Date: Tue, 21 Dec 2004 11:40:21 +0100 From: Vladimir Kotal <vlada@devnull.cz> To: freebsd-ipfw@freebsd.org Subject: Re: ipfw2 for IPV6 Message-ID: <20041221104021.GA26902@otaku.xtrmntr.org> In-Reply-To: <20041221103650.GC25908@otaku.xtrmntr.org> References: <20041221103650.GC25908@otaku.xtrmntr.org>
next in thread | previous in thread | raw e-mail | index | archive | help
On Tue, Dec 21, 2004 at 11:36:50AM +0100, Vladimir Kotal wrote: > > - sbin/ipfw2.c parsing code can cause incorrect functionality, even > segfault in some cases (see included regress script) Hmm, the regress script did not get thru, here it is: #!/bin/sh # presume net.inet.ip.fw.one_pass = 0 ipfw=/sbin/ipfw $ipfw -f flush $ipfw -f pipe flush ipv6addr="fec0:2::2/128" ## outgoing queue $ipfw pipe 2400 config bw 64Kbit/s queue 16KBytes ## incoming queue $ipfw pipe 2401 config bw 64Kbit/s queue 16KBytes # following rules load but do not function correctly # - packets are not matched against these rules $ipfw add 01500 pipe 2400 ipv6 from any to $ipv6addr out $ipfw add 01500 allow ipv6 from any to $ipv6addr out $ipfw add 01501 pipe 2401 ipv6 from $ipv6addr to any in $ipfw add 01501 allow ipv6 from $ipv6addr to any in # following commands omit 'in/out' tokens from parsing $ipfw add 01600 pipe 2400 ipv6 from any to $ipv6addr ipv6 out $ipfw add 01600 allow ipv6 from any to $ipv6addr ipv6 out $ipfw add 01601 pipe 2401 ipv6 from $ipv6addr to any ipv6 in $ipfw add 01601 allow ipv6 from $ipv6addr to any ipv6 in # following commands cause segfault $ipfw add 01700 pipe 2400 ipv6 from any to $ipv6addr out ipv6 $ipfw add 01700 allow ipv6 from any to $ipv6addr out ipv6 $ipfw add 01701 pipe 2401 ipv6 from $ipv6addr to any in ipv6 $ipfw add 01701 allow ipv6 from $ipv6addr to any in ipv6 # default deny $ipfw add 65420 deny log all from any to any via fxp1
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20041221104021.GA26902>