bugzilla-daemon at bugzilla.netfilter.org
2012-Apr-21 16:54 UTC
[Bug 782] New: -j LOG --log-prefix handling broken
http://bugzilla.netfilter.org/show_bug.cgi?id=782
Summary: -j LOG --log-prefix handling broken
Product: iptables
Version: CVS (please indicate timestamp)
Platform: x86_64
OS/Version: All
Status: NEW
Severity: normal
Priority: P5
Component: iptables-restore
AssignedTo: netfilter-buglog at lists.netfilter.org
ReportedBy: hvtaifwkbgefbaei at gmail.com
Estimated Hours: 0.0
instead of the parameter I give to the LOG module, "NETFILTER drop ",
it ends
up getting mangled to "--log-prefix".
excerpt from a file I feed to iptables-restore:
-A LDROP -d 255.255.255.255/32 -p udp -j DROP
-A LDROP -d 77.223.39.255/32 -p udp -j DROP
-A LDROP -m hashlimit --hashlimit-above 1/min --hashlimit-mode srcip,dstip
--hashlimit-burst 1 --hashlimit-name logldrop --hashlimit-htable-expire 60000
-j DROP
-A LDROP -m limit --limit 5/s -j LOG --log-prefix "NETFILTER drop "
--log-tcp-options --log-ip-options --log-uid --log-macdecode
-A LDROP -j DROP
iptables-restore succeeds. then:
# iptables -nvx --list LDROP
Chain LDROP (4 references)
pkts bytes target prot opt in out source
destination
0 0 DROP udp -- * * 0.0.0.0/0
255.255.255.255
0 0 DROP udp -- * * 0.0.0.0/0
77.223.39.255
0 0 DROP all -- * * 0.0.0.0/0
0.0.0.0/0 limit: above 1/min burst 1 mode srcip-dstip
1 44 LOG all -- * * 0.0.0.0/0
0.0.0.0/0 limit: avg 5/sec burst 5 LOG flags 46 level 4 prefix
"--log-prefix"
1 44 DROP all -- * * 0.0.0.0/0
0.0.0.0/0
now I have kernel messages like this:
<4>[440059.429055] --log-prefixIN=eth0 OUT= ...
If I now do "iptables -I LDROP -j LOG --log-prefix ...", --log-prefix
option
parsing works OK. Also, iptables-save works.
I use iptables git 8db1044ba608a.
previous version of iptables I had, from 20111119, worked ok. now I only
upgraded iptables and glibc (to fedora 2.15-32.fc17; I made a testcase for
xtables_save_string , so I guess strspn+strpbrk were not broken by glibc
upgrade).
--
Configure bugmail: http://bugzilla.netfilter.org/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug.
You are watching all bug changes.
bugzilla-daemon at bugzilla.netfilter.org
2012-Jun-24 23:19 UTC
[Bug 782] -j LOG --log-prefix handling broken
http://bugzilla.netfilter.org/show_bug.cgi?id=782
regid23 at yahoo.com changed:
What |Removed |Added
----------------------------------------------------------------------------
CC| |regid23 at yahoo.com
Platform|x86_64 |i386
OS/Version|All |Debian GNU/Linux
--- Comment #1 from regid23 at yahoo.com 2012-06-25 01:19:07 CEST ---
With Debian's iptables 1.4.14-2:
1. iptables --line-numbers -L chain
shows the wrong prefix, which is --log-prefix.
2. I was getting the wrong prefix only after booting into self compiled kernel
from Debian's 3.2.20-1 linux source package. On the short time when I was
using
self compiled kernel from Debian's 3.2.19-1 linux source package and
Debian's
iptables 1.4.14-2, I didn't see it.
3. There is another user reporting at http://bugs.debian.org/678499.
--
Configure bugmail: http://bugzilla.netfilter.org/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug.
You are watching all bug changes.
bugzilla-daemon at bugzilla.netfilter.org
2012-Jun-25 12:49 UTC
[Bug 782] -j LOG --log-prefix handling broken
http://bugzilla.netfilter.org/show_bug.cgi?id=782
Eugene Markow <ejmarkow at yahoo.com> changed:
What |Removed |Added
----------------------------------------------------------------------------
CC| |ejmarkow at yahoo.com
--- Comment #2 from Eugene Markow <ejmarkow at yahoo.com> 2012-06-25
14:49:53 CEST ---
I can confirm this bug ever since upgrading to iptables 1.4.14-2 on Arch Linux,
x86-64. Prior to this iptables version "-j LOG --log-prefix" worked
fine.
