Date: Wed, 08 Oct 2003 19:50:54 +0900 From: FUKAUMI Naoki <fukaumi@soum.co.jp> To: FreeBSD-gnats-submit@FreeBSD.org Subject: kern/57736: IP Filter IPv6 accounting bug Message-ID: <1xwubgc8a9.wl@fun.soum.co.jp> Resent-Message-ID: <200310081100.h98B0Pai093051@freefall.freebsd.org>
next in thread | raw e-mail | index | archive | help
>Number: 57736 >Category: kern >Synopsis: IP Filter IPv6 accounting bug >Confidential: no >Severity: critical >Priority: high >Responsible: freebsd-bugs >State: open >Quarter: >Keywords: >Date-Required: >Class: sw-bug >Submitter-Id: current-users >Arrival-Date: Wed Oct 08 04:00:25 PDT 2003 >Closed-Date: >Last-Modified: >Originator: FUKAUMI Naoki >Release: FreeBSD 4.9-PRERELEASE i386 >Organization: SOUM Corporation >Environment: >Description: IP Filter IPv6 accounting (packet byte count) is broken. >How-To-Repeat: # echo count in all | ipf -6 -f - # echo count out all | ipf -6 -f - (some IPv6 communication) # ipfstat -6 -aio (count is incorrect) >Fix: This PR and patch was sent to author few minutes ago. --- fil.c.orig 2003-06-28 00:29:37.000000000 +0900 +++ fil.c 2003-10-08 19:15:03.000000000 +0900 @@ -630,7 +630,7 @@ { register struct frentry *fr; register fr_ip_t *fi = &fin->fin_fi; - int rulen, portcmp = 0, off, skip = 0, logged = 0; + int rulen, portcmp = 0, off, skip = 0, logged = 0, len, v = ip->ip_v; u_32_t pass, passt, passl; frentry_t *frl; @@ -809,10 +809,20 @@ } #endif /* IPFILTER_LOG */ ATOMIC_INCL(fr->fr_hits); - if (passt & FR_ACCOUNT) - fr->fr_bytes += (U_QUAD_T)ip->ip_len; - else + if (passt & FR_ACCOUNT) { +#ifdef USE_INET6 + if (v == 6) { + len = ntohs(((ip6_t*)ip)->ip6_plen); + len += sizeof(ip6_t); + } else +#endif + { + len = ip->ip_len; + } + fr->fr_bytes += (U_QUAD_T)len; + } else { fin->fin_icode = fr->fr_icode; + } fin->fin_rule = rulen; fin->fin_group = fr->fr_group; if (fr->fr_grp != NULL) { >Release-Note: >Audit-Trail: >Unformatted:
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?1xwubgc8a9.wl>