Skip site navigation (1)Skip section navigation (2)
Date:      Wed, 30 Sep 2015 20:46:58 +0000
From:      bugzilla-noreply@freebsd.org
To:        freebsd-bugs@FreeBSD.org
Subject:   [Bug 203459] [ipfw] [patch] userspace/kernel mismatch on checking length of src-ip/dst-ip address lists
Message-ID:  <bug-203459-8@https.bugs.freebsd.org/bugzilla/>

next in thread | raw e-mail | index | archive | help
https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=203459

            Bug ID: 203459
           Summary: [ipfw] [patch] userspace/kernel mismatch on checking
                    length of src-ip/dst-ip address lists
           Product: Base System
           Version: 11.0-CURRENT
          Hardware: Any
                OS: Any
            Status: New
          Keywords: patch
          Severity: Affects Some People
          Priority: ---
         Component: kern
          Assignee: freebsd-bugs@FreeBSD.org
          Reporter: groos@xiplink.com
          Keywords: patch

The ipfw command accepts up to 31 addresses in the address list of a dst-ip or
src-ip selector, but the kernel only accepts up to 15.


To reproduce:
-------------

Hitting the kernel limit:

[hub] /root # ipfw add 1 count dst-ip
1.0.0.1,1.0.0.2,1.0.0.3,1.0.0.4,1.0.0.5,1.0.0.6,1.0.0.7,1.0.0.8,1.0.0.9,1.0.0.10,1.0.0.11,1.0.0.12,1.0.0.13,1.0.0.14,1.0.0.15
00001 count ip from any to any dst-ip
1.0.0.1,1.0.0.2,1.0.0.3,1.0.0.4,1.0.0.5,1.0.0.6,1.0.0.7,1.0.0.8,1.0.0.9,1.0.0.10,1.0.0.11,1.0.0.12,1.0.0.13,1.0.0.14,1.0.0.15
[hub] /root # ipfw add 1 count dst-ip
1.0.0.1,1.0.0.2,1.0.0.3,1.0.0.4,1.0.0.5,1.0.0.6,1.0.0.7,1.0.0.8,1.0.0.9,1.0.0.10,1.0.0.11,1.0.0.12,1.0.0.13,1.0.0.14,1.0.0.15,1.0.0.16
ipfw: getsockopt(IP_FW_ADD): Invalid argument
[hub] /root # dmesg|grep ipfw
ipfw: opcode 6 size 33 wrong

Hitting the ipfw command limit:

[hub] /root # ipfw add 1 count dst-ip
1.0.0.1,1.0.0.2,1.0.0.3,1.0.0.4,1.0.0.5,1.0.0.6,1.0.0.7,1.0.0.8,1.0.0.9,1.0.0.10,1.0.0.11,1.0.0.12,1.0.0.13,1.0.0.14,1.0.0.15,1.0.0.16,1.0.0.17,1.0.0.18,1.0.0.19,1.0.0.20,1.0.0.21,1.0.0.22,1.0.0.23,1.0.0.24,1.0.0.25,1.0.0.26,1.0.0.27,1.0.0.28,1.0.0.29,1.0.0.30,1.0.0.31
ipfw: getsockopt(IP_FW_ADD): Invalid argument
[hub] /root # ipfw add 1 count dst-ip
1.0.0.1,1.0.0.2,1.0.0.3,1.0.0.4,1.0.0.5,1.0.0.6,1.0.0.7,1.0.0.8,1.0.0.9,1.0.0.10,1.0.0.11,1.0.0.12,1.0.0.13,1.0.0.14,1.0.0.15,1.0.0.16,1.0.0.17,1.0.0.18,1.0.0.19,1.0.0.20,1.0.0.21,1.0.0.22,1.0.0.23,1.0.0.24,1.0.0.25,1.0.0.26,1.0.0.27,1.0.0.28,1.0.0.29,1.0.0.30,1.0.0.31,1.0.0.32
ipfw: address list too long


Patch:
------

The following seems to fix it:

diff --git a/sys/netpfil/ipfw/ip_fw_sockopt.c
b/sys/netpfil/ipfw/ip_fw_sockopt.c
index ef1ff6c..358bcf9 100644
--- a/sys/netpfil/ipfw/ip_fw_sockopt.c
+++ b/sys/netpfil/ipfw/ip_fw_sockopt.c
@@ -1515,7 +1515,7 @@ check_ipfw_rule_body(ipfw_insn *cmd, int cmd_len, struct
rule_check_info *ci)
                case O_IP_SRC_MASK:
                case O_IP_DST_MASK:
                        /* only odd command lengths */
-                       if ( !(cmdlen & 1) || cmdlen > 31)
+                       if ( !(cmdlen & 1) )
                                goto bad_size;
                        break;

It looks like that '31' might be an artificial limit.  The fix allows longer
lists to be loaded and they do select packets correctly as expected.

-- 
You are receiving this mail because:
You are the assignee for the bug.



Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?bug-203459-8>