From owner-freebsd-ipfw@FreeBSD.ORG Mon Feb 18 08:43:37 2008 Return-Path: Delivered-To: freebsd-ipfw@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id BE5B816A418; Mon, 18 Feb 2008 08:43:37 +0000 (UTC) (envelope-from vadim_nuclight@mail.ru) Received: from mx28.mail.ru (mx28.mail.ru [194.67.23.67]) by mx1.freebsd.org (Postfix) with ESMTP id 781B213C455; Mon, 18 Feb 2008 08:43:37 +0000 (UTC) (envelope-from vadim_nuclight@mail.ru) Received: from mx30.mail.ru (mx30.mail.ru [194.67.23.238]) by mx28.mail.ru (mPOP.Fallback_MX) with ESMTP id 239FC3A142F; Mon, 18 Feb 2008 09:48:17 +0300 (MSK) Received: from [78.140.2.88] (port=31071 helo=nuclight.avtf.net) by mx30.mail.ru with esmtp id 1JQzn0-000FYA-00; Mon, 18 Feb 2008 09:47:46 +0300 To: "Eugene Grosbein" Date: Mon, 18 Feb 2008 12:47:43 +0600 From: "Vadim Goncharov" Organization: AVTF TPU Hostel Content-Type: text/plain; format=flowed; delsp=yes; charset=koi8-r MIME-Version: 1.0 Content-Transfer-Encoding: 8bit Message-ID: User-Agent: Opera M2/7.54 (Win32, build 3865) Cc: freebsd-ipfw@freebsd.org, bug-followup@freebsd.org Subject: Re: bin/120720: [patch] [ipfw] unbreak POLA for ipfw table list X-BeenThere: freebsd-ipfw@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: IPFW Technical Discussions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 18 Feb 2008 08:43:37 -0000 In-Reply-To: <200802151642.m1FGgGfQ002038@grosbein.pp.ru> References: <200802151642.m1FGgGfQ002038@grosbein.pp.ru> Hi Eugene Grosbein! On Fri, 15 Feb 2008 23:42:16 +0700 (KRAT); Eugene Grosbein wrote: > The command "ipfw table 1 list" used to format table values > associated with network addresses as 32-bit unsigned integers > until 6.3-RELEASE. Since 6.3-RELEASE, it interprets values > that are greater than 65535 as IP-addresses. > This change breaks many existing applications that expect the format > to be an integer, as it used to be since RELENG_4. > This change is not even documented. So, it breaks POLA and should be > corrected. >> How-To-Repeat: > ipfw table 1 add 1.1.1.1 $(date +%s) > ipfw table 1 list > This used to show something like "1.1.1.1/32 1203093427" before change > but now it shows something like "1.1.1.1/32 71.181.191.179" instead. Confirming. This breaks UNIX-time using scripts for many systems and was introduced by ``ipfw fwd tablearg'' handling commit to 6.2-STABLE in May 2007. POLA should be unbroken as far as possible. -- WBR, Vadim Goncharov. ICQ#166852181 mailto:vadim_nuclight@mail.ru [Moderator of RU.ANTI-ECOLOGY][FreeBSD][http://antigreen.org][LJ:/nuclight] From owner-freebsd-ipfw@FreeBSD.ORG Mon Feb 18 08:50:03 2008 Return-Path: Delivered-To: freebsd-ipfw@hub.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 773E116A417 for ; Mon, 18 Feb 2008 08:50:03 +0000 (UTC) (envelope-from gnats@FreeBSD.org) Received: from freefall.freebsd.org (freefall.freebsd.org [IPv6:2001:4f8:fff6::28]) by mx1.freebsd.org (Postfix) with ESMTP id 6476513C459 for ; Mon, 18 Feb 2008 08:50:03 +0000 (UTC) (envelope-from gnats@FreeBSD.org) Received: from freefall.freebsd.org (gnats@localhost [127.0.0.1]) by freefall.freebsd.org (8.14.2/8.14.2) with ESMTP id m1I8o3r9028744 for ; Mon, 18 Feb 2008 08:50:03 GMT (envelope-from gnats@freefall.freebsd.org) Received: (from gnats@localhost) by freefall.freebsd.org (8.14.2/8.14.1/Submit) id m1I8o3vE028743; Mon, 18 Feb 2008 08:50:03 GMT (envelope-from gnats) Date: Mon, 18 Feb 2008 08:50:03 GMT Message-Id: <200802180850.m1I8o3vE028743@freefall.freebsd.org> To: freebsd-ipfw@FreeBSD.org From: "Vadim Goncharov" Cc: Subject: Re: bin/120720: [patch] [ipfw] unbreak POLA for ipfw table list X-BeenThere: freebsd-ipfw@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list Reply-To: Vadim Goncharov List-Id: IPFW Technical Discussions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 18 Feb 2008 08:50:03 -0000 The following reply was made to PR bin/120720; it has been noted by GNATS. From: "Vadim Goncharov" To: "Eugene Grosbein" Cc: bug-followup@freebsd.org, freebsd-ipfw@freebsd.org Subject: Re: bin/120720: [patch] [ipfw] unbreak POLA for ipfw table list Date: Mon, 18 Feb 2008 12:47:43 +0600 In-Reply-To: <200802151642.m1FGgGfQ002038@grosbein.pp.ru> References: <200802151642.m1FGgGfQ002038@grosbein.pp.ru> Hi Eugene Grosbein! On Fri, 15 Feb 2008 23:42:16 +0700 (KRAT); Eugene Grosbein wrote: > The command "ipfw table 1 list" used to format table values > associated with network addresses as 32-bit unsigned integers > until 6.3-RELEASE. Since 6.3-RELEASE, it interprets values > that are greater than 65535 as IP-addresses. > This change breaks many existing applications that expect the format > to be an integer, as it used to be since RELENG_4. > This change is not even documented. So, it breaks POLA and should be > corrected. >> How-To-Repeat: > ipfw table 1 add 1.1.1.1 $(date +%s) > ipfw table 1 list > This used to show something like "1.1.1.1/32 1203093427" before change > but now it shows something like "1.1.1.1/32 71.181.191.179" instead. Confirming. This breaks UNIX-time using scripts for many systems and was introduced by ``ipfw fwd tablearg'' handling commit to 6.2-STABLE in May 2007. POLA should be unbroken as far as possible. -- WBR, Vadim Goncharov. ICQ#166852181 mailto:vadim_nuclight@mail.ru [Moderator of RU.ANTI-ECOLOGY][FreeBSD][http://antigreen.org][LJ:/nuclight] From owner-freebsd-ipfw@FreeBSD.ORG Mon Feb 18 11:07:10 2008 Return-Path: Delivered-To: freebsd-ipfw@hub.