[PATCH] add new iptables ipt_connbytes match
laforge at netfilter.org
Fri Aug 12 13:56:22 CEST 2005
On Fri, Aug 12, 2005 at 04:52:49AM +0200, Patrick McHardy wrote:
> This functions looks broken.
I feared it...
> Divisor and divident are mixed up, the
> shifted result variable is not used in the actual division, the
> "first bit has to be < 32" assumption is wrong and num_shift is
> calculated incorrectly. To find a 32-bit divisor consisting of the
> most-significant 32 bits we need to find the highest bit set and
> subtract 32 from this, then right-shift by that value if it is larger
> than 0. I can send a fixed patch tomorrow but I'm too tired now.
> >+ case IPT_CONNBYTES_WHAT_PKTS:
> I would really prefer the name IPT_CONNBYTES_PKTS :)
I _think_ it's sure to change it, since we don't include ipt_connbytes.h
in the iptables package.
Just send two incremental patches to Dave.
- Harald Welte <laforge at netfilter.org> http://netfilter.org/
"Fragmentation is like classful addressing -- an interesting early
architectural error that shows how much experimentation was going
on while IP was being designed." -- Paul Vixie
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Size: 189 bytes
Desc: not available
Url : /pipermail/netfilter-devel/attachments/20050812/c9160e48/attachment.bin
More information about the netfilter-devel