From: Pablo Neira Ayuso <pablo@netfilter.org>
To: Jan Engelhardt <jengelh@medozas.de>
Cc: Steven Jan Springl <steven@springl.ukfsn.org>,
netfilter-devel@vger.kernel.org
Subject: Re: [ANNOUNCE]: Release of iptables-1.4.3.1
Date: Wed, 25 Mar 2009 13:50:16 +0100 [thread overview]
Message-ID: <49CA2888.5070801@netfilter.org> (raw)
In-Reply-To: <alpine.LSU.2.00.0903242224390.26397@fbirervta.pbzchgretzou.qr>
Jan Engelhardt wrote:
> On Tuesday 2009-03-24 22:12, Steven Jan Springl wrote:
>
>> Is there a problem with mss in this release?
>> If I specify rule:
>> -A OUTPUT -p tcp --tcp-flags SYN,RST SYN -m tcpmss --mss 1000:1500 -j ACCEPT
>> I get error:
>> Invalid mss '1000' specified.
>>
>> It appears that mss values less than 65536 are rejected, while values of 65536
>> or greater are accepted. Is this not the wrong way around?
>
> Indeed. There is an uncommon coding pattern (compared to the rest of
> the iptables sources) in the function at hand. Patch below.
>
> usually:
> if (!strtoui(...))
> you_fail;
> return ok;
> libxt_tcpmss:
> if (strtoui(...))
> return ok;
> you_fail;
>
> Pullable from the usual location at git://dev.medozas.de/iptables
>
> Updating 6e70f46..ed7925b
> Fast forward
> extensions/libxt_tcpmss.c | 2 +-
> 1 files changed, 1 insertions(+), 1 deletions(-)
>
> parent 6e70f46f2a146bb7c657f71724c999147a5925dc (v1.4.3.1)
> commit ed7925b77010dd17531ea0424b49d2b72af4add9
> Author: Jan Engelhardt <jengelh@medozas.de>
> Date: Tue Mar 24 22:26:25 2009 +0100
>
> libxt_tcpmss: fix an inversion while parsing --mss
>
> Signed-off-by: Jan Engelhardt <jengelh@medozas.de>
Applied. Thanks. I guess that will have to release another 1.4.3.2 soon.
We needed more -rc before the final release I guess. I'm going to wait a
bit more to catch up more problems and then proceed.
--
"Los honestos son inadaptados sociales" -- Les Luthiers
next prev parent reply other threads:[~2009-03-25 12:50 UTC|newest]
Thread overview: 12+ messages / expand[flat|nested] mbox.gz Atom feed top
2009-03-24 13:08 [ANNOUNCE]: Release of iptables-1.4.3.1 Pablo Neira Ayuso
2009-03-24 21:12 ` Steven Jan Springl
2009-03-24 21:32 ` Jan Engelhardt
2009-03-25 12:50 ` Pablo Neira Ayuso [this message]
2009-03-28 14:17 ` Gabor Z. Papp
2009-04-04 9:50 ` [patch] iptables-1.4.3.1: unabled to restore ! -s 192.168.1.0/24 match Peter Volkov
2009-04-04 11:40 ` Jan Engelhardt
2009-04-05 10:23 ` Pablo Neira Ayuso
2009-04-05 11:41 ` Jan Engelhardt
2009-04-04 10:11 ` [patch] iptables-1.4.3.1: unabled to restore proto and iface negated matches Peter Volkov
2009-04-04 20:00 ` Negation bug Steven Jan Springl
2009-04-04 22:08 ` Jan Engelhardt
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=49CA2888.5070801@netfilter.org \
--to=pablo@netfilter.org \
--cc=jengelh@medozas.de \
--cc=netfilter-devel@vger.kernel.org \
--cc=steven@springl.ukfsn.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.