[Bug 1707] iptables-extensions man page misleading for --to
bugzilla-daemon at netfilter.org
bugzilla-daemon at netfilter.org
Tue Sep 26 17:37:58 CEST 2023
https://bugzilla.netfilter.org/show_bug.cgi?id=1707
--- Comment #2 from Pablo Neira Ayuso <pablo at netfilter.org> ---
(In reply to Phil Sutter from comment #1)
> Pablo, am I on the right track? Could you please review?
According to the code:
unsigned int skb_find_text(struct sk_buff *skb, unsigned int from,
unsigned int to, struct ts_config *config)
{
struct ts_state state;
unsigned int ret;
BUILD_BUG_ON(sizeof(struct skb_seq_state) > sizeof(state.cb));
config->get_next_block = skb_ts_get_next_block;
config->finish = skb_ts_finish;
skb_prepare_seq_read(skb, from, to, TS_SKB_CB(&state));
ret = textsearch_find(config, &state);
return (ret <= to - from ? ret : UINT_MAX);
}
EXPORT_SYMBOL(skb_find_text);
commit f72b948dcbb8558d639214536c2ace1b0760f41d
Author: Phil Oester <kernel at linuxace.com>
Date: Mon Jun 26 00:00:57 2006 -0700
[NET]: skb_find_text ignores to argument
skb_find_text takes a "to" argument which is supposed to limit how
far into the skb it will search for the given text. At present,
it seems to ignore that argument on the first skb, and instead
return a match even if the text occurs beyond the limit.
Patch below fixes this, after adjusting for the "from" starting
point. This consequently fixes the netfilter string match's "--to"
handling, which currently is broken.
Signed-off-by: Phil Oester <kernel at linuxace.com>
Signed-off-by: David S. Miller <davem at davemloft.net>
And if I read this right, this makes sure that the first matching character of
the pattern needs to fall within the [ from - to ] range.
--
You are receiving this mail because:
You are watching all bug changes.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.netfilter.org/pipermail/netfilter-buglog/attachments/20230926/ff844b03/attachment-0001.html>
More information about the netfilter-buglog
mailing list