From: Dan Purcell <dpurcell@nitrosecurity.com>
To: netfilter-devel@lists.netfilter.org
Subject: NFLOG --nflog-group bug?
Date: Fri, 16 Mar 2007 17:00:05 -0600 [thread overview]
Message-ID: <45FB2175.1050503@nitrosecurity.com> (raw)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
I may have found a bug with the NFLOG target. I am trying to use NFLOG
to log packets to a ulogd program using ip6tables. I am using iptables
version 1.3.7, and linux kernel version 2.6.20.
I want to use the nflog-group number 32 for the system I have set up.
This is how I am using ip6tables:
ip6tables -A FORWARD -j NFLOG --nflog-group 32
However, when I do an ip6tables -nvL FORWARD, I see this (note the
nflog-group number):
Chain FORWARD (policy ACCEPT 414 packets, 44089 bytes)
pkts bytes target prot opt in out source destination
112 11744 NFLOG 0 * * ::/0 ::/0 nflog-group 0
I was scratching my head why the nflog-group was 0, when I explicitly
told it to use group number 32. I tried other numbers, such as 31, 30,
and 17, and they all displayed a nflog-group number of 0 after I printed
my ip6tables. However, ip6tables was printing the correct value when I
set the group number to 1, 4, 6, and 16.
Looking at the source code for libip6t_NFLOG.c, I see this in the parse
function:
int n;
...
n = atoi(optarg);
if (n < 1 || n > 32)
exit_error(PARAMETER_PROBLEM,
"--nflog-group has to be between 1 and 32");
info->group = 1 << (n - 1);
printf("n is %d, Group is: %u\n", n, info->group);
break;
The code tells me that any group between 1 and 32 (inclusive) is a
legitimate group number. I know that the old ULOG target had the same
rules for its group number. However, the data structure that defines
'info' (in the kernel's include/linux/netfilter/xt_NFLOG.h
file), I see this definition for info->group:
struct xt_nflog_info {
u_int32_t len;
u_int16_t group;
u_int16_t threshold;
u_int16_t flags;
u_int16_t pad;
char prefix[64];
};
'group' here is a 16-bit integer. In effect, the highest nflog-group
that I can potentially achieve is 16, not 32. Should the 'group' in
'struct xt_nflog_info' be a u_int32_t, and take out the 'u_int16_t pad'?
- -Dan
- --
- --------------------------------------------------------------
Dan Purcell, Software Engineer dpurcell@nitrosecurity.com
NitroSecurity, Inc. (208) 552-5332
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.6 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org
iD8DBQFF+yF1Tqu8TzII/vURAqpGAJ9NI4LFAADeRmCYSRSH8Mr1yWt9hACeICuX
VCVUGiUQlT9AId6ddQVJi7Q=
=/OTu
-----END PGP SIGNATURE-----
next reply other threads:[~2007-03-16 23:00 UTC|newest]
Thread overview: 2+ messages / expand[flat|nested] mbox.gz Atom feed top
2007-03-16 23:00 Dan Purcell [this message]
2007-03-17 10:54 ` NFLOG --nflog-group bug? Patrick McHardy
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=45FB2175.1050503@nitrosecurity.com \
--to=dpurcell@nitrosecurity.com \
--cc=netfilter-devel@lists.netfilter.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.