Date: Sat, 11 Sep 2004 05:20:54 -0700 From: Luigi Rizzo <rizzo@icir.org> To: "Christian S.J. Peron" <csjp@freebsd.org> Cc: ipfw@freebsd.org Subject: Re: kern/63961 (partially) approval/review request Message-ID: <20040911052054.B37072@xorpc.icir.org> In-Reply-To: <20040911035347.GA72659@freefall.freebsd.org>; from csjp@freebsd.org on Sat, Sep 11, 2004 at 03:53:47AM %2B0000 References: <20040911035347.GA72659@freefall.freebsd.org>
next in thread | previous in thread | raw e-mail | index | archive | help
sounds good to me. Please go ahead and commit to all relevant revisions I wonder about the cast at line 3330 cmd32->d[0] = (unsigned int)jid; given that d[] is an array of 32-bit things, maybe the correct cast should be to uint32_t cheers luigi On Sat, Sep 11, 2004 at 03:53:47AM +0000, Christian S.J. Peron wrote: > Currently when ipfw(8) generates the micro-instructions for rules which > contain O_UID, O_GID and O_JAIL opcodes, the F_NOT or F_OR logical > operator bits get clobbered. Making it impossible to use the ``NOT'' or > ``OR'' operators with uid, gid and jail based constraints. > > The ipfw_insn instruction template contains a ``len'' element which > stores two pieces of information, the size of the instruction > (in 32-bit words) in the low 6 bits of "len" with the 2 remaining > bits to implement OR and NOT. > > The current code clobbers the OR and NOT bits by initializing the > ``len'' element to the size, rather than OR'ing the bits. This > change fixes this by changing the initialization of cmd->len > to an OR operation for the O_UID, O_GID and O_JAIL opcodes. > > I think I have fixed this, anyone have a problem with me > committing this: > > http://people.freebsd.org/~csjp/ipfw2.c.1094753841.diff > > -- > Christian S.J. Peron > csjp@FreeBSD.ORG > FreeBSD Committer > _______________________________________________ > freebsd-ipfw@freebsd.org mailing list > http://lists.freebsd.org/mailman/listinfo/freebsd-ipfw > To unsubscribe, send any mail to "freebsd-ipfw-unsubscribe@freebsd.org"
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20040911052054.B37072>