[Bug 203459] [ipfw] [patch] userspace/kernel mismatch on checking length of src-ip/dst-ip address lists
bugzilla-noreply at freebsd.org
bugzilla-noreply at freebsd.org
Wed Sep 30 20:46:58 UTC 2015
https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=203459
Bug ID: 203459
Summary: [ipfw] [patch] userspace/kernel mismatch on checking
length of src-ip/dst-ip address lists
Product: Base System
Version: 11.0-CURRENT
Hardware: Any
OS: Any
Status: New
Keywords: patch
Severity: Affects Some People
Priority: ---
Component: kern
Assignee: freebsd-bugs at FreeBSD.org
Reporter: groos at xiplink.com
Keywords: patch
The ipfw command accepts up to 31 addresses in the address list of a dst-ip or
src-ip selector, but the kernel only accepts up to 15.
To reproduce:
-------------
Hitting the kernel limit:
[hub] /root # ipfw add 1 count dst-ip
1.0.0.1,1.0.0.2,1.0.0.3,1.0.0.4,1.0.0.5,1.0.0.6,1.0.0.7,1.0.0.8,1.0.0.9,1.0.0.10,1.0.0.11,1.0.0.12,1.0.0.13,1.0.0.14,1.0.0.15
00001 count ip from any to any dst-ip
1.0.0.1,1.0.0.2,1.0.0.3,1.0.0.4,1.0.0.5,1.0.0.6,1.0.0.7,1.0.0.8,1.0.0.9,1.0.0.10,1.0.0.11,1.0.0.12,1.0.0.13,1.0.0.14,1.0.0.15
[hub] /root # ipfw add 1 count dst-ip
1.0.0.1,1.0.0.2,1.0.0.3,1.0.0.4,1.0.0.5,1.0.0.6,1.0.0.7,1.0.0.8,1.0.0.9,1.0.0.10,1.0.0.11,1.0.0.12,1.0.0.13,1.0.0.14,1.0.0.15,1.0.0.16
ipfw: getsockopt(IP_FW_ADD): Invalid argument
[hub] /root # dmesg|grep ipfw
ipfw: opcode 6 size 33 wrong
Hitting the ipfw command limit:
[hub] /root # ipfw add 1 count dst-ip
1.0.0.1,1.0.0.2,1.0.0.3,1.0.0.4,1.0.0.5,1.0.0.6,1.0.0.7,1.0.0.8,1.0.0.9,1.0.0.10,1.0.0.11,1.0.0.12,1.0.0.13,1.0.0.14,1.0.0.15,1.0.0.16,1.0.0.17,1.0.0.18,1.0.0.19,1.0.0.20,1.0.0.21,1.0.0.22,1.0.0.23,1.0.0.24,1.0.0.25,1.0.0.26,1.0.0.27,1.0.0.28,1.0.0.29,1.0.0.30,1.0.0.31
ipfw: getsockopt(IP_FW_ADD): Invalid argument
[hub] /root # ipfw add 1 count dst-ip
1.0.0.1,1.0.0.2,1.0.0.3,1.0.0.4,1.0.0.5,1.0.0.6,1.0.0.7,1.0.0.8,1.0.0.9,1.0.0.10,1.0.0.11,1.0.0.12,1.0.0.13,1.0.0.14,1.0.0.15,1.0.0.16,1.0.0.17,1.0.0.18,1.0.0.19,1.0.0.20,1.0.0.21,1.0.0.22,1.0.0.23,1.0.0.24,1.0.0.25,1.0.0.26,1.0.0.27,1.0.0.28,1.0.0.29,1.0.0.30,1.0.0.31,1.0.0.32
ipfw: address list too long
Patch:
------
The following seems to fix it:
diff --git a/sys/netpfil/ipfw/ip_fw_sockopt.c
b/sys/netpfil/ipfw/ip_fw_sockopt.c
index ef1ff6c..358bcf9 100644
--- a/sys/netpfil/ipfw/ip_fw_sockopt.c
+++ b/sys/netpfil/ipfw/ip_fw_sockopt.c
@@ -1515,7 +1515,7 @@ check_ipfw_rule_body(ipfw_insn *cmd, int cmd_len, struct
rule_check_info *ci)
case O_IP_SRC_MASK:
case O_IP_DST_MASK:
/* only odd command lengths */
- if ( !(cmdlen & 1) || cmdlen > 31)
+ if ( !(cmdlen & 1) )
goto bad_size;
break;
It looks like that '31' might be an artificial limit. The fix allows longer
lists to be loaded and they do select packets correctly as expected.
--
You are receiving this mail because:
You are the assignee for the bug.
More information about the freebsd-bugs
mailing list