RHEL Engineering is moving the tracking of its product development work on RHEL 6 through RHEL 9 to Red Hat Jira (issues.redhat.com). If you're a Red Hat customer, please continue to file support cases via the Red Hat customer portal. If you're not, please head to the "RHEL project" in Red Hat Jira and file new tickets here. Individual Bugzilla bugs in the statuses "NEW", "ASSIGNED", and "POST" are being migrated throughout September 2023. Bugs of Red Hat partners with an assigned Engineering Partner Manager (EPM) are migrated in late September as per pre-agreed dates. Bugs against components "kernel", "kernel-rt", and "kpatch" are only migrated if still in "NEW" or "ASSIGNED". If you cannot log in to RH Jira, please consult article #7032570. That failing, please send an e-mail to the RH Jira admins at rh-issues@redhat.com to troubleshoot your issue as a user management inquiry. The email creates a ServiceNow ticket with Red Hat. Individual Bugzilla bugs that are migrated will be moved to status "CLOSED", resolution "MIGRATED", and set with "MigratedToJIRA" in "Keywords". The link to the successor Jira issue will be found under "Links", have a little "two-footprint" icon next to it, and direct you to the "RHEL project" in Red Hat Jira (issue links are of type "https://issues.redhat.com/browse/RHEL-XXXX", where "X" is a digit). This same link will be available in a blue banner at the top of the page informing you that that bug has been migrated.
Bug 1418833 - conntrack does not support Ipv6 NAT
Summary: conntrack does not support Ipv6 NAT
Keywords:
Status: CLOSED DUPLICATE of bug 1425552
Alias: None
Product: Red Hat Enterprise Linux 7
Classification: Red Hat
Component: conntrack-tools
Version: 7.3
Hardware: Unspecified
OS: Unspecified
unspecified
unspecified
Target Milestone: rc
: ---
Assignee: Paul Wouters
QA Contact: Li Shuang
URL:
Whiteboard:
Depends On:
Blocks: 1426412
TreeView+ depends on / blocked
 
Reported: 2017-02-02 20:48 UTC by Neil Wilson
Modified: 2017-03-16 13:08 UTC (History)
2 users (show)

Fixed In Version:
Doc Type: If docs needed, set a value
Doc Text:
Clone Of:
: 1426412 (view as bug list)
Environment:
Last Closed: 2017-03-16 13:08:01 UTC
Target Upstream Version:
Embargoed:

Attachments (Terms of Use)
Fix IPv6 support in conntrack command (13.33 KB, patch)
2017-03-16 09:58 UTC, Neil Wilson 		no flags Details | Diff
Reformatted patch to keep style (13.50 KB, patch)
2017-03-16 11:29 UTC, Neil Wilson 		no flags Details | Diff
Show Obsolete (1) View All

Description Neil Wilson 2017-02-02 20:48:11 UTC 
Description of problem:

The conntrack tools do not support creation of IPv6 nat entries


Version-Release number of selected component (if applicable):

Name        : conntrack-tools
Arch        : x86_64
Version     : 1.4.3
Release     : 1.el7


How reproducible:


Steps to Reproduce:

Run a conntrack insert command, e.g

conntrack -I --proto 6 --timeout 431994 --state ESTABLISHED --orig-src 2002:4f4a:ef7f:0000:50c5:4e4c:fb6c:5fce --orig-dst 2a02:1348:ffff:ffff:0000:0000:6d6b:275c --orig-port-src 59366 --orig-port-dst 22 --status ASSURED --dst-nat 2a02:1348:0178:73d1:0024:19ff:fee1:cf46


Actual results:

Command fails

# conntrack -I --proto 6 --timeout 431994 --state ESTABLISHED --orig-src 2002:4f4a:ef7f:0000:50c5:4e4c:fb6c:5fce --orig-dst 2a02:1348:ffff:ffff:0000:0000:6d6b:275c --orig-port-src 59366 --orig-port-dst 22 --status ASSURED --dst-nat 2a02:1348:0178:73d1:0024:19ff:fee1:cf46
conntrack v1.4.3 (conntrack-tools): mismatched address family
Try `conntrack -h' or 'conntrack --help' for more information.


Expected results:

Should create a flow as it does with IPv4

# conntrack -I --proto 6 --timeout 24 --state TIME_WAIT --orig-src 116.31.116.40 --orig-dst 109.107.39.92 --orig-port-src 61081 --orig-port-dst 22 --status ASSURED --dst-nat 10.225.207.70
conntrack v1.4.3 (conntrack-tools): 1 flow entries have been created.


Additional info:

Parsing of the dat-nat should follow the pattern for ip6tables, i.e. be in square brackets if there is a port redirection (e.g. [2a02:1348:0178:73d1:0024:19ff:fee1:cf46]:8080)
Comment 1 Neil Wilson 2017-02-03 10:08:25 UTC 
v1.4.4 includes base support for IPv6 NAT in the library and conntrackd, but there is no fix for the conntrack command.

http://git.netfilter.org/conntrack-tools/commit/?id=f1ca2d9204996382411f4c93d4636a8ca8a46f44
Comment 3 Paul Wouters 2017-03-08 12:18:18 UTC 

*** This bug has been marked as a duplicate of bug 1425552 ***
Comment 4 Neil Wilson 2017-03-08 13:03:33 UTC 
It isn't a duplicate. 

conntrack is different from conntrackd. 

conntrackd has upstream support for IPv6 NAT. The conntrack command does not.
Comment 5 Neil Wilson 2017-03-16 09:58:15 UTC 
Created attachment 1263616 [details]
Fix IPv6 support in conntrack command
Comment 6 Neil Wilson 2017-03-16 11:29:46 UTC 
Created attachment 1263639 [details]
Reformatted patch to keep style
Comment 7 Paul Wouters 2017-03-16 13:08:01 UTC 
Thanks for the patch. I've folded it into the other bug mostly to avoid some bureaucracy to get the package rebuild (1.4.4-2) with this patch included. So I'm closing this one as a duplicate, but the patch has now been included as part of 1425552

Thanks again!

*** This bug has been marked as a duplicate of bug 1425552 ***
Note You need to log in before you can comment on or make changes to this bug.