Date: Sun, 12 Jan 2003 16:52:53 +0300 (MSK) From: Maxim Konovalov <maxim@macomnet.ru> To: Wiktor Niesiobedzki <kaczor@mail.evip.pl> Cc: current@FreeBSD.ORG Subject: Re: IPFW2 skipto + logging Message-ID: <20030112165156.G22175@news1.macomnet.ru> In-Reply-To: <20021110173443.A5529@mail.evip.pl> References: <20021110173443.A5529@mail.evip.pl>
next in thread | previous in thread | raw e-mail | index | archive | help
Hello, On 17:34+0100, Nov 10, 2002, Wiktor Niesiobedzki wrote: > Hi, > > Rule of the format: > ipfw add 100 skipto 400 log logamount 0 ip from 192.168.0.0/24 to 192.168.0.0/24 > Will give this strange result: > Nov 10 17:01:05 portal kernel: ipfw: 100 SkipTo 400 TCP 192.168.0.1:139 192.168.0.2:1170 out via ed0 > Nov 10 17:01:05 portal kernel: ipfw: 310 Pipe 2 TCP 192.168.0.1:139 192.168.0.2:1170 out via ed0 > Nov 10 17:01:05 portal kernel: ipfw: 320 Pipe 2 TCP 192.168.0.1:139 192.168.0.2:1170 out via ed0 > Nov 10 17:01:05 portal kernel: ipfw: 340 Pipe 3 TCP 192.168.0.1:139 192.168.0.2:1170 out via ed0 > Nov 10 17:01:05 portal kernel: ipfw: 340 Pipe 4 TCP 192.168.0.1:139 192.168.0.2:1170 out via ed0 > Nov 10 17:01:05 portal kernel: ipfw: 360 Pipe 4 TCP 192.168.0.1:139 192.168.0.2:1170 out via ed0 > Nov 10 17:01:05 portal kernel: ipfw: 380 Pipe 4 TCP 192.168.0.1:139 192.168.0.2:1170 out via ed0 > Nov 10 17:01:05 portal kernel: ipfw: 800 Accept TCP 192.168.0.1:139 192.168.0.2:1170 out via ed0 > > So, clearly saying - will not work, the rule: > ipfw add 100 skipto 400 ip from 192.168.0.0/24 to 192.168.0.0/24 > is working correctly. > > Is there any problems with ACTION_PTR macro? Please try a next patch: Index: sys/netinet/ip_fw2.c =================================================================== RCS file: /home/ncvs/src/sys/netinet/ip_fw2.c,v retrieving revision 1.22 diff -u -r1.22 ip_fw2.c --- sys/netinet/ip_fw2.c 27 Dec 2002 17:43:25 -0000 1.22 +++ sys/netinet/ip_fw2.c 12 Jan 2003 13:49:48 -0000 @@ -1180,6 +1180,7 @@ /* look for action, in case it is a skipto */ cmd = ACTION_PTR(me); + cmd += F_LEN(cmd); if ( cmd->opcode == O_SKIPTO ) for (rule = me->next; rule ; rule = rule->next) if (rule->rulenum >= cmd->arg1) %%% -- Maxim Konovalov, MAcomnet, Internet Dept., system engineer phone: +7 (095) 796-9079, mailto:maxim@macomnet.ru To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-current" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20030112165156.G22175>