Date: Wed, 30 Aug 2006 05:40:22 GMT From: "Stephen E. Halpin" <seh-10lzx4@mail.quadrizen.com> To: freebsd-ipfw@FreeBSD.org Subject: Re: bin/102422: ipfw & kernel problems where firewall rules aren't interpreted correctly Message-ID: <200608300540.k7U5eMDJ059682@freefall.freebsd.org>
next in thread | raw e-mail | index | archive | help
The following reply was made to PR bin/102422; it has been noted by GNATS. From: Stephen E. Halpin <seh-10lzx4@mail.quadrizen.com> To: Stephen E. Halpin <seh-10lzx4@mail.quadrizen.com> Cc: Andrey V. Elsukov <bu7cher@yandex.ru>, bug-followup@FreeBSD.org, Oleg Bulyzhin <oleg@FreeBSD.org>, Gleb Smirnoff <glebius@FreeBSD.org>, Luigi Rizzo <rizzo@icir.org> Subject: Re: bin/102422: ipfw & kernel problems where firewall rules aren't interpreted correctly Date: Wed, 30 Aug 2006 01:44:01 -0400 Erf. I've since patched in the actual diffs for PR 91245 into a clean install of 6.1-RELEASE, and it now thinks "me6" is a hostname which it fails to process and dies. An example is: ipfw add 1 deny ip6 from any to me6 ipfw: hostname ``me6'' unknown There was a precedence issue which was addressed in MAIN, where the 'if' should not be taken if 'ret' is not NULL. 1.76.2.10 off RELENG_6 has: if ((ret == NULL) && proto == IPPROTO_IP || strcmp(av, "me") == 0 || !inet_pton(AF_INET6, host, &a)) 1.96 off MAIN has: if (ret == NULL && (proto == IPPROTO_IP || strcmp(av, "me") == 0 || !inet_pton(AF_INET6, host, &a))) Note that these should occur in add_src() and add_dst(). When this is added to the patches in 1.76.2.10, things appear to work. The page: http://www.freebsd.org/cgi/cvsweb.cgi/src/sbin/ipfw/ipfw2.c doesn't appear to have another RELENG_6 checkin since 1.76.2.10, so if possible this should be fixed there with the other changes you've developed. -Steve On Aug 29, 2006, at 5:33 AM, Stephen E. Halpin wrote: > > On Aug 28, 2006, at 6:26 AM, Andrey V. Elsukov wrote: > >> Stephen E. Halpin wrote: >>> processing, and it worked fine. I still have a question about PR >>> 91245, as when I went to the following page: >>> http://www.freebsd.org/cgi/cvsweb.cgi/src/sbin/ipfw/ >>> and it looks like the last version of ipfw2.c is 1.96 on the MAIN >>> branch, and the changes in PR 91245 are not there. It would be >>> awesome if all three fixes could make it into the 6.2 release! >> >> This PR was closed by rev. 1.88 in CURRENT, and rev. 1.76.2.10 in >> RELENG_6, and will be in 6.2-RELEASE. But i don't know about this >> PR. Gleb, Oleg - any comments? :) > > Sorry, this was a misunderstanding on my part. The diffs in the PR > (which is what I was looking for) are different from what's in the > actual fix, which was checked in to the revisions you mention. At > least I know where to look next time :-/ > > -Steve > >> -- >> WBR, Andrey V. Elsukov >
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?200608300540.k7U5eMDJ059682>