cbbb5b280fec7c0405b The changelog provides some details. I've tested it here, works for me. -- To unsubscribe from this list: send the line "unsubscribe netfilter-devel" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html
