libiptc ... and matches , seg fault

libiptc ... and matches , seg fault

[Francesco Ciocchetti]

Hi all ML.

I'm tryng to develop a small apps with libiptc copyng as much as
possible from iptables.c

i'm getting a segmentation fault when i call find_match with 'tcp' as
argument.

searching with gdb i found that :

my segfault arrives when in register_match

if (strcmp(me->version, program_version) != 0) (line 1052 of iptables.c
1.2.11)

Program received signal SIGSEGV, Segmentation fault.
0x0ff0b824 in strcmp () from /lib/tls/libc.so.6
(gdb) where
#0  0x0ff0b824 in strcmp () from /lib/tls/libc.so.6
#1  0x100083e8 in register_match ()
#2  0x0fe53584 in _init () from /lib/iptables/libipt_tcp.so
#3  0x0fe53584 in _init () from /lib/iptables/libipt_tcp.so
#4  0x0fe53584 in _init () from /lib/iptables/libipt_tcp.so
#5  0x0fe53584 in _init () from /lib/iptables/libipt_tcp.so
#6  0x0fe53584 in _init () from /lib/iptables/libipt_tcp.so
#7  0x0fe53584 in _init () from /lib/iptables/libipt_tcp.so
#8  0x0fe53584 in _init () from /lib/iptables/libipt_tcp.so
#9  0x0fe53584 in _init () from /lib/iptables/libipt_tcp.so
#10 0x0fe53584 in _init () from /lib/iptables/libipt_tcp.so
#11 0x0fe53584 in _init () from /lib/iptables/libipt_tcp.so
#12 0x0fe53584 in _init () from /lib/iptables/libipt_tcp.so
#13 0x0fe53584 in _init () from /lib/iptables/libipt_tcp.so
#14 0x0fe53584 in _init () from /lib/iptables/libipt_tcp.so
#15 0x0fe53584 in _init () from /lib/iptables/libipt_tcp.so
#16 0x0fe53584 in _init () from /lib/iptables/libipt_tcp.so
#17 0x0fe53584 in _init () from /lib/iptables/libipt_tcp.so
#18 0x0fe53584 in _init () from /lib/iptables/libipt_tcp.so
#19 0x0fe53584 in _init () from /lib/iptables/libipt_tcp.so
#20 0x0fe53584 in _init () from /lib/iptables/libipt_tcp.so
Previous frame inner to this frame (corrupt stack?)

If i missed some info don't esiatate to ask :)

anyone has some hints?

thx
Francesco

Re: libiptc ... and matches , seg fault

[Tomáš Macek]

Where points the me->version just before the step into the strcmp()?
What this pointer contains?

On Thu, 14 Jul 2005, Francesco Ciocchetti wrote:

> Hi all ML.
>
> I'm tryng to develop a small apps with libiptc copyng as much as
> possible from iptables.c
>
> i'm getting a segmentation fault when i call find_match with 'tcp' as
> argument.
>
> searching with gdb i found that :
>
> my segfault arrives when in register_match
>
> if (strcmp(me->version, program_version) != 0) (line 1052 of iptables.c
> 1.2.11)
>
> Program received signal SIGSEGV, Segmentation fault.
> 0x0ff0b824 in strcmp () from /lib/tls/libc.so.6
> (gdb) where
> #0  0x0ff0b824 in strcmp () from /lib/tls/libc.so.6
> #1  0x100083e8 in register_match ()
> #2  0x0fe53584 in _init () from /lib/iptables/libipt_tcp.so
> #3  0x0fe53584 in _init () from /lib/iptables/libipt_tcp.so
> #4  0x0fe53584 in _init () from /lib/iptables/libipt_tcp.so
> #5  0x0fe53584 in _init () from /lib/iptables/libipt_tcp.so
> #6  0x0fe53584 in _init () from /lib/iptables/libipt_tcp.so
> #7  0x0fe53584 in _init () from /lib/iptables/libipt_tcp.so
> #8  0x0fe53584 in _init () from /lib/iptables/libipt_tcp.so
> #9  0x0fe53584 in _init () from /lib/iptables/libipt_tcp.so
> #10 0x0fe53584 in _init () from /lib/iptables/libipt_tcp.so
> #11 0x0fe53584 in _init () from /lib/iptables/libipt_tcp.so
> #12 0x0fe53584 in _init () from /lib/iptables/libipt_tcp.so
> #13 0x0fe53584 in _init () from /lib/iptables/libipt_tcp.so
> #14 0x0fe53584 in _init () from /lib/iptables/libipt_tcp.so
> #15 0x0fe53584 in _init () from /lib/iptables/libipt_tcp.so
> #16 0x0fe53584 in _init () from /lib/iptables/libipt_tcp.so
> #17 0x0fe53584 in _init () from /lib/iptables/libipt_tcp.so
> #18 0x0fe53584 in _init () from /lib/iptables/libipt_tcp.so
> #19 0x0fe53584 in _init () from /lib/iptables/libipt_tcp.so
> #20 0x0fe53584 in _init () from /lib/iptables/libipt_tcp.so
> Previous frame inner to this frame (corrupt stack?)
>
> If i missed some info don't esiatate to ask :)
>
> anyone has some hints?
>
> thx
> Francesco
>
>
>
>
>
>
>

