On Friday 2010-05-14 18:23, krunal patel wrote:
>Hi,
>I found a bug in libipt_set.h. When iptables communicate with ipset,
>socket is created but not closed. I wanted to apply more then 700
>iptables rule in one shot and all are having -m set option. I did
>iptables-restore and found error "Can't open socket to ipset."
>After closing socket I am able to do iptables-restore.
>patch:
>
>--- iptables-1.4.2/extensions/libipt_set.h 2010-05-14
>18:32:50.000000000 +0530
>+++ iptables-1.4.2/extensions/libipt_set.h 2010-05-14
>18:44:49.000000000 +0530
>@@ -41,13 +41,14 @@
>
> static int get_set_getsockopt(void *data, socklen_t * size)
> {
>- int sockfd = -1;
>+ int sockfd = -1, res = -1;
> sockfd = socket(AF_INET, SOCK_RAW, IPPROTO_RAW);
> if (sockfd < 0)
> exit_error(OTHER_PROBLEM,
> "Can't open socket to ipset.\n");
> /* Send! */
>- return getsockopt(sockfd, SOL_IP, SO_IP_SET, data, size);
>+ res = getsockopt(sockfd, SOL_IP, SO_IP_SET, data, size);
>+ return res;
> }
I don't see a close...
--
To unsubscribe from this list: send the line "unsubscribe netfilter-devel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
