Bug 61286 - iptables does not log all packets
Summary: iptables does not log all packets
Alias: None
Product: Red Hat Linux
Classification: Retired
Component: kernel (Show other bugs)
(Show other bugs)
Version: 7.2
Hardware: i386 Linux
Target Milestone: ---
Assignee: Arjan van de Ven
QA Contact: Ben Levenson
Depends On:
TreeView+ depends on / blocked
Reported: 2002-03-16 00:47 UTC by doughaber
Modified: 2008-08-01 16:22 UTC (History)
1 user (show)

Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Last Closed: 2004-09-30 15:39:26 UTC
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---

Attachments (Terms of Use)

Description doughaber 2002-03-16 00:47:11 UTC
From Bugzilla Helper:
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows 98; Q312461)

Description of problem:
When I try to log dhcp packets that come from dhcpcd -n they don't all get 
logged (despite the fact that tcpdump shows them)

Here's my iptables:

#Log anything in other than loopback
$iptables -A INPUT -i ! lo -j LOG --log-prefix "INPUT:"

#Log anything in other than loopback
$iptables -A OUTPUT -o ! lo -j LOG --log-prefix "OUTPUT:"

Version-Release number of selected component (if applicable):
[user]# iptables --version
iptables v1.2.4

How reproducible:

Steps to Reproduce:
1. run the dhcpcd daemon
2. load the iptables described in the description
3. run tcpdump (tcpdump -n host yyy.yyy.yyy.yyy)
4. tell dhcpcd to renew the license (dhcpcd -n)


Actual Results:  tcpdump captures 3 packets (out, in, out):
tcpdump: listening on eth0
13:20:32.720462 xxx.xxx.xxx.xxx.bootpc > yyy.yyy.yyy.yyy.bootps:  
xid:0x54496739 secs:3 C:xxx.xxx.xxx.xxx [|bootp]
13:20:32.754394 yyy.yyy.yyy.yyy.bootps > xxx.xxx.xxx.xxx.bootpc:  
xid:0x54496739 C:xxx.xxx.xxx.xxx Y:xxx.xxx.xxx.xxx [|bootp] (DF)
13:20:32.754859 xxx.xxx.xxx.xxx > yyy.yyy.yyy.yyy: icmp: xxx.xxx.xxx.xxx udp 
port bootpc unreachable [tos 0xc0] 

But iptables only logs 2 packets (in,out):
[user]# tail /var/log/messages
Mar 15 13:20:32 pokey kernel: INPUT:IN=eth0 OUT= 
MAC=00:00:00:00:00:00:00:00:00:00:00:00:00:00 SRC=yyy.yyy.yyy.yyy 
DST=xxx.xxx.xxx.xxx LEN=359 TOS=0x00 PREC=0x00 TTL=253 ID=32883 DF PROTO=UDP 
SPT=67 DPT=68 LEN=339 
Mar 15 13:20:32 pokey kernel: OUTPUT:IN= OUT=eth0 SRC=xxx.xxx.xxx.xxx 
DST=yyy.yyy.yyy.yyy LEN=387 TOS=0x00 PREC=0xC0 TTL=255 ID=1645 PROTO=ICMP 
TYPE=3 CODE=3 [SRC=yyy.yyy.yyy.yyy DST=xxx.xxx.xxx.xxx LEN=359 TOS=0x00 
PREC=0x00 TTL=253 ID=32883 DF PROTO=UDP SPT=67 DPT=68 LEN=339 ] 

Expected Results:  I would have expected iptables to log all 3 packets 

Additional info:

Feel free to email me for more details if necessary

Comment 1 Bernhard Rosenkraenzer 2002-03-25 14:58:51 UTC
kernel issue - the iptables userland package just tells the kernel modules what to do.

Comment 2 Arjan van de Ven 2002-03-25 15:01:44 UTC
Third packet is icmp; that's not logged by default.

Comment 3 doughaber 2002-03-25 23:59:48 UTC
What's the userland package and how do I learn about it / configure it?


Comment 4 Bugzilla owner 2004-09-30 15:39:26 UTC
Thanks for the bug report. However, Red Hat no longer maintains this version of
the product. Please upgrade to the latest version and open a new bug if the problem

The Fedora Legacy project (http://fedoralegacy.org/) maintains some older releases, 
and if you believe this bug is interesting to them, please report the problem in
the bug tracker at: http://bugzilla.fedora.us/

Note You need to log in before you can comment on or make changes to this bug.