Skip site navigation (1)Skip section navigation (2)
Date:      Wed, 30 Aug 2006 05:40:22 GMT
From:      "Stephen E. Halpin" <seh-10lzx4@mail.quadrizen.com>
To:        freebsd-ipfw@FreeBSD.org
Subject:   Re: bin/102422: ipfw & kernel problems where firewall rules aren't interpreted correctly
Message-ID:  <200608300540.k7U5eMDJ059682@freefall.freebsd.org>

next in thread | raw e-mail | index | archive | help
The following reply was made to PR bin/102422; it has been noted by GNATS.

From: Stephen E. Halpin <seh-10lzx4@mail.quadrizen.com>
To: Stephen E. Halpin <seh-10lzx4@mail.quadrizen.com>
Cc: Andrey V. Elsukov <bu7cher@yandex.ru>,
 bug-followup@FreeBSD.org,
 Oleg Bulyzhin <oleg@FreeBSD.org>,
 Gleb Smirnoff <glebius@FreeBSD.org>,
 Luigi Rizzo <rizzo@icir.org>
Subject: Re: bin/102422: ipfw & kernel problems where firewall rules aren't interpreted correctly
Date: Wed, 30 Aug 2006 01:44:01 -0400

 Erf.  I've since patched in the actual diffs for PR 91245 into a  
 clean install of 6.1-RELEASE, and it now thinks "me6" is a hostname  
 which it fails to process and dies.  An example is:
 
      ipfw add 1 deny ip6 from any to me6
      ipfw: hostname ``me6'' unknown
 
 There was a precedence issue which was addressed in MAIN, where the  
 'if' should not be taken if 'ret' is not NULL.  1.76.2.10 off  
 RELENG_6 has:
 
 	if ((ret == NULL) && proto == IPPROTO_IP || strcmp(av, "me") == 0 ||
 	    !inet_pton(AF_INET6, host, &a))
 
 1.96 off MAIN has:
 
 	if (ret == NULL && (proto == IPPROTO_IP || strcmp(av, "me") == 0 ||
 	    !inet_pton(AF_INET6, host, &a)))
 
 Note that these should occur in add_src() and add_dst().  When this  
 is added to the patches in 1.76.2.10, things appear to work.  The page:
 
      http://www.freebsd.org/cgi/cvsweb.cgi/src/sbin/ipfw/ipfw2.c
 
 doesn't appear to have another RELENG_6 checkin since 1.76.2.10, so  
 if possible this should be fixed there with the other changes you've  
 developed.
 
 -Steve
 
 
 On Aug 29, 2006, at 5:33 AM, Stephen E. Halpin wrote:
 
 >
 > On Aug 28, 2006, at 6:26 AM, Andrey V. Elsukov wrote:
 >
 >> Stephen E. Halpin wrote:
 >>> processing, and it worked fine.  I still have a question about PR  
 >>> 91245, as when I went to the following page:
 >>>     http://www.freebsd.org/cgi/cvsweb.cgi/src/sbin/ipfw/
 >>> and it looks like the last version of ipfw2.c is 1.96 on the MAIN  
 >>> branch, and the changes in PR 91245 are not there.  It would be  
 >>> awesome if all three fixes could make it into the 6.2 release!
 >>
 >> This PR was closed by rev. 1.88 in CURRENT, and rev. 1.76.2.10 in  
 >> RELENG_6, and will be in 6.2-RELEASE. But i don't know about this  
 >> PR. Gleb, Oleg - any comments? :)
 >
 > Sorry, this was a misunderstanding on my part.  The diffs in the PR  
 > (which is what I was looking for) are different from what's in the  
 > actual fix, which was checked in to the revisions you mention.  At  
 > least I know where to look next time :-/
 >
 > -Steve
 >
 >> -- 
 >> WBR, Andrey V. Elsukov
 >
 



Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?200608300540.k7U5eMDJ059682>