Package: xtables-addons-source
Version: 1.26-2
Severity: normal
Hi,
Module pknock not working. Tried:
iptables -A INPUT -p tcp -m pknock --knockports 14,15,16 --name knock
--time 10 --autoclose 1
In kern.log got:
....
May 3 19:04:36 temptation kernel: [ 8613.350000] ------------[ cut
here ]------------
May 3 19:04:36 temptation kernel: [ 8613.360000] WARNING: at
/build/buildd-linux-2.6_2.6.32-31-armel-ReZWr3/linux-2.6-2.6.32/debian/build/sour
ce_armel_none/fs/proc/generic.c:590 proc_register+0x11c/0x174()
May 3 19:04:36 temptation kernel: [ 8613.370000] proc_dir_entry
'xt_pknock/knock' already registered
May 3 19:04:36 temptation kernel: [ 8613.380000] Modules linked in:
xt_pknock cn sha256_generic hmac xt_recent xt_limit ipt_REJECT xt_psd
comp
at_xtables xt_tcpudp xt_state iptable_nat iptable_mangle iptable_raw
nf_nat_ftp nf_nat nf_conntrack_ipv4 nf_defrag_ipv4 nf_conntrack_ftp
nf_con
ntrack iptable_filter ip_tables x_tables evdev usblp ixp4xx_beeper
ext3 jbd mbcache sd_mod crc_t10dif usb_storage scsi_mod ohci_hcd
ehci_hcd ix
p4xx_eth ixp4xx_npe ixp4xx_qmgr libphy usbcore nls_base [last unloaded: cn]
May 3 19:04:36 temptation kernel: [ 8613.420000] [<c002af9c>]
(unwind_backtrace+0x0/0xdc) from [<c0042894>]
(warn_slowpath_common+0x4c/0x80)
May 3 19:04:36 temptation kernel: [ 8613.430000] [<c0042894>]
(warn_slowpath_common+0x4c/0x80) from [<c0042904>]
(warn_slowpath_fmt+0x28/0x38)
May 3 19:04:36 temptation kernel: [ 8613.440000] [<c0042904>]
(warn_slowpath_fmt+0x28/0x38) from [<c0110770>]
(proc_register+0x11c/0x174)
May 3 19:04:36 temptation kernel: [ 8613.450000] [<c0110770>]
(proc_register+0x11c/0x174) from [<c01108e8>]
(create_proc_entry+0x78/0x98)
May 3 19:04:36 temptation kernel: [ 8613.460000] [<c01108e8>]
(create_proc_entry+0x78/0x98) from [<bf1eb950>]
(pknock_mt_check+0x4e0/0x5bc [xt_pknock])
May 3 19:04:36 temptation kernel: [ 8613.470000] [<bf1eb950>]
(pknock_mt_check+0x4e0/0x5bc [xt_pknock]) from [<bf18c214>]
(xtnu_match_check+0x44/0x54 [compat_xtables])
May 3 19:04:36 temptation kernel: [ 8613.480000] [<bf18c214>]
(xtnu_match_check+0x44/0x54 [compat_xtables]) from [<bf11665c>]
(xt_check_match+0x14c/0x174 [x_tables])
May 3 19:04:36 temptation kernel: [ 8613.490000] [<bf11665c>]
(xt_check_match+0x14c/0x174 [x_tables]) from [<bf11fc10>]
(translate_table+0x420/0x6a4 [ip_tables])
May 3 19:04:36 temptation kernel: [ 8613.500000] [<bf11fc10>]
(translate_table+0x420/0x6a4 [ip_tables]) from [<bf11ffbc>]
(do_ipt_set_ctl+0x128/0x4d0 [ip_tables])
May 3 19:04:36 temptation kernel: [ 8613.520000] [<bf11ffbc>]
(do_ipt_set_ctl+0x128/0x4d0 [ip_tables]) from [<c020293c>]
(nf_sockopt+0x178/0x1a4)
May 3 19:04:36 temptation kernel: [ 8613.530000] [<c020293c>]
(nf_sockopt+0x178/0x1a4) from [<c02029a8>] (nf_setsockopt+0x1c/0x24)
May 3 19:04:36 temptation kernel: [ 8613.530000] [<c02029a8>]
(nf_setsockopt+0x1c/0x24) from [<c020f3e8>] (ip_setsockopt+0x80/0xa0)
May 3 19:04:36 temptation kernel: [ 8613.540000] [<c020f3e8>]
(ip_setsockopt+0x80/0xa0) from [<c01d5fe8>]
(sock_common_setsockopt+0x24/0x2c)
May 3 19:04:36 temptation kernel: [ 8613.550000] [<c01d5fe8>]
(sock_common_setsockopt+0x24/0x2c) from [<c01d403c>]
(sys_setsockopt+0x94/0xb8)
May 3 19:04:36 temptation kernel: [ 8613.560000] [<c01d403c>]
(sys_setsockopt+0x94/0xb8) from [<c0024ec0>]
(ret_fast_syscall+0x0/0x28)
May 3 19:04:36 temptation kernel: [ 8613.570000] ---[ end trace
412aa899aa006481 ]---
May 3 19:04:36 temptation kernel: [ 8613.610000] xt_pknock: The rule
knock doesn't exist.
May 3 19:04:38 temptation kernel: [ 8615.170000] xt_pknock: The rule
knock doesn't exist.
....
I've checked source and found bug in it. Function rulecmp returns
false on match, but in other functions it's assumed, that it should
return true. After patching (patch attached) everything working fine.
-- System Information:
Debian Release: 6.0.1
APT prefers stable
APT policy: (500, 'stable')
Architecture: armel (armv5tel)
Kernel: Linux 2.6.32-5-ixp4xx
Locale: LANG=C, LC_CTYPE=C (charmap=ANSI_X3.4-1968)
Shell: /bin/sh linked to /bin/dash
Versions of packages xtables-addons-source depends on:
ii bzip2 1.0.5-6 high-quality block-sorting file co
ii debhelper 8.0.0 helper programs for debian/rules
ii iptables-dev 1.4.8-3 iptables development files
ii make 3.81-8 An utility for Directing compilati
ii module-assistant 0.11.3 tool to make module package creati
ii pkg-config 0.25-1.1 manage compile and link flags for
xtables-addons-source recommends no packages.
xtables-addons-source suggests no packages.
-- no debconf information
--- modules.orig/xtables-addons/pknock/xt_pknock.c 2011-05-07 23:12:24.000000000 +0200
+++ modules/xtables-addons/pknock/xt_pknock.c 2011-05-07 23:14:05.000000000 +0200
@@ -428,7 +428,7 @@
list_for_each_safe(pos, n, &rule_hashtable[hash]) {
rule = list_entry(pos, struct xt_pknock_rule, head);
- if (rulecmp(info, rule))
+ if (!rulecmp(info, rule))
return rule;
}
return NULL;
@@ -451,7 +451,7 @@
list_for_each_safe(pos, n, &rule_hashtable[hash]) {
rule = list_entry(pos, struct xt_pknock_rule, head);
- if (rulecmp(info, rule)) {
+ if (!rulecmp(info, rule)) {
++rule->ref_count;
if (info->option & XT_PKNOCK_OPENSECRET) {
@@ -528,7 +528,7 @@
list_for_each_safe(pos, n, &rule_hashtable[hash]) {
rule = list_entry(pos, struct xt_pknock_rule, head);
- if (rulecmp(info, rule)) {
+ if (!rulecmp(info, rule)) {
found = 1;
rule->ref_count--;
break;
