From owner-freebsd-ipfw@FreeBSD.ORG Mon Oct 10 11:01:54 2005 Return-Path: X-Original-To: freebsd-ipfw@freebsd.org Delivered-To: freebsd-ipfw@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 239A316A41F for ; Mon, 10 Oct 2005 11:01:54 +0000 (GMT) (envelope-from owner-bugmaster@freebsd.org) Received: from freefall.freebsd.org (freefall.freebsd.org [216.136.204.21]) by mx1.FreeBSD.org (Postfix) with ESMTP id E3C1043D4C for ; Mon, 10 Oct 2005 11:01:53 +0000 (GMT) (envelope-from owner-bugmaster@freebsd.org) Received: from freefall.freebsd.org (peter@localhost [127.0.0.1]) by freefall.freebsd.org (8.13.3/8.13.3) with ESMTP id j9AB1rLB051296 for ; Mon, 10 Oct 2005 11:01:53 GMT (envelope-from owner-bugmaster@freebsd.org) Received: (from peter@localhost) by freefall.freebsd.org (8.13.3/8.13.1/Submit) id j9AB1rkH051290 for freebsd-ipfw@freebsd.org; Mon, 10 Oct 2005 11:01:53 GMT (envelope-from owner-bugmaster@freebsd.org) Date: Mon, 10 Oct 2005 11:01:53 GMT Message-Id: <200510101101.j9AB1rkH051290@freefall.freebsd.org> X-Authentication-Warning: freefall.freebsd.org: peter set sender to owner-bugmaster@freebsd.org using -f From: FreeBSD bugmaster To: freebsd-ipfw@FreeBSD.org Cc: Subject: Current problem reports assigned to you X-BeenThere: freebsd-ipfw@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: IPFW Technical Discussions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 10 Oct 2005 11:01:54 -0000 Current FreeBSD problem reports Critical problems Serious problems S Submitted Tracker Resp. Description ------------------------------------------------------------------------------- o [2003/04/22] kern/51274 ipfw ipfw2 create dynamic rules with parent nu f [2003/04/24] kern/51341 ipfw ipfw rule 'deny icmp from any to any icmp o [2003/12/11] kern/60154 ipfw ipfw core (crash) o [2004/03/03] kern/63724 ipfw IPFW2 Queues dont t work o [2004/11/13] kern/73910 ipfw [ipfw] serious bug on forwarding of packe o [2004/11/19] kern/74104 ipfw ipfw2/1 conflict not detected or reported f [2004/12/25] kern/75483 ipfw ipfw count does not count o [2005/05/11] bin/80913 ipfw /sbin/ipfw2 silently discards MAC addr ar 8 problems total. Non-critical problems S Submitted Tracker Resp. Description ------------------------------------------------------------------------------- o [2004/10/29] kern/73276 ipfw ipfw2 vulnerability (parser error) o [2005/02/01] kern/76971 ipfw ipfw antispoof incorrectly blocks broadca o [2005/05/05] kern/80642 ipfw [patch] IPFW small patch - new RULE OPTIO o [2005/06/28] kern/82724 ipfw [patch] Add setnexthop and defaultroute f 4 problems total. From owner-freebsd-ipfw@FreeBSD.ORG Mon Oct 10 11:02:52 2005 Return-Path: X-Original-To: ipfw@freebsd.org Delivered-To: freebsd-ipfw@FreeBSD.ORG Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 03F3316A421 for ; Mon, 10 Oct 2005 11:02:52 +0000 (GMT) (envelope-from owner-bugmaster@freebsd.org) Received: from freefall.freebsd.org (freefall.freebsd.org [216.136.204.21]) by mx1.FreeBSD.org (Postfix) with ESMTP id C62C343D48 for ; Mon, 10 Oct 2005 11:02:51 +0000 (GMT) (envelope-from owner-bugmaster@freebsd.org) Received: