bugzilla-daemon at bugzilla.netfilter.org
2011-Jun-15 00:52 UTC
[Bug 724] New: Iptables doesn't delete rules matching if target is RATEEST - patch attached
http://bugzilla.netfilter.org/show_bug.cgi?id=724
Summary: Iptables doesn't delete rules matching if target is
RATEEST - patch attached
Product: iptables
Version: unspecified
Platform: All
OS/Version: All
Status: NEW
Severity: normal
Priority: P3
Component: iptables
AssignedTo: netfilter-buglog at lists.netfilter.org
ReportedBy: massimo at mmmm.it
Estimated Hours: 0.0
In latest version of iptables (1.4.11.1) I can't delete a rule by matching
it
if the target of the rule is RATEEST.
Copy-paste from terminal:
#iptables -t mangle -A PREROUTING -i eth0 -j RATEEST --rateest-name somename
--rateest-interval 250ms --rateest-ewmalog 4s
#iptables -t mangle -D PREROUTING -i eth0 -j RATEEST --rateest-name somename
--rateest-interval 250ms --rateest-ewmalog 4s
iptables: No chain/target/match by that name.
I saw in comments of the kernel code that the last part of the struct
xt_rateest_target_info is used only by kernel:
struct xt_rateest_target_info {
char name[IFNAMSIZ];
__s8 interval;
__u8 ewma_log;
/* Used internally by the kernel */
struct xt_rateest *est __attribute__((aligned(8)));
};
but in struct xtables_target .size and .userspacesize are equals.
Simply correcting this solved the problem.
Here is the diff:
--- iptables-1.4.11.1/extensions/libxt_RATEEST.c 2011-06-08
15:26:17.000000000 +0200
+++ iptables-1.4.11.1-patched/extensions/libxt_RATEEST.c 2011-06-15
02:27:17.021704678 +0200
@@ -197,7 +197,7 @@
.name = "RATEEST",
.version = XTABLES_VERSION,
.size = XT_ALIGN(sizeof(struct xt_rateest_target_info)),
- .userspacesize = XT_ALIGN(sizeof(struct xt_rateest_target_info)),
+ .userspacesize = offsetof(struct xt_rateest_target_info, est),
.help = RATEEST_help,
.parse = RATEEST_parse,
.final_check = RATEEST_final_check,
Best wishes,
Massimo Maggi
--
Configure bugmail: http://bugzilla.netfilter.org/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug.
You are watching all bug changes.
bugzilla-daemon at bugzilla.netfilter.org
2011-Jun-24 17:56 UTC
[Bug 724] Iptables doesn't delete rules matching if target is RATEEST - patch attached
http://bugzilla.netfilter.org/show_bug.cgi?id=724
Jan Engelhardt <jengelh at medozas.de> changed:
What |Removed |Added
----------------------------------------------------------------------------
CC| |jengelh at medozas.de
AssignedTo|netfilter- |jengelh at medozas.de
|buglog at lists.netfilter.org |
--
Configure bugmail: http://bugzilla.netfilter.org/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug.
You are watching all bug changes.
bugzilla-daemon at bugzilla.netfilter.org
2011-Jun-24 17:58 UTC
[Bug 724] Iptables doesn't delete rules matching if target is RATEEST - patch attached
http://bugzilla.netfilter.org/show_bug.cgi?id=724
Jan Engelhardt <jengelh at medozas.de> changed:
What |Removed |Added
----------------------------------------------------------------------------
Status|NEW |RESOLVED
Resolution| |FIXED
--- Comment #1 from Jan Engelhardt <jengelh at medozas.de> 2011-06-24
19:58:07 ---
Absolutely.
--
Configure bugmail: http://bugzilla.netfilter.org/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are watching all bug changes.
Apparently Analagous Threads
- [Bug 712] iptables-save does not save correcly rateest bps parameter
- [Bug 712] New: iptables-save does not save correcly rateest bps parameter
- [ANNOUNCE] iptables 1.4.14 release
- [Bug 884] New: the rule of TEE target with '--oif' option cannot be deleted.
- [ANNOUNCE] libnftnl 1.0.2 release