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id CF6B216A496 for ; Mon, 18 Feb 2008 11:07:10 +0000 (UTC) (envelope-from owner-bugmaster@FreeBSD.org) Received: from freefall.freebsd.org (freefall.freebsd.org [IPv6:2001:4f8:fff6::28]) by mx1.freebsd.org (Postfix) with ESMTP id BF48F13C447 for ; Mon, 18 Feb 2008 11:07:10 +0000 (UTC) (envelope-from owner-bugmaster@FreeBSD.org) Received: from freefall.freebsd.org (localhost [127.0.0.1]) by freefall.freebsd.org (8.14.2/8.14.2) with ESMTP id m1IB7AQR039427 for ; Mon, 18 Feb 2008 11:07:10 GMT (envelope-from owner-bugmaster@FreeBSD.org) Received: (from gnats@localhost) by freefall.freebsd.org (8.14.2/8.14.1/Submit) id m1IB7Axv039423 for freebsd-ipfw@FreeBSD.org; Mon, 18 Feb 2008 11:07:10 GMT (envelope-from owner-bugmaster@FreeBSD.org) Date: Mon, 18 Feb 2008 11:07:10 GMT Message-Id: <200802181107.m1IB7Axv039423@freefall.freebsd.org> X-Authentication-Warning: freefall.freebsd.org: gnats set sender to owner-bugmaster@FreeBSD.org using -f From: FreeBSD bugmaster To: freebsd-ipfw@FreeBSD.org Cc: Subject: Current problem reports assigned to freebsd-ipfw@FreeBSD.org X-BeenThere: freebsd-ipfw@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: IPFW Technical Discussions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 18 Feb 2008 11:07:10 -0000 Current FreeBSD problem reports Critical problems Serious problems S Tracker Resp. Description -------------------------------------------------------------------------------- o kern/51274 ipfw [ipfw] [patch] ipfw2 create dynamic rules with parent o kern/73910 ipfw [ipfw] serious bug on forwarding of packets after NAT o kern/74104 ipfw [ipfw] ipfw2/1 conflict not detected or reported, manp o kern/88659 ipfw [modules] ipfw and ip6fw do not work properly as modul o kern/93300 ipfw [ipfw] ipfw pipe lost packets o kern/95084 ipfw [ipfw] [patch] IPFW2 ignores "recv/xmit/via any" (IPFW o kern/97504 ipfw [ipfw] IPFW Rules bug o kern/97951 ipfw [ipfw] [patch] ipfw does not tie interface details to o kern/98831 ipfw [ipfw] ipfw has UDP hickups o kern/102471 ipfw [ipfw] [patch] add tos and dscp support o kern/103454 ipfw [ipfw] [patch] [request] add a facility to modify DF b o kern/106534 ipfw [ipfw] [panic] ipfw + dummynet o kern/112708 ipfw [ipfw] ipfw is seems to be broken to limit number of c o kern/117234 ipfw [ipfw] [patch] ipfw send_pkt() and ipfw_tick() don't s o kern/118993 ipfw [ipfw] page fault - probably it's a locking problem o bin/120720 ipfw [patch] [ipfw] unbreak POLA for ipfw table list 16 problems total. Non-critical problems S Tracker Resp. Description -------------------------------------------------------------------------------- a kern/26534 ipfw [ipfw] Add an option to ipfw to log gid/uid of who cau o kern/46159 ipfw [ipfw] [patch] [request] ipfw dynamic rules lifetime f o kern/48172 ipfw [ipfw] [patch] ipfw does not log size and flags o kern/55984 ipfw [ipfw] [patch] time based firewalling support for ipfw o kern/60719 ipfw [ipfw] Headerless fragments generate cryptic error mes o kern/69963 ipfw [ipfw] install_state warning about already existing en o kern/71366 ipfw [ipfw] "ipfw fwd" sometimes rewrites destination mac a o kern/72987 ipfw [ipfw] ipfw/dummynet pipe/queue 'queue [BYTES]KBytes ( o kern/73276 ipfw [ipfw] [patch] ipfw2 vulnerability (parser error) o bin/78785 ipfw [ipfw] [patch] ipfw verbosity locks machine if /etc/rc o kern/80642 ipfw [ipfw] [patch] ipfw small patch - new RULE OPTION o kern/82724 ipfw [ipfw] [patch] [request] Add setnexthop and defaultrou o kern/86957 ipfw [ipfw] [patch] ipfw mac logging o kern/87032 ipfw [ipfw] [patch] ipfw ioctl interface implementation o kern/91847 ipfw [ipfw] ipfw with vlanX as the device o kern/103328 ipfw [ipfw] [request] sugestions about ipfw table o kern/104682 ipfw [ipfw] [patch] Some minor language consistency fixes a o bin/104921 ipfw [patch] ipfw(8) sometimes treats ipv6 input as ipv4 (a o kern/105330 ipfw [ipfw] [patch] ipfw (dummynet) does not allow to set q o kern/107305 ipfw [ipfw] ipfw fwd doesn't seem to work o kern/111713 ipfw [dummynet] [request] Too few dummynet queue slots o kern/112561 ipfw [ipfw] ipfw fwd does not work with some TCP packets p kern/113388 ipfw [ipfw][patch] Addition actions with rules within speci o docs/113803 ipfw [patch] ipfw(8) - don't get bitten by the fwd rule o bin/115172 ipfw [patch] ipfw(8) list show some rules with a wrong form p kern/115755 ipfw [ipfw][patch] unify message and add a rule number wher o kern/116009 ipfw [ipfw] [patch] Ignore errors when loading ruleset from p bin/119815 ipfw [ipfw] [patch] incorrect handling of missing arguments o bin/120734 ipfw [patch] ipfw(8): ipfw nat has problems to show multipl 29 problems total. From owner-freebsd-ipfw@FreeBSD.ORG Mon Feb 18 18:45:44 2008 Return-Path: Delivered-To: freebsd-ipfw@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id C20F316A46E for ; Mon, 18 Feb 2008 18:45:44 +0000 (UTC) (envelope-from julian@elischer.org) Received: from outK.internet-mail-service.net (outK.internet-mail-service.net [216.240.47.234]) by mx1.freebsd.org (Postfix) with ESMTP id 73F6B13C4EB for ; Mon, 18 Feb 2008 18:45:44 +0000 (UTC) (envelope-from julian@elischer.org) Received: from mx0.idiom.com (HELO idiom.com) (216.240.32.160) by out.internet-mail-service.net (qpsmtpd/0.40) with ESMTP; Mon, 18 Feb 2008 10:32:26 -0800 Received: from julian-mac.elischer.org (localhost [127.0.0.1]) by idiom.com (Postfix) with ESMTP id 1C918127296; Mon, 18 Feb 2008 10:32:26 -0800 (PST) Message-ID: <47B9CF40.1050904@elischer.org> Date: Mon, 18 Feb 2008 10:32:32 -0800 From: Julian Elischer User-Agent: Thunderbird 2.0.0.9 (Macintosh/20071031) MIME-Version: 1.0 To: Vadim Goncharov References: In-Reply-To: Content-Type: text/plain; charset=KOI8-R; format=flowed Content-Transfer-Encoding: 7bit Cc: freebsd-ipfw@freebsd.org, Eugene Grosbein , bug-followup@freebsd.org Subject: Re: bin/120720: [patch] [ipfw] unbreak POLA for ipfw table list X-BeenThere: freebsd-ipfw@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: IPFW Technical Discussions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 18 Feb 2008 18:45:44 -0000 Vadim Goncharov wrote: > In-Reply-To: <200802151642.m1FGgGfQ002038@grosbein.pp.ru> > References: <200802151642.m1FGgGfQ002038@grosbein.pp.ru> > > Hi Eugene Grosbein! > > On Fri, 15 Feb 2008 23:42:16 +0700 (KRAT); Eugene Grosbein > wrote: > >> The command "ipfw table 1 list" used to format table values >> associated with network addresses as 32-bit unsigned integers >> until 6.3-RELEASE. Since 6.3-RELEASE, it interprets values >> that are greater than 65535 as IP-addresses. > >> This change breaks many existing applications that expect the format >> to be an integer, as it used to be since RELENG_4. >> This change is not even documented. So, it breaks POLA and should be >> corrected. > >>> How-To-Repeat: > >> ipfw table 1 add 1.1.1.1 $(date +%s) >> ipfw table 1 list > >> This used to show something like "1.1.1.1/32 1203093427" before change >> but now it shows something like "1.1.1.1/32 71.181.191.179" instead. > > Confirming. This breaks UNIX-time using scripts for many systems and was > introduced by ``ipfw fwd tablearg'' handling commit to 6.2-STABLE in May > 2007. > > POLA should be unbroken as far as possible. that was me.. It is my memory that before that time tableargs were only used in 16 bit form. there were no users in ipfw of the full 32 bit field. I did not consider that someone would put a 32 bit number in there just to print it out again. (what would you do that for?) It shows that even if you were involved in writing code you can never predict what your users will do with it. I'll add an argument to force the interpretation. From owner-freebsd-ipfw@FreeBSD.ORG Mon Feb 18 18:50:04 2008 Return-Path: Delivered-To: freebsd-ipfw@hub.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 3291B16A47E for ; Mon, 18 Feb 2008 18:50:04 +0000 (UTC) (envelope-from gnats@FreeBSD.org) Received: from freefall.freebsd.org (freefall.freebsd.org [IPv6:2001:4f8:fff6::28]) by mx1.freebsd.org (Postfix) with ESMTP id 1BB7113C455 for ; Mon, 18 Feb 2008 18:50:04 +0000 (UTC) (envelope-from gnats@FreeBSD.org) Received: from freefall.freebsd.org (gnats@localhost [127.0.0.1]) by freefall.freebsd.org (8.14.2/8.14.2) with ESMTP id m1IIo3gO090404 for ; Mon, 18 Feb 2008 18:50:03 GMT (envelope-from gnats@freefall.freebsd.org) Received: (from gnats@localhost) by freefall.freebsd.org (8.14.2/8.14.1/Submit) id m1IIo3uX090403; Mon, 18 Feb 2008 18:50:03 GMT (envelope-from gnats) Date: Mon, 18 Feb 2008 18:50:03 GMT Message-Id: <200802181850.m1IIo3uX090403@freefall.freebsd.org> To: freebsd-ipfw@FreeBSD.org From: Julian Elischer Cc: Subject: Re: bin/120720: [patch] [ipfw] unbreak POLA for ipfw table list X-BeenThere: freebsd-ipfw@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list Reply-To: Julian Elischer List-Id: IPFW Technical Discussions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 18 Feb 2008 18:50:04 -0000 The following reply was made to PR bin/120720; it has been noted by GNATS. From: Julian Elischer To: Vadim Goncharov Cc: Eugene Grosbein , freebsd-ipfw@freebsd.org, bug-followup@freebsd.org Subject: Re: bin/120720: [patch] [ipfw] unbreak POLA for ipfw table list Date: Mon, 18 Feb 2008 10:32:32 -0800 Vadim Goncharov wrote: > In-Reply-To: <200802151642.m1FGgGfQ002038@grosbein.pp.ru> > References: <200802151642.m1FGgGfQ002038@grosbein.pp.ru> > > Hi Eugene Grosbein! > > On Fri, 15 Feb 2008 23:42:16 +0700 (KRAT); Eugene Grosbein > wrote: > >> The command "ipfw table 1 list" used to format table values >> associated with network addresses as 32-bit unsigned integers >> until 6.3-RELEASE. Since 6.3-RELEASE, it interprets values >> that are greater than 65535 as IP-addresses. > >> This change breaks many existing applications that expect the format >> to be an integer, as it used to be since RELENG_4. >> This change is not even documented. So, it breaks POLA and should be >> corrected. > >>> How-To-Repeat: > >> ipfw table 1 add 1.1.1.1 $(date +%s) >> ipfw table 1 list > >> This used to show something like "1.1.1.1/32 