* [PATCH] ipt_multiport invert fix
@ 2003-01-09 14:34 Harald Welte
2003-01-10 8:39 ` David S. Miller
0 siblings, 1 reply; 4+ messages in thread
From: Harald Welte @ 2003-01-09 14:34 UTC (permalink / raw)
To: David Miller; +Cc: Netfilter Development Mailinglist
[-- Attachment #1.1: Type: text/plain, Size: 574 bytes --]
Hi Dave!
This is the first of a series of patches you will receive from me today.
Please apply to 2.4.x and 2.5.x, thanks.
Author: Marcus Sundberg <marcus@ingate.com>
This patch fixes the multiport match, when it is used in combination
with the invert (!) flag.
--
- Harald Welte / laforge@gnumonks.org http://www.gnumonks.org/
============================================================================
"If this were a dictatorship, it'd be a heck of a lot easier, just so long
as I'm the dictator." -- George W. Bush Dec 18, 2000
[-- Attachment #1.2: ipt_multiport-invfix.patch --]
[-- Type: text/plain, Size: 658 bytes --]
diff -ur linux.current/net/ipv4/netfilter/ipt_multiport.c linux-mine/net/ipv4/netfilter/ipt_multiport.c
--- linux-2.4.19-rc1/net/ipv4/netfilter/ipt_multiport.c Tue Jun 20 23:32:27 2000
+++ linux/net/ipv4/netfilter/ipt_multiport.c Tue Jul 9 10:43:23 2002
@@ -78,7 +78,7 @@
/* Must specify proto == TCP/UDP, no unknown flags or bad count */
return (ip->proto == IPPROTO_TCP || ip->proto == IPPROTO_UDP)
- && !(ip->flags & IPT_INV_PROTO)
+ && !(ip->invflags & IPT_INV_PROTO)
&& matchsize == IPT_ALIGN(sizeof(struct ipt_multiport))
&& (multiinfo->flags == IPT_MULTIPORT_SOURCE
|| multiinfo->flags == IPT_MULTIPORT_DESTINATION
[-- Attachment #2: Type: application/pgp-signature, Size: 232 bytes --]
^ permalink raw reply [flat|nested] 4+ messages in thread
* [PATCH] ipt_multiport invert fix
@ 2003-01-09 14:39 Harald Welte
0 siblings, 0 replies; 4+ messages in thread
From: Harald Welte @ 2003-01-09 14:39 UTC (permalink / raw)
To: David Miller; +Cc: Netfilter Development Mailinglist
[-- Attachment #1: Type: text/plain, Size: 1569 bytes --]
Hi Dave!
This is another patch of the series of patches you will receive from me today.
Please apply to 2.4.x and 2.5.x, thanks.
This patch fixes the ULOG target when logging packets without any
ethernet header (mac address).
--- linux-2.4.20-pre11-plain/net/ipv4/netfilter/ipt_ULOG.c Wed Oct 30 10:09:41 2002
+++ linux-2.4.20-pre11-ulogfix/net/ipv4/netfilter//ipt_ULOG.c Wed Oct 30 10:07:31 2002
@@ -12,6 +12,7 @@
* module loadtime -HW
* 2002/07/07 remove broken nflog_rcv() function -HW
* 2002/08/29 fix shifted/unshifted nlgroup bug -HW
+ * 2002/10/30 fix uninitialized mac_len field - <Anders K. Pedersen>
*
* Released under the terms of the GPL
*
@@ -31,7 +32,7 @@
* Specify, after how many clock ticks (intel: 100 per second) the queue
* should be flushed even if it is not full yet.
*
- * ipt_ULOG.c,v 1.21 2002/08/29 10:54:34 laforge Exp
+ * ipt_ULOG.c,v 1.22 2002/10/30 09:07:31 laforge Exp
*/
#include <linux/module.h>
@@ -224,7 +225,8 @@
&& in->hard_header_len <= ULOG_MAC_LEN) {
memcpy(pm->mac, (*pskb)->mac.raw, in->hard_header_len);
pm->mac_len = in->hard_header_len;
- }
+ } else
+ pm->mac_len = 0;
if (in)
strncpy(pm->indev_name, in->name, sizeof(pm->indev_name));
--
- Harald Welte / laforge@gnumonks.org http://www.gnumonks.org/
============================================================================
"If this were a dictatorship, it'd be a heck of a lot easier, just so long
as I'm the dictator." -- George W. Bush Dec 18, 2000
[-- Attachment #2: Type: application/pgp-signature, Size: 232 bytes --]
^ permalink raw reply [flat|nested] 4+ messages in thread* [PATCH] ipt_multiport invert fix
@ 2002-11-02 10:44 Harald Welte
0 siblings, 0 replies; 4+ messages in thread
From: Harald Welte @ 2002-11-02 10:44 UTC (permalink / raw)
To: Netfilter Development Mailinglist
[-- Attachment #1.1: Type: text/plain, Size: 353 bytes --]
I forgot to cc' netfilter-devel.
--
Live long and prosper
- Harald Welte / laforge@gnumonks.org http://www.gnumonks.org/
============================================================================
"If this were a dictatorship, it'd be a heck of a lot easier, just so long
as I'm the dictator." -- George W. Bush Dec 18, 2000
[-- Attachment #1.2: Type: message/rfc822, Size: 2391 bytes --]
[-- Attachment #1.2.1.1: Type: text/plain, Size: 1195 bytes --]
Hi Dave!
Another iptables fix (courtesy of Marcus Sundberg), this time for the
ipt_multiport module, when used in combination with the '!' inversion option at
the iptables commandline.
Please apply, thanks.
diff -ur linux.current/net/ipv4/netfilter/ipt_multiport.c linux-mine/net/ipv4/netfilter/ipt_multiport.c
--- linux-2.4.19-rc1/net/ipv4/netfilter/ipt_multiport.c Tue Jun 20 23:32:27 2000
+++ linux/net/ipv4/netfilter/ipt_multiport.c Tue Jul 9 10:43:23 2002
@@ -78,7 +78,7 @@
/* Must specify proto == TCP/UDP, no unknown flags or bad count */
return (ip->proto == IPPROTO_TCP || ip->proto == IPPROTO_UDP)
- && !(ip->flags & IPT_INV_PROTO)
+ && !(ip->invflags & IPT_INV_PROTO)
&& matchsize == IPT_ALIGN(sizeof(struct ipt_multiport))
&& (multiinfo->flags == IPT_MULTIPORT_SOURCE
|| multiinfo->flags == IPT_MULTIPORT_DESTINATION
--
Live long and prosper
- Harald Welte / laforge@gnumonks.org http://www.gnumonks.org/
============================================================================
"If this were a dictatorship, it'd be a heck of a lot easier, just so long
as I'm the dictator." -- George W. Bush Dec 18, 2000
[-- Attachment #1.2.1.2: Type: application/pgp-signature, Size: 232 bytes --]
[-- Attachment #2: Type: application/pgp-signature, Size: 232 bytes --]
^ permalink raw reply [flat|nested] 4+ messages in thread
end of thread, other threads:[~2003-01-10 8:39 UTC | newest]
Thread overview: 4+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2003-01-09 14:34 [PATCH] ipt_multiport invert fix Harald Welte
2003-01-10 8:39 ` David S. Miller
-- strict thread matches above, loose matches on Subject: below --
2003-01-09 14:39 Harald Welte
2002-11-02 10:44 Harald Welte
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.