kern/63961 (partially) approval/review request
Christian S.J. Peron
csjp at freebsd.org
Fri Sep 10 20:53:48 PDT 2004
Currently when ipfw(8) generates the micro-instructions for rules which
contain O_UID, O_GID and O_JAIL opcodes, the F_NOT or F_OR logical
operator bits get clobbered. Making it impossible to use the ``NOT'' or
``OR'' operators with uid, gid and jail based constraints.
The ipfw_insn instruction template contains a ``len'' element which
stores two pieces of information, the size of the instruction
(in 32-bit words) in the low 6 bits of "len" with the 2 remaining
bits to implement OR and NOT.
The current code clobbers the OR and NOT bits by initializing the
``len'' element to the size, rather than OR'ing the bits. This
change fixes this by changing the initialization of cmd->len
to an OR operation for the O_UID, O_GID and O_JAIL opcodes.
I think I have fixed this, anyone have a problem with me
committing this:
http://people.freebsd.org/~csjp/ipfw2.c.1094753841.diff
--
Christian S.J. Peron
csjp at FreeBSD.ORG
FreeBSD Committer
More information about the freebsd-ipfw
mailing list