1203093427" before change >> but now it shows something like "1.1.1.1/32 71.181.191.179" instead. > > Confirming. This breaks UNIX-time using scripts for many systems and was > introduced by ``ipfw fwd tablearg'' handling commit to 6.2-STABLE in May > 2007. > > POLA should be unbroken as far as possible. that was me.. It is my memory that before that time tableargs were only used in 16 bit form. there were no users in ipfw of the full 32 bit field. I did not consider that someone would put a 32 bit number in there just to print it out again. (what would you do that for?) It shows that even if you were involved in writing code you can never predict what your users will do with it. I'll add an argument to force the interpretation. From owner-freebsd-ipfw@FreeBSD.ORG Mon Feb 18 19:52:42 2008 Return-Path: Delivered-To: freebsd-ipfw@hub.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 637CD16A419; Mon, 18 Feb 2008 19:52:42 +0000 (UTC) (envelope-from julian@FreeBSD.org) Received: from freefall.freebsd.org (freefall.freebsd.org [IPv6:2001:4f8:fff6::28]) by mx1.freebsd.org (Postfix) with ESMTP id 4191013C457; Mon, 18 Feb 2008 19:52:42 +0000 (UTC) (envelope-from julian@FreeBSD.org) Received: from freefall.freebsd.org (julian@localhost [127.0.0.1]) by freefall.freebsd.org (8.14.2/8.14.2) with ESMTP id m1IJqg9x095755; Mon, 18 Feb 2008 19:52:42 GMT (envelope-from julian@freefall.freebsd.org) Received: (from julian@localhost) by freefall.freebsd.org (8.14.2/8.14.1/Submit) id m1IJqfsK095751; Mon, 18 Feb 2008 11:52:41 -0800 (PST) (envelope-from julian) Date: Mon, 18 Feb 2008 11:52:41 -0800 (PST) Message-Id: <200802181952.m1IJqfsK095751@freefall.freebsd.org> To: eugen@kuzbass.ru, julian@FreeBSD.org, freebsd-ipfw@FreeBSD.org From: julian@FreeBSD.org Cc: Subject: Re: bin/120720: [patch] [ipfw] unbreak POLA for ipfw table list X-BeenThere: freebsd-ipfw@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: IPFW Technical Discussions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 18 Feb 2008 19:52:42 -0000 Synopsis: [patch] [ipfw] unbreak POLA for ipfw table list State-Changed-From-To: open->closed State-Changed-By: julian State-Changed-When: Mon Feb 18 11:27:58 PST 2008 State-Changed-Why: Patch committed to -current and scheduled for MFC. http://www.freebsd.org/cgi/query-pr.cgi?pr=120720 From owner-freebsd-ipfw@FreeBSD.ORG Mon Feb 18 20:00:11 2008 Return-Path: Delivered-To: freebsd-ipfw@hub.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id EB24B16A419 for ; Mon, 18 Feb 2008 20:00:11 +0000 (UTC) (envelope-from gnats@FreeBSD.org) Received: from freefall.freebsd.org (freefall.freebsd.org [IPv6:2001:4f8:fff6::28]) by mx1.freebsd.org (Postfix) with ESMTP id E018013C4E5 for ; Mon, 18 Feb 2008 20:00:11 +0000 (UTC) (envelope-from gnats@FreeBSD.org) Received: from freefall.freebsd.org (gnats@localhost [127.0.0.1]) by freefall.freebsd.org (8.14.2/8.14.2) with ESMTP id m1IK0Bgo096441 for ; Mon, 18 Feb 2008 20:00:11 GMT (envelope-from gnats@freefall.freebsd.org) Received: (from gnats@localhost) by freefall.freebsd.org (8.14.2/8.14.1/Submit) id m1IK0BfO096440; Mon, 18 Feb 2008 20:00:11 GMT (envelope-from gnats) Date: Mon, 18 Feb 2008 20:00:11 GMT Message-Id: <200802182000.m1IK0BfO096440@freefall.freebsd.org> To: freebsd-ipfw@FreeBSD.org From: dfilter@FreeBSD.org (dfilter service) Cc: Subject: Re: bin/120720: commit references a PR X-BeenThere: freebsd-ipfw@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list Reply-To: dfilter service List-Id: IPFW Technical Discussions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 18 Feb 2008 20:00:12 -0000 The following reply was made to PR bin/120720; it has been noted by GNATS. From: dfilter@FreeBSD.ORG (dfilter service) To: bug-followup@FreeBSD.org Cc: Subject: Re: bin/120720: commit references a PR Date: Mon, 18 Feb 2008 19:56:17 +0000 (UTC) julian 2008-02-18 19:56:10 UTC FreeBSD src repository Modified files: sbin/ipfw ipfw.8 ipfw2.c Log: Instead of using a heuristic to decide whether to display table 'values' as IP addresses, use an explicit argument (-i). This is a 'POLA' issue. This is a low risk change and should be MFC'd to RELENG_6 and RELENG 7. it might be put as an errata item for 6.3. (not sure about 6.2). Fix suggested by: Eugene Grosbein PR: 120720 MFC After: 3 days Revision Changes Path 1.209 +5 -0 src/sbin/ipfw/ipfw.8 1.114 +9 -6 src/sbin/ipfw/ipfw2.c _______________________________________________ cvs-all@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/cvs-all To unsubscribe, send any mail to "cvs-all-unsubscribe@freebsd.org" From owner-freebsd-ipfw@FreeBSD.ORG Mon Feb 18 20:30:03 2008 Return-Path: Delivered-To: freebsd-ipfw@hub.