[Bug 577] New: cannot set spi/reqid numbers higher than 0x7fffffff (policy match)
bugzilla-daemon at bugzilla.netfilter.org
bugzilla-daemon at bugzilla.netfilter.org
Mon Feb 16 21:43:01 CET 2009
http://bugzilla.netfilter.org/show_bug.cgi?id=577
Summary: cannot set spi/reqid numbers higher than 0x7fffffff
(policy match)
Product: iptables
Version: unspecified
Platform: i386
OS/Version: All
Status: NEW
Severity: normal
Priority: P1
Component: iptables
AssignedTo: laforge at netfilter.org
ReportedBy: chris at linuxinfotag.de
When using the -m policy match, the option argument for --spi is converted
using strtol(), which returns a signed 32 bit value, so the highest
positive value is 0x7fffffff. Instead strtoul() should be used.
The same applies for the --reqid option argument.
Setting a rule like
iptables -A FORWARD -m policy --dir in --spi cafe2342 -j ACCEPT
and looking at the chain afterwards will give the following
Chain FORWARD (policy ACCEPT 0 packets, 0 bytes)
pkts bytes target prot opt in out source destination
0 0 ACCEPT all -- * * 0.0.0.0/0 0.0.0.0/0
policy match dir in pol ipsec spi 0x7fffffff
--
Configure bugmail: http://bugzilla.netfilter.org/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug, or are watching the assignee.
More information about the netfilter-buglog
mailing list