problems deleting conntrack entries with conntrack-tools 0.9.5

Linux Netfilter discussions
 help / color / mirror / Atom feed

* problems deleting conntrack entries with conntrack-tools 0.9.5
@ 2008-02-18 19:35 Ricardo Teixeira
  2008-02-19  0:32 ` Pablo Neira Ayuso
  0 siblings, 1 reply; 2+ messages in thread
From: Ricardo Teixeira @ 2008-02-18 19:35 UTC (permalink / raw)
  To: netfilter

Hi!

i am having problems using conntrack-tools to delete entries.

i am using the command "conntrack -D conntrack -s 192.168.69.24 -p tcp
--sport 51266 --dport 22", among others, to try to get it to work.
Though no matter how i try i always get this message : "Operation
failed: such conntrack doesn't exist"

...of course:

#conntrack -L conntrack -s 192.168.69.24 -p tcp --sport 51266 --dport 22

tcp      6 430195 ESTABLISHED src=192.168.69.24 dst=192.168.69.202
sport=51266 dport=22 packets=1860 bytes=127416 src=192.168.69.202
dst=192.168.69.24 sport=22 dport=51266 packets=1501 bytes=205145
[ASSURED] mark=0 use=2
tcp      6 431999 ESTABLISHED src=192.168.69.24 dst=192.168.69.202
sport=51264 dport=22 packets=37328 bytes=2306744 src=192.168.69.202
dst=192.168.69.24 sport=22 dport=51264 packets=42456 bytes=7307109
[ASSURED] mark=0 use=1

though it's weird that, in this case, it doesn't filter by the ports
specified either...

i'm running a debian sarge with 
kernel 2.6.19.4-586 
libnfnetlink-0.0.25
libnetfilter_conntrack-0.0.82

If some nice soul could help me it would me great

Thanks in advance,

Ricardo Teixeira.


^ permalink raw reply	[flat|nested] 2+ messages in thread

* Re: problems deleting conntrack entries with conntrack-tools 0.9.5
  2008-02-18 19:35 problems deleting conntrack entries with conntrack-tools 0.9.5 Ricardo Teixeira
@ 2008-02-19  0:32 ` Pablo Neira Ayuso
  0 siblings, 0 replies; 2+ messages in thread
From: Pablo Neira Ayuso @ 2008-02-19  0:32 UTC (permalink / raw)
  To: Ricardo Teixeira; +Cc: netfilter

Ricardo Teixeira wrote:
> i am having problems using conntrack-tools to delete entries.
> 
> i am using the command "conntrack -D conntrack -s 192.168.69.24 -p tcp
> --sport 51266 --dport 22", among others, to try to get it to work.
> Though no matter how i try i always get this message : "Operation
> failed: such conntrack doesn't exist"

You seem to have forgotten the destination address (-d) which is
required. However, you have found a bug in the tool since it should
complain about this wrong use.

I'm also planning to improve the tool by reducing the number of
parameters required to destroy entries, I have a patch here but it will
take me some time until I finish it.

-- 
"Los honestos son inadaptados sociales" -- Les Luthiers

^ permalink raw reply	[flat|nested] 2+ messages in thread

end of thread, other threads:[~2008-02-19  0:32 UTC | newest]

Thread overview: 2+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2008-02-18 19:35 problems deleting conntrack entries with conntrack-tools 0.9.5 Ricardo Teixeira
2008-02-19  0:32 ` Pablo Neira Ayuso

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox