Date: Sat, 16 Sep 2006 14:38:18 +0200 From: John Hay <jhay@meraka.org.za> To: freebsd-ipfw@freebsd.org Subject: ipfw buffers too small? Message-ID: <20060916123818.GA8497@zibbi.meraka.csir.co.za>
next in thread | raw e-mail | index | archive | help
Hi,
It seems that the buffer sizes inside ipfw did not keep up with its
possible uses. If I run this:
ipfw add 160 allow ip6 from 3000::/16,3100::/16,3200::/16,3300::/16,3ffe::/16,4ffe::/16,2000::/16,2001::/16 to any
it put this inside the kernel:
00160 allow ip6 from { me6 or to any
A shorter one does work:
ipfw add 170 allow ip6 from 3200::/16,3300::/16,3ffe::/16,4ffe::/16,2000::/16,2001::/16 to any
00170 allow ip6 from 3200::/16,3300::/16,3ffe::/16,4ffe::/16,2000::/16,2001::/16 to any
So I have two questions, should the arrays (rulebuf, actbuf and cmdbuf) in
ipfw/ipfw2.c:add() not be bigger? And the more important question, should
it not have some bounds checking?
John
--
John Hay -- John.Hay@meraka.csir.co.za / jhay@FreeBSD.org
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20060916123818.GA8497>