svn commit: r266310 - in head: sbin/ipfw sys/netinet sys/netpfil/ipfw

Alexander V. Chernikov melifaro at FreeBSD.org
Sat May 17 13:45:04 UTC 2014 

Author: melifaro
Date: Sat May 17 13:45:03 2014
New Revision: 266310
URL: http://svnweb.freebsd.org/changeset/base/266310

Log:
  Fix wrong formatting of 0.0.0.0/X table records in ipfw(8).
  
  Add `flags` u16 field to the hole in ipfw_table_xentry structure.
  Kernel has been guessing address family for supplied record based
  on xent length size.
  Userland, however, has been getting fixed-size ipfw_table_xentry structures
  guessing address family by checking address by IN6_IS_ADDR_V4COMPAT().
  
  Fix this behavior by providing specific IPFW_TCF_INET flag for IPv4 records.
  
  PR:		bin/189471
  Submitted by:	Dennis Yusupoff <dyr at smartspb.net>
  MFC after:	2 weeks

Modified:
  head/sbin/ipfw/ipfw2.c
  head/sys/netinet/ip_fw.h
  head/sys/netpfil/ipfw/ip_fw_table.c

Modified: head/sbin/ipfw/ipfw2.c
==============================================================================
--- head/sbin/ipfw/ipfw2.c	Sat May 17 12:47:11 2014	(r266309)
+++ head/sbin/ipfw/ipfw2.c	Sat May 17 13:45:03 2014	(r266310)
@@ -4389,7 +4389,7 @@ table_list(uint16_t num, int need_header
 			addr6 = &xent->k.addr6;
 
 
-			if (IN6_IS_ADDR_V4COMPAT(addr6)) {
+			if ((xent->flags & IPFW_TCF_INET) != 0) {
 				/* IPv4 address */
 				inet_ntop(AF_INET, &addr6->s6_addr32[3], tbuf, sizeof(tbuf));
 			} else {

Modified: head/sys/netinet/ip_fw.h
==============================================================================
--- head/sys/netinet/ip_fw.h	Sat May 17 12:47:11 2014	(r266309)
+++ head/sys/netinet/ip_fw.h	Sat May 17 13:45:03 2014	(r266310)
@@ -614,6 +614,7 @@ typedef struct	_ipfw_table_xentry {
 	uint8_t		type;		/* entry type			*/
 	uint8_t		masklen;	/* mask length			*/
 	uint16_t	tbl;		/* table number			*/
+	uint16_t	flags;		/* record flags			*/
 	uint32_t	value;		/* value			*/
 	union {
 		/* Longest field needs to be aligned by 4-byte boundary	*/
@@ -621,6 +622,7 @@ typedef struct	_ipfw_table_xentry {
 		char	iface[IF_NAMESIZE];	/* interface name	*/
 	} k;
 } ipfw_table_xentry;
+#define	IPFW_TCF_INET	0x01		/* CIDR flags: IPv4 record	*/
 
 typedef struct	_ipfw_table {
 	u_int32_t	size;		/* size of entries in bytes	*/

Modified: head/sys/netpfil/ipfw/ip_fw_table.c
==============================================================================
--- head/sys/netpfil/ipfw/ip_fw_table.c	Sat May 17 12:47:11 2014	(r266309)
+++ head/sys/netpfil/ipfw/ip_fw_table.c	Sat May 17 13:45:03 2014	(r266310)
@@ -697,6 +697,7 @@ dump_table_xentry_base(struct radix_node
 		xent->masklen = 33 - ffs(ntohl(n->mask.sin_addr.s_addr));
 	/* Save IPv4 address as deprecated IPv6 compatible */
 	xent->k.addr6.s6_addr32[3] = n->addr.sin_addr.s_addr;
+	xent->flags = IPFW_TCF_INET;
 	xent->value = n->value;
 	tbl->cnt++;
 	return (0);

More information about the svn-src-all mailing list