kern/62385: [PATCH] ipfw2: ip_output() returns ENOBUFS instead of
EACCES
Oleg Bulyzhin
oleg at rinet.ru
Thu Feb 5 04:30:27 PST 2004
>Number: 62385
>Category: kern
>Synopsis: [PATCH] ipfw2: ip_output() returns ENOBUFS instead of EACCES
>Confidential: no
>Severity: non-critical
>Priority: medium
>Responsible: freebsd-bugs
>State: open
>Quarter:
>Keywords:
>Date-Required:
>Class: sw-bug
>Submitter-Id: current-users
>Arrival-Date: Thu Feb 05 04:30:20 PST 2004
>Closed-Date:
>Last-Modified:
>Originator: Oleg Bulyzhin
>Release: FreeBSD 4.9-RELEASE-p1 i386
>Organization:
Cronyx Plus LLC
>Environment:
System: FreeBSD lath.rinet.ru 4.9-RELEASE-p1 FreeBSD 4.9-RELEASE-p1 #1: Thu Dec 11 14:25:00 MSK 2003 root at lath.rinet.ru:/lh/obj/lh/src/sys/lath i386
Same bug in CURRENT.
>Description:
If you are using ipfw2 for layer2 packet filtering you may get
confusing 'no buffer space available' (instead of 'permission denied')
messages from various applications.
>How-To-Repeat:
Build world & kernel with ipfw2 enabled.
root at lath# ifconfig fxp0 10.10.10.1/30 alias
root at lath# arp -s 10.10.10.2 00:ff:00:ff:ff:ff
root at lath# ipfw add 1 deny ip from any to any layer2 MAC 00:ff:00:ff:ff:ff any
00001 deny ip from any to any layer2 MAC 00:ff:00:ff:ff:ff any
root at lath# sysctl net.link.ether.ipfw=1
net.link.ether.ipfw: 0 -> 1
root at lath# ping -c 5 10.10.10.2
PING 10.10.10.2 (10.10.10.2): 56 data bytes
ping: sendto: No buffer space available
ping: sendto: No buffer space available
ping: sendto: No buffer space available
ping: sendto: No buffer space available
ping: sendto: No buffer space available
--- 10.10.10.2 ping statistics ---
5 packets transmitted, 0 packets received, 100% packet loss
>Fix:
Here is patch for 4.9-RELEASE-p1:
--- if_ethersubr.c.orig Thu Jul 31 15:09:48 2003
+++ if_ethersubr.c Thu Feb 5 15:19:11 2004
@@ -416,7 +416,7 @@
if (ether_ipfw_chk(&m, ifp, &rule, eh, 0) == 0) {
if (m) {
m_freem(m);
- return ENOBUFS; /* pkt dropped */
+ return EACCES; /* pkt dropped */
} else
return 0; /* consumed e.g. in a pipe */
}
>Release-Note:
>Audit-Trail:
>Unformatted:
More information about the freebsd-bugs
mailing list