Re: libiptc ... and matches , seg fault

[primero]

Tomáš Macek wrote:

> Where points the me->version just before the step into the strcmp()?
> What this pointer contains?
>

each libipt_MATCH has to call a register_match() in his init function 
passing an "iptables_match" structure has argument that is referred as 
"me" inside the register_match function.

in my particular case me->version is equal to IPTABLES_VERSION (check 
out the libipt_tcp.c).

what could give such seg fault in a strcmp ?

bye
Francesco

> On Thu, 14 Jul 2005, Francesco Ciocchetti wrote:
>
>> Hi all ML.
>>
>> I'm tryng to develop a small apps with libiptc copyng as much as
>> possible from iptables.c
>>
>> i'm getting a segmentation fault when i call find_match with 'tcp' as
>> argument.
>>
>> searching with gdb i found that :
>>
>> my segfault arrives when in register_match
>>
>> if (strcmp(me->version, program_version) != 0) (line 1052 of iptables.c
>> 1.2.11)
>>
>> Program received signal SIGSEGV, Segmentation fault.
>> 0x0ff0b824 in strcmp () from /lib/tls/libc.so.6
>> (gdb) where
>> #0 0x0ff0b824 in strcmp () from /lib/tls/libc.so.6
>> #1 0x100083e8 in register_match ()
>> #2 0x0fe53584 in _init () from /lib/iptables/libipt_tcp.so
>> #3 0x0fe53584 in _init () from /lib/iptables/libipt_tcp.so
>> #4 0x0fe53584 in _init () from /lib/iptables/libipt_tcp.so
>> #5 0x0fe53584 in _init () from /lib/iptables/libipt_tcp.so
>> #6 0x0fe53584 in _init () from /lib/iptables/libipt_tcp.so
>> #7 0x0fe53584 in _init () from /lib/iptables/libipt_tcp.so
>> #8 0x0fe53584 in _init () from /lib/iptables/libipt_tcp.so
>> #9 0x0fe53584 in _init () from /lib/iptables/libipt_tcp.so
>> #10 0x0fe53584 in _init () from /lib/iptables/libipt_tcp.so
>> #11 0x0fe53584 in _init () from /lib/iptables/libipt_tcp.so
>> #12 0x0fe53584 in _init () from /lib/iptables/libipt_tcp.so
>> #13 0x0fe53584 in _init () from /lib/iptables/libipt_tcp.so
>> #14 0x0fe53584 in _init () from /lib/iptables/libipt_tcp.so
>> #15 0x0fe53584 in _init () from /lib/iptables/libipt_tcp.so
>> #16 0x0fe53584 in _init () from /lib/iptables/libipt_tcp.so
>> #17 0x0fe53584 in _init () from /lib/iptables/libipt_tcp.so
>> #18 0x0fe53584 in _init () from /lib/iptables/libipt_tcp.so
>> #19 0x0fe53584 in _init () from /lib/iptables/libipt_tcp.so
>> #20 0x0fe53584 in _init () from /lib/iptables/libipt_tcp.so
>> Previous frame inner to this frame (corrupt stack?)
>>
>> If i missed some info don't esiatate to ask :)
>>
>> anyone has some hints?
>>
>> thx
>> Francesco
>>
>>
>>
>>
>>
>>
>>
>

