Date: 28 Sep 2001 20:32:02 +0200 From: Dag-Erling Smorgrav <des@ofug.org> To: Luigi Rizzo <luigi@FreeBSD.org> Cc: cvs-committers@FreeBSD.org, cvs-all@FreeBSD.org Subject: Re: cvs commit: src/sys/netinet ip_dummynet.c ip_dummynet.h ip_fw.c ip_fw.h ip_input.c ip_output.c src/sys/net bridge.c src/sbin/ipfw ipfw.8 ipfw.c Message-ID: <xzp8zezi2u5.fsf@flood.ping.uio.no> In-Reply-To: <xzpwv2jkx2q.fsf@flood.ping.uio.no> References: <200109272344.f8RNiSV40274@freefall.freebsd.org> <xzpwv2jkx2q.fsf@flood.ping.uio.no>
next in thread | previous in thread | raw e-mail | index | archive | help
[-- Attachment #1 --]
Actually, from reading the code, any attempt to install an unnumbered
(i.e. automatically numbered) rule will panic, because the loop
(starting on line 1657 of ip_fw.c) that tries to find the highest
existing rule number trashes the pointer to the rule you're about to
install. See the attached (untested) patch.
DES
--
Dag-Erling Smorgrav - des@ofug.org
[-- Attachment #2 --]
Index: ip_fw.c
===================================================================
RCS file: /home/ncvs/src/sys/netinet/ip_fw.c,v
retrieving revision 1.170
diff -u -r1.170 ip_fw.c
--- ip_fw.c 27 Sep 2001 23:44:26 -0000 1.170
+++ ip_fw.c 28 Sep 2001 18:27:58 -0000
@@ -1654,9 +1654,13 @@
/* If entry number is 0, find highest numbered rule and add 100 */
if (ftmp->fw_number == 0) {
- LIST_FOREACH(ftmp, head, next) {
- if (ftmp->fw_number != IPFW_DEFAULT_RULE)
- nbr = ftmp->fw_number;
+ /*
+ * This works because the list is ordered, so the last
+ * non-default rule is also the highest-numbered one.
+ */
+ LIST_FOREACH(fcp, head, next) {
+ if (fcp->fw_number != IPFW_DEFAULT_RULE)
+ nbr = fcp->fw_number;
else
break;
}
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?xzp8zezi2u5.fsf>