Bug 61286 - iptables does not log all packets
iptables does not log all packets
Status: CLOSED CURRENTRELEASE
Product: Red Hat Linux
Classification: Retired
Component: kernel (Show other bugs)
7.2
i386 Linux
medium Severity medium
: ---
: ---
Assigned To: Arjan van de Ven
Ben Levenson
:
Depends On:
Blocks:
  Show dependency treegraph
 
Reported: 2002-03-15 19:47 EST by doughaber
Modified: 2008-08-01 12:22 EDT (History)
1 user (show)

See Also:
Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Environment:
Last Closed: 2004-09-30 11:39:26 EDT
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---


Attachments (Terms of Use)

  None (edit)
Description doughaber 2002-03-15 19:47:11 EST
From Bugzilla Helper:
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows 98; Q312461)

Description of problem:
When I try to log dhcp packets that come from dhcpcd -n they don't all get 
logged (despite the fact that tcpdump shows them)

Here's my iptables:

#Log anything in other than loopback
$iptables -A INPUT -i ! lo -j LOG --log-prefix "INPUT:"

#Log anything in other than loopback
$iptables -A OUTPUT -o ! lo -j LOG --log-prefix "OUTPUT:"


Version-Release number of selected component (if applicable):
[user]# iptables --version
iptables v1.2.4

How reproducible:
Always

Steps to Reproduce:
1. run the dhcpcd daemon
2. load the iptables described in the description
3. run tcpdump (tcpdump -n host yyy.yyy.yyy.yyy)
4. tell dhcpcd to renew the license (dhcpcd -n)

	

Actual Results:  tcpdump captures 3 packets (out, in, out):
tcpdump: listening on eth0
13:20:32.720462 xxx.xxx.xxx.xxx.bootpc > yyy.yyy.yyy.yyy.bootps:  
xid:0x54496739 secs:3 C:xxx.xxx.xxx.xxx [|bootp]
13:20:32.754394 yyy.yyy.yyy.yyy.bootps > xxx.xxx.xxx.xxx.bootpc:  
xid:0x54496739 C:xxx.xxx.xxx.xxx Y:xxx.xxx.xxx.xxx [|bootp] (DF)
13:20:32.754859 xxx.xxx.xxx.xxx > yyy.yyy.yyy.yyy: icmp: xxx.xxx.xxx.xxx udp 
port bootpc unreachable [tos 0xc0] 

But iptables only logs 2 packets (in,out):
[user]# tail /var/log/messages
Mar 15 13:20:32 pokey kernel: INPUT:IN=eth0 OUT= 
MAC=00:00:00:00:00:00:00:00:00:00:00:00:00:00 SRC=yyy.yyy.yyy.yyy 
DST=xxx.xxx.xxx.xxx LEN=359 TOS=0x00 PREC=0x00 TTL=253 ID=32883 DF PROTO=UDP 
SPT=67 DPT=68 LEN=339 
Mar 15 13:20:32 pokey kernel: OUTPUT:IN= OUT=eth0 SRC=xxx.xxx.xxx.xxx 
DST=yyy.yyy.yyy.yyy LEN=387 TOS=0x00 PREC=0xC0 TTL=255 ID=1645 PROTO=ICMP 
TYPE=3 CODE=3 [SRC=yyy.yyy.yyy.yyy DST=xxx.xxx.xxx.xxx LEN=359 TOS=0x00 
PREC=0x00 TTL=253 ID=32883 DF PROTO=UDP SPT=67 DPT=68 LEN=339 ] 


Expected Results:  I would have expected iptables to log all 3 packets 
(out,in,out)

Additional info:

Feel free to email me for more details if necessary
Comment 1 Bernhard Rosenkraenzer 2002-03-25 09:58:51 EST
kernel issue - the iptables userland package just tells the kernel modules what to do.
Comment 2 Arjan van de Ven 2002-03-25 10:01:44 EST
Third packet is icmp; that's not logged by default.
Comment 3 doughaber 2002-03-25 18:59:48 EST
What's the userland package and how do I learn about it / configure it?

thanks,
d
Comment 4 Bugzilla owner 2004-09-30 11:39:26 EDT
Thanks for the bug report. However, Red Hat no longer maintains this version of
the product. Please upgrade to the latest version and open a new bug if the problem
persists.

The Fedora Legacy project (http://fedoralegacy.org/) maintains some older releases, 
and if you believe this bug is interesting to them, please report the problem in
the bug tracker at: http://bugzilla.fedora.us/

Note You need to log in before you can comment on or make changes to this bug.