All of lore.kernel.org
 help / color / mirror / Atom feed
* [PATCH] Iptables multiport match fix
@ 2002-07-09 20:21 Marcus Sundberg
  0 siblings, 0 replies; 5+ messages in thread
From: Marcus Sundberg @ 2002-07-09 20:21 UTC (permalink / raw)
  To: netfilter-devel; +Cc: linux-kernel

Hi,

The multiport match checks for the IPT_INV_PROTO flag in the 'flags'
member of struct ipt_ip instead of in the 'invflags' member.

diff -ur linux.current/net/ipv4/netfilter/ipt_multiport.c linux-mine/net/ipv4/netfilter/ipt_multiport.c
--- linux-2.4.19-rc1/net/ipv4/netfilter/ipt_multiport.c	Tue Jun 20 23:32:27 2000
+++ linux/net/ipv4/netfilter/ipt_multiport.c	Tue Jul  9 10:43:23 2002
@@ -78,7 +78,7 @@
 
 	/* Must specify proto == TCP/UDP, no unknown flags or bad count */
 	return (ip->proto == IPPROTO_TCP || ip->proto == IPPROTO_UDP)
-		&& !(ip->flags & IPT_INV_PROTO)
+		&& !(ip->invflags & IPT_INV_PROTO)
 		&& matchsize == IPT_ALIGN(sizeof(struct ipt_multiport))
 		&& (multiinfo->flags == IPT_MULTIPORT_SOURCE
 		    || multiinfo->flags == IPT_MULTIPORT_DESTINATION

(Where should I send this btw? The kernel part of iptables doesn't
seem to be in the netfilter CVS. Was I supposed to create a p-o-m
patch? Or send it directly to Marcelo?)

//Marcus
-- 
---------------------------------------+--------------------------
  Marcus Sundberg <marcus@ingate.com>  | Firewalls with SIP & NAT
 Firewall Developer, Ingate Systems AB |  http://www.ingate.com/

^ permalink raw reply	[flat|nested] 5+ messages in thread
* [PATCH] Iptables multiport match fix
@ 2002-07-09 20:21 Marcus Sundberg
  2002-07-10  8:38 ` Harald Welte
  2002-07-10  9:23 ` James Morris
  0 siblings, 2 replies; 5+ messages in thread
From: Marcus Sundberg @ 2002-07-09 20:21 UTC (permalink / raw)
  To: netfilter-devel; +Cc: linux-kernel

Hi,

The multiport match checks for the IPT_INV_PROTO flag in the 'flags'
member of struct ipt_ip instead of in the 'invflags' member.

diff -ur linux.current/net/ipv4/netfilter/ipt_multiport.c linux-mine/net/ipv4/netfilter/ipt_multiport.c
--- linux-2.4.19-rc1/net/ipv4/netfilter/ipt_multiport.c	Tue Jun 20 23:32:27 2000
+++ linux/net/ipv4/netfilter/ipt_multiport.c	Tue Jul  9 10:43:23 2002
@@ -78,7 +78,7 @@
 
 	/* Must specify proto == TCP/UDP, no unknown flags or bad count */
 	return (ip->proto == IPPROTO_TCP || ip->proto == IPPROTO_UDP)
-		&& !(ip->flags & IPT_INV_PROTO)
+		&& !(ip->invflags & IPT_INV_PROTO)
 		&& matchsize == IPT_ALIGN(sizeof(struct ipt_multiport))
 		&& (multiinfo->flags == IPT_MULTIPORT_SOURCE
 		    || multiinfo->flags == IPT_MULTIPORT_DESTINATION

(Where should I send this btw? The kernel part of iptables doesn't
seem to be in the netfilter CVS. Was I supposed to create a p-o-m
patch? Or send it directly to Marcelo?)

//Marcus
-- 
---------------------------------------+--------------------------
  Marcus Sundberg <marcus@ingate.com>  | Firewalls with SIP & NAT
 Firewall Developer, Ingate Systems AB |  http://www.ingate.com/

^ permalink raw reply	[flat|nested] 5+ messages in thread
* Re: [PATCH] Iptables multiport match fix
  2002-07-09 20:21 Marcus Sundberg
@ 2002-07-10  8:38 ` Harald Welte
  2002-07-10  9:23 ` James Morris
  1 sibling, 0 replies; 5+ messages in thread
From: Harald Welte @ 2002-07-10  8:38 UTC (permalink / raw)
  To: Marcus Sundberg; +Cc: netfilter-devel, linux-kernel

