[Bug 41] New: pptp-conntrack-nat and sparc64 structures/padding/maskcomp bug

bugzilla-daemon@netfilter.org bugzilla-daemon@netfilter.org
Mon, 03 Feb 2003 16:43:58 +0100 

https://bugzilla.netfilter.org/cgi-bin/bugzilla/show_bug.cgi?id=41

           Summary: pptp-conntrack-nat and sparc64
                    structures/padding/maskcomp bug
           Product: netfilter/iptables
           Version: patch-o-matic
          Platform: sparc64
        OS/Version: All
            Status: NEW
          Severity: normal
          Priority: P2
         Component: connection tracking
        AssignedTo: laforge@netfilter.org
        ReportedBy: laforge@netfilter.org
                CC: netfilter-buglog@lists.netfilter.org


From: "Chris Poon" <Chris.Poon@TELUS.COM>
To: "'netfilter-devel@lists.netfilter.org'" <netfilter-devel@lists.netfilter.org>
Subject: sparc64 kernel, netfilter-20021115, iptables-1.2.7a - conntrack issue
with expecting related connections, FTP
X-WSS-ID: 122463084659911-01-01
List-Archive: <https://lists.netfilter.org/pipermail/netfilter-devel/>

After some further digging and debug output in the expect_cmp, I have found     
that the pptp_nat patch will break in a 64 bit big-endian platform. Basically,  
the whole masked comparison will be wrong since this patch changed a whole      
bunch of fields in various structures in ip_conntrack_tuple.h from 16 bits to   
either 32 bits or 64 bits.
                                                                                
Passive FTP section:
Jan 31 09:37:53 sparky kernel: ip_conntrack_expect_related fffff80016c909e0
Jan 31 09:37:53 sparky kernel: tuple: tuple 0000000000417690: 6
client:0x00000000 -> server:0x00005a3f
Jan 31 09:37:53 sparky kernel: mask:  tuple 00000000004176b0: 65535
255.255.255.255:0x00000000 -> 255.255.255.255:0x0000ffff                       
Jan 31 09:37:53 sparky kernel: expect_cmp
Jan 31 09:37:53 sparky kernel: tuple: tuple fffff80016bab760: 6
client:0x04080000 -> server:0x00000000
Jan 31 09:37:53 sparky kernel: test : tuple fffff80015871960: 6
client:0x00000000 -> server:0x00005a3f
Jan 31 09:37:53 sparky kernel: mask : tuple fffff80015871980: 65535
255.255.255.255:0x00000000 -> 255.255.255.255:0x0000ffff                       
Jan 31 09:37:53 sparky kernel: rcode: 0

Looks like I will need to pad out the structure in the right way if I want the
PPTP_NAT patch but since this is an RPM build, I will see if I can come
up with another patch to fix the structure for big-endian 64 bit machine with
the PPTP_NAT patch, instead of just ripping it out of the picture.



------- You are receiving this mail because: -------
You are on the CC list for the bug, or are watching someone who is.