sparc64/54712: ``ipfw: getsockopt(IP_FW_ADD): Bad address'' on sparc64

Roderick van Domburg r.s.a.vandomburg at student.utwente.nl
Mon Jul 21 08:00:34 PDT 2003 

>Number:         54712
>Category:       sparc64
>Synopsis:       ``ipfw: getsockopt(IP_FW_ADD): Bad address'' on sparc64
>Confidential:   no
>Severity:       critical
>Priority:       medium
>Responsible:    freebsd-sparc64
>State:          open
>Quarter:        
>Keywords:       
>Date-Required:
>Class:          sw-bug
>Submitter-Id:   current-users
>Arrival-Date:   Mon Jul 21 08:00:31 PDT 2003
>Closed-Date:
>Last-Modified:
>Originator:     Roderick van Domburg
>Release:        FreeBSD 5.1-CURRENT sparc64
>Organization:
University of Twente
>Environment:
System: FreeBSD stud187236.mobiel.utwente.nl 5.1-CURRENT FreeBSD 5.1-CURRENT #1: Mon Jul 21 16:15:59 CEST 2003 roderick at stud187236.mobiel.utwente.nl:/usr/obj/usr/src/sys/E250 sparc64


	
>Description:
	
After having updated to July 21 sources, ipfw complains when adding
firewall rules: ``ipfw: getsockopt(IP_FW_ADD): Bad address''.

ipfw is loaded as a module in rc.firewall. Relevant rc.firewall,
rc.conf and KERNCONF bits follow.
>How-To-Repeat:
== Relevant rc.firewall bits ==

[Cc][Ll][Ii][Ee][Nn][Tt])
        ############
        # This is a prototype setup that will protect your system somewhat
        # against people from outside your own network.
        ############

        # set these to your network and netmask and ip
        net="130.89.191.255"
        mask="255.255.224.0"
        ip="130.89.187.236"

        setup_loopback

        # Allow any traffic to or from my own net.
        ${fwcmd} add pass all from ${ip} to ${net}:${mask}
        ${fwcmd} add pass all from ${net}:${mask} to ${ip}

        # Allow TCP through if setup succeeded
        ${fwcmd} add pass tcp from any to any established

        # Allow IP fragments to pass through
        ${fwcmd} add pass all from any to any frag

        # Allow setup of incoming secure shells
        ${fwcmd} add pass tcp from any to ${ip} 22 setup

        # Allow setup of incoming email
        #${fwcmd} add pass tcp from any to ${ip} 25 setup

        # Allow setup of incoming HTTP connections
        ${fwcmd} add pass tcp from any to ${ip} 80 setup

        # Allow setup of outgoing TCP connections only
        ${fwcmd} add pass tcp from ${ip} to any setup

        # Disallow setup of all other TCP connections
        ${fwcmd} add deny tcp from any to any setup

        # Allow DNS queries out in the world
        ${fwcmd} add pass udp from ${ip} to any 53 keep-state

        # Allow NTP queries out in the world
        ${fwcmd} add pass udp from ${ip} to any 123 keep-state

        # Everything else is denied by default, unless the
        # IPFIREWALL_DEFAULT_TO_ACCEPT option is set in your kernel
        # config file.
        ;;

== Relevant rc.conf bits ==

hostname="stud187236.mobiel.utwente.nl"
ifconfig_hme0="inet 130.89.187.236  netmask 255.255.224.0"
defaultrouter="130.89.160.1"
firewall_enable="YES"
firewall_type="client"

== E250 KERNCONF ==

machine         sparc64
cpu             SUN4U
ident           E250

options         OFW_NEWPCI

options         SCHED_4BSD              #4BSD scheduler
options         INET                    #InterNETworking
options         FFS                     #Berkeley Fast Filesystem
options         SOFTUPDATES             #Enable FFS soft updates support
options         UFS_DIRHASH             #Improve performance on big directories
options         COMPAT_43               #Compatible with BSD 4.3 [KEEP THIS!]
options         SCSI_DELAY=5000         #Delay (in ms) before probing SCSI 
options         SYSVSHM                 #SYSV-style shared memory
options         SYSVMSG                 #SYSV-style message queues
options         SYSVSEM                 #SYSV-style semaphores
#options        _KPOSIX_PRIORITY_SCHEDULING #Posix P1003_1B real-time extensions

# Standard busses
device          ebus
device          pci

# SCSI Controllers
device          sym             # NCR/Symbios Logic (newer chipsets + those of `ncr')

# SCSI peripherals
device          scbus           # SCSI bus (required)
device          da              # Direct Access (disks)
device          cd              # CD

device          ofw_console     # OpenBoot firmware console device

# Builtin hardware
device          genclock        # Generic clock interface
device          eeprom          # eeprom (really an ebus driver for the MK48Txx)
device          "mk48txx"       # Mostek MK48T02, MK48T08, MK48T59 clock

# PCI Ethernet NICs that use the common MII bus controller code.
device          miibus          # MII bus support
device          hme             # Sun HME (Happy Meal Ethernet)

# Pseudo devices - the number indicates how many units to allocated.
device          random          # Entropy device
device          loop            # Network loopback
device          ether           # Ethernet support
device          pty             # Pseudo-ttys (telnet etc)

# The `bpf' device enables the Berkeley Packet Filter.
# Be aware of the administrative consequences of enabling this!
device          bpf             #Berkeley packet filter

# RANDOM_IP_ID causes the ID field in IP packets to be randomized
# instead of incremented by 1 with each packet generated.  This
# option closes a minor information leak which allows remote
# observers to determine the rate of packet generation on the
# machine by watching the counter.
options         RANDOM_IP_ID

# Statically Link in accept filters
options         ACCEPT_FILTER_HTTP
>Fix:

	
Unknown.


>Release-Note:
>Audit-Trail:
>Unformatted:

More information about the freebsd-sparc64 mailing list