From: Pablo Neira Ayuso <pablo@netfilter.org>
To: Jan Engelhardt <jengelh@medozas.de>
Cc: Steven Jan Springl <steven@springl.ukfsn.org>,
netfilter-devel@vger.kernel.org
Subject: Re: [ANNOUNCE]: Release of iptables-1.4.3.1
Date: Wed, 25 Mar 2009 13:50:16 +0100 [thread overview]
Message-ID: <49CA2888.5070801@netfilter.org> (raw)
In-Reply-To: <alpine.LSU.2.00.0903242224390.26397@fbirervta.pbzchgretzou.qr>
Jan Engelhardt wrote:
> On Tuesday 2009-03-24 22:12, Steven Jan Springl wrote:
>
>> Is there a problem with mss in this release?
>> If I specify rule:
>> -A OUTPUT -p tcp --tcp-flags SYN,RST SYN -m tcpmss --mss 1000:1500 -j ACCEPT
>> I get error:
>> Invalid mss '1000' specified.
>>
>> It appears that mss values less than 65536 are rejected, while values of 65536
>> or greater are accepted. Is this not the wrong way around?
>
> Indeed. There is an uncommon coding pattern (compared to the rest of
> the iptables sources) in the function at hand. Patch below.
>
> usually:
> if (!strtoui(...))
> you_fail;
> return ok;
> libxt_tcpmss:
> if (strtoui(...))
> return ok;
> you_fail;
>
> Pullable from the usual location at git://dev.medozas.de/iptables
>
> Updating 6e70f46..ed7925b
> Fast forward
> extensions/libxt_tcpmss.c | 2 +-
> 1 files changed, 1 insertions(+), 1 deletions(-)
>
> parent 6e70f46f2a146bb7c657f71724c999147a5925dc (v1.4.3.1)
> commit ed7925b77010dd17531ea0424b49d2b72af4add9
> Author: Jan Engelhardt <jengelh@medozas.de>
> Date: Tue Mar 24 22:26:25 2009 +0100
>
> libxt_tcpmss: fix an inversion while parsing --mss
>
> Signed-off-by: Jan Engelhardt <jengelh@medozas.de>
Applied. Thanks. I guess that will have to release another 1.4.3.2 soon.
We needed more -rc before the final release I guess. I'm going to wait a
bit more to catch up more problems and then proceed.
--
"Los honestos son inadaptados sociales" -- Les Luthiers
next prev parent reply other threads:[~2009-03-25 12:50 UTC|newest]
Thread overview: 12+ messages / expand[flat|nested] mbox.gz Atom feed top
2009-03-24 13:08 [ANNOUNCE]: Release of iptables-1.4.3.1 Pablo Neira Ayuso
2009-03-24 21:12 ` Steven Jan Springl
2009-03-24 21:32 ` Jan Engelhardt
2009-03-25 12:50 ` Pablo Neira Ayuso [this message]
2009-03-28 14:17 ` Gabor Z. Papp
2009-04-04 9:50 ` [patch] iptables-1.4.3.1: unabled to restore ! -s 192.168.1.0/24 match Peter Volkov
2009-04-04 11:40 ` Jan Engelhardt
2009-04-05 10:23 ` Pablo Neira Ayuso
2009-04-05 11:41 ` Jan Engelhardt
2009-04-04 10:11 ` [patch] iptables-1.4.3.1: unabled to restore proto and iface negated matches Peter Volkov
2009-04-04 20:00 ` Negation bug Steven Jan Springl
2009-04-04 22:08 ` Jan Engelhardt
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=49CA2888.5070801@netfilter.org \
--to=pablo@netfilter.org \
--cc=jengelh@medozas.de \
--cc=netfilter-devel@vger.kernel.org \
--cc=steven@springl.ukfsn.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).