[Bug 778] NFQUEUE --queue-bypass accepts all packets when no userspace application is available

bugzilla-daemon at netfilter.org bugzilla-daemon at netfilter.org
Thu Apr 11 11:53:41 CEST 2013


https://bugzilla.netfilter.org/show_bug.cgi?id=778

Florian Westphal <fw at strlen.de> changed:

           What    |Removed                     |Added
----------------------------------------------------------------------------
             Status|NEW                         |ASSIGNED
                 CC|                            |fw at strlen.de

--- Comment #1 from Florian Westphal <fw at strlen.de> 2013-04-11 11:53:40 CEST ---
This is a documentation bug.  The packet moves on to the next TABLE, not rule.
I doubt your patch works as desired; the problem is that when the target
asks to queue, we do not (yet) know that no userspace listener is available
on that queue.  The BYPASS flag mereley communicates that in absence of a
userspace listener, the packet should not be dropped.

With the proposed change, packets will not be queued at all...

-- 
Configure bugmail: https://bugzilla.netfilter.org/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are watching all bug changes.



More information about the netfilter-buglog mailing list