From owner-freebsd-bugs@FreeBSD.ORG Tue Feb 15 20:00:47 2005 Return-Path: Delivered-To: freebsd-bugs@hub.freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id E16C016A4CF for ; Tue, 15 Feb 2005 20:00:46 +0000 (GMT) Received: from freefall.freebsd.org (freefall.freebsd.org [216.136.204.21]) by mx1.FreeBSD.org (Postfix) with ESMTP id AA81443D41 for ; Tue, 15 Feb 2005 20:00:46 +0000 (GMT) (envelope-from gnats@FreeBSD.org) Received: from freefall.freebsd.org (gnats@localhost [127.0.0.1]) by freefall.freebsd.org (8.13.1/8.13.1) with ESMTP id j1FK0kP8034759 for ; Tue, 15 Feb 2005 20:00:46 GMT (envelope-from gnats@freefall.freebsd.org) Received: (from gnats@localhost) by freefall.freebsd.org (8.13.1/8.13.1/Submit) id j1FK0kGC034744; Tue, 15 Feb 2005 20:00:46 GMT (envelope-from gnats) Resent-Date: Tue, 15 Feb 2005 20:00:46 GMT Resent-Message-Id: <200502152000.j1FK0kGC034744@freefall.freebsd.org> Resent-From: FreeBSD-gnats-submit@FreeBSD.org (GNATS Filer) Resent-To: freebsd-bugs@FreeBSD.org Resent-Reply-To: FreeBSD-gnats-submit@FreeBSD.org, "Wojciech A. Koszek" Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 5F55916A4CE for ; Tue, 15 Feb 2005 19:58:14 +0000 (GMT) Received: from freebsd.czest.pl (silver.iplus.pl [80.48.250.4]) by mx1.FreeBSD.org (Postfix) with ESMTP id AF89F43D60 for ; Tue, 15 Feb 2005 19:58:12 +0000 (GMT) (envelope-from dunstan@freebsd.czest.pl) Received: from freebsd.czest.pl (freebsd.czest.pl [80.48.250.4]) by freebsd.czest.pl (8.12.10/8.12.9) with ESMTP id j1FK3a9r018776 for ; Tue, 15 Feb 2005 20:03:36 GMT (envelope-from dunstan@freebsd.czest.pl) Received: (from dunstan@localhost) by freebsd.czest.pl (8.12.10/8.12.9/Submit) id j1FK3ZDm018775; Tue, 15 Feb 2005 20:03:35 GMT (envelope-from dunstan) Message-Id: <200502152003.j1FK3ZDm018775@freebsd.czest.pl> Date: Tue, 15 Feb 2005 20:03:35 GMT From: "Wojciech A. Koszek" To: FreeBSD-gnats-submit@FreeBSD.org X-Send-Pr-Version: 3.113 Subject: kern/77570: [PATCH] ipfw: Multiple rules may have the same number. X-BeenThere: freebsd-bugs@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list Reply-To: "Wojciech A. Koszek" List-Id: Bug reports List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 15 Feb 2005 20:00:47 -0000 >Number: 77570 >Category: kern >Synopsis: [PATCH] ipfw: Multiple rules may have the same number. >Confidential: no >Severity: non-critical >Priority: low >Responsible: freebsd-bugs >State: open >Quarter: >Keywords: >Date-Required: >Class: sw-bug >Submitter-Id: current-users >Arrival-Date: Tue Feb 15 20:00:46 GMT 2005 >Closed-Date: >Last-Modified: >Originator: Wojciech A. Koszek >Release: FreeBSD 5.3-STABLE i386 >Organization: >Environment: System: FreeBSD dunstan.freebsd.czest.pl 5.3-STABLE FreeBSD 5.3-STABLE #0: Sat Feb 12 11:15:23 CET 2005 root@dunstan.freebsd.czest.pl:/usr/obj/usr/src/sys/HOME6 i386 This problem exists in either -STABLE or -CURRENT. >Description: There is a problem while inserting ipfw2 rule with specified rule number. # ipfw add While executing this command N times, it will add N rules with the same number . I don't really like this behaviour, since rule number has to represent the unique rule. >How-To-Repeat: This problem may be easily reproduced: # ipfw add 100 allow all from any to any 00100 allow ip from any to any # ipfw add 100 allow all from any to any 00100 allow ip from any to any # ipfw add 100 allow all from any to any 00100 allow ip from any to any # ipfw show | grep 00100 00100 0 0 allow ip from any to any 00100 0 0 allow ip from any to any 00100 0 0 allow ip from any to any >Fix: Attached patch [diff.0.ipfw2] should correct this problem. It also adds predefinition of remove_rule(), because after applying this patch, add_rule() requires it. --- diff.0.ipfw2 begins here --- Patch against FreeBSD 5.3-STABLE, kern.osreldate: 503102. diff -upr /usr/src/sys/netinet/ip_fw2.c src/sys/netinet/ip_fw2.c --- /usr/src/sys/netinet/ip_fw2.c Sat Feb 12 09:36:43 2005 +++ src/sys/netinet/ip_fw2.c Tue Feb 15 20:11:17 2005 @@ -104,6 +104,9 @@ static struct callout ipfw_timeout; static uma_zone_t ipfw_dyn_rule_zone; #define IPFW_DEFAULT_RULE 65535 +static struct ip_fw * +remove_rule(struct ip_fw_chain *, struct ip_fw *, struct ip_fw *); + /* * Data structure to cache our ucred related * information. This structure only gets used if @@ -2599,7 +2602,19 @@ add_rule(struct ip_fw_chain *chain, stru * Now insert the new rule in the right place in the sorted list. */ for (prev = NULL, f = chain->rules; f; prev = f, f = f->next) { - if (f->rulenum > rule->rulenum) { /* found the location */ + if (f->rulenum == rule->rulenum) { /* exact match */ + rule->next = f->next; + (void) remove_rule(chain, f, prev); + if (prev != NULL) { + prev->next = rule; + } + else { /* head insert */ + rule->next = chain->rules; + chain->rules = rule; + } + break; + } + else if (f->rulenum > rule->rulenum) { /* found the location */ if (prev) { rule->next = f; prev->next = rule; --- diff.0.ipfw2 ends here --- >Release-Note: >Audit-Trail: >Unformatted: