Date: Wed, 26 Jun 2019 05:01:19 +0000 From: bugzilla-noreply@freebsd.org To: net@FreeBSD.org Subject: [Bug 238796] ipfilter: fix unremovable rules and rules checksum for comparison Message-ID: <bug-238796-7501-LvDHGW0IWe@https.bugs.freebsd.org/bugzilla/> In-Reply-To: <bug-238796-7501@https.bugs.freebsd.org/bugzilla/> References: <bug-238796-7501@https.bugs.freebsd.org/bugzilla/>
next in thread | previous in thread | raw e-mail | index | archive | help
https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=3D238796 --- Comment #3 from WHR <msl0000023508@gmail.com> --- I'm actually didn't noticed that 'fd_local' is just been set but not used in the code; but it doesn't cause the issue in my test, 'fd_local' is 0 in all rules. By inserting printf(8)s to 'ipf_rule_compare', and manually comparing each possible members, I can only seen the string index numbers in 'fr_ifnames' = and 'fd_name' different between 2 instances representing a same rule. 'fd_ptr' value didn't change in the last test, because ifunit(9) returns the same pointer to 'struct ifnet' for same interface; but what if that interfa= ce recreated with same name? The 'fd_ptr' may have a different value than the = new pointer returned by ifunit(9). BTW, this bug is already exists in IP Filter 4.*; but the only problematic variable was 'fd_ptr', may be plus the unused space in 'fr_ifnames' (type c= har [4][LIFNAMSIZ]), in that version. I has first discovered this bug on a Solaris system, and found the 'fd_ifp'= (in 'frdest_t', renamed to 'fd_ptr' in v5 branch) is changing between old and n= ew instances of 'struct frentry'. I later fixed this bug in IP Filter 4.1.34 f= or Solaris (https://git.nsscn.top/Low-power/IPFilter/commit/9bb6c656ac6fef52e538908337= 03bf7ddea1e18b). --=20 You are receiving this mail because: You are on the CC list for the bug.=
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?bug-238796-7501-LvDHGW0IWe>