From owner-freebsd-net Tue Aug 27 15:21:37 2002 Delivered-To: freebsd-net@freebsd.org Received: from mx1.FreeBSD.org (mx1.FreeBSD.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id A991537B400 for ; Tue, 27 Aug 2002 15:21:31 -0700 (PDT) Received: from cerberus.apdata.com.au (cerberus.apdata.com.au [202.14.95.17]) by mx1.FreeBSD.org (Postfix) with ESMTP id 81FD443E3B for ; Tue, 27 Aug 2002 15:21:30 -0700 (PDT) (envelope-from ian@niw.com.au) Received: from localhost (localhost [127.0.0.1]) by cerberus.apdata.com.au (Postfix) with SMTP id F12DB43D41 for ; Wed, 28 Aug 2002 07:51:28 +0930 (CST) Received: from axiom.niw.com.au (axiom.niw.com.au [192.168.1.3]) by cerberus.apdata.com.au (Postfix) with ESMTP id AB5D143D3D for ; Wed, 28 Aug 2002 07:51:27 +0930 (CST) Received: from localhost (localhost [127.0.0.1]) by axiom.niw.com.au (Postfix) with ESMTP id 005B435EF9; Wed, 28 Aug 2002 07:51:26 +0930 (CST) Received: by axiom.niw.com.au (Postfix, from userid 1000) id 558E535EF8; Wed, 28 Aug 2002 07:51:26 +0930 (CST) Date: Wed, 28 Aug 2002 07:51:26 +0930 From: Ian West To: Luigi Rizzo Cc: freebsd-net@FreeBSD.ORG Subject: Re: local fwd and ipfw2 on stable problem with port byte order. Message-ID: <20020827222126.GV499@axiom.niw.com.au> References: <20020827013158.GO499@axiom.niw.com.au> <20020826205758.B16932@iguana.icir.org> <20020827041707.GT499@axiom.niw.com.au> <20020826214052.A17350@iguana.icir.org> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <20020826214052.A17350@iguana.icir.org> User-Agent: Mutt/1.4i X-Virus-Scanned: by AMaViS perl-10 X-Virus-Scanned: by kavpostfix Sender: owner-freebsd-net@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org On Mon, Aug 26, 2002 at 09:40:53PM -0700, Luigi Rizzo wrote: > On Tue, Aug 27, 2002 at 01:47:07PM +0930, Ian West wrote: > > I was concerned about getting ipfw userland and kernel out of sync. As > > far as I can tell there are two lines in ip_fw.c (kernel) that would > > need to be changed, and two lines in ipfw.c (userland) they seem to work > > for me here. The risk is though that a kernel update only without > > userland could actually introduce the problem into ipfw1 that we are > > trying fix in ipfw2. I can forward also the patches for these if you > > like ? > > yes please -- i think it is worse to have ipfw1 and ipfw2 behave > differently. If we want to save the modification to ipfw1 we can just > change ipfw2 (userland) to adopt the unusual/wrong representation > of the port number used by ipfw1. > Below are the patches to change ipfw userland and the kernel to use the same byte ordering as ipfw2. Unless using fwd address,port rules, there is no incompatability between userland and kernel, but rebuild of ipfw userland is recommended anyway to prevent ugly surprises. (The byte ordering change will cause individual port forwarding to end up in the wrong place port 2048 -> 8 etc.. Index: ip_fw.c =================================================================== RCS file: /cvs/freebsd/src/sys/netinet/ip_fw.c,v retrieving revision 1.131.2.35 diff -u -r1.131.2.35 ip_fw.c --- ip_fw.c 29 Jul 2002 02:04:25 -0000 1.131.2.35 +++ ip_fw.c 27 Aug 2002 21:57:24 -0000 @@ -544,7 +544,7 @@ snprintf(SNPARGS(action2, 0), "Forward to %s:%d", inet_ntoa(f->fw_fwd_ip.sin_addr), - f->fw_fwd_ip.sin_port); + ntohs(f->fw_fwd_ip.sin_port)); else snprintf(SNPARGS(action2, 0), "Forward to %s", inet_ntoa(f->fw_fwd_ip.sin_addr)); Index: tcp_input.c =================================================================== RCS file: /cvs/freebsd/src/sys/netinet/tcp_input.c,v retrieving revision 1.107.2.27 diff -u -r1.107.2.27 tcp_input.c --- tcp_input.c 24 Aug 2002 18:40:25 -0000 1.107.2.27 +++ tcp_input.c 27 Aug 2002 21:57:25 -0000 @@ -536,7 +536,7 @@ inp = in_pcblookup_hash(&tcbinfo, ip->ip_src, th->th_sport, next_hop->sin_addr, - ntohs(next_hop->sin_port), 1, + next_hop->sin_port, 1, m->m_pkthdr.rcvif); } } Index: ipfw.c =================================================================== RCS file: /cvs/freebsd/src/sbin/ipfw/ipfw.c,v retrieving revision 1.80.2.23 diff -u -r1.80.2.23 ipfw.c --- ipfw.c 13 May 2002 10:14:59 -0000 1.80.2.23 +++ ipfw.c 27 Aug 2002 21:58:07 -0000 @@ -257,7 +257,7 @@ case IP_FW_F_FWD: printf("fwd %s", inet_ntoa(chain->fw_fwd_ip.sin_addr)); if(chain->fw_fwd_ip.sin_port) - printf(",%d", chain->fw_fwd_ip.sin_port); + printf(",%d", ntohs(chain->fw_fwd_ip.sin_port)); break; default: errx(EX_OSERR, "impossible"); @@ -1734,7 +1734,7 @@ errx(EX_DATAERR, "illegal forwarding" " port ``%s''", pp); else - rule.fw_fwd_ip.sin_port = (u_short)i; + rule.fw_fwd_ip.sin_port = htons((u_short)i); } fill_ip(&(rule.fw_fwd_ip.sin_addr), &dummyip, &ac, &av); if (rule.fw_fwd_ip.sin_addr.s_addr == 0) To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-net" in the body of the message