from freefall.freebsd.org (peter@localhost [127.0.0.1]) by freefall.freebsd.org (8.13.3/8.13.3) with ESMTP id j9AB2ppn051947 for ; Mon, 10 Oct 2005 11:02:51 GMT (envelope-from owner-bugmaster@freebsd.org) Received: (from peter@localhost) by freefall.freebsd.org (8.13.3/8.13.1/Submit) id j9AB2oQj051940 for ipfw@freebsd.org; Mon, 10 Oct 2005 11:02:50 GMT (envelope-from owner-bugmaster@freebsd.org) Date: Mon, 10 Oct 2005 11:02:50 GMT Message-Id: <200510101102.j9AB2oQj051940@freefall.freebsd.org> X-Authentication-Warning: freefall.freebsd.org: peter set sender to owner-bugmaster@freebsd.org using -f From: FreeBSD bugmaster To: ipfw@FreeBSD.org Cc: Subject: Current problem reports assigned to you X-BeenThere: freebsd-ipfw@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: IPFW Technical Discussions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 10 Oct 2005 11:02:52 -0000 Current FreeBSD problem reports Critical problems Serious problems Non-critical problems S Submitted Tracker Resp. Description ------------------------------------------------------------------------------- a [2001/04/13] kern/26534 ipfw Add an option to ipfw to log gid/uid of w o [2002/12/10] kern/46159 ipfw ipfw dynamic rules lifetime feature o [2003/02/11] kern/48172 ipfw ipfw does not log size and flags o [2003/03/10] kern/49086 ipfw [patch] Make ipfw2 log to different syslo o [2003/04/09] bin/50749 ipfw ipfw2 incorrectly parses ports and port r o [2003/08/26] kern/55984 ipfw [patch] time based firewalling support fo o [2003/12/30] kern/60719 ipfw [ipfw] Headerless fragments generate cryp o [2004/08/03] kern/69963 ipfw ipfw: install_state warning about already o [2004/09/04] kern/71366 ipfw "ipfw fwd" sometimes rewrites destination 9 problems total. From owner-freebsd-ipfw@FreeBSD.ORG Mon Oct 10 18:01:11 2005 Return-Path: X-Original-To: freebsd-ipfw@hub.freebsd.org Delivered-To: freebsd-ipfw@hub.freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 7769B16A41F; Mon, 10 Oct 2005 18:01:11 +0000 (GMT) (envelope-from delphij@FreeBSD.org) Received: from freefall.freebsd.org (freefall.freebsd.org [216.136.204.21]) by mx1.FreeBSD.org (Postfix) with ESMTP id 38D7C43D5A; Mon, 10 Oct 2005 18:01:11 +0000 (GMT) (envelope-from delphij@FreeBSD.org) Received: from freefall.freebsd.org (delphij@localhost [127.0.0.1]) by freefall.freebsd.org (8.13.3/8.13.3) with ESMTP id j9AI1BTE018366; Mon, 10 Oct 2005 18:01:11 GMT (envelope-from delphij@freefall.freebsd.org) Received: (from delphij@localhost) by freefall.freebsd.org (8.13.3/8.13.1/Submit) id j9AI1BDD018362; Mon, 10 Oct 2005 18:01:11 GMT (envelope-from delphij) Date: Mon, 10 Oct 2005 18:01:11 GMT From: Xin LI Message-Id: <200510101801.j9AI1BDD018362@freefall.freebsd.org> To: delphij@FreeBSD.org, freebsd-bugs@FreeBSD.org, freebsd-ipfw@FreeBSD.org Cc: Subject: Re: kern/87032: [PATCH] ipfw ioctl interface implementation X-BeenThere: freebsd-ipfw@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: IPFW Technical Discussions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 10 Oct 2005 18:01:11 -0000 Synopsis: [PATCH] ipfw