Patrick McHardy wrote:
Andrei Popa wrote:
On Sat, 2007-11-10 at 13:57 +0100, Patrick McHardy wrote:
Andrei Popa wrote:
The oops is reproducible by this script (yyy are some IP addresses):
...
#$IPT -I INPUT -p tcp --dport 80 -m string --algo bm --string "$MyNick"
-j DROP
I could reproduce it with an empty string - is $MyNick defined?
it's not defined.
Please try this patch.
it's ok now:
test ~ # iptables -I INPUT -p tcp --dport 80 -m string --algo bm
--string "$MyNick" -j DROP
iptables: Invalid argument
Thanks, thats whats expected. The patch is suboptimal though
since it should really allow patterns of length zero. Pablo,
the naive approach would be to ignore patlen == 0 in the
initialization path and return the current position in bm_find().
But I'm guessing there's a better way to handle this case,
could you look into this please? Thanks.
Pablo? I would prefer to get this fixed before 2.6.24, unless
there's a better fix I'm going to include my patch to reject
pattern lengths of 0. Thanks.
-
To unsubscribe from this list: send the line "unsubscribe netfilter-devel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html