iptables branch, stable, updated. v1.4.12.1-22-g08628f2
Pablo Neira Ayuso
netfilter-cvslog-bounces at lists.netfilter.org
Fri Dec 23 14:56:15 CET 2011
This is an automated email from the git hooks/post-receive script. It was
generated because a ref change was pushed to the repository containing
the project "iptables".
The branch, stable has been updated
via 08628f20f492a1f9178f6df2a276f9a108ac0022 (commit)
from b8c42eca0f224a00bf55b60ded81af14a1e07da1 (commit)
Those revisions listed above that are new to this repository have
not appeared on any other notification email; so we list those
revisions in full, below.
- Log -----------------------------------------------------------------
commit 08628f20f492a1f9178f6df2a276f9a108ac0022
Author: Florian Westphal <fw at strlen.de>
Date: Fri Dec 16 18:34:06 2011 +0100
libxt_connbytes: fix handling of --connbytes FROM
quoting man page:
match packets from a connection whose packets/bytes/average
packet size is more than FROM and less than TO bytes/packets. if
TO is omitted only FROM check is done.
But, when TO was omitted, we did treat it like "x:x" which is not
the same at all.
Before commit 09631dc60ce41bc484a42fcf4d4ddf7036820bd1
(libxt_connbytes: use guided option parser), we failed to parse
"--connbytes x" ('Bad range "x"'), but treated "x:" like "x:0xffffffff".
Also, restore the "from must be smaller than to" check.
Signed-off-by: Florian Westphal <fw at strlen.de>
-----------------------------------------------------------------------
Summary of changes:
extensions/libxt_connbytes.c | 42 +++++++++++++++++++++++++-----------------
1 files changed, 25 insertions(+), 17 deletions(-)
hooks/post-receive
--
iptables
More information about the netfilter-cvslog
mailing list