[LARTC] iptables u32 kernel 2.6.17
Piotr Chytla
pch at packetconsulting.pl
Wed Aug 2 23:30:29 CEST 2006
On Wed, Aug 02, 2006 at 03:52:39PM +0200, Torsten Luettgert wrote:
> On Wed, 2006-08-02 at 10:55 +0200, gerald HUET wrote:
> > [ 5333.870000] ip_tables: u32 match: invalid size 0 !=
> > 2028
> > iptables: Unknown error -1
> >
> > I tried to do some modifications on ipt_u32.c
> > following modifications which work for ipp2p
> > (http://www.sieglitzhof.net/~doc/ipp2p/) without any
> > succes.
>
> Hm, that should have worked - it's the same problem for
> all the little-maintained stuff in patch-o-matic.
>
> > Does anyone have an explication why the problem occurs
> > whith the new kernel and how to solve it ?
>
> The parameters to checkentry() and match() changed
> incompatibly between 2.6.16 and 2.6.17.
>
> The u32 match in current SVN works with 2.6.17
> (but not with 2.6.16 or earlier).
>
> You need to
> svn co http://svn.netfilter.org/netfilter/trunk/patch-o-matic-ng
>
> then patch your kernel and recompile.
apply also patch from attachment. 2.6.17 needs matchsize in ipt_match struct.
triss:~# iptables -I FORWARD -p udp -m length --length 39 -m u32 --u32 '27&0x8f=7' --u32 '31=0x527c4833' -j DROP
triss:~# iptables -L FORWARD -vn
Chain FORWARD (policy ACCEPT 0 packets, 0 bytes)
pkts bytes target prot opt in out source destination
0 0 DROP udp -- * * 0.0.0.0/0 0.0.0.0/0 length 39 u32 0x1f=0x527c4833
seems working.
/pch
--
Dyslexia bug unpatched since 1977 ...
exploit has been leaked to the underground.
-------------- next part --------------
--- ipt_u32.c 2006-08-02 22:34:29.000000000 +0200
+++ /usr/src/linux-2.6.17.6/net/ipv4/netfilter/ipt_u32.c 2006-08-02 22:45:43.000000000 +0200
@@ -217,6 +217,7 @@
static struct ipt_match u32_match = {
.name = "u32",
.match = &match,
+ .matchsize = sizeof(struct ipt_u32),
.checkentry = &checkentry,
.me = THIS_MODULE
};
More information about the LARTC
mailing list