kern/64778: IPFW2: incorrect parsing of 0.0.0.0/0 expression

Maxim Konovalov maxim at macomnet.ru
Fri Mar 26 10:50:21 PST 2004


The following reply was made to PR kern/64778; it has been noted by GNATS.

From: Maxim Konovalov <maxim at macomnet.ru>
To: "Benny v. M." <benny at pilgerer.de>
Cc: bug-followup at freebsd.org, luigi at freebsd.org
Subject: Re: kern/64778: IPFW2: incorrect parsing of 0.0.0.0/0 expression
Date: Fri, 26 Mar 2004 21:46:09 +0300 (MSK)

 Yes, it is known bug in ipfw2(8).
 
 Please try a fix I posted several months ago.  Perhaps I should go
 ahead and commit it.
 
 %%%
 
 From maxim at macomnet.ru Fri Mar 26 21:42:45 2004
 Date: Fri, 29 Aug 2003 00:07:01 +0400 (MSD)
 From: Maxim Konovalov <maxim at macomnet.ru>
 To: Petri Helenius <pete at he.iki.fi>
 Cc: freebsd-net at freebsd.org
 Subject: Re: ipfw parsing bug
 
 On Thu, 28 Aug 2003, 23:01+0300, Petri Helenius wrote:
 
 >
 > ipfw seems to have developed a bug lately on 5-CURRENT;
 > # ipfw add 2042 allow tcp from 0.0.0.0/0 to me
 > 42
 > 02042 allow tcp from me to me dst-port 42
 >
 > It used to work that 0.0.0.0/0 was "any" instead of "me". Last I checked
 > the notation is also widely used in networking gear for default route which
 > is a "catch any" definition.
 
 Known ipfw2 bug.  Try this:
 
 Index: ipfw2.c
 ===================================================================
 RCS file: /home/ncvs/src/sbin/ipfw/ipfw2.c,v
 retrieving revision 1.38
 diff -u -r1.38 ipfw2.c
 --- ipfw2.c	21 Jul 2003 09:56:05 -0000	1.38
 +++ ipfw2.c	28 Jul 2003 15:51:26 -0000
 @@ -2046,7 +2046,7 @@
  				errx(EX_DATAERR, "not any never matches");
  		}
  		/* else do nothing and skip this entry */
 -		continue;
 +		return;
  	}
  	/* A single IP can be stored in an optimized format */
  	if (d[1] == IP_MASK_ALL && av == NULL && len == 0) {
 %%%
 
 -- 
 Maxim Konovalov


More information about the freebsd-bugs mailing list