<html>
<head>
<base href="https://bugzilla.netfilter.org/" />
</head>
<body><span class="vcard"><a class="email" href="mailto:dsmythies@telus.net" title="Doug Smythies <dsmythies@telus.net>"> <span class="fn">Doug Smythies</span></a>
</span> changed
<a class="bz_bug_link
bz_status_NEW "
title="NEW - iptables -m string not working with --algo bm and OUTPUT chain under 5.3.x"
href="https://bugzilla.netfilter.org/show_bug.cgi?id=1390">bug 1390</a>
<br>
<table border="1" cellspacing="0" cellpadding="8">
<tr>
<th>What</th>
<th>Removed</th>
<th>Added</th>
</tr>
<tr>
<td style="text-align:right;">CC</td>
<td>
</td>
<td>dsmythies@telus.net
</td>
</tr></table>
<p>
<div>
<b><a class="bz_bug_link
bz_status_NEW "
title="NEW - iptables -m string not working with --algo bm and OUTPUT chain under 5.3.x"
href="https://bugzilla.netfilter.org/show_bug.cgi?id=1390#c1">Comment # 1</a>
on <a class="bz_bug_link
bz_status_NEW "
title="NEW - iptables -m string not working with --algo bm and OUTPUT chain under 5.3.x"
href="https://bugzilla.netfilter.org/show_bug.cgi?id=1390">bug 1390</a>
from <span class="vcard"><a class="email" href="mailto:dsmythies@telus.net" title="Doug Smythies <dsmythies@telus.net>"> <span class="fn">Doug Smythies</span></a>
</span></b>
<pre>Created <span class=""><a href="attachment.cgi?id=584" name="attach_584" title="iptables example rules and packet counters">attachment 584</a> <a href="attachment.cgi?id=584&action=edit" title="iptables example rules and packet counters">[details]</a></span>
iptables example rules and packet counters
I confirm your issues with the bm algorithm and "POST".
I confirm that the otherwise same rule works with the kmp algorithm.
I deny that the otherwise same rule and "test" as the pattern works.
If an offset is introduced such that the search area only looks at the payload
portion of the packet (offset 52), then it works.
I started with kernel 5.5-rc6, but narrowed this down to between kernel 5.1 and
5.2-rc1, but do not have time to bisect the kernel.
In the attachment, output rule 9 was added after rule 10 had been traversed 38
times. Thereafter rule 9 was traversed.
By this crude experiment, it seems to be byte 48 that messes things up. On my
computer it seems to be 0X05 (based on a sample of 1).</pre>
</div>
</p>
<hr>
<span>You are receiving this mail because:</span>
<ul>
<li>You are watching all bug changes.</li>
</ul>
</body>
</html>