From owner-freebsd-ipfw@FreeBSD.ORG Wed Aug 30 05:40:22 2006 Return-Path: X-Original-To: freebsd-ipfw@hub.freebsd.org Delivered-To: freebsd-ipfw@hub.freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id BF10F16A4DA for ; Wed, 30 Aug 2006 05:40:22 +0000 (UTC) (envelope-from gnats@FreeBSD.org) Received: from freefall.freebsd.org (freefall.freebsd.org [216.136.204.21]) by mx1.FreeBSD.org (Postfix) with ESMTP id 6A8E943D55 for ; Wed, 30 Aug 2006 05:40:22 +0000 (GMT) (envelope-from gnats@FreeBSD.org) Received: from freefall.freebsd.org (gnats@localhost [127.0.0.1]) by freefall.freebsd.org (8.13.4/8.13.4) with ESMTP id k7U5eMvZ059683 for ; Wed, 30 Aug 2006 05:40:22 GMT (envelope-from gnats@freefall.freebsd.org) Received: (from gnats@localhost) by freefall.freebsd.org (8.13.4/8.13.4/Submit) id k7U5eMDJ059682; Wed, 30 Aug 2006 05:40:22 GMT (envelope-from gnats) Date: Wed, 30 Aug 2006 05:40:22 GMT Message-Id: <200608300540.k7U5eMDJ059682@freefall.freebsd.org> To: freebsd-ipfw@FreeBSD.org From: "Stephen E. Halpin" Cc: Subject: Re: bin/102422: ipfw & kernel problems where firewall rules aren't interpreted correctly X-BeenThere: freebsd-ipfw@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list Reply-To: "Stephen E. Halpin" List-Id: IPFW Technical Discussions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 30 Aug 2006 05:40:22 -0000 The following reply was made to PR bin/102422; it has been noted by GNATS. From: Stephen E. Halpin To: Stephen E. Halpin Cc: Andrey V. Elsukov , bug-followup@FreeBSD.org, Oleg Bulyzhin , Gleb Smirnoff , Luigi Rizzo Subject: Re: bin/102422: ipfw & kernel problems where firewall rules aren't interpreted correctly Date: Wed, 30 Aug 2006 01:44:01 -0400 Erf. I've since patched in the actual diffs for PR 91245 into a clean install of 6.1-RELEASE, and it now thinks "me6" is a hostname which it fails to process and dies. An example is: ipfw add 1 deny ip6 from any to me6 ipfw: hostname ``me6'' unknown There was a precedence issue which was addressed in MAIN, where the 'if' should not be taken if 'ret' is not NULL. 1.76.2.10 off RELENG_6 has: if ((ret == NULL) && proto == IPPROTO_IP || strcmp(av, "me") == 0 || !inet_pton(AF_INET6, host, &a)) 1.96 off MAIN has: if (ret == NULL && (proto == IPPROTO_IP || strcmp(av, "me") == 0 || !inet_pton(AF_INET6, host, &a))) Note that these should occur in add_src() and add_dst(). When this is added to the patches in 1.76.2.10, things appear to work. The page: http://www.freebsd.org/cgi/cvsweb.cgi/src/sbin/ipfw/ipfw2.c doesn't appear to have another RELENG_6 checkin since 1.76.2.10, so if possible this should be fixed there with the other changes you've developed. -Steve On Aug 29, 2006, at 5:33 AM, Stephen E. Halpin wrote: > > On Aug 28, 2006, at 6:26 AM, Andrey V. Elsukov wrote: > >> Stephen E. Halpin wrote: >>> processing, and it worked fine. I still have a question about PR >>> 91245, as when I went to the following page: >>> http://www.freebsd.org/cgi/cvsweb.cgi/src/sbin/ipfw/ >>> and it looks like the last version of ipfw2.c is 1.96 on the MAIN >>> branch, and the changes in PR 91245 are not there. It would be >>> awesome if all three fixes could make it into the 6.2 release! >> >> This PR was closed by rev. 1.88 in CURRENT, and rev. 1.76.2.10 in >> RELENG_6, and will be in 6.2-RELEASE. But i don't know about this >> PR. Gleb, Oleg - any comments? :) > > Sorry, this was a misunderstanding on my part. The diffs in the PR > (which is what I was looking for) are different from what's in the > actual fix, which was checked in to the revisions you mention. At > least I know where to look next time :-/ > > -Steve > >> -- >> WBR, Andrey V. Elsukov >