Date: Wed, 2 Oct 2002 22:14:26 +0300 (EEST) From: Andrey Simonenko <simon@simon.org.ua> To: Barney Wolff <barney@tp.databus.com> Cc: Luigi Rizzo <rizzo@icir.org>, <freebsd-net@FreeBSD.ORG> Subject: Re: Q about sbin/ipfw2.c:list() Message-ID: <20021002213926.T2737-100000@lion.com.ua> In-Reply-To: <20021002165627.GA75843@tp.databus.com>
next in thread | previous in thread | raw e-mail | index | archive | help
On Wed, 2 Oct 2002, Barney Wolff wrote: > Hmmm. In ipfw1 there is always a rule 65535, unless I'm confused. > Is that not true of ipfw2? In either case, should it or should it > not be counted? Can it ever be deleted? Can one have multiple > rules with the same number, as one can with ipfw1? What happens > if there are multiple rules with number 65535? I know, UTSL. According to the ipfw manual page, there is always a rule 65535. I made some experiments and ipfw and ipfw2 don't allow to add or delete 65535 rule. But I'm interesting if there is such comparison in the ipfw2.c code, then should we expect that in some cases "ipfw l" command will not show some last rules, not only last rule 65535 but some rules before it? Another thing that is not clear for me is src/ip6fw/ip6fw.c:list() function, according to code of this function ip6fw command can read no more than 65536 rules. May be I should ask question about ip6fw.c:list() in another mail, but now I'm interesting about ipfw2.c:list() code. > > On Wed, Oct 02, 2002 at 06:25:46AM -0700, Luigi Rizzo wrote: > > On Wed, Oct 02, 2002 at 02:15:42PM +0300, Andrey Simonenko wrote: > > > Hello, > > > > > > Why is it needed to check both r->rulenum and (void *)r < lim in > > > sbin/ipfw2.c:list() ? > > > > because the buffer has a limited size (nbytes) and you don't want > > to read past it. However there is a bug in the code below, > > because you should swap the checks (void *)r < lim && r->rulenum < 65535 > > > > Whether ipfw1.c has the same bug or not i don't remember, but that > > is irrelevant anyways. To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-net" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20021002213926.T2737-100000>