On Tue, Jul 09, 2002 at 10:21:36PM +0200, Marcus Sundberg wrote:
> Hi,
> 
> The multiport match checks for the IPT_INV_PROTO flag in the 'flags'
> member of struct ipt_ip instead of in the 'invflags' member.

thanks for this fix.
> 
> diff -ur linux.current/net/ipv4/netfilter/ipt_multiport.c linux-mine/net/ipv4/netfilter/ipt_multiport.c
> --- linux-2.4.19-rc1/net/ipv4/netfilter/ipt_multiport.c	Tue Jun 20 23:32:27 2000
> +++ linux/net/ipv4/netfilter/ipt_multiport.c	Tue Jul  9 10:43:23 2002
> @@ -78,7 +78,7 @@
>  
>  	/* Must specify proto == TCP/UDP, no unknown flags or bad count */
>  	return (ip->proto == IPPROTO_TCP || ip->proto == IPPROTO_UDP)
> -		&& !(ip->flags & IPT_INV_PROTO)
> +		&& !(ip->invflags & IPT_INV_PROTO)
>  		&& matchsize == IPT_ALIGN(sizeof(struct ipt_multiport))
>  		&& (multiinfo->flags == IPT_MULTIPORT_SOURCE
>  		    || multiinfo->flags == IPT_MULTIPORT_DESTINATION
> 
> (Where should I send this btw? The kernel part of iptables doesn't
> seem to be in the netfilter CVS. Was I supposed to create a p-o-m
> patch? Or send it directly to Marcelo?)

send it to the netfilter development list
(netfilter-devel@lists.samba.org). The netfilter developers will then 
check/test and submit to DaveM for kernel inclusion.

> //Marcus

-- 
Live long and prosper
- Harald Welte / laforge@gnumonks.org               http://www.gnumonks.org/
============================================================================
GCS/E/IT d- s-: a-- C+++ UL++++$ P+++ L++++$ E--- W- N++ o? K- w--- O- M- 
V-- PS+ PE-- Y+ PGP++ t++ 5-- !X !R tv-- b+++ DI? !D G+ e* h+ r% y+(*)

^ permalink raw reply	[flat|nested] 5+ messages in thread
* Re: [PATCH] Iptables multiport match fix
  2002-07-09 20:21 Marcus Sundberg
  2002-07-10  8:38 ` Harald Welte
@ 2002-07-10  9:23 ` James Morris
  2002-07-10  9:33   ` James Morris
  1 sibling, 1 reply; 5+ messages in thread
From: James Morris @ 2002-07-10  9:23 UTC (permalink / raw)
  To: Marcus Sundberg; +Cc: netfilter-devel

On 9 Jul 2002, Marcus Sundberg wrote:

> Hi,
> 
> The multiport match checks for the IPT_INV_PROTO flag in the 'flags'
> member of struct ipt_ip instead of in the 'invflags' member.
> 

Thanks, the patch looks good, even though inverted multiport isn't 
functional.

> (Where should I send this btw? The kernel part of iptables doesn't
> seem to be in the netfilter CVS. Was I supposed to create a p-o-m
> patch? Or send it directly to Marcelo?)
> 

netfilter-devel is the best bet.


- James
-- 
James Morris
<jmorris@intercode.com.au>

^ permalink raw reply	[flat|nested] 5+ messages in thread
* Re: [PATCH] Iptables multiport match fix
  2002-07-10  9:23 ` James Morris
@ 2002-07-10  9:33   ` James Morris
  0 siblings, 0 replies; 5+ messages in thread
From: James Morris @ 2002-07-10  9:33 UTC (permalink / raw)
  To: Marcus Sundberg; +Cc: netfilter-devel

On Wed, 10 Jul 2002, James Morris wrote:

> even though inverted multiport isn't functional.

Please disregard this comment... confused myself.


- James
-- 
James Morris
<jmorris@intercode.com.au>

^ permalink raw reply	[flat|nested] 5+ messages in thread
end of thread, other threads:[~2002-07-10  9:33 UTC | newest]

Thread overview: 5+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2002-07-09 20:21 [PATCH] Iptables multiport match fix Marcus Sundberg
  -- strict thread matches above, loose matches on Subject: below --
2002-07-09 20:21 Marcus Sundberg
2002-07-10  8:38 ` Harald Welte
2002-07-10  9:23 ` James Morris
2002-07-10  9:33   ` James Morris

This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.