kern/57736: IP Filter IPv6 accounting bug
FUKAUMI Naoki
fukaumi at soum.co.jp
Wed Oct 8 04:00:34 PDT 2003
>Number: 57736
>Category: kern
>Synopsis: IP Filter IPv6 accounting bug
>Confidential: no
>Severity: critical
>Priority: high
>Responsible: freebsd-bugs
>State: open
>Quarter:
>Keywords:
>Date-Required:
>Class: sw-bug
>Submitter-Id: current-users
>Arrival-Date: Wed Oct 08 04:00:25 PDT 2003
>Closed-Date:
>Last-Modified:
>Originator: FUKAUMI Naoki
>Release: FreeBSD 4.9-PRERELEASE i386
>Organization:
SOUM Corporation
>Environment:
>Description:
IP Filter IPv6 accounting (packet byte count) is broken.
>How-To-Repeat:
# echo count in all | ipf -6 -f -
# echo count out all | ipf -6 -f -
(some IPv6 communication)
# ipfstat -6 -aio
(count is incorrect)
>Fix:
This PR and patch was sent to author few minutes ago.
--- fil.c.orig 2003-06-28 00:29:37.000000000 +0900
+++ fil.c 2003-10-08 19:15:03.000000000 +0900
@@ -630,7 +630,7 @@
{
register struct frentry *fr;
register fr_ip_t *fi = &fin->fin_fi;
- int rulen, portcmp = 0, off, skip = 0, logged = 0;
+ int rulen, portcmp = 0, off, skip = 0, logged = 0, len, v = ip->ip_v;
u_32_t pass, passt, passl;
frentry_t *frl;
@@ -809,10 +809,20 @@
}
#endif /* IPFILTER_LOG */
ATOMIC_INCL(fr->fr_hits);
- if (passt & FR_ACCOUNT)
- fr->fr_bytes += (U_QUAD_T)ip->ip_len;
- else
+ if (passt & FR_ACCOUNT) {
+#ifdef USE_INET6
+ if (v == 6) {
+ len = ntohs(((ip6_t*)ip)->ip6_plen);
+ len += sizeof(ip6_t);
+ } else
+#endif
+ {
+ len = ip->ip_len;
+ }
+ fr->fr_bytes += (U_QUAD_T)len;
+ } else {
fin->fin_icode = fr->fr_icode;
+ }
fin->fin_rule = rulen;
fin->fin_group = fr->fr_group;
if (fr->fr_grp != NULL) {
>Release-Note:
>Audit-Trail:
>Unformatted:
More information about the freebsd-bugs
mailing list