[BUG] nth match: using more than 1 counter

All of lore.kernel.org
 help / color / mirror / Atom feed

* [BUG] nth match: using more than 1 counter
@ 2002-12-07  3:58 Mateusz Golicz
  0 siblings, 0 replies; 3+ messages in thread
From: Mateusz Golicz @ 2002-12-07  3:58 UTC (permalink / raw)
  To: netfilter-devel

Hello,

  The userspace part of the nth match (BTW, quite an useful one)
seems to be a bit broken. (at least in the CVS version from the
WWW frontend (don't know if there are any other ones ;), i'm
new to netfilter developement): http://cvs.netfilter.org/cgi-bin/cvsweb/~checkout~/netfilter/userspace/extensions/libipt_nth.c)

around line 102, in parse(), there is a fragment doing some
checks concerning the --every option:

--- CUT ---
                nthinfo->packet = 0xFF;
                if(!(*flags & IPT_NTH_OPT_EVERY))
                {
                        nthinfo->counter = 0;
                }
--- CUT ---

... but actually, the IPT_NTH_OPT_EVERY flag is
set only in this function, but after this part. So, if
you specify --every after --counter, the previous nthinfo->counter
will be always lost, which will make the match behave quite improperly in
case you use more than a one counter... i guess this check should be
something like:

--- CUT ---
--- extensions/libipt_nth.c.old Sat Dec  7 05:47:47 2002
+++ extensions/libipt_nth.c     Sat Dec  7 05:29:28 2002
@@ -100,7 +101,7 @@
                nthinfo->every = num-1;
                nthinfo->startat = 0;
                 nthinfo->packet = 0xFF;
-                if(!(*flags & IPT_NTH_OPT_EVERY))
+                if(!(*flags & IPT_NTH_OPT_COUNTER))
                 {
                         nthinfo->counter = 0;
                 }
--- CUT ---

Matthew Golicz, IP Network Dept., Cable Television "Elsat" Ltd.
-- 
______________________________________________________________________
mteg <mtg@elsat.net.pl>       * MG452-RIPE *            Mateusz Golicz
* ,,I just had a thought I have seen everything in this lifetime, but*
* now I sit here and watch a cyborg diving ... in her spare time!''  *

^ permalink raw reply	[flat|nested] 3+ messages in thread

* [BUG] nth match: using more than 1 counter
@ 2002-12-07 12:49 Mateusz Golicz
  2002-12-09  3:26 ` Fabrice MARIE
  0 siblings, 1 reply; 3+ messages in thread
From: Mateusz Golicz @ 2002-12-07 12:49 UTC (permalink / raw)
  To: netfilter-devel

Hello,

  The userspace part of the nth match (BTW, quite an useful one)
seems to be a bit broken. (at least in the CVS version from the
WWW frontend (don't know if there are any other ones ;), i'm
new to netfilter developement): http://cvs.netfilter.org/cgi-bin/cvsweb/~checkout~/netfilter/userspace/extensions/libipt_nth.c)

around line 102, in parse(), there is a fragment doing some
checks concerning the --every option:

--- CUT ---
                nthinfo->packet = 0xFF;
                if(!(*flags & IPT_NTH_OPT_EVERY))
                {
                        nthinfo->counter = 0;
                }
--- CUT ---

... but actually, the IPT_NTH_OPT_EVERY flag is
set only in this function, but after this part. So, if
you specify --every after --counter, the previous nthinfo->counter
will be always lost, which will make the match behave quite improperly in
case you use more than a one counter... i guess this check should be
something like:

--- CUT ---
--- extensions/libipt_nth.c.old Sat Dec  7 05:47:47 2002
+++ extensions/libipt_nth.c     Sat Dec  7 05:29:28 2002
@@ -100,7 +101,7 @@
                nthinfo->every = num-1;
                nthinfo->startat = 0;
                 nthinfo->packet = 0xFF;
-                if(!(*flags & IPT_NTH_OPT_EVERY))
+                if(!(*flags & IPT_NTH_OPT_COUNTER))
                 {
                         nthinfo->counter = 0;
                 }
--- CUT ---

Matthew Golicz, IP Network Dept., Cable Television "Elsat" Ltd.
-- 
______________________________________________________________________
mteg <mtg@elsat.net.pl>       * MG452-RIPE *            Mateusz Golicz
* ,,I just had a thought I have seen everything in this lifetime, but*
* now I sit here and watch a cyborg diving ... in her spare time!''  *

^ permalink raw reply	[flat|nested] 3+ messages in thread

* Re: [BUG] nth match: using more than 1 counter
  2002-12-07 12:49 Mateusz Golicz
@ 2002-12-09  3:26 ` Fabrice MARIE
  0 siblings, 0 replies; 3+ messages in thread
From: Fabrice MARIE @ 2002-12-09  3:26 UTC (permalink / raw)
  To: Mateusz Golicz, netfilter-devel


Dzien Dobre Mateusz,

On Saturday 07 December 2002 20:49, Mateusz Golicz wrote:
> Hello,
>   The userspace part of the nth match (BTW, quite an useful one)
> seems to be a bit broken. [...]

Thanks for the report, I'll look into it shortly. It's been a very
long time I didn't touch any line of code of this target so it might
take me longer that what I hope..

Have a nice day,

Fabrice.
--
Fabrice MARIE

"Silly hacker, root is for administrators"
       -Unknown

^ permalink raw reply	[flat|nested] 3+ messages in thread

end of thread, other threads:[~2002-12-09  3:26 UTC | newest]

Thread overview: 3+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2002-12-07  3:58 [BUG] nth match: using more than 1 counter Mateusz Golicz
  -- strict thread matches above, loose matches on Subject: below --
2002-12-07 12:49 Mateusz Golicz
2002-12-09  3:26 ` Fabrice MARIE

This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.