Skip site navigation (1)Skip section navigation (2) 
Date:      Mon, 28 Dec 2009 10:02:06 +0000 (UTC)
From:      Luigi Rizzo <luigi@FreeBSD.org>
To:        src-committers@freebsd.org, svn-src-user@freebsd.org
Subject:   svn commit: r201119 - user/luigi/ipfw3-head/sys/netinet/ipfw
Message-ID:  <200912281002.nBSA26YP085740@svn.freebsd.org>
next in thread | raw e-mail | index | archive | help 
Author: luigi
Date: Mon Dec 28 10:02:06 2009
New Revision: 201119
URL: http://svn.freebsd.org/changeset/base/201119

Log:
  when doing a lookup, keys must be in big endian format because
  this is what the radix code expects

Modified:
  user/luigi/ipfw3-head/sys/netinet/ipfw/ip_fw2.c

Modified: user/luigi/ipfw3-head/sys/netinet/ipfw/ip_fw2.c
==============================================================================
--- user/luigi/ipfw3-head/sys/netinet/ipfw/ip_fw2.c	Mon Dec 28 09:41:13 2009	(r201118)
+++ user/luigi/ipfw3-head/sys/netinet/ipfw/ip_fw2.c	Mon Dec 28 10:02:06 2009	(r201119)
@@ -1355,27 +1355,29 @@ do {								\
 			case O_IP_SRC_LOOKUP:
 			case O_IP_DST_LOOKUP:
 				if (is_ipv4) {
-				    uint32_t a =
+				    uint32_t key =
 					(cmd->opcode == O_IP_DST_LOOKUP) ?
 					    dst_ip.s_addr : src_ip.s_addr;
 				    uint32_t v = 0;
 
 				    if (cmdlen > F_INSN_SIZE(ipfw_insn_u32)) {
-					/* generic lookup */
+					/* generic lookup. The key must be
+					 * in 32bit big-endian format.
+					 */
 					v = ((ipfw_insn_u32 *)cmd)->d[1];
 					if (v == 0)
-					    a = dst_ip.s_addr;
+					    key = dst_ip.s_addr;
 					else if (v == 1)
-					    a = src_ip.s_addr;
+					    key = src_ip.s_addr;
 					else if (offset != 0)
 					    break;
 					else if (proto != IPPROTO_TCP &&
 						proto != IPPROTO_UDP)
 					    break;
 					else if (v == 2)
-					    a = dst_port;
+					    key = htonl(dst_port);
 					else if (v == 3)
-					    a = src_port;
+					    key = htons(src_port);
 					else if (v == 4 || v == 5) {
 					    check_uidgid(
 						(ipfw_insn_u32 *)cmd,
@@ -1384,14 +1386,15 @@ do {								\
 						src_ip, src_port, &ucred_cache,
 						&ucred_lookup, args->inp);
 					    if (v == 4 /* O_UID */)
-						a = ucred_cache->cr_uid;
+						key = ucred_cache->cr_uid;
 					    else if (v == 5 /* O_JAIL */)
-						a = ucred_cache->cr_prison->pr_id;
+						key = ucred_cache->cr_prison->pr_id;
+					    key = htonl(key);
 					} else
 					    break;
 				    }
-				    match = ipfw_lookup_table(chain, cmd->arg1, a,
-					&v);
+				    match = ipfw_lookup_table(chain,
+					cmd->arg1, key, &v);
 				    if (!match)
 					break;
 				    if (cmdlen == F_INSN_SIZE(ipfw_insn_u32))

Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?200912281002.nBSA26YP085740>