[Bug 724] New: Iptables doesn't delete rules matching if target is RATEEST - patch attached

bugzilla-daemon at bugzilla.netfilter.org bugzilla-daemon at bugzilla.netfilter.org
Wed Jun 15 02:52:59 CEST 2011 

http://bugzilla.netfilter.org/show_bug.cgi?id=724

           Summary: Iptables doesn't delete rules matching if target is
                    RATEEST - patch attached
           Product: iptables
           Version: unspecified
          Platform: All
        OS/Version: All
            Status: NEW
          Severity: normal
          Priority: P3
         Component: iptables
        AssignedTo: netfilter-buglog at lists.netfilter.org
        ReportedBy: massimo at mmmm.it
   Estimated Hours: 0.0


In latest version of iptables (1.4.11.1) I can't delete a rule by matching it
if the target of the rule is RATEEST.

Copy-paste from terminal:
#iptables -t mangle -A PREROUTING -i eth0 -j RATEEST --rateest-name somename
--rateest-interval 250ms --rateest-ewmalog 4s
#iptables -t mangle -D PREROUTING -i eth0 -j RATEEST --rateest-name somename
--rateest-interval 250ms --rateest-ewmalog 4s
iptables: No chain/target/match by that name.


I saw in comments of the kernel code that the last part of the struct
xt_rateest_target_info is used only by kernel:

struct xt_rateest_target_info {
    char            name[IFNAMSIZ];
    __s8            interval;
    __u8        ewma_log;

    /* Used internally by the kernel */
    struct xt_rateest    *est __attribute__((aligned(8)));
};

but in struct xtables_target .size and .userspacesize are equals.
Simply correcting this solved the problem.
Here is the diff:

--- iptables-1.4.11.1/extensions/libxt_RATEEST.c        2011-06-08
15:26:17.000000000 +0200
+++ iptables-1.4.11.1-patched/extensions/libxt_RATEEST.c        2011-06-15
02:27:17.021704678 +0200
@@ -197,7 +197,7 @@
        .name           = "RATEEST",
        .version        = XTABLES_VERSION,
        .size           = XT_ALIGN(sizeof(struct xt_rateest_target_info)),
-       .userspacesize  = XT_ALIGN(sizeof(struct xt_rateest_target_info)),
+       .userspacesize  = offsetof(struct xt_rateest_target_info, est),
        .help           = RATEEST_help,
        .parse          = RATEEST_parse,
        .final_check    = RATEEST_final_check,


Best wishes,
Massimo Maggi


-- 
Configure bugmail: http://bugzilla.netfilter.org/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug.
You are watching all bug changes.

More information about the netfilter-buglog mailing list