Date: Fri, 17 Sep 2004 14:49:09 +0000 (UTC) From: "Christian S.J. Peron" <csjp@FreeBSD.org> To: src-committers@FreeBSD.org, cvs-src@FreeBSD.org, cvs-all@FreeBSD.org Subject: cvs commit: src/sbin/ipfw ipfw2.c Message-ID: <200409171449.i8HEn9Jc083949@repoman.freebsd.org>
next in thread | raw e-mail | index | archive | help
csjp 2004-09-17 14:49:09 UTC
FreeBSD src repository
Modified files: (Branch: RELENG_5)
sbin/ipfw ipfw2.c
Log:
MFC v1.58
Currently when ipfw(8) generates the micro-instructions for rules which
contain O_UID, O_GID and O_JAIL opcodes, the F_NOT or F_OR logical
operator bits get clobbered. Making it impossible to use the ``NOT'' or
``OR'' operators with uid, gid and jail based constraints.
The ipfw_insn instruction template contains a ``len'' element which
stores two pieces of information, the size of the instruction
(in 32-bit words) in the low 6 bits of "len" with the 2 remaining
bits to implement OR and NOT.
The current code clobbers the OR and NOT bits by initializing the
``len'' element to the size, rather than OR'ing the bits. This change
fixes this by changing the initialization of cmd->len to an OR operation
for the O_UID, O_GID and O_JAIL opcodes.
Approved by: re@ (scottl)
PR: kern/63961 (partially)
Revision Changes Path
1.54.2.3 +3 -3 src/sbin/ipfw/ipfw2.c
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?200409171449.i8HEn9Jc083949>