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 653CB16A419 for ; Mon, 18 Feb 2008 20:30:03 +0000 (UTC) (envelope-from gnats@FreeBSD.org) Received: from freefall.freebsd.org (freefall.freebsd.org [IPv6:2001:4f8:fff6::28]) by mx1.freebsd.org (Postfix) with ESMTP id 5B05F13C4CE for ; Mon, 18 Feb 2008 20:30:03 +0000 (UTC) (envelope-from gnats@FreeBSD.org) Received: from freefall.freebsd.org (gnats@localhost [127.0.0.1]) by freefall.freebsd.org (8.14.2/8.14.2) with ESMTP id m1IKU3FD099281 for ; Mon, 18 Feb 2008 20:30:03 GMT (envelope-from gnats@freefall.freebsd.org) Received: (from gnats@localhost) by freefall.freebsd.org (8.14.2/8.14.1/Submit) id m1IKU3Ew099278; Mon, 18 Feb 2008 20:30:03 GMT (envelope-from gnats) Date: Mon, 18 Feb 2008 20:30:03 GMT Message-Id: <200802182030.m1IKU3Ew099278@freefall.freebsd.org> To: freebsd-ipfw@FreeBSD.org From: dfilter@FreeBSD.org (dfilter service) Cc: Subject: Re: bin/120734: commit references a PR X-BeenThere: freebsd-ipfw@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list Reply-To: dfilter service List-Id: IPFW Technical Discussions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 18 Feb 2008 20:30:03 -0000 The following reply was made to PR bin/120734; it has been noted by GNATS. From: dfilter@FreeBSD.ORG (dfilter service) To: bug-followup@FreeBSD.org Cc: Subject: Re: bin/120734: commit references a PR Date: Mon, 18 Feb 2008 20:26:40 +0000 (UTC) piso 2008-02-18 20:26:34 UTC FreeBSD src repository Modified files: sbin/ipfw ipfw2.c Log: Fix display of multiple nat rules. Bug spotted by: Luiz Otavio O Souza PR: 120734 MFC After: 3 days Revision Changes Path 1.115 +4 -4 src/sbin/ipfw/ipfw2.c _______________________________________________ cvs-all@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/cvs-all To unsubscribe, send any mail to "cvs-all-unsubscribe@freebsd.org" From owner-freebsd-ipfw@FreeBSD.ORG Tue Feb 19 04:20:04 2008 Return-Path: Delivered-To: freebsd-ipfw@hub.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 4499716A418 for ; Tue, 19 Feb 2008 04:20:04 +0000 (UTC) (envelope-from gnats@FreeBSD.org) Received: from freefall.freebsd.org (freefall.freebsd.org [IPv6:2001:4f8:fff6::28]) by mx1.freebsd.org (Postfix) with ESMTP id 3204B13C45A for ; Tue, 19 Feb 2008 04:20:04 +0000 (UTC) (envelope-from gnats@FreeBSD.org) Received: from freefall.freebsd.org (gnats@localhost [127.0.0.1]) by freefall.freebsd.org (8.14.2/8.14.2) with ESMTP id m1J4K24Z041781 for ; Tue, 19 Feb 2008 04:20:03 GMT (envelope-from gnats@freefall.freebsd.org) Received: (from gnats@localhost) by freefall.freebsd.org (8.14.2/8.14.1/Submit) id m1J4K2jG041780; Tue, 19 Feb 2008 04:20:02 GMT (envelope-from gnats) Date: Tue, 19 Feb 2008 04:20:02 GMT Message-Id: <200802190420.m1J4K2jG041780@freefall.freebsd.org> To: freebsd-ipfw@FreeBSD.org From: Eugene Grosbein Cc: Subject: Re: bin/120720: [patch] [ipfw] unbreak POLA for ipfw table list X-BeenThere: freebsd-ipfw@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list Reply-To: Eugene Grosbein List-Id: IPFW Technical Discussions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 19 Feb 2008 04:20:04 -0000 The following reply was made to PR bin/120720; it has been noted by GNATS. From: Eugene Grosbein To: Julian Elischer Cc: Vadim Goncharov , freebsd-ipfw@freebsd.org, bug-followup@freebsd.org Subject: Re: bin/120720: [patch] [ipfw] unbreak POLA for ipfw table list Date: Tue, 19 Feb 2008 11:10:37 +0700 On Mon, Feb 18, 2008 at 10:32:32AM -0800, Julian Elischer wrote: > that was me.. > It is my memory that > before that time tableargs were only used in 16 bit form. > there were no users in ipfw of the full 32 bit field. In RELENG_4, they are 32bit. > I did not consider that someone would put a 32 bit number > in there just to print it out again. > (what would you do that for?) It's very suitable for automatic time-bounded blocking. A trigger adds IP being blocked to ipfw table with 32-bit value that is "time-to-live" value for this table entry, and there is a rule like this: ipfw add 1000 deny ip from 'table(1)' to any Cron periodically runs another script that lists the table and removes entries with time in the past. Thank you for fixing that! Eugene Grosbein From owner-freebsd-ipfw@FreeBSD.ORG Tue Feb 19 04:35:05 2008 Return-Path: Delivered-To: freebsd-ipfw@FreeBSD.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id ED06A16A41A; Tue, 19 Feb 2008 04:35:05 +0000 (UTC) (envelope-from eugen@www.svzserv.kemerovo.su) Received: from www.svzserv.kemerovo.su (www.svzserv.kemerovo.su [213.184.65.80]) by mx1.freebsd.org (Postfix) with ESMTP id 30B1B13C4DD; Tue, 19 Feb 2008 04:35:04 +0000 (UTC) (envelope-from eugen@www.svzserv.kemerovo.su) Received: from www.svzserv.kemerovo.su (eugen@localhost [127.0.0.1]) by www.svzserv.kemerovo.su (8.13.8/8.13.8) with ESMTP id m1J4FFAm044186; Tue, 19 Feb 2008 11:15:15 +0700 (KRAT) (envelope-from eugen@www.svzserv.kemerovo.su) Received: (from eugen@localhost) by www.svzserv.kemerovo.su (8.13.8/8.13.8/Submit) id m1J4FFEM044185; Tue, 19 Feb 2008 11:15:15 +0700 (KRAT) (envelope-from eugen) Date: Tue, 19 Feb 2008 11:15:15 +0700 From: Eugene Grosbein To: julian@FreeBSD.org Message-ID: <20080219041515.GB41453@svzserv.kemerovo.su> References: <200802181952.m1IJqfsK095751@freefall.freebsd.org> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <200802181952.m1IJqfsK095751@freefall.freebsd.org> User-Agent: Mutt/1.4.2.3i Cc: freebsd-ipfw@FreeBSD.org, bugs-followup@FreeBSD.org Subject: Re: bin/120720: [patch] [ipfw] unbreak POLA for ipfw table list X-BeenThere: freebsd-ipfw@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: IPFW Technical Discussions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 19 Feb 2008 04:35:06 -0000 On Mon, Feb 18, 2008 at 11:52:41AM -0800, julian@FreeBSD.org wrote: > Synopsis: [patch] [ipfw] unbreak POLA for ipfw table list > > State-Changed-From-To: open->closed > State-Changed-By: julian > State-Changed-When: Mon Feb 18 11:27:58 PST 2008 > State-Changed-Why: > Patch committed to -current and scheduled for MFC. > > > http://www.freebsd.org/cgi/query-pr.cgi?pr=120720 Shouldn't this PR be in "patched" state until MFC to both RELENG_6 and RELENG_7? Eugene Grosbein From owner-freebsd-ipfw@FreeBSD.ORG Tue Feb 19 04:35:07 2008 Return-Path: Delivered-To: freebsd-ipfw@FreeBSD.