IPTables: Uninitialized value in bitwise operations?

spiff06

Well-Known Member
Jan 17, 2004
87
0
156
Hello everyone,

We've been having an increasing number of errors in the kernel script, showing up in the daily LogWatch email report:

Use of uninitialized value in bitwise or (|) at /etc/log.d/scripts/services/kernel line 100, <STDIN> line 828266.
Use of uninitialized value in left bitshift (<<) at /etc/log.d/scripts/services/kernel line 102, <STDIN> line 828266.
The offending lines compare IPs for matching:
Code:
sub compIP {
   my ($a1,$a2,$a3,$a4,$aval,$bval);

   # get numeric values for a and b
   ($a1,$a2,$a3,$a4) = split /\./,$a;
   $aval = ($a1 << 24) | ($a2 << 16) | ($a3 << 8) | $a4;
   ($a1,$a2,$a3,$a4) = split /\./,$b;
   $bval = ($a1 << 24) | ($a2 << 16) | ($a3 << 8) | $a4;

   return $aval <=> $bval;
}
According to this post, the lines in question (100 & 102) have to do with IPTables setup. Indeed we've had some intrusion attempts coming up that we attempted to block with the IPTables firewall: changes were made to the setup to block (DROP) 10 IPs over the course of the last week or so.

If I look at iptables --list, addresses blocked show either as IPs or as domains (such as this.is.our.domain), even though I stored them as IPs using iptables -A INPUT -p tcp -s xxx.xxx.xxx.xxx -j DROP; if the script processes the same strings as those shown on the list, then the above bitwise operations would fail when encountering a word rather than a number. Is that indeed the case?

I'm currently looking at the IPTables manual (http://www.netfilter.org/documentation/index.html), but would appreciate if someone would chip in on this issue, and suggest corrective steps.

Thanks,
Eric
 

spiff06

Well-Known Member
Jan 17, 2004
87
0
156
I've removed all entries from iptables except for the log. But I still get floods of junk messages about failed bitwise operations that make the LogWatch message utterly useless.

Surely someone else experienced this issue?

Please help.
Eric