Possible bug in owner match

All of lore.kernel.org
 help / color / mirror / Atom feed

* Possible bug in owner match
@ 2009-06-01 16:36 vitry
  0 siblings, 0 replies; only message in thread
From: vitry @ 2009-06-01 16:36 UTC (permalink / raw)
  To: netfilter

Hi to all,

I want to report a possible bug in owner match with uid test not submit
in iptables.git (in olders versions it works fine)

host: Linux iris 2.6.26-2-amd64 #1 SMP Fri Mar 27 04:02:59 UTC 2009
x86_64 GNU/Linux
          iptables v1.4.3.1

fw:     Linux Firewall-2 2.6.28.9 #5 Fri Mar 27 06:52:33 CET 2009 mips
unknown
          iptables v1.4.3.1

Problem with UID (Not match):

/iris:~# iptables -t mangle -L OUTPUT -v -n
Chain OUTPUT (policy ACCEPT 3538K packets, 216M bytes)
 pkts bytes target     prot opt in     out     source              
destination        
 1806  152K TOS        all  --  *      *       0.0.0.0/0
<http://0.0.0.0/0>            0.0.0.0/0 <http://0.0.0.0/0>          
owner UID match 1002 TOS set 0x40/0xc0


root@Firewall-2:~# iptables -t mangle -Z


1002:1002@iris//# ping -c 1 192.168.10.1


root@Firewall-2:~# iptables -t mangle -L PREROUTING -v
-n                         
Chain PREROUTING (policy ACCEPT 226 packets, 76471 bytes)
 pkts bytes target     prot opt in     out     source              
destination        
    0     0 MARK       all  --  eth0.0 *       0.0.0.0/0
<http://0.0.0.0/0>            0.0.0.0/0 <http://0.0.0.0/0>           tos
match 0x40/0xc0 MARK xset 0x2/0xffffffff
    0     0 MARK       all  --  eth0.0 *       0.0.0.0/0
<http://0.0.0.0/0>            0.0.0.0/0 <http://0.0.0.0/0>           tos
match 0x80/0xc0 MARK xset 0x3/0xffffffff
    0     0 MARK       all  --  eth0.0 *       0.0.0.0/0
<http://0.0.0.0/0>            0.0.0.0/0 <http://0.0.0.0/0>           tos
match 0xc0/0xc0 MARK xset 0x4/0xffffffff


/Solved with GID (Match correctly):

/iris:~# iptables -t mangle -L OUTPUT -v -n
Chain OUTPUT (policy ACCEPT 3538K packets, 216M bytes)
 pkts bytes target     prot opt in     out     source              
destination        
 1806  152K TOS        all  --  *      *       0.0.0.0/0
<http://0.0.0.0/0>            0.0.0.0/0 <http://0.0.0.0/0>          
owner GID match 1002 TOS set 0x40/0xc0


root@Firewall-2:~# iptables -t mangle -Z


1002:1002@iris//# ping -c 1 192.168.10.1


root@Firewall-2:~# iptables -t mangle -L PREROUTING -v -n
Chain PREROUTING (policy ACCEPT 7151 packets, 4273K bytes)
 pkts bytes target     prot opt in     out     source              
destination        
    1    84 MARK       all  --  eth0.0 *       0.0.0.0/0
<http://0.0.0.0/0>            0.0.0.0/0 <http://0.0.0.0/0>           tos
match 0x40/0xc0 MARK xset 0x2/0xffffffff
    0     0 MARK       all  --  eth0.0 *       0.0.0.0/0
<http://0.0.0.0/0>            0.0.0.0/0 <http://0.0.0.0/0>           tos
match 0x80/0xc0 MARK xset 0x3/0xffffffff
    0     0 MARK       all  --  eth0.0 *       0.0.0.0/0
<http://0.0.0.0/0>            0.0.0.0/0 <http://0.0.0.0/0>           tos
match 0xc0/0xc0 MARK xset 0x4/0xffffffff

/

Best regards,
vitry

^ permalink raw reply	[flat|nested] only message in thread

only message in thread, other threads:[~2009-06-01 16:36 UTC | newest]

Thread overview: (only message) (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2009-06-01 16:36 Possible bug in owner match vitry

This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.