Re: NFULNL_CFG_F_CONNTRACK and IPv6

Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx> · Wed, 13 Jan 2021 18:50:54 +0100

On Wed, Jan 13, 2021 at 10:25:23AM -0300, Rafael David Tinoco wrote:
> On Tue, Jan 12, 2021, at 6:33 PM, Rafael David Tinoco wrote:
> > > > which kernel are you running Florian?
> > > 
> > > 5.10.5 stable.  I can check Fedora tomorrow, I don't have classic
> > > iptables there at the moment.
> > >
> > 
> > NM Florian,
> > 
> > My code was returning -1 on a callback function, disabling the polling 
> > for the netlink socket file descriptor. I had it fixed:
> > 
> >  TCPv6 [  0] src = fe80::5054:ff:fecc:767d (port=1024) to dst = 
> > fe80::5054:ff:fecc:767d (port=22) (confirmed)
> >         table: raw, chain: PREROUTING, type: rule, position: 1
> > 
> > and it is working fine now.
> > 
> 
> Too soon, *definitely* conntrack data tied to trace ulog netlink is intermittent. Trying to discover... I'll probably have to trace kernel to figure out why its not being included...
> 
> log received (prefix="TRACE: raw:OUTPUT:policy:3 " hw=0x86dd hook=3 mark=0)
> <log><when><hour>2</hour><min>05</min><sec>01</sec><wday>4</wday><day>13</day><month>1</month><year>2021</year></when><prefix>TRACE: raw:OUTPUT:policy:3 </prefix><hook>3</hook><hw><proto>86dd</proto></hw><outdev>12</outdev></log> (ret=229)
> log received (prefix="TRACE: raw:OUTPUT:policy:3 " hw=0x86dd hook=3 mark=0)
> <log><when><hour>2</hour><min>05</min><sec>01</sec><wday>4</wday><day>13</day><month>1</month><year>2021</year></when><prefix>TRACE: raw:OUTPUT:policy:3 </prefix><hook>3</hook><hw><proto>86dd</proto></hw><outdev>12</outdev></log> (ret=229)
> log received (prefix="TRACE: raw:OUTPUT:policy:3 " hw=0x86dd hook=3 mark=0)
> <log><when><hour>2</hour><min>05</min><sec>01</sec><wday>4</wday><day>13</day><month>1</month><year>2021</year></when><prefix>TRACE: raw:OUTPUT:policy:3 </prefix><hook>3</hook><hw><proto>86dd</proto></hw><outdev>12</outdev></log> (ret=229)

There is no conntrack information yet in the raw table.