Date: Fri, 10 Mar 2000 15:15:38 -0500 (EST) From: Mike Heffner <mheffner@mailandnews.com> To: Luigi Rizzo <luigi@info.iet.unipi.it> Cc: freebsd-ipfw@FreeBSD.ORG Subject: Re: ipfw doesn't match when src == dest Message-ID: <XFMail.20000310151538.mheffner@mailandnews.com> In-Reply-To: <200003101136.MAA75621@info.iet.unipi.it>
next in thread | previous in thread | raw e-mail | index | archive | help
This message is in MIME format
--_=XFMail.1.4.4.FreeBSD:20000310151538:5922=_
Content-Type: text/plain; charset=us-ascii
On 10-Mar-2000 Luigi Rizzo wrote:
|> Hello,
|>
|> When I recently redid my firewall, I wanted to block a strange packet from
|> my
|> cablemodem,
|>
|> Deny P:2 192.168.100.1 192.168.100.1 in via ed1
|
| are you sure that the logging code prints the right thing ?
| I noticed (from source code analysis) it does strange things with
| fragments, it might as well misbehave with short packets etc.
|
Your right! When it logs ICMP or unknown ip packets, it'll incorrectly print
the source and destination as the same address. This is from incorrect use of
inet_ntoa(3)...from the manpage:
"The string returned by inet_ntoa() resides in a static memory area. "
So the following patch fixes it: (also attached as mailer will murder tabs)
Index: sys/netinet/ip_fw.c
===================================================================
RCS file: /home/ncvs/src/sys/netinet/ip_fw.c,v
retrieving revision 1.131
diff -u -r1.131 ip_fw.c
--- ip_fw.c 2000/02/29 17:51:25 1.131
+++ ip_fw.c 2000/03/10 20:04:13
@@ -464,7 +464,6 @@
}
}
- len = 0;
switch (ip->ip_p) {
case IPPROTO_TCP:
len = snprintf(SNPARGS(proto, 0), "TCP %s",
@@ -500,12 +499,13 @@
icmp->icmp_type, icmp->icmp_code);
else
len = snprintf(SNPARGS(proto, 0), "ICMP ");
- snprintf(SNPARGS(proto, len), "%s %s", inet_ntoa(ip->ip_src),
- inet_ntoa(ip->ip_dst));
+ len += snprintf(SNPARGS(proto, len), "%s",
inet_ntoa(ip->ip_src));
+ snprintf(SNPARGS(proto, len), " %s", inet_ntoa(ip->ip_dst));
break;
default:
- snprintf(SNPARGS(proto, 0), "P:%d %s %s", ip->ip_p,
- inet_ntoa(ip->ip_src), inet_ntoa(ip->ip_dst));
+ len = snprintf(SNPARGS(proto, 0), "P:%d %s", ip->ip_p,
+ inet_ntoa(ip->ip_src));
+ snprintf(SNPARGS(proto, len), " %s", inet_ntoa(ip->ip_dst));
break;
}
Later,
/****************************************
* Mike Heffner <spock@techfour.net> *
* Fredericksburg, VA -- ICQ# 882073 *
* Sent at: 10-Mar-2000 -- 15:10:12 EST *
* http://my.ispchannel.com/~mheffner *
****************************************/
--_=XFMail.1.4.4.FreeBSD:20000310151538:5922=_
Content-Disposition: attachment; filename="ip_fw.patch.gz"
Content-Transfer-Encoding: base64
Content-Description: ip_fw.patch.gz
Content-Type: application/octet-stream; name=ip_fw.patch.gz; SizeOnDisk=428
H4sICGVVyTgAA2lwX2Z3LnBhdGNoAK1S30vDMBB+Tv+KYzBYaWKSblMWUSZ7kD3oyub7mG2qwZmW
Jk5F/N9Nuk5UrBM0kF+X++777i5TncknAebZUC2tcpOqcpk/HqTByd9HMJ8sIFdrKYDeFveS6nRj
qKlS+g0h3gSVtJWSG6VvoHKbUYUGfsD7PMhUngN5AFLVd9iJJITszihmjFEW03gE/EgMuYiHaIuO
ouiLV59yBjETbCB4PxiPgQwOB/gIIr8dwngcAEKvbnEzIGgtNZwAO3YG86hsegs9VZJTF7MM4cVZ
05WRME2S+exqtryaJMLjtyijy0ppm/cWl8nZ/HzRK6vCFhhYiKHjXKFrOriWMGQM89hpGI0w7zci
ELih0ntP59alfS4l/mhIi0yGXhmSayNryC+Ip5OLBDoORxBqc3RhvGvX1BLBN2upbbHa5e4aGWIf
oJb49TUzNnTxo62cqF3PO00bxzbKHniLxkaFq8p1JVd3/pTJfPWwtuKn1OsaJaKbwXv2Tb/bE67L
sa8Oe9rSUH7ii5pP0Mb5z+XxP/4NvVZ2UhcEAAA=
--_=XFMail.1.4.4.FreeBSD:20000310151538:5922=_--
End of MIME message
To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-ipfw" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?XFMail.20000310151538.mheffner>