Possible bug in owner match

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 

Hi to all,

I want to report a possible bug in owner match with uid test not submit
in iptables.git (in olders versions it works fine)

host: Linux iris 2.6.26-2-amd64 #1 SMP Fri Mar 27 04:02:59 UTC 2009
x86_64 GNU/Linux
          iptables v1.4.3.1

fw:     Linux Firewall-2 2.6.28.9 #5 Fri Mar 27 06:52:33 CET 2009 mips
unknown
          iptables v1.4.3.1

Problem with UID (Not match):

/iris:~# iptables -t mangle -L OUTPUT -v -n
Chain OUTPUT (policy ACCEPT 3538K packets, 216M bytes)
 pkts bytes target     prot opt in     out     source              
destination        
 1806  152K TOS        all  --  *      *       0.0.0.0/0
<http://0.0.0.0/0>            0.0.0.0/0 <http://0.0.0.0/0>          
owner UID match 1002 TOS set 0x40/0xc0


root@Firewall-2:~# iptables -t mangle -Z


1002:1002@iris//# ping -c 1 192.168.10.1


root@Firewall-2:~# iptables -t mangle -L PREROUTING -v
-n                         
Chain PREROUTING (policy ACCEPT 226 packets, 76471 bytes)
 pkts bytes target     prot opt in     out     source              
destination        
    0     0 MARK       all  --  eth0.0 *       0.0.0.0/0
<http://0.0.0.0/0>            0.0.0.0/0 <http://0.0.0.0/0>           tos
match 0x40/0xc0 MARK xset 0x2/0xffffffff
    0     0 MARK       all  --  eth0.0 *       0.0.0.0/0
<http://0.0.0.0/0>            0.0.0.0/0 <http://0.0.0.0/0>           tos
match 0x80/0xc0 MARK xset 0x3/0xffffffff
    0     0 MARK       all  --  eth0.0 *       0.0.0.0/0
<http://0.0.0.0/0>            0.0.0.0/0 <http://0.0.0.0/0>           tos
match 0xc0/0xc0 MARK xset 0x4/0xffffffff


/Solved with GID (Match correctly):

/iris:~# iptables -t mangle -L OUTPUT -v -n
Chain OUTPUT (policy ACCEPT 3538K packets, 216M bytes)
 pkts bytes target     prot opt in     out     source              
destination        
 1806  152K TOS        all  --  *      *       0.0.0.0/0
<http://0.0.0.0/0>            0.0.0.0/0 <http://0.0.0.0/0>          
owner GID match 1002 TOS set 0x40/0xc0


root@Firewall-2:~# iptables -t mangle -Z


1002:1002@iris//# ping -c 1 192.168.10.1


root@Firewall-2:~# iptables -t mangle -L PREROUTING -v -n
Chain PREROUTING (policy ACCEPT 7151 packets, 4273K bytes)
 pkts bytes target     prot opt in     out     source              
destination        
    1    84 MARK       all  --  eth0.0 *       0.0.0.0/0
<http://0.0.0.0/0>            0.0.0.0/0 <http://0.0.0.0/0>           tos
match 0x40/0xc0 MARK xset 0x2/0xffffffff
    0     0 MARK       all  --  eth0.0 *       0.0.0.0/0
<http://0.0.0.0/0>            0.0.0.0/0 <http://0.0.0.0/0>           tos
match 0x80/0xc0 MARK xset 0x3/0xffffffff
    0     0 MARK       all  --  eth0.0 *       0.0.0.0/0
<http://0.0.0.0/0>            0.0.0.0/0 <http://0.0.0.0/0>           tos
match 0xc0/0xc0 MARK xset 0x4/0xffffffff

/

Best regards,
vitry
--
To unsubscribe from this list: send the line "unsubscribe netfilter" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at  http://vger.kernel.org/majordomo-info.html
[Index of Archives]     [Linux Netfilter Development]     [Linux Kernel Networking Development]     [Netem]     [Berkeley Packet Filter]     [Linux Kernel Development]     [Advanced Routing & Traffice Control]     [Bugtraq]

  Powered by Linux