ipfw add pipe broken in RELENG_6
Julian Elischer
julian at elischer.org
Tue Apr 3 06:56:56 UTC 2007
Mike Tancsa wrote:
> At 10:07 AM 4/1/2007, JoaoBR wrote:
>
>> it seems I can not add pipes with releng6 sources from the last days
>>
>> ipfw add pipe 1 ip from any to any
>> ipfw: getsockopt(IP_FW_ADD): Invalid argument
>
> I think this is whats needed in /usr/src/sbin/ipfw. Looking at the
> diffs between HEAD and RELENG_6 (apart from the kernel nat stuff), below
> seems to be whats different.
somewhere between my MFC testing and the commits there seems to have been a
screwup.
I think it happenned because I reverted a MFC out of my list of MFC's to do after
I had done some tests because they causled a failure and I hadn't realised that
they affected this code too.
I'm doing testing now and should be able to confirm this in a short while.
>
>
> [smicro1U]# diff -u ipfw2.c.orig ipfw2.c
> --- ipfw2.c.orig Mon Apr 2 22:28:33 2007
> +++ ipfw2.c Mon Apr 2 22:30:45 2007
> @@ -3973,11 +3973,9 @@
> break;
>
> case TOK_QUEUE:
> - action->len = F_INSN_SIZE(ipfw_insn_pipe);
> action->opcode = O_QUEUE;
> goto chkarg;
> case TOK_PIPE:
> - action->len = F_INSN_SIZE(ipfw_insn_pipe);
> action->opcode = O_PIPE;
> goto chkarg;
> case TOK_SKIPTO:
> @@ -4043,11 +4041,13 @@
> "illegal forwarding port ``%s''", s);
> p->sa.sin_port = (u_short)i;
> }
> - lookup_host(*av, &(p->sa.sin_addr));
> - }
> + if (_substrcmp(*av, "tablearg") == 0)
> + p->sa.sin_addr.s_addr = INADDR_ANY;
> + else
> + lookup_host(*av, &(p->sa.sin_addr));
> ac--; av++;
> break;
> -
> + }
> case TOK_COMMENT:
> /* pretend it is a 'count' rule followed by the comment */
> action->opcode = O_COUNT;
> [smicro1U]#
>
>
>
> The command seems to be getting tripped up in /usr/src/sys/netinet/ip_fw2.c
>
> case O_QUEUE:
> if (cmdlen != F_INSN_SIZE(ipfw_insn))
> goto bad_size;
> goto check_action;
>
> where size=2 and cmdlen=1 on opcode=50
>
> ---Mike
More information about the freebsd-stable
mailing list