Skip site navigation (1)Skip section navigation (2) 
Date:      Fri, 22 Aug 2008 09:52:49 +0000 (UTC)
From:      Vadim Goncharov <vadim_nuclight@mail.ru>
To:        freebsd-security@freebsd.org
Subject:   Re: ipfw "bug" - recv any = not recv any
Message-ID:  <slrngat33h.fp7.vadim_nuclight@server.filona.x88.info>
References:  <488F2B57.7000706@wagsky.com>
next in thread | previous in thread | raw e-mail | index | archive | help 
Hi Jeff Kletsky! 

On Tue, 29 Jul 2008 07:38:15 -0700; Jeff Kletsky wrote about 'Re: ipfw "bug" - recv any = not recv any':

>> In practice, both "recv any" and "not recv any" appear to be "no-op" 
>> phrases.
>> 
> [...]
>> In my opinion, the following would be "ideal"
>> 
>> 1) "recv any" -- matches packets that have been received by the host 
>> through one of its interfaces
>> 2) "not recv any" -- does not match packets that have been received by 
>> the host through one of its interfaces
>> 
>> Unfortunately, implementing (1) would likely break a lot of people's 
>> rule sets
>> 
>> (2), however, I can't immediately see being used without expecting that 
>> it would fail to match packets that were received by the current host, 
>> so its implementation would be a bit "safer" for the community
>> 
> Julian Elishcher suggested:
>> how does "not recv *" (appropriatly escaped for your shell) do?
> This does appear to "work as desired" -- suggesting documentation
> clarification rather than functionality change

The trouble is that 'recv any' considered useless (yes, on the input it will
always match, so why spend time for additional check) and optimised by parser,
effectively cut out - kernel doesn't know anything about "any". I don't know
why this keyword still exist at all.

BTW, if you need to check for packets originating from local host, why don't
you use "from me" as most intuitive approach?

> My apologies for not posting to the ipfw list.

Yes, that would be better...

-- 
WBR, Vadim Goncharov. ICQ#166852181       mailto:vadim_nuclight@mail.ru
[Moderator of RU.ANTI-ECOLOGY][FreeBSD][http://antigreen.org][LJ:/nuclight]

Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?slrngat33h.fp7.vadim_nuclight>