From owner-freebsd-ipfw  Tue Aug 20 22:25:44 2002
Delivered-To: freebsd-ipfw@freebsd.org
Received: from mx1.FreeBSD.org (mx1.FreeBSD.org [216.136.204.125])
	by hub.freebsd.org (Postfix) with ESMTP
	id 79A3C37B400; Tue, 20 Aug 2002 22:25:41 -0700 (PDT)
Received: from iguana.icir.org (iguana.icir.org [192.150.187.36])
	by mx1.FreeBSD.org (Postfix) with ESMTP
	id 2410543E72; Tue, 20 Aug 2002 22:25:41 -0700 (PDT)
	(envelope-from rizzo@iguana.icir.org)
Received: from iguana.icir.org (localhost [127.0.0.1])
	by iguana.icir.org (8.12.3/8.11.3) with ESMTP id g7L5PeIb053603;
	Tue, 20 Aug 2002 22:25:40 -0700 (PDT)
	(envelope-from rizzo@iguana.icir.org)
Received: (from rizzo@localhost)
	by iguana.icir.org (8.12.3/8.12.3/Submit) id g7L5PeWh053602;
	Tue, 20 Aug 2002 22:25:40 -0700 (PDT)
	(envelope-from rizzo)
Date: Tue, 20 Aug 2002 22:25:40 -0700
From: Luigi Rizzo <rizzo@icir.org>
To: "Crist J. Clark" <cjc@FreeBSD.ORG>
Cc: ipfw@FreeBSD.ORG
Subject: Re: ambiguity of filter expressions (tcpdump and ipfw2)
Message-ID: <20020820222540.A53549@iguana.icir.org>
References: <20020820054206.A45915@iguana.icir.org> <20020821000459.GB70203@blossom.cjclark.org>
Mime-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
User-Agent: Mutt/1.2.5.1i
In-Reply-To: <20020821000459.GB70203@blossom.cjclark.org>; from crist.clark@attbi.com on Tue, Aug 20, 2002 at 05:04:59PM -0700
Sender: owner-freebsd-ipfw@FreeBSD.ORG
Precedence: bulk
List-ID: <freebsd-ipfw.FreeBSD.ORG>
List-Archive: <http://docs.freebsd.org/mail/> (Web Archive)
List-Help: <mailto:majordomo@FreeBSD.ORG?subject=help> (List Instructions)
List-Subscribe: <mailto:majordomo@FreeBSD.ORG?subject=subscribe%20freebsd-ipfw>
List-Unsubscribe: <mailto:majordomo@FreeBSD.ORG?subject=unsubscribe%20freebsd-ipfw>
X-Loop: FreeBSD.ORG

On Tue, Aug 20, 2002 at 05:04:59PM -0700, Crist J. Clark wrote:
...
> The current behavior makes logical sense. If someone wants to get
> complicated and do something like (I'll write in BPF rules since I'm
> not up on ipfw2),
> 
>   icmp || (tcp && port 80)
> 
> Would the "applicability" checks kick in? Or only when there is a
> negation? For mathematical consistency,

The problem is that "non-applicable" tests should fail both ways,
whereas now (both in libpcap and ipfw2) the implementor has to
choose which one fails and which one succeeds (we both chose
the direct form to fail and the negated form to succeed).

There is not a lot of mathematical consistency even now -- if a
field has a limited range, one would expect things like

	port 0-79 or port 81-65535
	not port 80

to be the same thing, but they aren't...

	cheers
	luigi

>   !( icmp || (tcp && port 80))
> 
> Must give the same result as,
> 
>   !icmp && !(tcp && port 80)
> 
> And these "aplicability" rules seem to break it.
> -- 
> Crist J. Clark                     |     cjclark@alum.mit.edu
>                                    |     cjclark@jhu.edu
> http://people.freebsd.org/~cjc/    |     cjc@freebsd.org
> 
> To Unsubscribe: send mail to majordomo@FreeBSD.org
> with "unsubscribe freebsd-ipfw" in the body of the message

To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-ipfw" in the body of the message