Date: Tue, 6 Oct 1998 08:21:46 +0100 (MET) From: Luigi Rizzo <luigi@labinfo.iet.unipi.it> To: jonny@jonny.eng.br (Joao Carlos Mendes Luis) Cc: Jeff@Wagsky.com, freebsd-stable@FreeBSD.ORG Subject: Re: ipfw SkipTo behavior changed Message-ID: <199810060721.IAA05814@labinfo.iet.unipi.it> In-Reply-To: <199810051945.QAA26791@roma.coe.ufrj.br> from "Joao Carlos Mendes Luis" at Oct 5, 98 04:44:59 pm
next in thread | previous in thread | raw e-mail | index | archive | help
> #define quoting(Jeff Kletsky) > // In trying to resolve puzzling behavior on a "new" FreeBSD box > // (2.2.7-STABLE, cvsup as of 980929), it appears that the behavior of the > // SkipTo rules in ipfw/kernel have changed. Previously a rule such as > // > // 2200 skipto 3000 all from 127.0.0.1 to 127.0.0.1 recv lo0 in > // > // would "skipto" the next-higher numbered rule in the list if 3000 did not > // exist. This build seems to require that a rule 3000 explicitly exist. If > // it does not exist, it proceeds as if rule 2200 is not matched. > // > // Is this an "intentional" change in the firewall code? If not, has a later > // release changed back to the older behavior? > > IIRC Luigi has changed this behaviour together with the DUMMYNET > integration. It was intentional, for code optimization. Actually the change was not intentional, i just used == instead of == in find_next_rule() or so within ip_fw.c The fix is really one char. The reason i did not fixed (yet) the code myself is that i think it is not that safe to rely on this feature in a security module such as ipfw. But if people want me to revert the code to the default behaviour i have no problems with that. cheers luigi To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-stable" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?199810060721.IAA05814>