[Bug 782] New: -j LOG --log-prefix handling broken

bugzilla-daemon at bugzilla.netfilter.org bugzilla-daemon at bugzilla.netfilter.org
Sat Apr 21 18:54:06 CEST 2012 

http://bugzilla.netfilter.org/show_bug.cgi?id=782

           Summary: -j LOG --log-prefix handling broken
           Product: iptables
           Version: CVS (please indicate timestamp)
          Platform: x86_64
        OS/Version: All
            Status: NEW
          Severity: normal
          Priority: P5
         Component: iptables-restore
        AssignedTo: netfilter-buglog at lists.netfilter.org
        ReportedBy: hvtaifwkbgefbaei at gmail.com
   Estimated Hours: 0.0


instead of the parameter I give to the LOG module, "NETFILTER drop ", it ends
up getting mangled to "--log-prefix".

excerpt from a file I feed to iptables-restore:

-A LDROP -d 255.255.255.255/32 -p udp -j DROP
-A LDROP -d 77.223.39.255/32   -p udp -j DROP
-A LDROP -m hashlimit --hashlimit-above 1/min --hashlimit-mode srcip,dstip
--hashlimit-burst 1 --hashlimit-name logldrop --hashlimit-htable-expire 60000
-j DROP
-A LDROP -m limit --limit 5/s -j LOG --log-prefix "NETFILTER drop "
--log-tcp-options --log-ip-options --log-uid --log-macdecode
-A LDROP -j DROP

iptables-restore succeeds. then:

# iptables -nvx --list LDROP
Chain LDROP (4 references)
    pkts      bytes target     prot opt in     out     source              
destination         
       0        0 DROP       udp  --  *      *       0.0.0.0/0           
255.255.255.255     
       0        0 DROP       udp  --  *      *       0.0.0.0/0           
77.223.39.255       
       0        0 DROP       all  --  *      *       0.0.0.0/0           
0.0.0.0/0            limit: above 1/min burst 1 mode srcip-dstip
       1       44 LOG        all  --  *      *       0.0.0.0/0           
0.0.0.0/0            limit: avg 5/sec burst 5 LOG flags 46 level 4 prefix
"--log-prefix"
       1       44 DROP       all  --  *      *       0.0.0.0/0           
0.0.0.0/0           

now I have kernel messages like this:
<4>[440059.429055] --log-prefixIN=eth0 OUT= ...

If I now do "iptables -I LDROP -j LOG --log-prefix ...", --log-prefix option
parsing works OK.  Also, iptables-save works.

I use iptables git 8db1044ba608a.
previous version of iptables I had, from 20111119, worked ok.  now I only
upgraded iptables and glibc (to fedora 2.15-32.fc17; I made a testcase for
xtables_save_string , so I guess strspn+strpbrk were not broken by glibc
upgrade).

-- 
Configure bugmail: http://bugzilla.netfilter.org/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug.
You are watching all bug changes.

More information about the netfilter-buglog mailing list