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 7247516A469 for ; Tue, 19 Feb 2008 04:35:07 +0000 (UTC) (envelope-from eugen@www.svzserv.kemerovo.su) Received: from www.svzserv.kemerovo.su (www.svzserv.kemerovo.su [213.184.65.80]) by mx1.freebsd.org (Postfix) with ESMTP id C4F2A13C4DB for ; Tue, 19 Feb 2008 04:35:06 +0000 (UTC) (envelope-from eugen@www.svzserv.kemerovo.su) Received: from www.svzserv.kemerovo.su (eugen@localhost [127.0.0.1]) by www.svzserv.kemerovo.su (8.13.8/8.13.8) with ESMTP id m1J4Acuu043831; Tue, 19 Feb 2008 11:10:38 +0700 (KRAT) (envelope-from eugen@www.svzserv.kemerovo.su) Received: (from eugen@localhost) by www.svzserv.kemerovo.su (8.13.8/8.13.8/Submit) id m1J4AbHS043830; Tue, 19 Feb 2008 11:10:37 +0700 (KRAT) (envelope-from eugen) Date: Tue, 19 Feb 2008 11:10:37 +0700 From: Eugene Grosbein To: Julian Elischer Message-ID: <20080219041037.GA41453@svzserv.kemerovo.su> References: <47B9CF40.1050904@elischer.org> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <47B9CF40.1050904@elischer.org> User-Agent: Mutt/1.4.2.3i Cc: Vadim Goncharov , freebsd-ipfw@FreeBSD.org, bug-followup@FreeBSD.org Subject: Re: bin/120720: [patch] [ipfw] unbreak POLA for ipfw table list X-BeenThere: freebsd-ipfw@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: IPFW Technical Discussions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 19 Feb 2008 04:35:07 -0000 On Mon, Feb 18, 2008 at 10:32:32AM -0800, Julian Elischer wrote: > that was me.. > It is my memory that > before that time tableargs were only used in 16 bit form. > there were no users in ipfw of the full 32 bit field. In RELENG_4, they are 32bit. > I did not consider that someone would put a 32 bit number > in there just to print it out again. > (what would you do that for?) It's very suitable for automatic time-bounded blocking. A trigger adds IP being blocked to ipfw table with 32-bit value that is "time-to-live" value for this table entry, and there is a rule like this: ipfw add 1000 deny ip from 'table(1)' to any Cron periodically runs another script that lists the table and removes entries with time in the past. Thank you for fixing that! Eugene Grosbein From owner-freebsd-ipfw@FreeBSD.ORG Tue Feb 19 18:28:59 2008 Return-Path: Delivered-To: freebsd-ipfw@FreeBSD.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 9E3C116A41A for ; Tue, 19 Feb 2008 18:28:59 +0000 (UTC) (envelope-from julian@elischer.org) Received: from outN.internet-mail-service.net (outN.internet-mail-service.net [216.240.47.237]) by mx1.freebsd.org (Postfix) with ESMTP id 850F513C47E for ; Tue, 19 Feb 2008 18:28:58 +0000 (UTC) (envelope-from julian@elischer.org) Received: from mx0.idiom.com (HELO idiom.com) (216.240.32.160) by out.internet-mail-service.net (qpsmtpd/0.40) with ESMTP; Tue, 19 Feb 2008 10:28:58 -0800 Received: from julian-mac.elischer.org (localhost [127.0.0.1]) by idiom.com (Postfix) with ESMTP id CC5FF12729B; Tue, 19 Feb 2008 10:28:57 -0800 (PST) Message-ID: <47BB1FF0.7010902@elischer.org> Date: Tue, 19 Feb 2008 10:29:04 -0800 From: Julian Elischer User-Agent: Thunderbird 2.0.0.9 (Macintosh/20071031) MIME-Version: 1.0 To: Eugene Grosbein References: <200802181952.m1IJqfsK095751@freefall.freebsd.org> <20080219041515.GB41453@svzserv.kemerovo.su> In-Reply-To: <20080219041515.GB41453@svzserv.kemerovo.su> Content-Type: text/plain; charset=ISO-8859-1; format=flowed Content-Transfer-Encoding: 7bit Cc: freebsd-ipfw@FreeBSD.org, julian@FreeBSD.org, bugs-followup@FreeBSD.org Subject: Re: bin/120720: [patch] [ipfw] unbreak POLA for ipfw table list X-BeenThere: freebsd-ipfw@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: IPFW Technical Discussions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 19 Feb 2008 18:28:59 -0000 Eugene Grosbein wrote: > On Mon, Feb 18, 2008 at 11:52:41AM -0800, julian@FreeBSD.org wrote: > >> Synopsis: [patch] [ipfw] unbreak POLA for ipfw table list >> >> State-Changed-From-To: open->closed >> State-Changed-By: julian >> State-Changed-When: Mon Feb 18 11:27:58 PST 2008 >> State-Changed-Why: >> Patch committed to -current and scheduled for MFC. >> >> >> http://www.freebsd.org/cgi/query-pr.cgi?pr=120720 > > Shouldn't this PR be in "patched" state until MFC to both > RELENG_6 and RELENG_7? > > Eugene Grosbein possibly, but I'll get the MFC reminder in my mail in 3 days. I'm no longer tracking it in the bug system, so I closed it.. From owner-freebsd-ipfw@FreeBSD.ORG Thu Feb 21 23:01:38 2008 Return-Path: Delivered-To: freebsd-ipfw@hub.