From owner-freebsd-ipfw@FreeBSD.ORG Sat Sep 16 12:38:24 2006 Return-Path: X-Original-To: freebsd-ipfw@freebsd.org Delivered-To: freebsd-ipfw@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 0897F16A407 for ; Sat, 16 Sep 2006 12:38:24 +0000 (UTC) (envelope-from jhay@meraka.csir.co.za) Received: from zibbi.meraka.csir.co.za (zibbi.meraka.csir.co.za [146.64.24.58]) by mx1.FreeBSD.org (Postfix) with ESMTP id 7FAD943D45 for ; Sat, 16 Sep 2006 12:38:22 +0000 (GMT) (envelope-from jhay@meraka.csir.co.za) Received: by zibbi.meraka.csir.co.za (Postfix, from userid 3973) id 439E033CAF; Sat, 16 Sep 2006 14:38:18 +0200 (SAST) Date: Sat, 16 Sep 2006 14:38:18 +0200 From: John Hay To: freebsd-ipfw@freebsd.org Message-ID: <20060916123818.GA8497@zibbi.meraka.csir.co.za> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline User-Agent: Mutt/1.4.2.1i Subject: ipfw buffers too small? X-BeenThere: freebsd-ipfw@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: IPFW Technical Discussions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sat, 16 Sep 2006 12:38:24 -0000 Hi, It seems that the buffer sizes inside ipfw did not keep up with its possible uses. If I run this: ipfw add 160 allow ip6 from 3000::/16,3100::/16,3200::/16,3300::/16,3ffe::/16,4ffe::/16,2000::/16,2001::/16 to any it put this inside the kernel: 00160 allow ip6 from { me6 or to any A shorter one does work: ipfw add 170 allow ip6 from 3200::/16,3300::/16,3ffe::/16,4ffe::/16,2000::/16,2001::/16 to any 00170 allow ip6 from 3200::/16,3300::/16,3ffe::/16,4ffe::/16,2000::/16,2001::/16 to any So I have two questions, should the arrays (rulebuf, actbuf and cmdbuf) in ipfw/ipfw2.c:add() not be bigger? And the more important question, should it not have some bounds checking? John -- John Hay -- John.Hay@meraka.csir.co.za / jhay@FreeBSD.org