Date: 16 Feb 2008 13:16:38 -0000 From: Luiz Otavio O Souza <loos.br@gmail.com> To: FreeBSD-gnats-submit@FreeBSD.org Subject: bin/120734: [patch] ipfw nat has problems to show multiples nat rules Message-ID: <20080216131638.10617.qmail@ad.com.br> Resent-Message-ID: <200802161330.m1GDU56a009404@freefall.freebsd.org>
next in thread | raw e-mail | index | archive | help
>Number: 120734
>Category: bin
>Synopsis: [patch] ipfw nat has problems to show multiples nat rules
>Confidential: no
>Severity: non-critical
>Priority: low
>Responsible: freebsd-bugs
>State: open
>Quarter:
>Keywords:
>Date-Required:
>Class: sw-bug
>Submitter-Id: current-users
>Arrival-Date: Sat Feb 16 13:30:05 UTC 2008
>Closed-Date:
>Last-Modified:
>Originator: Luiz Otavio O Souza
>Release: FreeBSD 7.0-PRERELEASE i386
>Organization:
>Environment:
System: FreeBSD server.rede.int.br 7.0-PRERELEASE FreeBSD 7.0-PRERELEASE #5: Sun Jan 27 18:40:24 BRST 2008 root@server.rede.int.br:/usr/obj/usr/src/sys/FW i386
>Description:
ipfw nat has problems to show multiples nat rules.
the problem happen when ipfw parse the serialized data from kernel.
this simple patch fix that, but may be all code should be audited to ensure the correct utilization (and parse) of serialized data (to and from kernel).
>How-To-Repeat:
# ipfw nat 1 config if tun0 same_ports reset
# ipfw nat 2 config ip 10.0.0.2 same_ports redirect_port tcp 129.0.0.1:23 10.0.0.3:23
# ipfw nat 3 config ip 100.0.0.2 reset
# ipfw nat show config
ipfw nat 3 config ip 100.0.0.2 reset
ipfw nat 0 config
ipfw nat 0 config
after fix:
# /usr/src/sbin/ipfw/ipfw nat show config
ipfw nat 3 config ip 100.0.0.2 reset
ipfw nat 2 config ip 10.0.0.2 same_ports redirect_port tcp 129.0.0.1:23 10.0.0.3:23
ipfw nat 1 config if tun0 same_ports reset
>Fix:
this patch fix the parse of serialized data on ipfw (userland), kernel requires no changes at moment.
the last part of patch is just style(9) fixes.
--- ipfw2.c.orig 2008-02-10 13:22:35.000000000 -0200
+++ ipfw2.c 2008-02-16 10:20:37.000000000 -0200
@@ -5963,14 +5963,16 @@
for (i = sizeof(nat_cnt); nat_cnt; nat_cnt--) {
n = (struct cfg_nat *)&data[i];
if (do_rule) {
- if (!(frule <= n->id && lrule >= n->id))
- continue;
- }
- print_nat_config(&data[i]);
+ if ((frule <= n->id && lrule >= n->id))
+ print_nat_config(&data[i]);
+ } else
+ print_nat_config(&data[i]);
+
i += sizeof(struct cfg_nat);
e = (struct cfg_redir *)&data[i];
- if (e->mode == REDIR_ADDR || e->mode == REDIR_PORT ||
- e->mode == REDIR_PROTO)
+ if (n->redir_cnt > 0 &&
+ (e->mode == REDIR_ADDR || e->mode == REDIR_PORT ||
+ e->mode == REDIR_PROTO))
i += sizeof(struct cfg_redir) + e->spool_cnt *
sizeof(struct cfg_spool);
}
@@ -6226,16 +6228,16 @@
config_pipe(ac, av);
else if (do_nat && _substrcmp(*av, "config") == 0)
config_nat(ac, av);
- else if (_substrcmp(*av, "set") == 0)
- sets_handler(ac, av);
- else if (_substrcmp(*av, "table") == 0)
- table_handler(ac, av);
- else if (_substrcmp(*av, "enable") == 0)
- sysctl_handler(ac, av, 1);
- else if (_substrcmp(*av, "disable") == 0)
- sysctl_handler(ac, av, 0);
- else
- try_next = 1;
+ else if (_substrcmp(*av, "set") == 0)
+ sets_handler(ac, av);
+ else if (_substrcmp(*av, "table") == 0)
+ table_handler(ac, av);
+ else if (_substrcmp(*av, "enable") == 0)
+ sysctl_handler(ac, av, 1);
+ else if (_substrcmp(*av, "disable") == 0)
+ sysctl_handler(ac, av, 0);
+ else
+ try_next = 1;
}
if (use_set || try_next) {
>Release-Note:
>Audit-Trail:
>Unformatted:
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20080216131638.10617.qmail>