<html>
    <head>
      <base href="https://bugzilla.netfilter.org/" />
    </head>
    <body>
      <p>
        <div>
            <b><a class="bz_bug_link 
          bz_status_ASSIGNED "
   title="ASSIGNED - iptables-extensions man page misleading for --to"
   href="https://bugzilla.netfilter.org/show_bug.cgi?id=1707#c2">Comment # 2</a>
              on <a class="bz_bug_link 
          bz_status_ASSIGNED "
   title="ASSIGNED - iptables-extensions man page misleading for --to"
   href="https://bugzilla.netfilter.org/show_bug.cgi?id=1707">bug 1707</a>
              from <span class="vcard"><a class="email" href="mailto:pablo@netfilter.org" title="Pablo Neira Ayuso <pablo@netfilter.org>"> <span class="fn">Pablo Neira Ayuso</span></a>
</span></b>
        <pre>(In reply to Phil Sutter from <a href="show_bug.cgi?id=1707#c1">comment #1</a>)
<span class="quote">> Pablo, am I on the right track? Could you please review?</span >

According to the code:

unsigned int skb_find_text(struct sk_buff *skb, unsigned int from,              
                           unsigned int to, struct ts_config *config)           
{                                                                               
        struct ts_state state;                                                  
        unsigned int ret;                                                       

        BUILD_BUG_ON(sizeof(struct skb_seq_state) > sizeof(state.cb));          

        config->get_next_block = skb_ts_get_next_block;                         
        config->finish = skb_ts_finish;                                         

        skb_prepare_seq_read(skb, from, to, TS_SKB_CB(&state));                 

        ret = textsearch_find(config, &state);                                  
        return (ret <= to - from ? ret : UINT_MAX);                             
}                                                                               
EXPORT_SYMBOL(skb_find_text); 

commit f72b948dcbb8558d639214536c2ace1b0760f41d
Author: Phil Oester <<a href="mailto:kernel@linuxace.com">kernel@linuxace.com</a>>
Date:   Mon Jun 26 00:00:57 2006 -0700

    [NET]: skb_find_text ignores to argument

    skb_find_text takes a "to" argument which is supposed to limit how
    far into the skb it will search for the given text.  At present,
    it seems to ignore that argument on the first skb, and instead
    return a match even if the text occurs beyond the limit.

    Patch below fixes this, after adjusting for the "from" starting
    point.  This consequently fixes the netfilter string match's "--to"
    handling, which currently is broken.

    Signed-off-by: Phil Oester <<a href="mailto:kernel@linuxace.com">kernel@linuxace.com</a>>
    Signed-off-by: David S. Miller <<a href="mailto:davem@davemloft.net">davem@davemloft.net</a>>

And if I read this right, this makes sure that the first matching character of
the pattern needs to fall within the [ from - to ] range.</pre>
        </div>
      </p>
      <hr>
      <span>You are receiving this mail because:</span>
      
      <ul>
          <li>You are watching all bug changes.</li>
      </ul>
    </body>
</html>