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 884B016A404; Thu, 21 Feb 2008 23:01:38 +0000 (UTC) (envelope-from piso@FreeBSD.org) Received: from freefall.freebsd.org (freefall.freebsd.org [IPv6:2001:4f8:fff6::28]) by mx1.freebsd.org (Postfix) with ESMTP id 5C73113C459; Thu, 21 Feb 2008 23:01:38 +0000 (UTC) (envelope-from piso@FreeBSD.org) Received: from freefall.freebsd.org (piso@localhost [127.0.0.1]) by freefall.freebsd.org (8.14.2/8.14.2) with ESMTP id m1LN1cGu097745; Thu, 21 Feb 2008 23:01:38 GMT (envelope-from piso@freefall.freebsd.org) Received: (from piso@localhost) by freefall.freebsd.org (8.14.2/8.14.1/Submit) id m1LN1cr3097741; Thu, 21 Feb 2008 23:01:38 GMT (envelope-from piso) Date: Thu, 21 Feb 2008 23:01:38 GMT Message-Id: <200802212301.m1LN1cr3097741@freefall.freebsd.org> To: loos.br@gmail.com, piso@FreeBSD.org, freebsd-ipfw@FreeBSD.org From: piso@FreeBSD.org Cc: Subject: Re: bin/120734: [patch] ipfw(8): ipfw nat has problems to show multiples nat rules X-BeenThere: freebsd-ipfw@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: IPFW Technical Discussions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 21 Feb 2008 23:01:38 -0000 Synopsis: [patch] ipfw(8): ipfw nat has problems to show multiples nat rules State-Changed-From-To: open->closed State-Changed-By: piso State-Changed-When: Thu Feb 21 22:59:51 UTC 2008 State-Changed-Why: Fixed in v 1.116. http://www.freebsd.org/cgi/query-pr.cgi?pr=120734 From owner-freebsd-ipfw@FreeBSD.ORG Fri Feb 22 20:40:03 2008 Return-Path: Delivered-To: freebsd-ipfw@hub.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 39EB416A400 for ; Fri, 22 Feb 2008 20:40:03 +0000 (UTC) (envelope-from gnats@FreeBSD.org) Received: from freefall.freebsd.org (freefall.freebsd.org [IPv6:2001:4f8:fff6::28]) by mx1.freebsd.org (Postfix) with ESMTP id 1A40013C458 for ; Fri, 22 Feb 2008 20:40:03 +0000 (UTC) (envelope-from gnats@FreeBSD.org) Received: from freefall.freebsd.org (gnats@localhost [127.0.0.1]) by freefall.freebsd.org (8.14.2/8.14.2) with ESMTP id m1MKe2x6008998 for ; Fri, 22 Feb 2008 20:40:02 GMT (envelope-from gnats@freefall.freebsd.org) Received: (from gnats@localhost) by freefall.freebsd.org (8.14.2/8.14.1/Submit) id m1MKe26Q008997; Fri, 22 Feb 2008 20:40:02 GMT (envelope-from gnats) Date: Fri, 22 Feb 2008 20:40:02 GMT Message-Id: <200802222040.m1MKe26Q008997@freefall.freebsd.org> To: freebsd-ipfw@FreeBSD.org From: Volker Cc: Subject: Re: kern/73276: [ipfw] [patch] ipfw2 vulnerability (parser error) X-BeenThere: freebsd-ipfw@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list Reply-To: Volker List-Id: IPFW Technical Discussions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 22 Feb 2008 20:40:03 -0000 The following reply was made to PR kern/73276; it has been noted by GNATS. From: Volker To: bug-followup@FreeBSD.org, alex@antar.bryansk.ru Cc: Subject: Re: kern/73276: [ipfw] [patch] ipfw2 vulnerability (parser error) Date: Fri, 22 Feb 2008 21:29:58 +0100 Alexey, I'm sorry to see your PR untouched for years. I'm really sorry for that. I've checked your problem report and was unable to reproduce the error you mentioned under RELENG_7: # ipfw add 100 allow ip from 192.168.0.0\{1,2\}\}\}\} to any 00100 allow ip from 192.168.0.0/24{1,2} to any I'm wondering if you can still reproduce the error? Please report back if we can close this PR. Thanks! From owner-freebsd-ipfw@FreeBSD.ORG Sat Feb 23 03:05:13 2008 Return-Path: Delivered-To: freebsd-ipfw@hub.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 1D17416A40D; Sat, 23 Feb 2008 03:05:13 +0000 (UTC) (envelope-from linimon@FreeBSD.org) Received: from freefall.freebsd.org (freefall.freebsd.org [IPv6:2001:4f8:fff6::28]) by mx1.freebsd.org (Postfix) with ESMTP id E168213C506; Sat, 23 Feb 2008 03:05:12 +0000 (UTC) (envelope-from linimon@FreeBSD.org) Received: from freefall.freebsd.org (linimon@localhost [127.0.0.1]) by freefall.freebsd.org (8.14.2/8.14.2) with ESMTP id m1N35CeV040527; Sat, 23 Feb 2008 03:05:12 GMT (envelope-from linimon@freefall.freebsd.org) Received: (from linimon@localhost) by freefall.freebsd.org (8.14.2/8.14.1/Submit) id m1N35CEa040523; Sat, 23 Feb 2008 03:05:12 GMT (envelope-from linimon) Date: Sat, 23 Feb 2008 03:05:12 GMT Message-Id: <200802230305.m1N35CEa040523@freefall.freebsd.org> To: alex@antar.bryansk.ru, linimon@FreeBSD.org, freebsd-ipfw@FreeBSD.org From: linimon@FreeBSD.org Cc: Subject: Re: kern/73276: [ipfw] [patch] ipfw2 vulnerability (parser error) X-BeenThere: freebsd-ipfw@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: IPFW Technical Discussions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sat, 23 Feb 2008 03:05:13 -0000 Synopsis: [ipfw] [patch] ipfw2 vulnerability (parser error) State-Changed-From-To: open->feedback State-Changed-By: linimon State-Changed-When: Sat Feb 23 03:05:03 UTC 2008 State-Changed-Why: Note that submitter has been asked for feedback. http://www.freebsd.org/cgi/query-pr.cgi?pr=73276 From owner-freebsd-ipfw@FreeBSD.ORG Sat Feb 23 03:06:50 2008 Return-Path: Delivered-To: freebsd-ipfw@hub.