HELP: easy programming bug or not?

Thu, 21 Feb 2002 04:22:31 -0800 

Hi all

In linux-2.4.13-h323patch/net/ipv4/netfilter/ip_conntrack_h323.c I found the 
following piece of code (See bottom)

In the if statement ctinfo is checked for some conditions. The way they test 
the conditions tells me that the IP_CT_ESTABLISHED and IP_CT_IS_REPLY are 
bitmasks because they are added and they are part of an enumaration. When i 
looked at the declaration of that enum i see an ordinairy enum without 
numbers (thus using default ones starting at zero!)

What will result in the following numbers after the pre processor...
IP_CT_ESTABLISHED = 0
IP_CT_RELATED = 1
IP_CT_NEW = 2
IP_CT_IS_REPLY = 3
IP_CT_NUMBER = IP_CT_IS_REPLY * 2 - 1 = 5 (huh?)

I Really dont understand the logic here..... You cannot bitmask this!!! 
(Unless there is a sofisticated state behind these numbers)

What I was expecting:
IP_CT_ESTABLISHED = 1
IP_CT_RELATED = 2
IP_CT_NEW = 4
IP_CT_IS_REPLY = 8
IP_CT_NUMBER = IP_CT_IS_REPLY * 2 - 1 = 15 (number of possible 
combinations?)

What i like to know from every self respecting hacker is this a bug or do i 
not understand the logic behind this.
At least is is poor ducumented to me...


Snippet where the enum is used
(linux-2.4.13-h323patch/net/ipv4/netfilter/ip_conntrack_h323.c)
*****
*****
static int h245_help(const struct iphdr *iph, size_t len,
                     struct ip_conntrack *ct,
                     enum ip_conntrack_info ctinfo)
{
        ...
        ...
        ...
        /* Until there's been traffic both ways, don't look in packets. */
        if (ctinfo != IP_CT_ESTABLISHED
            && ctinfo != IP_CT_ESTABLISHED + IP_CT_IS_REPLY) {
                DEBUGP("ct_h245_help: Conntrackinfo = %u\n", ctinfo);
                return NF_ACCEPT;
        }
        ...
        ...
}
****
****


Snippet where the enum is declared
(linux-2.4.13-h323patch/include/linux/netfilter_ipv4/ip_conntrack.h)
****
****
...
...
enum ip_conntrack_info
{
        /* Part of an established connection (either direction). */
        IP_CT_ESTABLISHED,

        /* Like NEW, but related to an existing connection, or ICMP error    
   (in either direction). */
        IP_CT_RELATED,

        /* Started a new connection to track (only
           IP_CT_DIR_ORIGINAL); may be a retransmission. */
        IP_CT_NEW,

        /* >= this indicates reply direction */
        IP_CT_IS_REPLY,

        /* Number of distinct IP_CT types (no NEW in reply dirn). */
        IP_CT_NUMBER = IP_CT_IS_REPLY * 2 - 1
};
...
...
****
****

_________________________________________________________________
MSN Photos is the easiest way to share and print your photos: 
http://photos.msn.com/support/worldwide.aspx

Reply via email to