Site Navigation

Date:      Tue, 5 Aug 1997 05:50:02 -0700 (PDT)
From:      Alex Nash <nash@mcs.com>
To:        freebsd-bugs
Subject:   Re: bin/4209: ipfw does not work with multiple digit interface numbers
Message-ID:  <199708051250.FAA11125@hub.freebsd.org>

---

next in thread | raw e-mail | index | archive | help

---

The following reply was made to PR bin/4209; it has been noted by GNATS.

From: Alex Nash <nash@mcs.com>
To: FreeBSD-gnats-submit@freebsd.org
Cc:  Subject: Re: bin/4209: ipfw does not work with multiple digit interface numbers
Date: Tue, 05 Aug 1997 07:44:58 -0500

 Daniel Holmes wrote:
 >  I did check the source to ipfw.c over the weekend, and it looks like
 >  when it sets up the unit name and number, it sets the last
 >  character from the string to a null but it looks like it gets
 >  everything after the first digit on the unit number.  At line 742 in ipfw.c:
 > 
 >         rule.fw_via_name[sizeof(rule.fw_via_name) - 1] = '\0';
 > 
 >  changing that to
 > 
 >         rule.fw_via_name[sizeof(rule.fw_via_name)] = '\0';
 
 You don't want that, it'll overwrite the unit field.
 
 The real problem is that the name field is fixed at 6 characters,
 even though net/if.h defines IFNAMSIZ to be 16.  The following
 (briefly tested) patch discards some flexibility in ICMP type
 handling in return for a longer name size.  Previously, any ICMP
 type from 0-255 could be used even though a only handful were
 useful (typically 0-18).  Since the ip_fw structure couldn't be
 expanded beyond its current 108 byte size (due to setsockopt),
 I threw out some of the not-so-often used ICMP types -- those
 above 31.
 
 I've purposely resized the structure to 104 bytes to make it
 incompatible with previous versions of ipfw.
 
 Since the fine folks at Whistle Communications have kept the
 2.2 and -current trees in sync, this patch should apply cleanly
 to both trees.
 
 Alex
 
 Index: src/sbin/ipfw/ipfw.c
 ===================================================================
 RCS file: /cvs/src/sbin/ipfw/ipfw.c,v
 retrieving revision 1.34.2.5
 diff -c -r1.34.2.5 ipfw.c
 *** ipfw.c	1997/06/23 22:34:24	1.34.2.5
 --- ipfw.c	1997/08/04 23:41:07
 ***************
 *** 384,390 ****
   
   		printf(" icmptype");
   
 ! 		for (type_index = 0; type_index < 256; ++type_index)
   			if (chain->fw_icmptypes[type_index / (sizeof(unsigned) * 8)] & 
   				(1U << (type_index % (sizeof(unsigned) * 8)))) {
   				printf("%c%d", first == 1 ? ' ' : ',', type_index);
 --- 384,390 ----
   
   		printf(" icmptype");
   
 ! 		for (type_index = 0; type_index < IP_FW_ICMPTYPES_DIM * sizeof(unsigned) * 8; ++type_index)
   			if (chain->fw_icmptypes[type_index / (sizeof(unsigned) * 8)] & 
   				(1U << (type_index % (sizeof(unsigned) * 8)))) {
   				printf("%c%d", first == 1 ? ' ' : ',', type_index);
 ***************
 *** 697,704 ****
   		if ( *c != ',' && *c != '\0' )
   			show_usage("invalid ICMP type");
   
 ! 		if (icmptype > 255)
 ! 			show_usage("ICMP types are between 0 and 255 inclusive");
   
   		types[icmptype / (sizeof(unsigned) * 8)] |= 
   			1 << (icmptype % (sizeof(unsigned) * 8));
 --- 697,704 ----
   		if ( *c != ',' && *c != '\0' )
   			show_usage("invalid ICMP type");
   
 ! 		if (icmptype >= IP_FW_ICMPTYPES_DIM * sizeof(unsigned) * 8)
 ! 			show_usage("ICMP type out of range");
   
   		types[icmptype / (sizeof(unsigned) * 8)] |= 
   			1 << (icmptype % (sizeof(unsigned) * 8));
 Index: src/sys/netinet/ip_fw.h
 ===================================================================
 RCS file: /cvs/src/sys/netinet/ip_fw.h,v
 retrieving revision 1.23.2.2
 diff -c -r1.23.2.2 ip_fw.h
 *** ip_fw.h	1997/06/20 23:05:34	1.23.2.2
 --- ip_fw.h	1997/08/04 22:58:41
 ***************
 *** 17,22 ****
 --- 17,24 ----
   #ifndef _IP_FW_H
   #define _IP_FW_H
   
 + #include <net/if.h>
 + 
   /*
    * This union structure identifies an interface, either explicitly
    * by name or implicitly by IP address. The flags IP_FW_F_IIFNAME
 ***************
 *** 33,39 ****
   union ip_fw_if {
       struct in_addr fu_via_ip;	/* Specified by IP address */
       struct {			/* Specified by interface name */
 ! #define FW_IFNLEN	6	/* To keep structure on 2^x boundary */
   	    char  name[FW_IFNLEN];
   	    short unit;		/* -1 means match any unit */
       } fu_via_if;
 --- 35,41 ----
   union ip_fw_if {
       struct in_addr fu_via_ip;	/* Specified by IP address */
       struct {			/* Specified by interface name */
 ! #define FW_IFNLEN     IFNAMSIZ
   	    char  name[FW_IFNLEN];
   	    short unit;		/* -1 means match any unit */
       } fu_via_if;
 ***************
 *** 58,64 ****
       u_short fw_pts[IP_FW_MAX_PORTS];	/* Array of port numbers to match */
       u_char fw_ipopt,fw_ipnopt;		/* IP options set/unset */
       u_char fw_tcpf,fw_tcpnf;		/* TCP flags set/unset */
 ! #define IP_FW_ICMPTYPES_DIM (256 / (sizeof(unsigned) * 8))
       unsigned fw_icmptypes[IP_FW_ICMPTYPES_DIM]; /* ICMP types bitmap */
       long timestamp;			/* timestamp (tv_sec) of last match */
       union ip_fw_if fw_in_if, fw_out_if;	/* Incoming and outgoing interfaces */
 --- 60,66 ----
       u_short fw_pts[IP_FW_MAX_PORTS];	/* Array of port numbers to match */
       u_char fw_ipopt,fw_ipnopt;		/* IP options set/unset */
       u_char fw_tcpf,fw_tcpnf;		/* TCP flags set/unset */
 ! #define IP_FW_ICMPTYPES_DIM (32 / (sizeof(unsigned) * 8))
       unsigned fw_icmptypes[IP_FW_ICMPTYPES_DIM]; /* ICMP types bitmap */
       long timestamp;			/* timestamp (tv_sec) of last match */
       union ip_fw_if fw_in_if, fw_out_if;	/* Incoming and outgoing interfaces */

---

Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?199708051250.FAA11125>

Legal Notices | © 1995-2024 The FreeBSD Project. All rights reserved.

Contact