From: Bart De Schuymer <bdschuym@pandora.be>
To: James Sinclair <james.sinclair@linode.com>
Cc: netfilter-devel@vger.kernel.org
Subject: Re: Rule counter update bug in ebtables-v2.0.10-2
Date: Mon, 05 Dec 2011 20:34:04 +0000 [thread overview]
Message-ID: <4EDD2ABC.6090205@pandora.be> (raw)
In-Reply-To: <741FF1D1-F173-4A08-A471-09A9BDFE5AB7@linode.com>
On 05-12-11 15:38, James Sinclair wrote:
> On Dec 4, 2011, at 4:36 AM, Bart De Schuymer wrote:
>
>> On 29-11-11 21:08, James Sinclair wrote:
>>> I was doing some testing with the latest ebtables and I think I've found a bug in ebt_deliver_counters that was introduced in the following commit:
>>>
>>> http://ebtables.cvs.sourceforge.net/viewvc/ebtables/ebtables2/userspace/ebtables2/communication.c?r1=1.40&r2=1.41
>>>
>>> It seems that the chainnr++ on line 308 is only reached when entries is NULL, causing the code to repeatedly loop over the rules for the first non-empty chain. This manifests as every chain having its counters copied from the first non-empty chain instead of getting the counters assigned with -c:
>>
>> Thanks for the bug report. I've applied the following fix instead.
>>
>> --- ebtables-v2.0.10-2/communication.c 2011-08-11 19:56:16.000000000 +0100
>> +++ ebtables-v2.0.10-3/communication.c 2011-12-04 09:29:23.000000000 +0000
>> @@ -309,6 +309,7 @@ void ebt_deliver_counters(struct ebt_u_r
>> new = newcounters;
>> while (cc != u_repl->cc) {
>> if (!next || next == entries->entries) {
>> + chainnr++;
>> while (chainnr< u_repl->num_chains&& (!(entries = u_repl->chains[chainnr]) ||
>> (next = entries->entries->next) == entries->entries))
>> chainnr++;
>>
>> cheers,
>> Bart
>>
>>
>>
>> --
>> Bart De Schuymer
>> www.artinalgorithms.be
>
>
> Thanks for taking the time to look at my patch, Bart.
>
> It looks like the fix you applied introduces a new bug. It works in most cases, but when a rules is set in the first built-in chain (such as PREROUTING in the nat table) all counters get reset to zero.
Thanks for verifying this.
Please try the incremental patch below (patch -p1 < file). I'll wait for your verification this time before making another release :)
--- ebtables-v2.0.10-3/communication.c 2011-12-04 09:46:26.000000000 +0000
+++ ebtables-v2.0.10-4/communication.c 2011-12-05 20:29:17.864018957 +0000
@@ -295,7 +295,7 @@ void ebt_deliver_counters(struct ebt_u_r
struct ebt_cntchanges *cc = u_repl->cc->next, *cc2;
struct ebt_u_entries *entries = NULL;
struct ebt_u_entry *next = NULL;
- int i, chainnr = 0;
+ int i, chainnr = -1;
if (u_repl->nentries == 0)
return;
Best regards,
Bart
--
Bart De Schuymer
www.artinalgorithms.be
next prev parent reply other threads:[~2011-12-05 20:34 UTC|newest]
Thread overview: 5+ messages / expand[flat|nested] mbox.gz Atom feed top
2011-11-29 21:08 Rule counter update bug in ebtables-v2.0.10-2 James Sinclair
2011-12-04 9:36 ` Bart De Schuymer
2011-12-05 15:38 ` James Sinclair
2011-12-05 20:34 ` Bart De Schuymer [this message]
2011-12-07 17:18 ` James Sinclair
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=4EDD2ABC.6090205@pandora.be \
--to=bdschuym@pandora.be \
--cc=james.sinclair@linode.com \
--cc=netfilter-devel@vger.kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.