[Bug 212595] ipfw can't enable or disable sets 5 to 30
bugzilla-noreply at freebsd.org
bugzilla-noreply at freebsd.org
Mon Sep 12 05:01:39 UTC 2016
https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=212595
Bug ID: 212595
Summary: ipfw can't enable or disable sets 5 to 30
Product: Base System
Version: 11.0-RC1
Hardware: Any
OS: Any
Status: New
Severity: Affects Some People
Priority: ---
Component: kern
Assignee: freebsd-bugs at FreeBSD.org
Reporter: avernar at gmail.com
Using ipfw you can't enable or disable sets if any set 5 or higher are
specified:
# ipfw set disable 1
# ipfw set disable 2
# ipfw set disable 3
# ipfw set disable 4
# ipfw set disable 5
ipfw: set enable/disable: setsockopt(IP_FW_SET_ENABLE): Invalid argument
# ipfw set disable 1 2 3
# ipfw set disable 1 2 4
# ipfw set disable 1 2 5
ipfw: set enable/disable: setsockopt(IP_FW_SET_ENABLE): Invalid argument
The problem is in ip_fw_sockopt.c in the manage_sets function. For
IP_FW_SET_ENABLE the rh->range.set and rh->range.new_set variables are bitmasks
and not a single set number. This is because multiple sets can be disabled and
enabled with a single call.
The new check against IPFS_MAX_SETS in that function is triggered since if set
5 or higher is specified the value of those variables is 32 or higher.
For the IP_FW_SET_SWAP and IP_FW_SET_MOVE those two variables are indeed set
numbers so the check is valid. The check should be moved inside the switch
just for those two cases.
--
You are receiving this mail because:
You are the assignee for the bug.
More information about the freebsd-bugs
mailing list