ipfw buffers too small?
John Hay
jhay at meraka.org.za
Sat Sep 16 05:38:24 PDT 2006
Hi,
It seems that the buffer sizes inside ipfw did not keep up with its
possible uses. If I run this:
ipfw add 160 allow ip6 from 3000::/16,3100::/16,3200::/16,3300::/16,3ffe::/16,4ffe::/16,2000::/16,2001::/16 to any
it put this inside the kernel:
00160 allow ip6 from { me6 or to any
A shorter one does work:
ipfw add 170 allow ip6 from 3200::/16,3300::/16,3ffe::/16,4ffe::/16,2000::/16,2001::/16 to any
00170 allow ip6 from 3200::/16,3300::/16,3ffe::/16,4ffe::/16,2000::/16,2001::/16 to any
So I have two questions, should the arrays (rulebuf, actbuf and cmdbuf) in
ipfw/ipfw2.c:add() not be bigger? And the more important question, should
it not have some bounds checking?
John
--
John Hay -- John.Hay at meraka.csir.co.za / jhay at FreeBSD.org
More information about the freebsd-ipfw
mailing list