Date: Fri, 22 Nov 2013 15:09:37 -0700 From: Ian Lepore <ian@FreeBSD.org> To: Mark Andrews <marka@isc.org> Cc: freebsd-ipfw <freebsd-ipfw@FreeBSD.org>, Andreas Nilsson <andrnils@gmail.com>, Luigi Rizzo <rizzo@iet.unipi.it>, =?ISO-8859-1?Q?=D6zkan?= KIRIK <ozkan.kirik@gmail.com>, freebsd-stable <freebsd-stable@FreeBSD.org> Subject: Re: ipfw table add problem Message-ID: <1385158177.31172.562.camel@revolution.hippie.lan> In-Reply-To: <20131122003538.8D5B8AB6EA6@rock.dv.isc.org> References: <CAAcX-AGDZbFn5RmhLBBn2PPWRPcsFUnea5MgTc7nuXGD8Ge53A@mail.gmail.com> <CAPS9%2BSv9Um47wzOkfEsA_S7sb-FbQ=aZE2qb7EkFgnzEsrOc%2BQ@mail.gmail.com> <CAAcX-AHqxnx73%2BP_h0ooK8CNZCM0%2BOo-TckLNHexqnP8bytCpA@mail.gmail.com> <CAPS9%2BSv=4J2g8rCbz-99VoQiN8=eNsDWJkNVW6E0g%2B2B-LPTEQ@mail.gmail.com> <CAAcX-AHQvZDXJUKrVKnW4xhOxO4DE7uFUyMqBC2biVaDhq%2BcGg@mail.gmail.com> <1385045442.31172.549.camel@revolution.hippie.lan> <20131122003538.8D5B8AB6EA6@rock.dv.isc.org>
next in thread | previous in thread | raw e-mail | index | archive | help
On Fri, 2013-11-22 at 11:35 +1100, Mark Andrews wrote: > In message <1385045442.31172.549.camel@revolution.hippie.lan>, Ian Lepore writes: > > On Tue, 2013-11-19 at 23:26 +0200, =D6zkan KIRIK wrote: > > > On Tue, Nov 19, 2013 at 11:21 PM, Andreas Nilsson <andrnils@gmail.com>wro= > > te: > > > = > > > > > > > > > > > > > > > > > > On Tue, Nov 19, 2013 at 9:36 PM, =D6zkan KIRIK <ozkan.kirik@gmail.com>w= > > rote: > > > > > > > >> Hi, > > > >> > > > >> > > > >> > > > >> On Tue, Nov 19, 2013 at 10:22 PM, Andreas Nilsson <andrnils@gmail.com>= > > wrote: > > > >> > > > >>> > > > >>> > > > >>> > > > >>> On Tue, Nov 19, 2013 at 8:55 PM, =D6zkan KIRIK <ozkan.kirik@gmail.com= > > >wrote: > > > >>> > > > >>>> Hi, > > > >>>> > > > >>>> I'm using kernel FreeBSD 10.0-BETA3 #2 r257635 kernel. > > > >>>> I am trying to add port number to ipfw tables. But there is something > > > >>>> strange : > > > >>>> Problem is easily repeatable. > > > >>>> > > > >>>> #ipfw table 1 flush > > > >>>> #ipfw table 1 add 4899 > > > >>>> #ipfw table 1 list > > > >>>> ::/0 0 > > > >>>> > > > >>> Works with ipfw table 1 add 0 4899 > > > >>> > > > >> No, i want to use this table as port list ( to use with "lookup src-po= > > rt > > > >> 1" ) . If you add like this, you cannot match against ports. Am I wron= > > g? > > > >> > > > > No, that should be possible. > > > > > > > >> > > > >> > > > >>> > > > >>>> #ipfw table 1 flush > > > >>>> #ipfw table 1 add 10.2.3.01 ( not 10.0.0.1, the last 1 has 0= > > as > > > >>>> prefix ) > > > >>>> #ipfw table 1 list > > > >>>> ::/0 0 > > > >>>> > > > >>> Did you mean ipfw table 1 add 10.2.3.0 1 ? That works for me. > > > >>> > > > >> Please dont leave spaces between 0 and 1. > > > >> > > > > Ok. any specific reason to type it as 10.2.3.01 instead 0f 10.2.3.1 ? > > > > > > > There is no specific reason, but both 10.2.3.01 and 10.2.3.1 are has true > > > syntax. > > > The problem is, ipfw doesnt throw any errors, but record added as > > > 0.0.0.0/0( all the IPv4 network ). This behaviour is really dangerous. > > > = > > > > > FreeBSD 8.2 and 8.4 doesnt have this problem. > > > > For this, I wonder if ipfw was recently changed from using inet_aton() > > to inet_pton() to parse addresses? Our implementation of inet_pton() > > does not match the manpage -- it's supposed to accept decimal, octal, or > > hex numbers for each of the dotted IP comonents, but it accepts decimal > > only. 10.2.3.01 appears to cause it to return 0 as the address. Our > > inet_aton() handles oct/dec/hex. > > The man page is wrong. > > RFC 3493 states inet_pton *only* takes dotted decimal. This was > the same in RFC 2553. The implementation Paul Vixie and I wrote > back in 199[89] for BIND only accepts dotted decimal with no leading > zeros. Actually, it was me that was wrong... the man page does mention the differences between inet_aton() and inet_pton(), I just didn't read all the way to the end. -- Ian
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?1385158177.31172.562.camel>