Re: libiptc ... and matches , seg fault

[Jan Engelhardt]

> each libipt_MATCH has to call a register_match() in his init function passing
> an "iptables_match" structure has argument that is referred as "me" inside the
> register_match function.
>
> in my particular case me->version is equal to IPTABLES_VERSION (check out the
> libipt_tcp.c).

me->version might just be null, surprise, surprise.

I only see a 'me' member in the kernel interface, e.g. struct ipt_match, and 
'me' is a struct module *. And the "version" member of struct module * is set 
by MODULE_VERSION() macro AFAICG.


Jan Engelhardt
-- 

Re: libiptc ... and matches , seg fault

[primero]

Jan Engelhardt wrote:

>>each libipt_MATCH has to call a register_match() in his init function passing
>>an "iptables_match" structure has argument that is referred as "me" inside the
>>register_match function.
>>
>>in my particular case me->version is equal to IPTABLES_VERSION (check out the
>>libipt_tcp.c).
>>    
>>
>
>  
>
i think i should have specified that i'm not an expert coder ... maybe 
i'm not a coder at all ;)

>me->version might just be null, surprise, surprise.
>  
>
Ok, if it would be null this expression :

if (strcmp(me->version, program_version) != 0) {
                fprintf(stderr, "%s: match `%s' v%s (I'm v%s).\n",
                        program_name, me->name, me->version, 
program_version);
                exit(1);
        }

should return a < 0 value and print the error string ? ... i get a 
segmentation faul instead

>I only see a 'me' member in the kernel interface, e.g. struct ipt_match, and 
>'me' is a struct module *. And the "version" member of struct module * is set 
>by MODULE_VERSION() macro AFAICG.
>
>
>  
>
I'll look for this MACRO.


>Jan Engelhardt
>  
>

thanks
Francesco

Re: libiptc ... and matches , seg fault

[Tomáš Macek]

The strcmp() function will try to compare/get the 0x0 memory pointed by the me->version pointer and this (in the strcmp() function) raises the sigseg error.
You could try this:

if (me->version != NULL && strcmp(me->version, program_version) != 0) {
     ...
}

If the first condition "if (me->version != NULL)" failes, the rest will be not processed.

On Fri, 15 Jul 2005, primero wrote:

> Jan Engelhardt wrote:
>
>>> each libipt_MATCH has to call a register_match() in his init function 
>>> passing
>>> an "iptables_match" structure has argument that is referred as "me" inside 
>>> the
>>> register_match function.
>>> 
>>> in my particular case me->version is equal to IPTABLES_VERSION (check out 
>>> the
>>> libipt_tcp.c).
>>> 
>>
>> 
> i think i should have specified that i'm not an expert coder ... maybe i'm 
> not a coder at all ;)
>
>> me->version might just be null, surprise, surprise.
>> 
> Ok, if it would be null this expression :
>
> if (strcmp(me->version, program_version) != 0) {
>               fprintf(stderr, "%s: match `%s' v%s (I'm v%s).\n",
>                       program_name, me->name, me->version, program_version);
>               exit(1);
>       }
>
> should return a < 0 value and print the error string ? ... i get a 
> segmentation faul instead
>
>> I only see a 'me' member in the kernel interface, e.g. struct ipt_match, 
>> and 'me' is a struct module *. And the "version" member of struct module * 
>> is set by MODULE_VERSION() macro AFAICG.
>> 
>>
>> 
> I'll look for this MACRO.
>
>
>> Jan Engelhardt
>> 
>
> thanks
> Francesco
>
>
>
>
>
>
>

Re: libiptc ... and matches , seg fault

[Francesco Ciocchetti]

Tomáš Macek wrote:

> The strcmp() function will try to compare/get the 0x0 memory pointed
> by the me->version pointer and this (in the strcmp() function) raises
> the sigseg error.


