Page MenuHomePhabricator

"show firewall ...." does not show information correctly in specific cases
Closed, ResolvedPublicBUG

Description

If the packet counter in the output of iptables command contains a value with eight or more digits, these values are not processed correctly in show firewall output.

This problem is causing by an incorrect algorithm of output parsing in vyatta-show-firewall.pl.

Details

Difficulty level
Normal (likely a few hours)
Version
1.2.1
Why the issue appeared?
Will be filled on close

Event Timeline

zsdc created this task.Jun 20 2019, 7:28 PM
zsdc claimed this task.
zsdc changed the task status from Open to In progress.
zsdc added a comment.Jun 20 2019, 8:57 PM

Example of the output when value is below 10000000:

vyos@test-06:~$ show firewall name TESTFW rule 50 

-----------------------------
Rulesets Information
-----------------------------

IPv4 Firewall "TESTFW":

 Active on (eth2,IN)

rule  action   proto     packets  bytes                                   
----  ------   -----     -------  -----                                   
50    accept   tcp_udp   166      26932                                   
  condition - saddr 0.0.0.0/0 daddr 0.0.0.0/0

Example of the output when value is above 10000000:

vyos@test-06:~$ show firewall name TESTFW rule 50

-----------------------------
Rulesets Information
-----------------------------

IPv4 Firewall "TESTFW":

 Active on (eth2,IN)

rule  action   proto     packets  bytes                                   
Argument "RETURN" isn't numeric in addition (+) at /opt/vyatta/bin/vyatta-show-firewall.pl line 341.
----  ------   -----     -------  -----                                   
50    accept   tcp_udp   1929030196 7744                                    
  condition - saddr 0.0.0.0/0 daddr /*                                          

vyos@test-06:~$ sudo iptables -t filter -L TESTFW -nvx
Chain TESTFW (2 references)
    pkts      bytes target     prot opt in     out     source               destination         
10682320 1929032208 RETURN     tcp  --  *      *       0.0.0.0/0            0.0.0.0/0            /* TESTFW-50 */
      33     8988 RETURN     udp  --  *      *       0.0.0.0/0            0.0.0.0/0            /* TESTFW-50 */
28280889 2375565896 RETURN     all  --  *      *       0.0.0.0/0            0.0.0.0/0            /* TESTFW-10000 default-action accept */