On Fri, Feb 01, 2019 at 07:37:57PM +0100, Florian Westphal wrote: > Phil Sutter <phil@xxxxxx> wrote: > > When comparing two rules with non-standard targets, differences in > > targets' payloads wasn't respected. > > > > The cause is a rather hideous one: Unlike xtables_find_match(), > > xtables_find_target() did not care whether the found target was already > > in use or not, so the same target instance was assigned to both rules > > and therefore payload comparison happened over the same memory location. > > > > With legacy iptables it is not possible to reuse a target: The only case > > where two rules (i.e., iptables_command_state instances) could exist at > > the same time is when comparing rules, but that's handled using libiptc. > > This causes: > > extensions/libebt_ip.t: ERROR: line 2 (cannot delete: ebtables -I INPUT -p ip --ip-src ! 192.168.0.0/24 -j ACCEPT) > > (and similar errors). Oh crap, sorry for all the mess. I'll get this fixed, and in future keep in mind to run the extension testsuite before submitting a series. Thanks, Phil