Here is a fragment my rules:
iptables -A INPUT -i eth1 -m limit --limit 100/hour -j LOG --log-prefix
"Filter
BLKD INPUT GTW:"
iptables -A INPUT -j DROP
Output:
Jun 25 14:13:37 localhost kernel: [23656.707870] --log-prefixIN= OUT=eth1
SRC=192.168.44.10 DST=50.17.216.71 LEN=60 TOS=0x00 PREC=0x00 TTL=64 ID=27158 DF
PROTO=TCP SPT=40970 DPT=80 WINDOW=14600 RES=0x00 SYN URGP=0
uname-a:
Linux Galicja 3.5.0-rc2-git-424d54d-GALICJA-CUSTOM #1 PREEMPT Thu Jun 14
18:43:06 CEST 2012 x86_64 GNU/Linux
More system info:
Gnu C 4.7.1
Gnu make 3.82
binutils 2.22.0.20120323
util-linux 2.21.2
mount debug
module-init-tools 9
e2fsprogs 1.42.4
jfsutils 1.1.15
reiserfsprogs 3.6.21
xfsprogs 3.1.8
pcmciautils 018
PPP 2.4.5
Linux C Library 2.15
Dynamic linker (ldd) 2.15
Linux C++ Library 6.0.17
Procps 3.3.3
Net-tools 1.60
Kbd 1.15.3
Sh-utils 8.17
wireless-tools 29
Modules Loaded ipv6 xt_HL iptable_mangle ipt_REJECT xt_LOG xt_limit
xt_tcpudp xt_state iptable_filter ipt_MASQUERADE iptable_nat nf_nat
nf_conntrack_ipv4 nf_defrag_ipv4 nf_conntrack ip_tables x_tables ntfs
snd_usb_audio snd_usbmidi_lib snd_rawmidi arc4 uvcvideo videobuf2_vmalloc
snd_seq_device videobuf2_memops videobuf2_core joydev videodev media asix
usbnet ath5k r8169 ath mac80211 snd_hda_codec_hdmi hp_wmi
snd_hda_codec_conexant cfg80211 lpc_ich mii evdev psmouse sparse_keymap
serio_raw fuse snd_hda_intel pcspkr snd_hda_codec rfkill snd_hwdep snd_pcm
snd_page_alloc snd_timer coretemp snd microcode processor soundcore battery ac
thermal wmi i2c_i801 i915 video button drm_kms_helper drm i2c_algo_bit i2c_core
intel_agp intel_gtt ext4 crc16 jbd2 mbcache sr_mod cdrom sd_mod ahci libahci
libata scsi_mod uhci_hcd ehci_hcd usbcore usb_common
--
Configure bugmail: http://bugzilla.netfilter.org/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug.
You are watching all bug changes.
bugzilla-daemon at bugzilla.netfilter.org
2012-Jun-25 12:55 UTC
[Bug 782] -j LOG --log-prefix handling broken
http://bugzilla.netfilter.org/show_bug.cgi?id=782 --- Comment #3 from Eugene Markow <ejmarkow at yahoo.com> 2012-06-25 14:55:57 CEST --- Correction to my previous rule, my "outgoing" traffic rule applies in this case: Rule: iptables -A OUTPUT -o eth1 -d $i -m limit --limit 5/hour -j LOG --log-prefix "Filter BlKD OUTPUT GTW:" Output (Same as before): Jun 25 14:13:37 localhost kernel: [23656.707870] --log-prefixIN= OUT=eth1 SRC=192.168.44.10 DST=50.17.216.71 LEN=60 TOS=0x00 PREC=0x00 TTL=64 ID=27158 DF PROTO=TCP SPT=40970 DPT=80 WINDOW=14600 RES=0x00 SYN URGP=0 -- Configure bugmail: http://bugzilla.netfilter.org/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are the assignee for the bug. You are watching all bug changes.
bugzilla-daemon at bugzilla.netfilter.org
2012-Jun-25 20:36 UTC
[Bug 782] -j LOG --log-prefix handling broken
http://bugzilla.netfilter.org/show_bug.cgi?id=782
Peter Wu <lekensteyn at gmail.com> changed:
What |Removed |Added
----------------------------------------------------------------------------
CC| |lekensteyn at gmail.com
--
Configure bugmail: http://bugzilla.netfilter.org/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug.
You are watching all bug changes.
bugzilla-daemon at bugzilla.netfilter.org
2012-Jun-25 20:57 UTC
[Bug 782] -j LOG --log-prefix handling broken
http://bugzilla.netfilter.org/show_bug.cgi?id=782
Peter Wu <lekensteyn at gmail.com> changed:
What |Removed |Added
----------------------------------------------------------------------------
Status|NEW |RESOLVED
Resolution| |DUPLICATE
--- Comment #4 from Peter Wu <lekensteyn at gmail.com> 2012-06-25 22:57:37
CEST ---
*** This bug has been marked as a duplicate of bug 774 ***
--
Configure bugmail: http://bugzilla.netfilter.org/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug.
You are watching all bug changes.
bugzilla-daemon at bugzilla.netfilter.org
2012-Jul-23 16:23 UTC
[Bug 782] -j LOG --log-prefix handling broken
http://bugzilla.netfilter.org/show_bug.cgi?id=782 --- Comment #5 from Peter Wu <lekensteyn at gmail.com> 2012-07-23 18:23:01 CEST --- Giving it another thought, redeclarations in the same scope is forbidden. So I either have skipped something in the standard or there is an undefined case. -- Configure bugmail: http://bugzilla.netfilter.org/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are the assignee for the bug. You are watching all bug changes.
bugzilla-daemon at bugzilla.netfilter.org
2012-Jul-23 16:25 UTC
[Bug 782] -j LOG --log-prefix handling broken
http://bugzilla.netfilter.org/show_bug.cgi?id=782 --- Comment #6 from Peter Wu <lekensteyn at gmail.com> 2012-07-23 18:25:10 CEST --- Ignore last comment, Bugzilla's behaviour is annoying (changed at Preferences => "After changing a bug" now). -- Configure bugmail: http://bugzilla.netfilter.org/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are the assignee for the bug. You are watching all bug changes.
Apparently Analagous Threads
- [Bug 774] New: iptables-restore can't parses the quoted parameter correctly.
- [Bug 1740] New: hashlimit limit: reduction to lowest terms in the output is confusing
- [Bug 1273] New: hashlimit never appears to fail to match under 4.9.x
- [Bug 1320] New: iptables hashlimit - problem with traffic limitation
- [Bug 568] New: iptables-save saves option hashlimit-htable-gcinterval with error