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 47CE016A401; Sat, 23 Feb 2008 03:06:50 +0000 (UTC) (envelope-from linimon@FreeBSD.org) Received: from freefall.freebsd.org (freefall.freebsd.org [IPv6:2001:4f8:fff6::28]) by mx1.freebsd.org (Postfix) with ESMTP id 1B10E13C458; Sat, 23 Feb 2008 03:06:50 +0000 (UTC) (envelope-from linimon@FreeBSD.org) Received: from freefall.freebsd.org (linimon@localhost [127.0.0.1]) by freefall.freebsd.org (8.14.2/8.14.2) with ESMTP id m1N36o5Z040886; Sat, 23 Feb 2008 03:06:50 GMT (envelope-from linimon@freefall.freebsd.org) Received: (from linimon@localhost) by freefall.freebsd.org (8.14.2/8.14.1/Submit) id m1N36oCZ040882; Sat, 23 Feb 2008 03:06:50 GMT (envelope-from linimon) Date: Sat, 23 Feb 2008 03:06:50 GMT Message-Id: <200802230306.m1N36oCZ040882@freefall.freebsd.org> To: alex@antar.bryansk.ru, linimon@FreeBSD.org, freebsd-ipfw@FreeBSD.org From: linimon@FreeBSD.org Cc: Subject: Re: kern/73276: [ipfw] [patch] ipfw2 vulnerability (parser error) X-BeenThere: freebsd-ipfw@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: IPFW Technical Discussions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sat, 23 Feb 2008 03:06:50 -0000 Synopsis: [ipfw] [patch] ipfw2 vulnerability (parser error) State-Changed-From-To: feedback->closed State-Changed-By: linimon State-Changed-When: Sat Feb 23 03:06:38 UTC 2008 State-Changed-Why: Submitter's email address bounces. http://www.freebsd.org/cgi/query-pr.cgi?pr=73276 From owner-freebsd-ipfw@FreeBSD.ORG Sat Feb 23 14:55:31 2008 Return-Path: Delivered-To: freebsd-ipfw@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 53FB016A402 for ; Sat, 23 Feb 2008 14:55:31 +0000 (UTC) (envelope-from araujobsdport@gmail.com) Received: from py-out-1112.google.com (py-out-1112.google.com [64.233.166.181]) by mx1.freebsd.org (Postfix) with ESMTP id 0710713C458 for ; Sat, 23 Feb 2008 14:55:30 +0000 (UTC) (envelope-from araujobsdport@gmail.com) Received: by py-out-1112.google.com with SMTP id u52so1368287pyb.10 for ; Sat, 23 Feb 2008 06:55:30 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=gamma; h=domainkey-signature:received:received:message-id:date:reply-to:organization:user-agent:mime-version:to:cc:subject:x-enigmail-version:openpgp:content-type:from; bh=jt0HOb602rFteuvMKRjNcPPxSdhucuaH3PImLnhTh28=; b=wRdlzYzuFgDwl8qF2Do/jGJqQiVvD9aW6nmF7OrZmbRJyy1FHckpwO8kgZ0yw1UFYj++9Xr7YAeNxFPvqLeQum+4eCJ0nT4yHeKRqNgFjJZ97wIZhsfz5A3HEyFyWMHKSUiEy1lNFvtisuKw/UkdBix3JMMRSILBIPdB9GkM5Yo= DomainKey-Signature: a=rsa-sha1; c=nofws; d=gmail.com; s=gamma; h=message-id:date:reply-to:organization:user-agent:mime-version:to:cc:subject:x-enigmail-version:openpgp:content-type:from; b=qRkgrsQocyGDD2l5A5IFb7IV1PPvNUrEehNBuMo6NZHW8/MM2FzzAk2igm654irRngZdtMgX2TqQ3hiZ0Q9Jw9AGpNAMnm1uBgO6ByjiiomgtYG5ohpYBABJc1RXbopVZmt/5gp4ecayeI3idm26mlCbCdgCh3XvdO1vnxk+hks= Received: by 10.64.27.13 with SMTP id a13mr1067952qba.44.1203776828084; Sat, 23 Feb 2008 06:27:08 -0800 (PST) Received: from island.freebsd.org ( [201.47.47.138]) by mx.google.com with ESMTPS id q15sm2035023qbq.0.2008.02.23.06.27.06 (version=TLSv1/SSLv3 cipher=RC4-MD5); Sat, 23 Feb 2008 06:27:07 -0800 (PST) Message-ID: <47C02D2E.4000604@FreeBSD.org> Date: Sat, 23 Feb 2008 11:26:54 -0300 Organization: FreeBSD User-Agent: Thunderbird 2.0.0.0 (X11/20070521) MIME-Version: 1.0 To: freebsd-ipfw@freebsd.org X-Enigmail-Version: 0.95.0 OpenPGP: id=53E4CFA8 Content-Type: multipart/signed; micalg=pgp-sha1; protocol="application/pgp-signature"; boundary="------------enig7367275D44DD895E31B66E94" From: Marcelo Araujo Cc: "Bruce M. Simpson" , Roman Bogorodskiy Subject: IPFW and ToS PRECEDENCE fields. X-BeenThere: freebsd-ipfw@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list Reply-To: araujo@FreeBSD.org List-Id: IPFW Technical Discussions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sat, 23 Feb 2008 14:55:31 -0000 This is an OpenPGP/MIME signed message (RFC 2440 and 3156) --------------enig7367275D44DD895E31B66E94 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: quoted-printable Hi all, Well, I do a some research about QoS implementations to my degree project. I started research in this week, first topic approached is ToS, however apart for my project are ok, but I'd like to contribute with the IPFW and change academic research to real benefits within IPFW. I need some explanation around IPFW implementation, some documents or not= es. I need also a some revision in my implementation. My WIKI: http://code.google.com/p/exports/wiki/ WIKI ToS: http://code.google.com/p/exports/wiki/ToSWorkAround First patch: http://people.freebsd.org/~araujo/logs/ipfw-ToS8bits.diff NOTE: IPFW have a short implementation called TOK_IPPRECEDENCE which implements some 0xe0 offset(NETWORK CONTROL), but I wrote TOK_IPTOSPRE like a test. Thanks and best regards, --=20 Marcelo Araujo (__) araujo@FreeBSD.org \\\'',) http://www.FreeBSD.org \/ \ ^ Power To Server. .\. /_) --------------enig7367275D44DD895E31B66E94 Content-Type: application/pgp-signature; name="signature.asc" Content-Description: OpenPGP digital signature Content-Disposition: attachment; filename="signature.asc" -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.7 (FreeBSD) iD8DBQFHwC03ovxJd1Pkz6gRAq0pAJkB6MfuJQiG0ZqA5kyw6mrKGCrk+wCfX5wL kd/522+wzi6VQW7lCXMyABs= =5HOZ -----END PGP SIGNATURE----- --------------enig7367275D44DD895E31B66E94--