kern/64778: IPFW2: incorrect parsing of 0.0.0.0/0 expression
Maxim Konovalov
maxim at macomnet.ru
Fri Mar 26 10:50:21 PST 2004
The following reply was made to PR kern/64778; it has been noted by GNATS.
From: Maxim Konovalov <maxim at macomnet.ru>
To: "Benny v. M." <benny at pilgerer.de>
Cc: bug-followup at freebsd.org, luigi at freebsd.org
Subject: Re: kern/64778: IPFW2: incorrect parsing of 0.0.0.0/0 expression
Date: Fri, 26 Mar 2004 21:46:09 +0300 (MSK)
Yes, it is known bug in ipfw2(8).
Please try a fix I posted several months ago. Perhaps I should go
ahead and commit it.
%%%
From maxim at macomnet.ru Fri Mar 26 21:42:45 2004
Date: Fri, 29 Aug 2003 00:07:01 +0400 (MSD)
From: Maxim Konovalov <maxim at macomnet.ru>
To: Petri Helenius <pete at he.iki.fi>
Cc: freebsd-net at freebsd.org
Subject: Re: ipfw parsing bug
On Thu, 28 Aug 2003, 23:01+0300, Petri Helenius wrote:
>
> ipfw seems to have developed a bug lately on 5-CURRENT;
> # ipfw add 2042 allow tcp from 0.0.0.0/0 to me
> 42
> 02042 allow tcp from me to me dst-port 42
>
> It used to work that 0.0.0.0/0 was "any" instead of "me". Last I checked
> the notation is also widely used in networking gear for default route which
> is a "catch any" definition.
Known ipfw2 bug. Try this:
Index: ipfw2.c
===================================================================
RCS file: /home/ncvs/src/sbin/ipfw/ipfw2.c,v
retrieving revision 1.38
diff -u -r1.38 ipfw2.c
--- ipfw2.c 21 Jul 2003 09:56:05 -0000 1.38
+++ ipfw2.c 28 Jul 2003 15:51:26 -0000
@@ -2046,7 +2046,7 @@
errx(EX_DATAERR, "not any never matches");
}
/* else do nothing and skip this entry */
- continue;
+ return;
}
/* A single IP can be stored in an optimized format */
if (d[1] == IP_MASK_ALL && av == NULL && len == 0) {
%%%
--
Maxim Konovalov
More information about the freebsd-bugs
mailing list