On 05-12-11 15:38, James Sinclair wrote: > On Dec 4, 2011, at 4:36 AM, Bart De Schuymer wrote: > >> On 29-11-11 21:08, James Sinclair wrote: >>> I was doing some testing with the latest ebtables and I think I've found a bug in ebt_deliver_counters that was introduced in the following commit: >>> >>> http://ebtables.cvs.sourceforge.net/viewvc/ebtables/ebtables2/userspace/ebtables2/communication.c?r1=1.40&r2=1.41 >>> >>> It seems that the chainnr++ on line 308 is only reached when entries is NULL, causing the code to repeatedly loop over the rules for the first non-empty chain. This manifests as every chain having its counters copied from the first non-empty chain instead of getting the counters assigned with -c: >> >> Thanks for the bug report. I've applied the following fix instead. >> >> --- ebtables-v2.0.10-2/communication.c 2011-08-11 19:56:16.000000000 +0100 >> +++ ebtables-v2.0.10-3/communication.c 2011-12-04 09:29:23.000000000 +0000 >> @@ -309,6 +309,7 @@ void ebt_deliver_counters(struct ebt_u_r >> new = newcounters; >> while (cc != u_repl->cc) { >> if (!next || next == entries->entries) { >> + chainnr++; >> while (chainnr< u_repl->num_chains&& (!(entries = u_repl->chains[chainnr]) || >> (next = entries->entries->next) == entries->entries)) >> chainnr++; >> >> cheers, >> Bart >> >> >> >> -- >> Bart De Schuymer >> www.artinalgorithms.be > > > Thanks for taking the time to look at my patch, Bart. > > It looks like the fix you applied introduces a new bug. It works in most cases, but when a rules is set in the first built-in chain (such as PREROUTING in the nat table) all counters get reset to zero. Thanks for verifying this. Please try the incremental patch below (patch -p1 < file). I'll wait for your verification this time before making another release :) --- ebtables-v2.0.10-3/communication.c 2011-12-04 09:46:26.000000000 +0000 +++ ebtables-v2.0.10-4/communication.c 2011-12-05 20:29:17.864018957 +0000 @@ -295,7 +295,7 @@ void ebt_deliver_counters(struct ebt_u_r struct ebt_cntchanges *cc = u_repl->cc->next, *cc2; struct ebt_u_entries *entries = NULL; struct ebt_u_entry *next = NULL; - int i, chainnr = 0; + int i, chainnr = -1; if (u_repl->nentries == 0) return; Best regards, Bart -- Bart De Schuymer www.artinalgorithms.be -- To unsubscribe from this list: send the line "unsubscribe netfilter-devel" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html
