git.ipfire.org Git - thirdparty/iptables.git/commit

author	Jan Engelhardt <jengelh@medozas.de>
	Tue, 27 Oct 2009 01:59:33 +0000 (02:59 +0100)
committer	Jan Engelhardt <jengelh@medozas.de>
	Thu, 29 Oct 2009 18:04:00 +0000 (19:04 +0100)
commit	4f0d7b660e0ae8f678142fd2a1722b27ad472169
tree	ecd74d135b8d32ecdae966b08ef5e371bc99c84f	tree \| snapshot
parent	7c4d668c9c2ee007c82063b7fc784cbbf46b2ec4	commit \| diff

iptables: fix undersized deletion mask creation

The mask created for the -D rulespec is simply too small.
xtables_targets points to whatever target has last been loaded, so
xtables_targets->size is quite almost wrong, as we need to use the
size of the target for the specific rule that is about to be deleted.

This bug existed ever since iptables history is tracked, and requires
certain circumstances to be visible, where the deletion operation is
one. Furthermore, multiple userspace target extensions must have been
loaded, and a target B whose .size is smaller than the target A of
the rule we are about to delete must have been loaded more recently
than target A. The minimal testcase is (rule 60007 gets wrongly
removed)

*nat
-F
-X
-A POSTROUTING -p udp -j SNAT --to 192.168.1.1:60007
-A POSTROUTING -p udp -j SNAT --to 192.168.1.1:60008
-A POSTROUTING -p udp -j CONNMARK --set-mark 0
-D POSTROUTING -p udp -j SNAT --to 192.168.1.1:60008
COMMIT

References: http://bugzilla.netfilter.org/show_bug.cgi?id=606
Signed-off-by: Jan Engelhardt <jengelh@medozas.de>

ip6tables.c		diff \| blob \| blame \| history
iptables.c		diff \| blob \| blame \| history