Yes :)

> You could try this:
>
> if (me->version != NULL && strcmp(me->version, program_version) != 0) {
> ...
> }
>
> If the first condition "if (me->version != NULL)" failes, the rest
> will be not processed.
>
My problem is that the "register_match" function is not a function of my
program, but a function from iptables.c that is called by init function
in libipt_tcp.c ... what i'm wondering now is why my "me->version" could
be or is NULL or maybe program_version could be NULL too.

this is the extract from libipt_tcp.c

static
struct iptables_match tcp
= { NULL,
"tcp",
IPTABLES_VERSION,
IPT_ALIGN(sizeof(struct ipt_tcp)),
IPT_ALIGN(sizeof(struct ipt_tcp)),
&help,
&init,
&parse,
&final_check,
&print,
&save,
opts };

void
_init(void)
{
register_match(&tcp);
}



so it seems that the field version of tcp structure is filled, at
compilation time, by IPTABLES_VERSION ...

what i do in my program is just a call to

find_match("tcp",TRY_LOAD,&matches)

where matches is just :

struct iptables_rule_match *matches = NULL;


as is done in iptables.c ...



bye
Francesco

Re: libiptc ... and matches , seg fault

[Patrick Schaaf]

> in libipt_tcp.c ... what i'm wondering now is why my "me->version" could
> be or is NULL or maybe program_version could be NULL too.

Why are you wondering about these two alternatives, instead of testing it
(by inserting suitable printing before the problem point, and/or using
a debugger)?

Please note that this mailing list is not meant as an educational
forum for beginning C programmers... And the iptables userlevel
libraries are not targeted to be standalone libraries for easy
use by casual programmers... So it is to be expected that you
must be a C expert if you want to use those libraries... And be
prepared that they may change radically with the next release
of iptables...

The official interfaces for manipulating iptables rules, are the
iptables and iptables-restore PROGRAMS.

best regards
  Patrick

Re: libiptc ... and matches , seg fault

[Francesco Ciocchetti]

Patrick Schaaf wrote:

>>in libipt_tcp.c ... what i'm wondering now is why my "me->version" could
>>be or is NULL or maybe program_version could be NULL too.
>>    
>>
>
>Why are you wondering about these two alternatives, instead of testing it
>(by inserting suitable printing before the problem point, and/or using
>a debugger)?
>  
>

just done it ... and had not time to say "Thanks to all that ansered me
i found the problem and solved" before u post.

>Please note that this mailing list is not meant as an educational
>forum for beginning C programmers... And the iptables userlevel
>libraries are not targeted to be standalone libraries for easy
>use by casual programmers... 
>
it does not seems that i asked for a "fast tutorial on C programming"
but i asked for a problem related to libiptc libs ... there is a "more
suitable" mailing list for such a question ? sorry if , once found the
problem, i asked for something as "why i'm getting this problem with
strcmp?" but u know, not everyone has borned expert C programmer as u
did ... and, AFAIK asking is the only way to get there .

I really don't understand this kind of "witch hunting" against little OT
in ML and Forums ... i know that years ago this was not the "common way
to act" maybe today it is , but this is really really sad.

Sharing , Asking and Answering is what lead us here where we are .... i
hope we are not loosing this for an "expert C programmers closed  shrine".

>So it is to be expected that you
>must be a C expert if you want to use those libraries... And be
>prepared that they may change radically with the next release
>of iptables...
>
>  
>

no problem with that, i was born "ready" ....



Btw thanks to all that helped me solving the problem.

Sincerly yours
Francesco, casual programmer ;)


>The official interfaces for manipulating iptables rules, are the
>iptables and iptables-restore PROGRAMS.
>
>best regards
>  Patrick
>  
>

Re: libiptc ... and matches , seg fault

[Jan Engelhardt]

> if (strcmp(me->version, program_version) != 0) {
> fprintf(stderr, "%s: match `%s' v%s (I'm v%s).\n",
>                       program_name, me->name, me->version, program_version);
>       exit(1);
> }
>
> should return a < 0 value and print the error string ? ... i get a segmentation
> faul instead

You'll get a segfault if "me" is NULL.



Jan Engelhardt
-- 
| Alphagate Systems, http://alphagate.hopto.org/