bugzilla-daemon at netfilter.org
2013-Apr-11 09:53 UTC
[Bug 778] NFQUEUE --queue-bypass accepts all packets when no userspace application is available
https://bugzilla.netfilter.org/show_bug.cgi?id=778
Florian Westphal <fw at strlen.de> changed:
What |Removed |Added
----------------------------------------------------------------------------
Status|NEW |ASSIGNED
CC| |fw at strlen.de
--- Comment #1 from Florian Westphal <fw at strlen.de> 2013-04-11 11:53:40
CEST ---
This is a documentation bug. The packet moves on to the next TABLE, not rule.
I doubt your patch works as desired; the problem is that when the target
asks to queue, we do not (yet) know that no userspace listener is available
on that queue. The BYPASS flag mereley communicates that in absence of a
userspace listener, the packet should not be dropped.
With the proposed change, packets will not be queued at all...
--
Configure bugmail: https://bugzilla.netfilter.org/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are watching all bug changes.
bugzilla-daemon at netfilter.org
2013-Apr-13 10:01 UTC
[Bug 778] NFQUEUE --queue-bypass accepts all packets when no userspace application is available
https://bugzilla.netfilter.org/show_bug.cgi?id=778
Florian Westphal <fw at strlen.de> changed:
What |Removed |Added
----------------------------------------------------------------------------
Status|ASSIGNED |RESOLVED
Resolution| |FIXED
--
Configure bugmail: https://bugzilla.netfilter.org/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are watching all bug changes.
Possibly Parallel Threads
- [Bug 814] rpfilter blocks broadcast packets
- [Bug 812] addrtype with limit-iface-in in ip6tables/nat/PREROUTING messes up the route cache
- [PATCH 1/1] nbd/server: push pending frames after sending reply
- [Bug 1032] nftables-0.5 fails to import ip6 tables when loopback address provided as both src and dst addr
- [Bug 1220] New: Reverse path filtering using "fib" needs better documentation