[Bug 838] New: ipset add foo syslog fails for bitmap:port

bugzilla-daemon at netfilter.org bugzilla-daemon at netfilter.org
Sun Aug 4 13:15:25 CEST 2013


           Summary: ipset add foo syslog fails for bitmap:port
           Product: ipset
           Version: unspecified
          Platform: All
        OS/Version: All
            Status: NEW
          Severity: normal
          Priority: P5
         Component: default
        AssignedTo: netfilter-buglog at lists.netfilter.org
        ReportedBy: quentin at armitage.org.uk
   Estimated Hours: 0.0

Created attachment 409
  --> https://bugzilla.netfilter.org/attachment.cgi?id=409
Patch to allow UDP service names to be specified for bitmap:port

The following commands produce the error message below:
# ipset create foo bitmap:port range 500-999
# ipset add fred syslog
ipset v6.19: Syntax error: 'syslog' is invalid as number
Syntax error: cannot parse 'syslog' as a tcp port

The problem is that syslog is only defined as a UDP service in /etc/services,
and not as a TCP service.

I could think of two options for how to resolve this:
1. Try TCP first, and if that fails try UDP, but then presumably that would
mean also trying SCTP and UDPLITE for completeness.
2. Allow a protocol to be specified.

1. has disadvantages in that it doesn't appear to fit within the existing code
structure, and also if at some time in the future a service name had different
port numbers for different protocols it wouldn't work.

2. seems to work but it is perhaps slightly strange to specify a protocol for a
bitmap:port which is protocol neutral; however I could see no other way to
allow it to work, since there needs to be some indication not to use the
default of TCP.

I have produced a patch along the lines of option 2 which appears to work, and
have added comments to the help and man page stating that specification of the
protocol does not effect the bitmap:port. It allows the protocol to be
specified for the create/add/del/test commands for a bitmap:port.

Configure bugmail: https://bugzilla.netfilter.org/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are watching all bug changes.

More information about the netfilter-buglog mailing list