kern/177948: [ipfw] ipfw fails to parse port ranges (p1-p2) for udp

[Jukka Ukkonen]

The following reply was made to PR kern/177948; it has been noted by GNATS.

From: Jukka Ukkonen <jau at oxit.fi>
To: Ian Smith <smithi at nimnet.asn.au>
Cc: bug-followup at FreeBSD.org
Subject: Re: kern/177948: [ipfw] ipfw fails to parse port ranges (p1-p2) for
 udp
Date: Sun, 21 Apr 2013 14:33:07 +0300

 On 04/21/13 05:17, Ian Smith wrote:
 > I can't reproduce this on 9.1-RELEASE, unless I put a space anywhere
 > amongst p1, '-' and p2, in which case I see the same error you show.
 >
 > # ipfw add 03011 deny log udp from any to any 1024-65535 in recv fxp0
 > 03011 deny log udp from any to any dst-port 1024-65535 in recv fxp0
 > # ipfw list 3011
 > 03011 deny log udp from any to any dst-port 1024-65535 in recv fxp0
 >
 > # ipfw add 03011 deny log udp from any to any 1024 -65535 in recv fxp0
 > ipfw: unrecognised option [-1] -65535
 >
 > # ipfw add 03011 deny log udp from any to any 1024- 65535 in recv fxp0
 > ipfw: unrecognised option [-1] 1024-
 >
 > Can you verify that there is no whitespace (obvious, or perhaps some
 > non-printing character?) on or near line 7368 of your config file?
 >
 > If that looks ok, can you show the byte offset of that line in your
 > file, for example by placing that line at the bottom of the screen in
 > less(1) then pressing '='?
 >
 > cheers, Ian
 
 Right,
 
 After some further inspection I have news...
 
 This seems to be a problem in clang-cpp which adds an extra space
 before the dash in a macro which should have a value of the format
 "number1-number2". So, e.g. "1024-65535" becomes "1024 -65535".
 
 If I use gcpp instead, everything works just fine with ipfw.
 
 The fact that I did not see this happening with TCP rules as well was
 just lucky coincidence.
 
 So, this is a clang problem, not an ipfw problem!!!
 
 Cheers,
 --jau