Date: Fri, 10 Mar 2000 15:15:38 -0500 (EST) From: Mike Heffner <mheffner@mailandnews.com> To: Luigi Rizzo <luigi@info.iet.unipi.it> Cc: freebsd-ipfw@FreeBSD.ORG Subject: Re: ipfw doesn't match when src == dest Message-ID: <XFMail.20000310151538.mheffner@mailandnews.com> In-Reply-To: <200003101136.MAA75621@info.iet.unipi.it>
next in thread | previous in thread | raw e-mail | index | archive | help
[-- Attachment #1 --]
On 10-Mar-2000 Luigi Rizzo wrote:
|> Hello,
|>
|> When I recently redid my firewall, I wanted to block a strange packet from
|> my
|> cablemodem,
|>
|> Deny P:2 192.168.100.1 192.168.100.1 in via ed1
|
| are you sure that the logging code prints the right thing ?
| I noticed (from source code analysis) it does strange things with
| fragments, it might as well misbehave with short packets etc.
|
Your right! When it logs ICMP or unknown ip packets, it'll incorrectly print
the source and destination as the same address. This is from incorrect use of
inet_ntoa(3)...from the manpage:
"The string returned by inet_ntoa() resides in a static memory area. "
So the following patch fixes it: (also attached as mailer will murder tabs)
Index: sys/netinet/ip_fw.c
===================================================================
RCS file: /home/ncvs/src/sys/netinet/ip_fw.c,v
retrieving revision 1.131
diff -u -r1.131 ip_fw.c
--- ip_fw.c 2000/02/29 17:51:25 1.131
+++ ip_fw.c 2000/03/10 20:04:13
@@ -464,7 +464,6 @@
}
}
- len = 0;
switch (ip->ip_p) {
case IPPROTO_TCP:
len = snprintf(SNPARGS(proto, 0), "TCP %s",
@@ -500,12 +499,13 @@
icmp->icmp_type, icmp->icmp_code);
else
len = snprintf(SNPARGS(proto, 0), "ICMP ");
- snprintf(SNPARGS(proto, len), "%s %s", inet_ntoa(ip->ip_src),
- inet_ntoa(ip->ip_dst));
+ len += snprintf(SNPARGS(proto, len), "%s",
inet_ntoa(ip->ip_src));
+ snprintf(SNPARGS(proto, len), " %s", inet_ntoa(ip->ip_dst));
break;
default:
- snprintf(SNPARGS(proto, 0), "P:%d %s %s", ip->ip_p,
- inet_ntoa(ip->ip_src), inet_ntoa(ip->ip_dst));
+ len = snprintf(SNPARGS(proto, 0), "P:%d %s", ip->ip_p,
+ inet_ntoa(ip->ip_src));
+ snprintf(SNPARGS(proto, len), " %s", inet_ntoa(ip->ip_dst));
break;
}
Later,
/****************************************
* Mike Heffner <spock@techfour.net> *
* Fredericksburg, VA -- ICQ# 882073 *
* Sent at: 10-Mar-2000 -- 15:10:12 EST *
* http://my.ispchannel.com/~mheffner *
****************************************/
[-- Attachment #2 --]
eU8�ip_fw.patch�RK0~Nc0XibnSQ&{=m&NEMNT4_.S'P-rr?
G0, Wk)tcR
!orQ~<Ty�Rw؉$(fQxH
hWr1l x?
"
x
�Bnq3 h-5�;vlz
=US
Yӕ0Mj$(Ji|+X\k:0d
i07"{O֥}.%hHL^k#k/:Gjstak7kmb 536t];M6
xFu%Ww|%{M˱{P~⋚O?
VvR��
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?XFMail.20000310151538.mheffner>