Date: Wed, 28 Aug 2002 07:51:26 +0930 From: Ian West <ian@niw.com.au> To: Luigi Rizzo <luigi@info.iet.unipi.it> Cc: freebsd-net@FreeBSD.ORG Subject: Re: local fwd and ipfw2 on stable problem with port byte order. Message-ID: <20020827222126.GV499@axiom.niw.com.au> In-Reply-To: <20020826214052.A17350@iguana.icir.org> References: <20020827013158.GO499@axiom.niw.com.au> <20020826205758.B16932@iguana.icir.org> <20020827041707.GT499@axiom.niw.com.au> <20020826214052.A17350@iguana.icir.org>
next in thread | previous in thread | raw e-mail | index | archive | help
On Mon, Aug 26, 2002 at 09:40:53PM -0700, Luigi Rizzo wrote:
> On Tue, Aug 27, 2002 at 01:47:07PM +0930, Ian West wrote:
> > I was concerned about getting ipfw userland and kernel out of sync. As
> > far as I can tell there are two lines in ip_fw.c (kernel) that would
> > need to be changed, and two lines in ipfw.c (userland) they seem to work
> > for me here. The risk is though that a kernel update only without
> > userland could actually introduce the problem into ipfw1 that we are
> > trying fix in ipfw2. I can forward also the patches for these if you
> > like ?
>
> yes please -- i think it is worse to have ipfw1 and ipfw2 behave
> differently. If we want to save the modification to ipfw1 we can just
> change ipfw2 (userland) to adopt the unusual/wrong representation
> of the port number used by ipfw1.
>
Below are the patches to change ipfw userland and the kernel to use the
same byte ordering as ipfw2. Unless using fwd address,port rules, there
is no incompatability between userland and kernel, but rebuild of ipfw
userland is recommended anyway to prevent ugly surprises. (The byte
ordering change will cause individual port forwarding to end up in the
wrong place port 2048 -> 8 etc..
Index: ip_fw.c
===================================================================
RCS file: /cvs/freebsd/src/sys/netinet/ip_fw.c,v
retrieving revision 1.131.2.35
diff -u -r1.131.2.35 ip_fw.c
--- ip_fw.c 29 Jul 2002 02:04:25 -0000 1.131.2.35
+++ ip_fw.c 27 Aug 2002 21:57:24 -0000
@@ -544,7 +544,7 @@
snprintf(SNPARGS(action2, 0),
"Forward to %s:%d",
inet_ntoa(f->fw_fwd_ip.sin_addr),
- f->fw_fwd_ip.sin_port);
+ ntohs(f->fw_fwd_ip.sin_port));
else
snprintf(SNPARGS(action2, 0), "Forward to %s",
inet_ntoa(f->fw_fwd_ip.sin_addr));
Index: tcp_input.c
===================================================================
RCS file: /cvs/freebsd/src/sys/netinet/tcp_input.c,v
retrieving revision 1.107.2.27
diff -u -r1.107.2.27 tcp_input.c
--- tcp_input.c 24 Aug 2002 18:40:25 -0000 1.107.2.27
+++ tcp_input.c 27 Aug 2002 21:57:25 -0000
@@ -536,7 +536,7 @@
inp = in_pcblookup_hash(&tcbinfo,
ip->ip_src, th->th_sport,
next_hop->sin_addr,
- ntohs(next_hop->sin_port), 1,
+ next_hop->sin_port, 1,
m->m_pkthdr.rcvif);
}
}
Index: ipfw.c
===================================================================
RCS file: /cvs/freebsd/src/sbin/ipfw/ipfw.c,v
retrieving revision 1.80.2.23
diff -u -r1.80.2.23 ipfw.c
--- ipfw.c 13 May 2002 10:14:59 -0000 1.80.2.23
+++ ipfw.c 27 Aug 2002 21:58:07 -0000
@@ -257,7 +257,7 @@
case IP_FW_F_FWD:
printf("fwd %s", inet_ntoa(chain->fw_fwd_ip.sin_addr));
if(chain->fw_fwd_ip.sin_port)
- printf(",%d", chain->fw_fwd_ip.sin_port);
+ printf(",%d", ntohs(chain->fw_fwd_ip.sin_port));
break;
default:
errx(EX_OSERR, "impossible");
@@ -1734,7 +1734,7 @@
errx(EX_DATAERR, "illegal forwarding"
" port ``%s''", pp);
else
- rule.fw_fwd_ip.sin_port = (u_short)i;
+ rule.fw_fwd_ip.sin_port = htons((u_short)i);
}
fill_ip(&(rule.fw_fwd_ip.sin_addr), &dummyip, &ac, &av);
if (rule.fw_fwd_ip.sin_addr.s_addr == 0)
To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-net" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20020827222126.GV499>