From: Patrick McHardy <kaber@trash.net>
To: Stephane Chazelas <stephane@artesyncp.com>
Cc: netfilter-devel@lists.netfilter.org
Subject: Re: [bug+patch] SCTP and chunk types over 0x1f
Date: Mon, 25 Jun 2007 15:40:27 +0200 [thread overview]
Message-ID: <467FC5CB.9080608@trash.net> (raw)
In-Reply-To: <20070622151940.GA20467@artesyncp.com>
Stephane Chazelas wrote:
> There seems to be several bugs in the iptable and the kernel
> code that prevent the filtering on SCTP chunks of type above 31
> to work.
>
> Below is a patch for iptables, the corresponding header files
> in the kernel would have to be updated the same way.
>
> The problems:
> - the values for the ASCONF and ASCONF_ACK types were incorrect
> (30, 31 instead of 0x80 or 0xC0), I've also added the FTSN
> chunk (RFC 3758)
>
> - the chunkmap, which is a bitmap of which chunk is selected is
> defined as an array of 256 / 4 u32s, that is 256 * 8 bits,
> 256 / 32 is enough (256 bits).
We can't change that since it breaks userspace compatibility.
> - the macros like SCTP_CHUNKMAP_SET_ALL... use
> ELEMCOUNT/ARRAY_SIZE to loop through the u32s of the chunkmap.
> But those macros are sometimes called with a u_int32_t*
> instead of a u_int32_t[8], so that it loops only on the first
> u32.
Nice catch.
> - bug in print_chunk(), see below.
>
> both the kernel and iptables need to be updated, at least to
> take into account the new size of the chunkmap. That patch
> doesn't try to be smart wrt to compatibility. It would be nice
> to be able to specify chunk using their numerical value (to take
> into account future SCTP extensions).
Unfortunately this missed the 1.3.8 release since I didn't
notice it before.
Could you please resend without the chunkmap changes? Thanks.
next prev parent reply other threads:[~2007-06-25 13:40 UTC|newest]
Thread overview: 8+ messages / expand[flat|nested] mbox.gz Atom feed top
2007-06-22 15:19 [bug+patch] SCTP and chunk types over 0x1f Stephane Chazelas
2007-06-25 13:40 ` Patrick McHardy [this message]
2007-06-25 13:50 ` Stephane Chazelas
2007-06-25 13:58 ` Patrick McHardy
2007-06-25 14:08 ` Stephane Chazelas
2007-06-25 14:15 ` Stephane Chazelas
2007-06-25 14:42 ` Patrick McHardy
2007-06-25 15:07 ` Stephane Chazelas
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=467FC5CB.9080608@trash.net \
--to=kaber@trash.net \
--cc=netfilter-devel@lists.netfilter.org \
--cc=stephane@artesyncp.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.