From owner-freebsd-bugs@FreeBSD.ORG  Thu Aug 24 10:10:25 2006
Return-Path: <owner-freebsd-bugs@FreeBSD.ORG>
X-Original-To: freebsd-bugs@hub.freebsd.org
Delivered-To: freebsd-bugs@hub.freebsd.org
Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125])
	by hub.freebsd.org (Postfix) with ESMTP id 7515216A4DD
	for <freebsd-bugs@hub.freebsd.org>;
	Thu, 24 Aug 2006 10:10:25 +0000 (UTC)
	(envelope-from gnats@FreeBSD.org)
Received: from freefall.freebsd.org (freefall.freebsd.org [216.136.204.21])
	by mx1.FreeBSD.org (Postfix) with ESMTP id 38B8F43D49
	for <freebsd-bugs@hub.freebsd.org>;
	Thu, 24 Aug 2006 10:10:25 +0000 (GMT)
	(envelope-from gnats@FreeBSD.org)
Received: from freefall.freebsd.org (gnats@localhost [127.0.0.1])
	by freefall.freebsd.org (8.13.4/8.13.4) with ESMTP id k7OAAOba042909
	for <freebsd-bugs@freefall.freebsd.org>; Thu, 24 Aug 2006 10:10:24 GMT
	(envelope-from gnats@freefall.freebsd.org)
Received: (from gnats@localhost)
	by freefall.freebsd.org (8.13.4/8.13.4/Submit) id k7OAAOCB042908;
	Thu, 24 Aug 2006 10:10:24 GMT (envelope-from gnats)
Date: Thu, 24 Aug 2006 10:10:24 GMT
Message-Id: <200608241010.k7OAAOCB042908@freefall.freebsd.org>
To: freebsd-bugs@FreeBSD.org
From: "Andrey V. Elsukov" <bu7cher@yandex.ru>
Cc: 
Subject: Re: bin/102422: ipfw & kernel problems where firewall rules aren't
 interpreted correctly
X-BeenThere: freebsd-bugs@freebsd.org
X-Mailman-Version: 2.1.5
Precedence: list
Reply-To: "Andrey V. Elsukov" <bu7cher@yandex.ru>
List-Id: Bug reports <freebsd-bugs.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-bugs>,
	<mailto:freebsd-bugs-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-bugs>
List-Post: <mailto:freebsd-bugs@freebsd.org>
List-Help: <mailto:freebsd-bugs-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-bugs>,
	<mailto:freebsd-bugs-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Thu, 24 Aug 2006 10:10:25 -0000

The following reply was made to PR bin/102422; it has been noted by GNATS.

From: "Andrey V. Elsukov" <bu7cher@yandex.ru>
To: bug-followup@FreeBSD.org
Cc: seh-10lzx4@mail.quadrizen.com, Oleg Bulyzhin <oleg@FreeBSD.org>,
	Gleb Smirnoff <glebius@FreeBSD.org>,
	Luigi Rizzo <rizzo@icir.org>
Subject: Re: bin/102422: ipfw & kernel problems where firewall rules aren't
 interpreted correctly
Date: Thu, 24 Aug 2006 14:09:05 +0400

 This is a multi-part message in MIME format.
 --------------030406010708030003080707
 Content-Type: text/plain; charset=KOI8-R; format=flowed
 Content-Transfer-Encoding: 7bit
 
 Stephen Halpin wrote:
  > The rule is accepted with icmp6types 1,2,32,33,34,...94,95,128,129.
  > The problem is the data structure in
  > /usr/src/sbin/ipfw/ipfw2.c:fill_icmp6types() is not properly
  > initialized.
 
 Yes, you are right. A data buffer is previously zeroed, but
 fill_ip6() function can modified some data while parsing ipv6
 destination addresses. Quick fix is simple:
 
 --- ipfw2.c     23 Aug 2006 14:29:18 -0000      1.96
 +++ ipfw2.c     24 Aug 2006 09:08:06 -0000
 @@ -1206,7 +1206,7 @@
   {
          uint8_t type;
 
 -       cmd->d[0] = 0;
 +       bzero(cmd, sizeof(*cmd));
          while (*av) {
              if (*av == ',')
                  av++;
 
 
 But i think that here can be another similar issues.
 
  > addressed with bug number 91245, which the query interface won't
  > bring up for anything.  I was able to find it using the global
  > Google.  I found a set of diffs at:
 
 PR 91245 was closed.
 http://www.freebsd.org/cgi/query-pr.cgi?pr=91245
 
  > Problem 3:
  >
  > ipfw add allow ip6 from any to 2000::/16,2002::/16
 
 Can you try the attached patch?
 
 -- 
 WBR, Andrey V. Elsukov
 
 --------------030406010708030003080707
 Content-Type: text/plain;
  name="ipfw_fix.txt"
 Content-Transfer-Encoding: 7bit
 Content-Disposition: inline;
  filename="ipfw_fix.txt"
 
 Index: ip_fw2.c
 ===================================================================
 RCS file: /mnt/cvs/ncvs/src/sys/netinet/ip_fw2.c,v
 retrieving revision 1.144
 diff -u -r1.144 ip_fw2.c
 --- ip_fw2.c	18 Aug 2006 22:36:04 -0000	1.144
 +++ ip_fw2.c	24 Aug 2006 09:55:38 -0000
 @@ -2869,22 +2869,20 @@
  				    &((ipfw_insn_ip6 *)cmd)->addr6);
  				break;
  			case O_IP6_SRC_MASK:
 -				if (is_ipv6) {
 -					ipfw_insn_ip6 *te = (ipfw_insn_ip6 *)cmd;
 -					struct in6_addr p = args->f_id.src_ip6;
 -
 -					APPLY_MASK(&p, &te->mask6);
 -					match = IN6_ARE_ADDR_EQUAL(&te->addr6, &p);
 -				}
 -				break;
 -
  			case O_IP6_DST_MASK:
  				if (is_ipv6) {
 -					ipfw_insn_ip6 *te = (ipfw_insn_ip6 *)cmd;
 -					struct in6_addr p = args->f_id.dst_ip6;
 +					int i = cmdlen - 1;
 +					struct in6_addr p;
 +					struct in6_addr *d = &((ipfw_insn_ip6 *)cmd)->addr6;
  
 -					APPLY_MASK(&p, &te->mask6);
 -					match = IN6_ARE_ADDR_EQUAL(&te->addr6, &p);
 +					for (; !match && i > 0; d += 2,
 +						i -= F_INSN_SIZE(struct in6_addr) * 2)
 +					{
 +						p = (cmd->opcode == O_IP6_SRC_MASK) ?
 +							args->f_id.src_ip6: args->f_id.dst_ip6;
 +						APPLY_MASK(&p, &d[1]);
 +						match = IN6_ARE_ADDR_EQUAL(&d[0], &p);
 +					}
  				}
  				break;
  
 
 --------------030406010708030003080707--