Date: Thu, 24 Aug 2006 10:10:24 GMT From: "Andrey V. Elsukov" <bu7cher@yandex.ru> To: freebsd-bugs@FreeBSD.org Subject: Re: bin/102422: ipfw & kernel problems where firewall rules aren't interpreted correctly Message-ID: <200608241010.k7OAAOCB042908@freefall.freebsd.org>
next in thread | raw e-mail | index | archive | help
The following reply was made to PR bin/102422; it has been noted by GNATS. From: "Andrey V. Elsukov" <bu7cher@yandex.ru> To: bug-followup@FreeBSD.org Cc: seh-10lzx4@mail.quadrizen.com, Oleg Bulyzhin <oleg@FreeBSD.org>, Gleb Smirnoff <glebius@FreeBSD.org>, Luigi Rizzo <rizzo@icir.org> Subject: Re: bin/102422: ipfw & kernel problems where firewall rules aren't interpreted correctly Date: Thu, 24 Aug 2006 14:09:05 +0400 This is a multi-part message in MIME format. --------------030406010708030003080707 Content-Type: text/plain; charset=KOI8-R; format=flowed Content-Transfer-Encoding: 7bit Stephen Halpin wrote: > The rule is accepted with icmp6types 1,2,32,33,34,...94,95,128,129. > The problem is the data structure in > /usr/src/sbin/ipfw/ipfw2.c:fill_icmp6types() is not properly > initialized. Yes, you are right. A data buffer is previously zeroed, but fill_ip6() function can modified some data while parsing ipv6 destination addresses. Quick fix is simple: --- ipfw2.c 23 Aug 2006 14:29:18 -0000 1.96 +++ ipfw2.c 24 Aug 2006 09:08:06 -0000 @@ -1206,7 +1206,7 @@ { uint8_t type; - cmd->d[0] = 0; + bzero(cmd, sizeof(*cmd)); while (*av) { if (*av == ',') av++; But i think that here can be another similar issues. > addressed with bug number 91245, which the query interface won't > bring up for anything. I was able to find it using the global > Google. I found a set of diffs at: PR 91245 was closed. http://www.freebsd.org/cgi/query-pr.cgi?pr=91245 > Problem 3: > > ipfw add allow ip6 from any to 2000::/16,2002::/16 Can you try the attached patch? -- WBR, Andrey V. Elsukov --------------030406010708030003080707 Content-Type: text/plain; name="ipfw_fix.txt" Content-Transfer-Encoding: 7bit Content-Disposition: inline; filename="ipfw_fix.txt" Index: ip_fw2.c =================================================================== RCS file: /mnt/cvs/ncvs/src/sys/netinet/ip_fw2.c,v retrieving revision 1.144 diff -u -r1.144 ip_fw2.c --- ip_fw2.c 18 Aug 2006 22:36:04 -0000 1.144 +++ ip_fw2.c 24 Aug 2006 09:55:38 -0000 @@ -2869,22 +2869,20 @@ &((ipfw_insn_ip6 *)cmd)->addr6); break; case O_IP6_SRC_MASK: - if (is_ipv6) { - ipfw_insn_ip6 *te = (ipfw_insn_ip6 *)cmd; - struct in6_addr p = args->f_id.src_ip6; - - APPLY_MASK(&p, &te->mask6); - match = IN6_ARE_ADDR_EQUAL(&te->addr6, &p); - } - break; - case O_IP6_DST_MASK: if (is_ipv6) { - ipfw_insn_ip6 *te = (ipfw_insn_ip6 *)cmd; - struct in6_addr p = args->f_id.dst_ip6; + int i = cmdlen - 1; + struct in6_addr p; + struct in6_addr *d = &((ipfw_insn_ip6 *)cmd)->addr6; - APPLY_MASK(&p, &te->mask6); - match = IN6_ARE_ADDR_EQUAL(&te->addr6, &p); + for (; !match && i > 0; d += 2, + i -= F_INSN_SIZE(struct in6_addr) * 2) + { + p = (cmd->opcode == O_IP6_SRC_MASK) ? + args->f_id.src_ip6: args->f_id.dst_ip6; + APPLY_MASK(&p, &d[1]); + match = IN6_ARE_ADDR_EQUAL(&d[0], &p); + } } break; --------------030406010708030003080707--
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?200608241010.k7OAAOCB042908>