Possible bug in owner match

netfilter.vger.kernel.org archive mirror
 help / color / mirror / Atom feed

* Possible bug in owner match
@ 2009-06-01 16:36 vitry
  0 siblings, 0 replies; only message in thread
From: vitry @ 2009-06-01 16:36 UTC (permalink / raw)
  To: netfilter

Hi to all,

I want to report a possible bug in owner match with uid test not submit
in iptables.git (in olders versions it works fine)

host: Linux iris 2.6.26-2-amd64 #1 SMP Fri Mar 27 04:02:59 UTC 2009
x86_64 GNU/Linux
          iptables v1.4.3.1

fw:     Linux Firewall-2 2.6.28.9 #5 Fri Mar 27 06:52:33 CET 2009 mips
unknown
          iptables v1.4.3.1

Problem with UID (Not match):

/iris:~# iptables -t mangle -L OUTPUT -v -n
Chain OUTPUT (policy ACCEPT 3538K packets, 216M bytes)
 pkts bytes target     prot opt in     out     source              
destination        
 1806  152K TOS        all  --  *      *       0.0.0.0/0
<http://0.0.0.0/0>            0.0.0.0/0 <http://0.0.0.0/0>          
owner UID match 1002 TOS set 0x40/0xc0


root@Firewall-2:~# iptables -t mangle -Z


1002:1002@iris//# ping -c 1 192.168.10.1


root@Firewall-2:~# iptables -t mangle -L PREROUTING -v
-n                         
Chain PREROUTING (policy ACCEPT 226 packets, 76471 bytes)
 pkts bytes target     prot opt in     out     source              
destination        
    0     0 MARK       all  --  eth0.0 *       0.0.0.0/0
<http://0.0.0.0/0>            0.0.0.0/0 <http://0.0.0.0/0>           tos
match 0x40/0xc0 MARK xset 0x2/0xffffffff
    0     0 MARK       all  --  eth0.0 *       0.0.0.0/0
<http://0.0.0.0/0>            0.0.0.0/0 <http://0.0.0.0/0>           tos
match 0x80/0xc0 MARK xset 0x3/0xffffffff
    0     0 MARK       all  --  eth0.0 *       0.0.0.0/0
<http://0.0.0.0/0>            0.0.0.0/0 <http://0.0.0.0/0>           tos
match 0xc0/0xc0 MARK xset 0x4/0xffffffff


/Solved with GID (Match correctly):

/iris:~# iptables -t mangle -L OUTPUT -v -n
Chain OUTPUT (policy ACCEPT 3538K packets, 216M bytes)
 pkts bytes target     prot opt in     out     source              
destination        
 1806  152K TOS        all  --  *      *       0.0.0.0/0
<http://0.0.0.0/0>            0.0.0.0/0 <http://0.0.0.0/0>          
owner GID match 1002 TOS set 0x40/0xc0


root@Firewall-2:~# iptables -t mangle -Z


1002:1002@iris//# ping -c 1 192.168.10.1


root@Firewall-2:~# iptables -t mangle -L PREROUTING -v -n
Chain PREROUTING (policy ACCEPT 7151 packets, 4273K bytes)
 pkts bytes target     prot opt in     out     source              
destination        
    1    84 MARK       all  --  eth0.0 *       0.0.0.0/0
<http://0.0.0.0/0>            0.0.0.0/0 <http://0.0.0.0/0>           tos
match 0x40/0xc0 MARK xset 0x2/0xffffffff
    0     0 MARK       all  --  eth0.0 *       0.0.0.0/0
<http://0.0.0.0/0>            0.0.0.0/0 <http://0.0.0.0/0>           tos
match 0x80/0xc0 MARK xset 0x3/0xffffffff
    0     0 MARK       all  --  eth0.0 *       0.0.0.0/0
<http://0.0.0.0/0>            0.0.0.0/0 <http://0.0.0.0/0>           tos
match 0xc0/0xc0 MARK xset 0x4/0xffffffff

/

Best regards,
vitry

^ permalink raw reply	[flat|nested] only message in thread

only message in thread, other threads:[~2009-06-01 16:36 UTC | newest]

Thread overview: (only message) (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2009-06-01 16:36 Possible bug in owner match vitry

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).