Bug 61286

Summary: iptables does not log all packets
Product: [Retired] Red Hat Linux Reporter: doughaber
Component: kernelAssignee: Arjan van de Ven <arjanv>
Status: CLOSED CURRENTRELEASE QA Contact: Ben Levenson <benl>
Severity: medium Docs Contact:
Priority: medium    
Version: 7.2CC: shishz
Target Milestone: ---   
Target Release: ---   
Hardware: i386   
OS: Linux   
Whiteboard:
Fixed In Version: Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2004-09-30 15:39:26 UTC Type: ---
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:

Description doughaber 2002-03-16 00:47:11 UTC 
From Bugzilla Helper:
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows 98; Q312461)

Description of problem:
When I try to log dhcp packets that come from dhcpcd -n they don't all get 
logged (despite the fact that tcpdump shows them)

Here's my iptables:

#Log anything in other than loopback
$iptables -A INPUT -i ! lo -j LOG --log-prefix "INPUT:"

#Log anything in other than loopback
$iptables -A OUTPUT -o ! lo -j LOG --log-prefix "OUTPUT:"


Version-Release number of selected component (if applicable):
[user]# iptables --version
iptables v1.2.4

How reproducible:
Always

Steps to Reproduce:
1. run the dhcpcd daemon
2. load the iptables described in the description
3. run tcpdump (tcpdump -n host yyy.yyy.yyy.yyy)
4. tell dhcpcd to renew the license (dhcpcd -n)

	

Actual Results:  tcpdump captures 3 packets (out, in, out):
tcpdump: listening on eth0
13:20:32.720462 xxx.xxx.xxx.xxx.bootpc > yyy.yyy.yyy.yyy.bootps:  
xid:0x54496739 secs:3 C:xxx.xxx.xxx.xxx [|bootp]
13:20:32.754394 yyy.yyy.yyy.yyy.bootps > xxx.xxx.xxx.xxx.bootpc:  
xid:0x54496739 C:xxx.xxx.xxx.xxx Y:xxx.xxx.xxx.xxx [|bootp] (DF)
13:20:32.754859 xxx.xxx.xxx.xxx > yyy.yyy.yyy.yyy: icmp: xxx.xxx.xxx.xxx udp 
port bootpc unreachable [tos 0xc0] 

But iptables only logs 2 packets (in,out):
[user]# tail /var/log/messages
Mar 15 13:20:32 pokey kernel: INPUT:IN=eth0 OUT= 
MAC=00:00:00:00:00:00:00:00:00:00:00:00:00:00 SRC=yyy.yyy.yyy.yyy 
DST=xxx.xxx.xxx.xxx LEN=359 TOS=0x00 PREC=0x00 TTL=253 ID=32883 DF PROTO=UDP 
SPT=67 DPT=68 LEN=339 
Mar 15 13:20:32 pokey kernel: OUTPUT:IN= OUT=eth0 SRC=xxx.xxx.xxx.xxx 
DST=yyy.yyy.yyy.yyy LEN=387 TOS=0x00 PREC=0xC0 TTL=255 ID=1645 PROTO=ICMP 
TYPE=3 CODE=3 [SRC=yyy.yyy.yyy.yyy DST=xxx.xxx.xxx.xxx LEN=359 TOS=0x00 
PREC=0x00 TTL=253 ID=32883 DF PROTO=UDP SPT=67 DPT=68 LEN=339 ] 


Expected Results:  I would have expected iptables to log all 3 packets 
(out,in,out)

Additional info:

Feel free to email me for more details if necessary
Comment 1 Bernhard Rosenkraenzer 2002-03-25 14:58:51 UTC 
kernel issue - the iptables userland package just tells the kernel modules what to do.
Comment 2 Arjan van de Ven 2002-03-25 15:01:44 UTC 
Third packet is icmp; that's not logged by default.
Comment 3 doughaber 2002-03-25 23:59:48 UTC 
What's the userland package and how do I learn about it / configure it?

thanks,
d
Comment 4 Bugzilla owner 2004-09-30 15:39:26 UTC 
Thanks for the bug report. However, Red Hat no longer maintains this version of
the product. Please upgrade to the latest version and open a new bug if the problem
persists.

The Fedora Legacy project (http://fedoralegacy.org/) maintains some older releases, 
and if you believe this bug is interesting to them, please report the problem in
the bug tracker at: http://bugzilla.fedora.us/