Date: Tue, 20 Aug 2002 22:25:40 -0700 From: Luigi Rizzo <rizzo@icir.org> To: "Crist J. Clark" <cjc@FreeBSD.ORG> Cc: ipfw@FreeBSD.ORG Subject: Re: ambiguity of filter expressions (tcpdump and ipfw2) Message-ID: <20020820222540.A53549@iguana.icir.org> In-Reply-To: <20020821000459.GB70203@blossom.cjclark.org>; from crist.clark@attbi.com on Tue, Aug 20, 2002 at 05:04:59PM -0700 References: <20020820054206.A45915@iguana.icir.org> <20020821000459.GB70203@blossom.cjclark.org>
next in thread | previous in thread | raw e-mail | index | archive | help
On Tue, Aug 20, 2002 at 05:04:59PM -0700, Crist J. Clark wrote: ... > The current behavior makes logical sense. If someone wants to get > complicated and do something like (I'll write in BPF rules since I'm > not up on ipfw2), > > icmp || (tcp && port 80) > > Would the "applicability" checks kick in? Or only when there is a > negation? For mathematical consistency, The problem is that "non-applicable" tests should fail both ways, whereas now (both in libpcap and ipfw2) the implementor has to choose which one fails and which one succeeds (we both chose the direct form to fail and the negated form to succeed). There is not a lot of mathematical consistency even now -- if a field has a limited range, one would expect things like port 0-79 or port 81-65535 not port 80 to be the same thing, but they aren't... cheers luigi > !( icmp || (tcp && port 80)) > > Must give the same result as, > > !icmp && !(tcp && port 80) > > And these "aplicability" rules seem to break it. > -- > Crist J. Clark | cjclark@alum.mit.edu > | cjclark@jhu.edu > http://people.freebsd.org/~cjc/ | cjc@freebsd.org > > To Unsubscribe: send mail to majordomo@FreeBSD.org > with "unsubscribe freebsd-ipfw" in the body of the message To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-ipfw" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20020820222540.A53549>