bin/98349: ipfw does not display dynamic IPv6 rules [patch]
Mark Andrews
Mark_Andrews at isc.org
Thu Jun 1 20:20:16 PDT 2006
>Number: 98349
>Category: bin
>Synopsis: ipfw does not display dynamic IPv6 rules [patch]
>Confidential: no
>Severity: serious
>Priority: medium
>Responsible: freebsd-bugs
>State: open
>Quarter:
>Keywords:
>Date-Required:
>Class: sw-bug
>Submitter-Id: current-users
>Arrival-Date: Fri Jun 02 03:20:14 GMT 2006
>Closed-Date:
>Last-Modified:
>Originator: Mark Andrews
>Release: FreeBSD 6.1-PRERELEASE i386
>Organization:
ISC
>Environment:
System: FreeBSD drugs.dv.isc.org 6.1-PRERELEASE FreeBSD 6.1-PRERELEASE #4: Fri Mar 24 10:55:39 EST 2006 marka at drugs.dv.isc.org:/usr/obj/usr/src/sys/DRUGS i386
>Description:
ipfw does not display dynamic IPv6 rules
>How-To-Repeat:
Add a rule like this
// support traceroute
add 4500 set 1 pass udp from { me or me6 } to any keep-state out
run traceroute6 to some destination.
run "ipfw -d list"
>Fix:
--- /home/marka/ipfw2.c Fri Jun 2 13:11:11 2006
+++ ipfw2.c Fri Jun 2 13:03:39 2006
@@ -17,7 +17,7 @@
*
* NEW command line interface for IP firewall facility
*
- * $FreeBSD: /repoman/r/ncvs/src/sbin/ipfw/ipfw2.c,v 1.76.2.6 2006/03/09 09:18:37 ume Exp $
+ * $FreeBSD: src/sbin/ipfw/ipfw2.c,v 1.76.2.6 2006/03/09 09:18:37 ume Exp $
*/
#include <sys/param.h>
@@ -1931,6 +1931,7 @@
struct protoent *pe;
struct in_addr a;
uint16_t rulenum;
+ char buf[sizeof("xxxx:xxxx:xxxx:xxxx:xxxx:xxxx:123.123.123.123")];
if (!do_expired) {
if (!d->expire && !(d->dyn_type == O_LIMIT_PARENT))
@@ -1959,11 +1960,21 @@
else
printf(" proto %u", d->id.proto);
- a.s_addr = htonl(d->id.src_ip);
- printf(" %s %d", inet_ntoa(a), d->id.src_port);
-
- a.s_addr = htonl(d->id.dst_ip);
- printf(" <-> %s %d", inet_ntoa(a), d->id.dst_port);
+ if (d->id.addr_type == 4) {
+ a.s_addr = htonl(d->id.src_ip);
+ printf(" %s %d", inet_ntoa(a), d->id.src_port);
+
+ a.s_addr = htonl(d->id.dst_ip);
+ printf(" <-> %s %d", inet_ntoa(a), d->id.dst_port);
+ } else if (d->id.addr_type == 6) {
+ printf(" %s %d",
+ inet_ntop(AF_INET6, &d->id.src_ip6, buf, sizeof(buf)),
+ d->id.src_port);
+ printf(" <-> %s %d",
+ inet_ntop(AF_INET6, &d->id.dst_ip6, buf, sizeof(buf)),
+ d->id.dst_port);
+ } else
+ printf("UNKNOWN <-> UNKNOWN");
printf("\n");
}
>Release-Note:
>Audit-Trail:
>Unformatted:
More information about the freebsd-bugs
mailing list