Google Git
Sign in
googlers / maze / iptables / 08628f20f492a1f9178f6df2a276f9a108ac0022
commit08628f20f492a1f9178f6df2a276f9a108ac0022[log] [tgz]
authorFlorian Westphal <fw@strlen.de>Fri Dec 16 18:34:06 2011 +0100
committerPablo Neira Ayuso <pablo@netfilter.org>Fri Dec 23 14:55:39 2011 +0100
tree5f289b30073940a4d6a628f2920b8f1ecb64f0f4
parentb8c42eca0f224a00bf55b60ded81af14a1e07da1 [diff]
libxt_connbytes: fix handling of --connbytes FROM

quoting man page:

match packets  from  a  connection  whose packets/bytes/average
packet size is more than FROM and less than TO bytes/packets. if
TO is omitted only FROM check is done.

But, when TO was omitted, we did treat it like "x:x" which is not
the same at all.

Before commit 09631dc60ce41bc484a42fcf4d4ddf7036820bd1
(libxt_connbytes: use guided option parser), we failed to parse
"--connbytes x" ('Bad range "x"'), but treated "x:" like "x:0xffffffff".

Also, restore the "from must be smaller than to" check.

Signed-off-by: Florian Westphal <fw@strlen.de>
1 file changed
tree: 5f289b30073940a4d6a628f2920b8f1ecb64f0f4
  1. extensions/
  2. include/
  3. iptables/
  4. libipq/
  5. libiptc/
  6. libxtables/
  7. m4/
  8. tests/
  9. utils/
  10. .gitignore
  11. autogen.sh
  12. COMMIT_NOTES
  13. configure.ac
  14. COPYING
  15. INCOMPATIBILITIES
  16. INSTALL
  17. Makefile.am
  18. release.sh