Bug 186098 - Multicast packets loop back with no MAC (netfilter)
Multicast packets loop back with no MAC (netfilter)
Status: CLOSED WONTFIX
Product: Fedora
Classification: Fedora
Component: kernel (Show other bugs)
5
All Linux
medium Severity medium
: ---
: ---
Assigned To: Herbert Xu
Brian Brock
bzcl34nup
:
Depends On:
Blocks:
  Show dependency treegraph
 
Reported: 2006-03-21 11:58 EST by Steve Hill
Modified: 2008-05-06 11:35 EDT (History)
3 users (show)

See Also:
Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Environment:
Last Closed: 2008-05-06 11:35:58 EDT
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---


Attachments (Terms of Use)

  None (edit)
Description Steve Hill 2006-03-21 11:58:48 EST
Description of problem:
Packets from the local machine to multicast addresses loop back via a network
interface but don't have a source MAC address attached.  I.e. sending a packet
to 224.0.0.1 through eth0 will cause the packet to go through netfilter's INPUT
chain for eth0 but have no source MAC address.  These packets can't be
explicitly specified by iptables.
e.g. If you set up a DROP rule for the interface and then override it with ALLOW
rules for specific MAC addresses there is no way to allow looped back multicast
traffic.

Version-Release number of selected component (if applicable):
2.6.13-1.1532

How reproducible:
Always

Steps to Reproduce:
1. Set iptables to log all the traffic on eth0
2. ping -I eth0 224.0.0.1
  
Actual results:
The iptables logs show the traffic logged with no MAC address in the "MAC="
parameter.

Expected results:
MAC= should probably be set to the MAC of the interface the packet is looped
back on.  (Logically the packet has effectively been transmitted and then
received by that interface)
Comment 1 Dave Jones 2006-03-21 14:24:51 EST
Is this still reproducable with the errata kernel ?
(There's a 2.6.16 one in updates-testing now too).
Comment 2 Steve Hill 2006-03-22 08:54:41 EST
Yes, still happens under the 2.6.16 kernel:

iptables -A INPUT -d 224.0.0.0/4 -j LOG
ping -n 224.0.0.1

dmesg reports:
IN=eth0 OUT= MAC= SRC=172.28.148.220 DST=224.0.0.1 LEN=84 TOS=0x00 PREC=0x00
TTL=1 ID=0 DF PROTO=ICMP TYPE=8 CODE=0 ID=64522 SEQ=0 
Comment 3 Dave Jones 2006-09-16 22:46:52 EDT
[This comment added as part of a mass-update to all open FC4 kernel bugs]

FC4 has now transitioned to the Fedora legacy project, which will continue to
release security related updates for the kernel.  As this bug is not security
related, it is unlikely to be fixed in an update for FC4, and has been migrated
to FC5.

Please retest with Fedora Core 5.

Thank you.
Comment 4 Dave Jones 2006-10-16 17:45:59 EDT
A new kernel update has been released (Version: 2.6.18-1.2200.fc5)
based upon a new upstream kernel release.

Please retest against this new kernel, as a large number of patches
go into each upstream release, possibly including changes that
may address this problem.

This bug has been placed in NEEDINFO state.
Due to the large volume of inactive bugs in bugzilla, if this bug is
still in this state in two weeks time, it will be closed.

Should this bug still be relevant after this period, the reporter
can reopen the bug at any time. Any other users on the Cc: list
of this bug can request that the bug be reopened by adding a
comment to the bug.

In the last few updates, some users upgrading from FC4->FC5
have reported that installing a kernel update has left their
systems unbootable. If you have been affected by this problem
please check you only have one version of device-mapper & lvm2
installed.  See bug 207474 for further details.

If this bug is a problem preventing you from installing the
release this version is filed against, please see bug 169613.

If this bug has been fixed, but you are now experiencing a different
problem, please file a separate bug for the new problem.

Thank you.
Comment 5 Steve Hill 2006-10-17 09:02:35 EDT
Still unresolved as of 2.6.18-1.2200.fc5smp
Comment 6 Herbert Xu 2006-11-16 23:53:47 EST
You can actually detect null MAC addresses using --mac test.  The trick is that
--mac will always return false for null MAC addresses, even if you invert it. 
Therefore, something like this will work

iptables -I mychain -m mac --mac 00:00:00:00:00:00 -j RETURN
iptables -I mychain -m mac --mac ! 00:00:00:00:00:00 -j RETURN
iptables -I mychain -j ulooped
Comment 7 Steve Hill 2006-11-17 04:05:25 EST
Hmm, I hadn't thought of that.  Although this still seems like a bug to me - you
shouldn't have to use that sort of kludge.
Comment 8 petrosyan 2008-03-10 21:55:50 EDT
Fedora Core 5 is no longer maintained. Is this bug still present in Fedora 7 or
Fedora 8?
Comment 9 Bug Zapper 2008-04-03 22:11:01 EDT
Fedora apologizes that these issues have not been resolved yet. We're
sorry it's taken so long for your bug to be properly triaged and acted
on. We appreciate the time you took to report this issue and want to
make sure no important bugs slip through the cracks.

If you're currently running a version of Fedora Core between 1 and 6,
please note that Fedora no longer maintains these releases. We strongly
encourage you to upgrade to a current Fedora release. In order to
refocus our efforts as a project we are flagging all of the open bugs
for releases which are no longer maintained and closing them.
http://fedoraproject.org/wiki/LifeCycle/EOL

If this bug is still open against Fedora Core 1 through 6, thirty days
from now, it will be closed 'WONTFIX'. If you can reporduce this bug in
the latest Fedora version, please change to the respective version. If
you are unable to do this, please add a comment to this bug requesting
the change.

Thanks for your help, and we apologize again that we haven't handled
these issues to this point.

The process we are following is outlined here:
http://fedoraproject.org/wiki/BugZappers/F9CleanUp

We will be following the process here:
http://fedoraproject.org/wiki/BugZappers/HouseKeeping to ensure this
doesn't happen again.

And if you'd like to join the bug triage team to help make things
better, check out http://fedoraproject.org/wiki/BugZappers
Comment 10 Bug Zapper 2008-05-06 11:35:56 EDT
This bug is open for a Fedora version that is no longer maintained and
will not be fixed by Fedora. Therefore we are closing this bug.

If you can reproduce this bug against a currently maintained version of
Fedora please feel free to reopen thus bug against that version.

Thank you for reporting this bug and we are sorry it could not be fixed.

Note You need to log in before you can comment on or make changes to this bug.