Hi,
On Fri, 14 May 2010, krunal patel wrote:
> I found a bug in libipt_set.h. When iptables communicate with ipset,
> socket is created but not closed. I wanted to apply more then 700
> iptables rule in one shot and all are having -m set option. I did
> iptables-restore and found error "Can't open socket to ipset."
> After closing socket I am able to do iptables-restore.
> patch:
>
> --- iptables-1.4.2/extensions/libipt_set.h 2010-05-14
> 18:32:50.000000000 +0530
> +++ iptables-1.4.2/extensions/libipt_set.h 2010-05-14
> 18:44:49.000000000 +0530
> @@ -41,13 +41,14 @@
>
> static int get_set_getsockopt(void *data, socklen_t * size)
> {
> - int sockfd = -1;
> + int sockfd = -1, res = -1;
> sockfd = socket(AF_INET, SOCK_RAW, IPPROTO_RAW);
> if (sockfd < 0)
> exit_error(OTHER_PROBLEM,
> "Can't open socket to ipset.\n");
> /* Send! */
> - return getsockopt(sockfd, SOL_IP, SO_IP_SET, data, size);
> + res = getsockopt(sockfd, SOL_IP, SO_IP_SET, data, size);
> + return res;
> }
This is an old iptables version, the bug had been fixed almost a year
ago. Please check the recent version when reporting bugs.
Best regards,
Jozsef
-
E-mail : kadlec@xxxxxxxxxxxxxxxxx, kadlec@xxxxxxxxxxxx
PGP key : http://www.kfki.hu/~kadlec/pgp_public_key.txt
Address : KFKI Research Institute for Particle and Nuclear Physics
H-1525 Budapest 114, POB. 49, Hungary
