[PATCH] Parsing bug in libxt_conntrack.c 1.4.12

Tom Eastep <teastep@xxxxxxxxxxxxx> · Thu, 18 Aug 2011 15:11:16 -0700

Just discovered this little gem:

sami:/home/teastep/iptables# iptables -N foo
sami:/home/teastep/iptables# iptables -A foo -m conntrack --ctorigdstport 22
iptables v1.4.12: conntrack rev 2 does not support port ranges
Try `iptables -h' or 'iptables --help' for more information.
sami:/home/teastep/iptables# 

The attached seems to correct it.

-Tom

-- 
Tom Eastep        \ When I die, I want to go like my Grandfather who
Shoreline,         \ died peacefully in his sleep. Not screaming like
Washington, USA     \ all of the passengers in his car
http://shorewall.net \________________________________________________

commit 57c7c7995326a37c983ac6ca4026eb176595fb37
Author: Tom Eastep <teastep@xxxxxxxxxxxxx>
Date:   Thu Aug 18 15:09:14 2011 -0700

    Correct parsing bug in libxt_conntrack.c
    
    Signed-off-by: Tom Eastep <teastep@xxxxxxxxxxxxx>

diff --git a/extensions/libxt_conntrack.c b/extensions/libxt_conntrack.c
index be95529..6a79e37 100644
--- a/extensions/libxt_conntrack.c
+++ b/extensions/libxt_conntrack.c
@@ -130,13 +130,13 @@ static const struct xt_option_entry conntrack2_mt_opts[] = {
 	 .flags = XTOPT_INVERT},
 	{.name = "ctexpire", .id = O_CTEXPIRE, .type = XTTYPE_UINT32RC,
 	 .flags = XTOPT_INVERT},
-	{.name = "ctorigsrcport", .id = O_CTORIGSRCPORT, .type = XTTYPE_PORT,
+	{.name = "ctorigsrcport", .id = O_CTORIGSRCPORT, .type = XTTYPE_PORTRC,
 	 .flags = XTOPT_INVERT | XTOPT_NBO},
-	{.name = "ctorigdstport", .id = O_CTORIGDSTPORT, .type = XTTYPE_PORT,
+	{.name = "ctorigdstport", .id = O_CTORIGDSTPORT, .type = XTTYPE_PORTRC,
 	 .flags = XTOPT_INVERT | XTOPT_NBO},
-	{.name = "ctreplsrcport", .id = O_CTREPLSRCPORT, .type = XTTYPE_PORT,
+	{.name = "ctreplsrcport", .id = O_CTREPLSRCPORT, .type = XTTYPE_PORTRC,
 	 .flags = XTOPT_INVERT | XTOPT_NBO},
-	{.name = "ctrepldstport", .id = O_CTREPLDSTPORT, .type = XTTYPE_PORT,
+	{.name = "ctrepldstport", .id = O_CTREPLDSTPORT, .type = XTTYPE_PORTRC,
 	 .flags = XTOPT_INVERT | XTOPT_NBO},
 	{.name = "ctdir", .id = O_CTDIR, .type = XTTYPE_STRING},
 	XTOPT_TABLEEND,
Attachment:
signature.asc

Description: This is a digitally signed message part




