The officially official Devuan Forum!

You are not logged in.

#1 2020-02-29 21:30:37

Eaglet
Member
From: Россия
Registered: 2018-06-24
Posts: 21  
Website

Iptables standartd issue

Hello, friends!

In Devuan 1, Devuan 2, Devuan 3 (and Debian, and Ubuntu) have next standard issue with iptables!

The current range of values for the --tcp-option iptables flag is 1-255 - this is not correct. The correct range of values should be 0-254. Please read the following information: https://www.iana.org/assignments/tcp-pa … rameters-1 This negative change in iptables was made approximately 2 years ago without making this change public. Please report this issue to the iptables developers so that they can set the range of --tcp-option values in accordance with the accepted standards for the TCP Protocol.

Last edited by Eaglet (2020-02-29 21:32:22)

Offline

#2 2020-03-01 13:52:43

fsmithred
Administrator
Registered: 2016-11-25
Posts: 1,404  

Re: Iptables standartd issue

Do you know when and where this change took place? Was it in debian or upstream?

Where is '--tcp-option' from? It is not mentioned in man iptables.

Offline

#3 2020-03-01 14:49:14

Eaglet
Member
From: Россия
Registered: 2018-06-24
Posts: 21  
Website

Re: Iptables standartd issue

fsmithred wrote:

Do you know when and where this change took place? Was it in debian or upstream?

Where is '--tcp-option' from? It is not mentioned in man iptables.

Salute, comrade!

About --tcp-option please see this information from netfilter developers: https://www.netfilter.org/documentation … WTO-7.html or see man page iptables: https://linux.die.net/man/8/iptables

I don't know exactly where the change occurred, but it happened about 2 years ago. About 2 years ago, after the next update in iptables (this can be tracked by the history of updating fixes and updates for iptables in Debian b) in Debian 9, I started to show an error in the logs about the absence of --tcp-option 0. As it turned out in the future, this error was present in both Ubuntu and Devuan. I suspect that the developers of netfilter made this error, because it has become present in all derivatives based on Ubuntu and Debian.

Last edited by Eaglet (2020-03-01 15:06:00)

Offline

#4 2020-03-01 22:00:31

ralph.ronnquist
Administrator
From: Clifton Hill, Victoria, AUS
Registered: 2016-11-30
Posts: 393  

Re: Iptables standartd issue

Are you saying that iptables decrements the given option code by 1?

Or is it that you find it confusing that the --tcp-option parameter rejects code 0?

Rejecting option code 0 is of course consistent with the code table, since code 0 is an "end of options list" marker, and not an option code in itself.

Offline

#5 2020-03-04 23:03:37

Eaglet
Member
From: Россия
Registered: 2018-06-24
Posts: 21  
Website

Re: Iptables standartd issue

ralph.ronnquist wrote:

Are you saying that iptables decrements the given option code by 1?

Or is it that you find it confusing that the --tcp-option parameter rejects code 0?

Rejecting option code 0 is of course consistent with the code table, since code 0 is an "end of options list" marker, and not an option code in itself.

1. What I wanted to say, I have already said here.
2. There are standards that are accepted as a standard and these standards should be followed, and not "break" user dependencies.
3. I'm not a girl to be embarrassed about.
4. The range of TCP options should be between 0 and 254, not as it is now from 1 to 255.

Offline

Board footer