netfilter buglog - Jan 2017 - [Bug 1111] New: extensions: libxt_hashlimit: fix print_rate.

https://bugzilla.netfilter.org/show_bug.cgi?id=1111

            Bug ID: 1111
           Summary: extensions: libxt_hashlimit: fix print_rate.
           Product: netfilter/iptables
           Version: unspecified
          Hardware: i386
                OS: All
            Status: NEW
          Severity: major
          Priority: P5
         Component: unknown
          Assignee: netfilter-buglog at lists.netfilter.org
          Reporter: prahal at yahoo.com

Created attachment 490
  --> https://bugzilla.netfilter.org/attachment.cgi?id=490&action=edit
use uint64 modifier to print rate

This fixes iptables outputs 10/(null) instead of 10/sec as upto limit.
xt_hashlimit is already tagged C99.

A side effect is to get back openvpnas hooks when hashlimit upto is used.

This was tested (both breakage and fix) with iptables 1.6.0+snapshot20161117
from debian sid and testing.


NB: there are other similar printf placeholders that would benefit from the
same fix in libxt_hashlimit, but they are less critical (error reporting).
I am also uneasy with print_rate period parameter as uint32, I believe it
should have switched to uint64 with revision 2 of hashlimit.
There is also the cost_to_bytes and bytes_to_cost which I am unable to decide
whether the max divider and multiplier  should cope with uint64 and not stay
hardcoded to uint32.


All in all this patch fixes the only critical bug I experience with rev2 of
hashlimit but the above points might deserves bugs of their own.

-- 
You are receiving this mail because:
You are watching all bug changes.
-------------- next part --------------
An HTML attachment was scrubbed...
URL:
<http://lists.netfilter.org/pipermail/netfilter-buglog/attachments/20170112/90d1ee3b/attachment.html>