[Bug 245381] ipfw protocol or-block parsing bug when ip protocol is first in list

Go to: [ bottom of page ] [ top of archives ] [ this month ]

From: <bugzilla-noreply_at_freebsd.org>
Date: Thu, 24 Jul 2025 05:37:10 UTC

https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=245381

Tatsuki Makino <tatsuki_makino@hotmail.com> changed:

           What    |Removed                     |Added
----------------------------------------------------------------------------
                 CC|                            |tatsuki_makino@hotmail.com

--- Comment #5 from Tatsuki Makino <tatsuki_makino@hotmail.com> ---
In layer 4, port 0 cannot be used through the OS programming interface, but if
it is constructed as a layer 3 packet, it can be used.
This can be denied with ipfw rule.

In layer 3, it is unclear how the OS will respond to proto 0, but it seems that
by setting ipfw with a default-deny ruleset, the minimum necessary denial is
being achieved.

However, it seems that we can bypass the input value restrictions and set the
IP protocol using the following method, but I do not know what kind of settings
are in place internally :)

ipfw add count IP from any to any
ipfw add count ip from any to any proto IP

-- 
You are receiving this mail because:
You are the assignee for the bug.