thr3ads.net - netfilter buglog - [Bug 497] New: ipt_string doesn't ork for me [Aug 2006]

If this information is useful, please help other people find it:
Share via:

bugzilla-daemon@bugzilla.netfilter.org

2006-Aug-02 13:24 UTC

[Bug 497] New: ipt_string doesn't ork for me

https://bugzilla.netfilter.org/bugzilla/show_bug.cgi?id=497

           Summary: ipt_string doesn't ork for me
           Product: iptables
           Version: 1.3.5
          Platform: All
        OS/Version: Fedora
            Status: NEW
          Severity: normal
          Priority: P2
         Component: iptables
        AssignedTo: laforge@netfilter.org
        ReportedBy: maxim.britov@gmail.com


I trying to use string. iptables 1.3.5 / kernel 2.6.18-rc2-ck1

iptables -A INPUT -p tcp -m string --algo kmp --string 112233 -j LOG
iptables -A INPUT -p tcp -m string --algo kmp --string ! 112233 -j LOG
iptables -A INPUT -p tcp -m string --algo kmp --hex-string 112233 -j LOG

I get works 1st rule only.

Second rule never matches any packets. IMHO it should match any packet without
my string. I'm right?

3st rule iptables-save show as:
-A INPUT -p tcp -m string --string "112233" --algo kmp --to 65535 -j
LOG
I think it transform my --hex-string into --string here. May I misunderstood
some here?

And "--algo bm --string 112233" doesn't want match 112233, but
match x112233
where x=any byte

Is it bug or it is bm algorithm feature?

-- 
Configure bugmail:
https://bugzilla.netfilter.org/bugzilla/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug, or are watching the assignee.

Apparently Analagous Threads

Search for more possibly parallel threads

netfilter buglog - Aug 2006 - [Bug 497] New: ipt_string doesn't ork for me

[Bug 497] New: ipt_string doesn't ork for me

Apparently Analagous Threads

Wisdom of the Ancients