From owner-freebsd-bugs  Sat Feb  3 17:30:24 2001
Delivered-To: freebsd-bugs@hub.freebsd.org
Received: from freefall.freebsd.org (freefall.freebsd.org [216.136.204.21])
	by hub.freebsd.org (Postfix) with ESMTP id 5F5E337B503
	for <freebsd-bugs@hub.freebsd.org>; Sat,  3 Feb 2001 17:30:02 -0800 (PST)
Received: (from gnats@localhost)
	by freefall.freebsd.org (8.11.1/8.11.1) id f141U2H32132;
	Sat, 3 Feb 2001 17:30:02 -0800 (PST)
	(envelope-from gnats)
Date: Sat, 3 Feb 2001 17:30:02 -0800 (PST)
Message-Id: <200102040130.f141U2H32132@freefall.freebsd.org>
To: freebsd-bugs@FreeBSD.org
Cc: 
From: Bernd Luevelsmeyer <bdluevel@heitec.net>
Subject: Re: misc/24833: after cvsup + rebuild, ipfw "check-state" does not work
Reply-To: Bernd Luevelsmeyer <bdluevel@heitec.net>
Sender: owner-freebsd-bugs@FreeBSD.ORG
Precedence: bulk
X-Loop: FreeBSD.org

The following reply was made to PR misc/24833; it has been noted by GNATS.

From: Bernd Luevelsmeyer <bdluevel@heitec.net>
To: freebsd-gnats-submit@FreeBSD.org
Cc: steve@megahack.com, Warner Losh <imp@harmony.village.org>
Subject: Re: misc/24833: after cvsup + rebuild, ipfw "check-state" does not work
Date: Sun, 04 Feb 2001 02:29:15 +0100

 I'm not familiar with the FreeBSD sources so I might be wrong, but
 this is how I understand it:
 
 It's the change in /usr/src/sys/netinet/ip_fw.c from version
 1.131.2.12 to 1.131.2.13, around line 1221.
  if (((f->fw_tcpf != f->fw_tcpnf) ||
     (f->fw_ipflg & IP_FW_IF_TCPEST))  &&
     !tcpflg_match(tcp, f))
 was replaced by
  if (f->fw_tcpf != f->fw_tcpnf && !tcpflg_match(tcp, f))
 
 The 'established' flag is in fw_ipflg. It's handled in tcpflg_match(),
 but since the test for fw_ipflg is gone, tcpflg_match() doesn't get
 a chance anymore to do the established-thing if fw_tcpf==fw_tcpnf ,
 which (I assume) indicates TCP-flags are not used in the particular
 rule.
 The problem is IMHO that 'established' is a TCP property but not a
 TCP flag.
 
 Re-inserting the previous condition seems to work for me. This is a
 patch against 1.131.2.13:
 --- .vimbk/ip_fw.c.vimbk        Fri Feb  2 15:05:48 2001
 +++ ip_fw.c     Sun Feb  4 02:07:53 2001
 @@ -1222,7 +1222,9 @@
 
                         if (f->fw_tcpopt != f->fw_tcpnopt && !tcpopts_match(tcp, f))
                                 continue;
 -                       if (f->fw_tcpf != f->fw_tcpnf && !tcpflg_match(tcp, f))
 +            if (((f->fw_tcpf != f->fw_tcpnf) ||
 +                        (f->fw_ipflg & IP_FW_IF_TCPEST))  &&
 +                    !tcpflg_match(tcp, f))
                                 continue;
                         goto check_ports;
                     }
 


To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-bugs" in the body of the message