bugzilla-daemon at bugzilla.netfilter.org
2011-Jun-15 00:52 UTC
[Bug 724] New: Iptables doesn't delete rules matching if target is RATEEST - patch attached
http://bugzilla.netfilter.org/show_bug.cgi?id=724 Summary: Iptables doesn't delete rules matching if target is RATEEST - patch attached Product: iptables Version: unspecified Platform: All OS/Version: All Status: NEW Severity: normal Priority: P3 Component: iptables AssignedTo: netfilter-buglog at lists.netfilter.org ReportedBy: massimo at mmmm.it Estimated Hours: 0.0 In latest version of iptables (1.4.11.1) I can't delete a rule by matching it if the target of the rule is RATEEST. Copy-paste from terminal: #iptables -t mangle -A PREROUTING -i eth0 -j RATEEST --rateest-name somename --rateest-interval 250ms --rateest-ewmalog 4s #iptables -t mangle -D PREROUTING -i eth0 -j RATEEST --rateest-name somename --rateest-interval 250ms --rateest-ewmalog 4s iptables: No chain/target/match by that name. I saw in comments of the kernel code that the last part of the struct xt_rateest_target_info is used only by kernel: struct xt_rateest_target_info { char name[IFNAMSIZ]; __s8 interval; __u8 ewma_log; /* Used internally by the kernel */ struct xt_rateest *est __attribute__((aligned(8))); }; but in struct xtables_target .size and .userspacesize are equals. Simply correcting this solved the problem. Here is the diff: --- iptables-1.4.11.1/extensions/libxt_RATEEST.c 2011-06-08 15:26:17.000000000 +0200 +++ iptables-1.4.11.1-patched/extensions/libxt_RATEEST.c 2011-06-15 02:27:17.021704678 +0200 @@ -197,7 +197,7 @@ .name = "RATEEST", .version = XTABLES_VERSION, .size = XT_ALIGN(sizeof(struct xt_rateest_target_info)), - .userspacesize = XT_ALIGN(sizeof(struct xt_rateest_target_info)), + .userspacesize = offsetof(struct xt_rateest_target_info, est), .help = RATEEST_help, .parse = RATEEST_parse, .final_check = RATEEST_final_check, Best wishes, Massimo Maggi -- Configure bugmail: http://bugzilla.netfilter.org/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are the assignee for the bug. You are watching all bug changes.
bugzilla-daemon at bugzilla.netfilter.org
2011-Jun-24 17:56 UTC
[Bug 724] Iptables doesn't delete rules matching if target is RATEEST - patch attached
http://bugzilla.netfilter.org/show_bug.cgi?id=724 Jan Engelhardt <jengelh at medozas.de> changed: What |Removed |Added ---------------------------------------------------------------------------- CC| |jengelh at medozas.de AssignedTo|netfilter- |jengelh at medozas.de |buglog at lists.netfilter.org | -- Configure bugmail: http://bugzilla.netfilter.org/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are the assignee for the bug. You are watching all bug changes.
bugzilla-daemon at bugzilla.netfilter.org
2011-Jun-24 17:58 UTC
[Bug 724] Iptables doesn't delete rules matching if target is RATEEST - patch attached
http://bugzilla.netfilter.org/show_bug.cgi?id=724 Jan Engelhardt <jengelh at medozas.de> changed: What |Removed |Added ---------------------------------------------------------------------------- Status|NEW |RESOLVED Resolution| |FIXED --- Comment #1 from Jan Engelhardt <jengelh at medozas.de> 2011-06-24 19:58:07 --- Absolutely. -- Configure bugmail: http://bugzilla.netfilter.org/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are watching all bug changes.
Apparently Analagous Threads
- [Bug 712] iptables-save does not save correcly rateest bps parameter
- [Bug 712] New: iptables-save does not save correcly rateest bps parameter
- [ANNOUNCE] iptables 1.4.14 release
- [Bug 884] New: the rule of TEE target with '--oif' option cannot be deleted.
- [ANNOUNCE] libnftnl 1.0.2 release