Date: Tue, 15 Feb 2005 20:03:35 GMT From: "Wojciech A. Koszek" <dunstan@freebsd.czest.pl> To: FreeBSD-gnats-submit@FreeBSD.org Subject: kern/77570: [PATCH] ipfw: Multiple rules may have the same number. Message-ID: <200502152003.j1FK3ZDm018775@freebsd.czest.pl> Resent-Message-ID: <200502152000.j1FK0kGC034744@freefall.freebsd.org>
next in thread | raw e-mail | index | archive | help
>Number: 77570 >Category: kern >Synopsis: [PATCH] ipfw: Multiple rules may have the same number. >Confidential: no >Severity: non-critical >Priority: low >Responsible: freebsd-bugs >State: open >Quarter: >Keywords: >Date-Required: >Class: sw-bug >Submitter-Id: current-users >Arrival-Date: Tue Feb 15 20:00:46 GMT 2005 >Closed-Date: >Last-Modified: >Originator: Wojciech A. Koszek >Release: FreeBSD 5.3-STABLE i386 >Organization: >Environment: System: FreeBSD dunstan.freebsd.czest.pl 5.3-STABLE FreeBSD 5.3-STABLE #0: Sat Feb 12 11:15:23 CET 2005 root@dunstan.freebsd.czest.pl:/usr/obj/usr/src/sys/HOME6 i386 This problem exists in either -STABLE or -CURRENT. >Description: There is a problem while inserting ipfw2 rule with specified rule number. # ipfw add <num> <action> While executing this command N times, it will add N rules with the same number <num>. I don't really like this behaviour, since rule number has to represent the unique rule. >How-To-Repeat: This problem may be easily reproduced: # ipfw add 100 allow all from any to any 00100 allow ip from any to any # ipfw add 100 allow all from any to any 00100 allow ip from any to any # ipfw add 100 allow all from any to any 00100 allow ip from any to any # ipfw show | grep 00100 00100 0 0 allow ip from any to any 00100 0 0 allow ip from any to any 00100 0 0 allow ip from any to any >Fix: Attached patch [diff.0.ipfw2] should correct this problem. It also adds predefinition of remove_rule(), because after applying this patch, add_rule() requires it. --- diff.0.ipfw2 begins here --- Patch against FreeBSD 5.3-STABLE, kern.osreldate: 503102. diff -upr /usr/src/sys/netinet/ip_fw2.c src/sys/netinet/ip_fw2.c --- /usr/src/sys/netinet/ip_fw2.c Sat Feb 12 09:36:43 2005 +++ src/sys/netinet/ip_fw2.c Tue Feb 15 20:11:17 2005 @@ -104,6 +104,9 @@ static struct callout ipfw_timeout; static uma_zone_t ipfw_dyn_rule_zone; #define IPFW_DEFAULT_RULE 65535 +static struct ip_fw * +remove_rule(struct ip_fw_chain *, struct ip_fw *, struct ip_fw *); + /* * Data structure to cache our ucred related * information. This structure only gets used if @@ -2599,7 +2602,19 @@ add_rule(struct ip_fw_chain *chain, stru * Now insert the new rule in the right place in the sorted list. */ for (prev = NULL, f = chain->rules; f; prev = f, f = f->next) { - if (f->rulenum > rule->rulenum) { /* found the location */ + if (f->rulenum == rule->rulenum) { /* exact match */ + rule->next = f->next; + (void) remove_rule(chain, f, prev); + if (prev != NULL) { + prev->next = rule; + } + else { /* head insert */ + rule->next = chain->rules; + chain->rules = rule; + } + break; + } + else if (f->rulenum > rule->rulenum) { /* found the location */ if (prev) { rule->next = f; prev->next = rule; --- diff.0.ipfw2 ends here --- >Release-Note: >Audit-Trail: >Unformatted:
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?200502152003.j1FK3ZDm018775>