ioctl interface implementation Responsible-Changed-From-To: freebsd-bugs->freebsd-ipfw Responsible-Changed-By: delphij Responsible-Changed-When: Mon Oct 10 18:00:42 GMT 2005 Responsible-Changed-Why: Forwarding to ipfw group http://www.freebsd.org/cgi/query-pr.cgi?pr=87032 From owner-freebsd-ipfw@FreeBSD.ORG Wed Oct 12 04:40:20 2005 Return-Path: X-Original-To: freebsd-ipfw@hub.freebsd.org Delivered-To: freebsd-ipfw@hub.freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id DF91116A41F for ; Wed, 12 Oct 2005 04:40:20 +0000 (GMT) (envelope-from gnats@FreeBSD.org) Received: from freefall.freebsd.org (freefall.freebsd.org [216.136.204.21]) by mx1.FreeBSD.org (Postfix) with ESMTP id AFC2C43D45 for ; Wed, 12 Oct 2005 04:40:20 +0000 (GMT) (envelope-from gnats@FreeBSD.org) Received: from freefall.freebsd.org (gnats@localhost [127.0.0.1]) by freefall.freebsd.org (8.13.3/8.13.3) with ESMTP id j9C4eK5X027823 for ; Wed, 12 Oct 2005 04:40:20 GMT (envelope-from gnats@freefall.freebsd.org) Received: (from gnats@localhost) by freefall.freebsd.org (8.13.3/8.13.1/Submit) id j9C4eKFZ027822; Wed, 12 Oct 2005 04:40:20 GMT (envelope-from gnats) Date: Wed, 12 Oct 2005 04:40:20 GMT Message-Id: <200510120440.j9C4eKFZ027822@freefall.freebsd.org> To: freebsd-ipfw@FreeBSD.org From: "Andrey V. Elsukov" Cc: Subject: Re: kern/87032: [PATCH] ipfw ioctl interface implementation X-BeenThere: freebsd-ipfw@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list Reply-To: "Andrey V. Elsukov" List-Id: IPFW Technical Discussions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 12 Oct 2005 04:40:21 -0000 The following reply was made to PR kern/87032; it has been noted by GNATS. From: "Andrey V. Elsukov" To: bug-followup@FreeBSD.org Cc: Subject: Re: kern/87032: [PATCH] ipfw ioctl interface implementation Date: Wed, 12 Oct 2005 08:36:51 +0400 This is a multi-part message in MIME format. --------------050604070508040903090904 Content-Type: text/plain; charset=KOI8-R; format=flowed Content-Transfer-Encoding: 7bit Related with the jail the addition patch. Full last version of the patch can be found on the URL http://butcher.heavennet.ru/ipfw_ioctl/ --------------050604070508040903090904 Content-Type: text/plain; name="netinet.diff" Content-Transfer-Encoding: 7bit Content-Disposition: inline; filename="netinet.diff" --- sys/netinet/ip_dummynet.c.orig Tue Oct 11 16:33:13 2005 +++ sys/netinet/ip_dummynet.c Wed Oct 12 08:01:24 2005 @@ -88,6 +88,7 @@ #ifdef DEV_DNCTL #include #include +#include #include static d_ioctl_t ip_dn_ioctl; @@ -2119,6 +2120,9 @@ size_t size; struct ip_dummynet_ctl* ctl = (struct ip_dummynet_ctl*)data; + if (jailed(td->td_ucred)) { + return EPERM; + } switch(cmd) { case IPDNIOCSCMD: if ((fflag & FWRITE) != FWRITE) { --- sys/netinet/ip_fw2.c.orig Tue Oct 11 16:19:32 2005 +++ sys/netinet/ip_fw2.c Wed Oct 12 07:58:55 2005 @@ -4127,6 +4127,9 @@ size_t size; struct ip_fw_ctl* ctl = (struct ip_fw_ctl*)data; + if (jailed(td->td_ucred)) { + return EPERM; + } switch(cmd) { /* * IPFWIOCSCMD makes some modifications of ipfw's state --------------050604070508040903090904--