[PATCH]extensions/tos_values.c mask value not accurate in certain condition

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 

scene:
# iptables -V
iptables v1.4.10
# iptables -v -t mangle -A MANGLE_OUTPUT -p tcp --dport 20 -j TOS
--set-tos 8
TOS tcp opt -- in * out * 0.0.0.0/0 -> 0.0.0.0/0 tcp dpt:20 TOS set
0x08/0xff
# iptables -v -t mangle -A MANGLE_OUTPUT -p tcp --dport 20 -j TOS
--set-tos Maximize-Throughput
TOS tcp opt -- in * out * 0.0.0.0/0 -> 0.0.0.0/0 tcp dpt:20 TOS set
0x08/0x3f

mask value is different for the same tos value. This is because below
code piece:
static bool tos_parse_numeric(const char *str, struct tos_value_mask *tvm,
unsigned int bits)
{
const unsigned int max = (1 << bits) - 1;
......
tvm->mask = max;
......
static bool tos_parse_symbolic(const char *str, struct tos_value_mask *tvm,
unsigned int def_mask)
{
const unsigned int max = UINT8_MAX;
const struct tos_symbol_info *symbol;
char *tmp;

if (xtables_strtoui(str, &tmp, NULL, 0, max))
return tos_parse_numeric(str, tvm, max);

/* Do not consider ECN bits */
tvm->mask = def_mask;
.......
For tos value 8, bits shift lead to a overflow and trim, so the mask is
0xff no matter what the def_mask is.
For tos symbol Maximize-Throughput, tvm->mask got def_mask 0x3f.

PATCH:
diff -up iptables-1.4.10/extensions/tos_values.c.org
iptables-1.4.10/extensions/tos_values.c
--- iptables-1.4.10/extensions/tos_values.c.org 2010-11-02
13:08:32.000000000 +0800
+++ iptables-1.4.10/extensions/tos_values.c 2010-11-02
13:09:00.000000000 +0800
@@ -34,7 +34,7 @@ static const struct tos_symbol_info {
static bool tos_parse_numeric(const char *str, struct tos_value_mask *tvm,
unsigned int bits)
{
- const unsigned int max = (1 << bits) - 1;
+ const unsigned int max = bits;
unsigned int value;
char *end;

@@ -59,7 +59,7 @@ static bool tos_parse_numeric(const char
static bool tos_parse_symbolic(const char *str, struct tos_value_mask *tvm,
unsigned int def_mask)
{
- const unsigned int max = UINT8_MAX;
+ const unsigned int max = def_mask;
const struct tos_symbol_info *symbol;
char *tmp;

--------------------------------------------------------------------------
--
To unsubscribe from this list: send the line "unsubscribe netfilter-devel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at  http://vger.kernel.org/majordomo-info.html
[Index of Archives]     [Netfitler Users]     [LARTC]     [Bugtraq]     [Yosemite Forum]

  Powered by Linux