String matcher "algo bm" broken in OUTPUT since 5.3.x

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 

Hi list,
Since at least kernel 5.3.x (2019) and up to current 6.2.15, iptables -m string --algo bm does not work when added to the OUTPUT chain. 

Quick reproducer (algo bm, does not work properly):


# iptables -I OUTPUT -p tcp -m string --algo bm --string 'GET /' -j DROP
$ curl -s example.com | head -n3

  ^^^^ curl executes successfully



This works (algo kmp, works properly):

# iptables -I OUTPUT -p tcp -m string --algo kmp --string 'GET /' -j DROP
$ curl -s example.com | head -n

  ^^^^ curl does not execute successfully



See:
https://bugzilla.netfilter.org/show_bug.cgi?id=1390

Attachment: OpenPGP_signature
Description: OpenPGP digital signature

[Index of Archives]     [Netfitler Users]     [Berkeley Packet Filter]     [LARTC]     [Bugtraq]     [Yosemite Forum]

  Powered by Linux