#18678: OpenWRT iptables string matching doesn't work for TCP
-------------------------+------------------------
Reporter: awesomezq@… | Owner: developers
Type: defect | Status: new
Priority: normal | Milestone:
Component: packages | Version: Trunk
Keywords: iptables |
-------------------------+------------------------
Version: Latest trunk version of openwrt. Linux OpenWrt 3.14.26
Platform: DLink DIR-505
Procedure:
{{{
opkg update
opkg install iptables-mod-filter
reboot
....
iptables -I INPUT -m string --algo bm --string "test" -j DROP
}}}
Effect:
UDP packets with "test" within is dropped (correctly) while it doesn't
seem to be the case for tcp.
With a server-enabled netcat:
{{{
<router> netcat -l -p 1234
<PC> netcat <router_ip> 1234
<PC> abc
<router> abc
<PC> test
<router> test <!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!>
<PC> abc
<router> abc
}}}
All packets gets through (including those with "test" within).
which is not the case for UDP packets.
{{{
<router> netcat -lu -p 1234
<PC> netcat -u <router_ip> 1234
<PC> abc
<router> abc
<PC> test <-----correctly dropped
<PC> abc
<router> abc
}}}
--
Ticket URL: <https://dev.openwrt.org/ticket/18678>
OpenWrt <http://openwrt.org>
Opensource Wireless Router Technology
_______________________________________________
openwrt-tickets mailing list
[email protected]
https://lists.openwrt.org/cgi-bin/mailman/listinfo/openwrt-tickets
