kern/63961 (partially) approval/review request
Luigi Rizzo
rizzo at icir.org
Sat Sep 11 05:20:55 PDT 2004
sounds good to me. Please go ahead and commit to all relevant
revisions
I wonder about the cast at line 3330
cmd32->d[0] = (unsigned int)jid;
given that d[] is an array of 32-bit things, maybe the
correct cast should be to uint32_t
cheers
luigi
On Sat, Sep 11, 2004 at 03:53:47AM +0000, Christian S.J. Peron wrote:
> Currently when ipfw(8) generates the micro-instructions for rules which
> contain O_UID, O_GID and O_JAIL opcodes, the F_NOT or F_OR logical
> operator bits get clobbered. Making it impossible to use the ``NOT'' or
> ``OR'' operators with uid, gid and jail based constraints.
>
> The ipfw_insn instruction template contains a ``len'' element which
> stores two pieces of information, the size of the instruction
> (in 32-bit words) in the low 6 bits of "len" with the 2 remaining
> bits to implement OR and NOT.
>
> The current code clobbers the OR and NOT bits by initializing the
> ``len'' element to the size, rather than OR'ing the bits. This
> change fixes this by changing the initialization of cmd->len
> to an OR operation for the O_UID, O_GID and O_JAIL opcodes.
>
> I think I have fixed this, anyone have a problem with me
> committing this:
>
> http://people.freebsd.org/~csjp/ipfw2.c.1094753841.diff
>
> --
> Christian S.J. Peron
> csjp at FreeBSD.ORG
> FreeBSD Committer
> _______________________________________________
> freebsd-ipfw at freebsd.org mailing list
> http://lists.freebsd.org/mailman/listinfo/freebsd-ipfw
> To unsubscribe, send any mail to "freebsd-ipfw-unsubscribe at freebsd.org"
More information about the freebsd-ipfw
mailing list