bin/97194: [patch] [ipfw] ipfw does not correctly list dynamic IPv6 rules

Martin Birgmeier martin at email.aon.at
Sat May 13 07:50:15 UTC 2006 

>Number:         97194
>Category:       bin
>Synopsis:       [patch] [ipfw] ipfw does not correctly list dynamic IPv6 rules
>Confidential:   no
>Severity:       non-critical
>Priority:       low
>Responsible:    freebsd-bugs
>State:          open
>Quarter:        
>Keywords:       
>Date-Required:
>Class:          sw-bug
>Submitter-Id:   current-users
>Arrival-Date:   Sat May 13 07:50:13 GMT 2006
>Closed-Date:
>Last-Modified:
>Originator:     Martin Birgmeier
>Release:        FreeBSD 6.1-RELEASE i386
>Organization:
MBi at home
>Environment:
System: FreeBSD gandalf.xyzzy 6.1-RELEASE FreeBSD 6.1-RELEASE #0: Thu May 11 21:56:57 CEST 2006 root at marvin.xyzzy:/usr/VOL/OBJ/FreeBSD/RELENG_6_1_0_RELEASE/src/sys/GANDALF i386


>Description:
	/sbin/ipfw always assumes IPv4 addresses when listing dynamic
	firewall rules. IPv6 addresses are shown as 0.0.0.0.
>How-To-Repeat:
	Create Internet traffic such that dynamic IPv6 rules are established.
	Then list those rules using, e.g., "ipfw -d show". Dynamic IPv6
	rules will be shown incorrectly.
>Fix:

*** sbin/ipfw/ipfw2.c.ORIG	Thu Mar  9 10:18:37 2006
--- sbin/ipfw/ipfw2.c	Sat May 13 09:26:46 2006
***************
*** 1959,1969 ****
  	else
  		printf(" proto %u", d->id.proto);
  
! 	a.s_addr = htonl(d->id.src_ip);
! 	printf(" %s %d", inet_ntoa(a), d->id.src_port);
  
! 	a.s_addr = htonl(d->id.dst_ip);
! 	printf(" <-> %s %d", inet_ntoa(a), d->id.dst_port);
  	printf("\n");
  }
  
--- 1959,1981 ----
  	else
  		printf(" proto %u", d->id.proto);
  
! 	if (IS_IP6_FLOW_ID(&(d->id))) {
! 		char buff[255];
  
! 		/* XXX no error checking */
! 		inet_ntop(AF_INET6, &(d->id.src_ip6), buff, sizeof(buff));
! 		printf(" %s %d", buff, d->id.src_port);
! 
! 		/* XXX no error checking */
! 		inet_ntop(AF_INET6, &(d->id.dst_ip6), buff, sizeof(buff));
! 		printf(" <-> %s %d", buff, d->id.dst_port);
! 	} else {
! 		a.s_addr = htonl(d->id.src_ip);
! 		printf(" %s %d", inet_ntoa(a), d->id.src_port);
! 
! 		a.s_addr = htonl(d->id.dst_ip);
! 		printf(" <-> %s %d", inet_ntoa(a), d->id.dst_port);
! 	}
  	printf("\n");
  }
  



>Release-Note:
>Audit-Trail:
>Unformatted:

More information about the freebsd-bugs mailing list