netfilter buglog - Aug 2006 - [Bug 507] tun99 don't trapped by tun+

https://bugzilla.netfilter.org/bugzilla/show_bug.cgi?id=507


kaber@trash.net changed:

           What    |Removed                     |Added
----------------------------------------------------------------------------
             Status|NEW                         |RESOLVED
         Resolution|                            |INVALID




------- Additional Comments From kaber@trash.net  2006-08-29 15:45 MET -------
Thats expected, "+" matches only a single character, so you need to
use "tun++".


-- 
Configure bugmail:
https://bugzilla.netfilter.org/bugzilla/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug, or are watching the assignee.

https://bugzilla.netfilter.org/bugzilla/show_bug.cgi?id=507


kaber@trash.net changed:

           What    |Removed                     |Added
----------------------------------------------------------------------------
             Status|NEW                         |RESOLVED
         Resolution|                            |INVALID




------- Additional Comments From kaber@trash.net  2006-08-29 15:45 MET -------
Thats expected, "+" matches only a single character, so you need to
use "tun++".


-- 
Configure bugmail:
https://bugzilla.netfilter.org/bugzilla/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You reported the bug, or are watching the reporter.

https://bugzilla.netfilter.org/bugzilla/show_bug.cgi?id=507





------- Additional Comments From fguiliani@perinfo.com  2006-08-29 15:59 MET
-------
(In reply to comment #1)
> Thats expected, "+" matches only a single character, so you need
to use "tun++".
> 
So let me suggest a change to the man page of iptables who actually is:
       -i, --in-interface [!] name
              If the interface name ends in a "+", then
              any interface which begins with this name will match.

and the --help option of iptables:
  --in-interface -i [!] input name[+]
                                network interface name ([+] for wildcard)

it does not mention that "+" is for only one char.



-- 
Configure bugmail:
https://bugzilla.netfilter.org/bugzilla/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug, or are watching the assignee.

https://bugzilla.netfilter.org/bugzilla/show_bug.cgi?id=507


kaber@trash.net changed:

           What    |Removed                     |Added
----------------------------------------------------------------------------
             Status|RESOLVED                    |REOPENED
         Resolution|INVALID                     |




------- Additional Comments From kaber@trash.net  2006-08-29 16:03 MET -------
Hmm actually you may be right, the code seems to attempt to let a trailing +
match anything. Let me look into this again ..

-- 
Configure bugmail:
https://bugzilla.netfilter.org/bugzilla/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug, or are watching the assignee.

https://bugzilla.netfilter.org/bugzilla/show_bug.cgi?id=507


kaber@trash.net changed:

           What    |Removed                     |Added
----------------------------------------------------------------------------
             Status|RESOLVED                    |REOPENED
         Resolution|INVALID                     |




------- Additional Comments From kaber@trash.net  2006-08-29 16:03 MET -------
Hmm actually you may be right, the code seems to attempt to let a trailing +
match anything. Let me look into this again ..

-- 
Configure bugmail:
https://bugzilla.netfilter.org/bugzilla/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You reported the bug, or are watching the reporter.

https://bugzilla.netfilter.org/bugzilla/show_bug.cgi?id=507





------- Additional Comments From kaber@trash.net  2006-08-29 16:17 MET -------
Tested locally and it works perfectly fine with dummy renamed to tun99. There
haven't been any changes in this code (neither kernel nor userspace) for
ages,
so I guess your ruleset allows these packet to return from the tun_fwd chain and
thats the reason why you seem them afterwards.

-- 
Configure bugmail:
https://bugzilla.netfilter.org/bugzilla/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug, or are watching the assignee.

https://bugzilla.netfilter.org/bugzilla/show_bug.cgi?id=507





------- Additional Comments From kaber@trash.net  2006-08-29 16:17 MET -------
Tested locally and it works perfectly fine with dummy renamed to tun99. There
haven't been any changes in this code (neither kernel nor userspace) for
ages,
so I guess your ruleset allows these packet to return from the tun_fwd chain and
thats the reason why you seem them afterwards.

-- 
Configure bugmail:
https://bugzilla.netfilter.org/bugzilla/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You reported the bug, or are watching the reporter.

https://bugzilla.netfilter.org/bugzilla/show_bug.cgi?id=507


fguiliani@perinfo.com changed:

           What    |Removed                     |Added
----------------------------------------------------------------------------
             Status|REOPENED                    |RESOLVED
         Resolution|                            |INVALID




------- Additional Comments From fguiliani@perinfo.com  2006-08-29 17:40 MET
-------
(In reply to comment #4)
> Tested locally and it works perfectly fine with dummy renamed to tun99.
There
> haven't been any changes in this code (neither kernel nor userspace)
for ages,
> so I guess your ruleset allows these packet to return from the tun_fwd
chain and
> thats the reason why you seem them afterwards.
Thanks, I will go next to Shorewall bugreport then ;)

-- 
Configure bugmail:
https://bugzilla.netfilter.org/bugzilla/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug, or are watching the assignee.