Date: Mon, 20 Oct 2003 12:03:00 -0400 (EDT) From: Matthew George <mdg@secureworks.net> To: FreeBSD-gnats-submit@FreeBSD.org Subject: kern/58287: ipnat map protocol specification broken Message-ID: <20031020120039.O33518@localhost> Resent-Message-ID: <200310201610.h9KGACXk088573@freefall.freebsd.org>
next in thread | raw e-mail | index | archive | help
>Number: 58287 >Category: kern >Synopsis: ipnat map protocol specification broken >Confidential: no >Severity: serious >Priority: medium >Responsible: freebsd-bugs >State: open >Quarter: >Keywords: >Date-Required: >Class: sw-bug >Submitter-Id: current-users >Arrival-Date: Mon Oct 20 09:10:11 PDT 2003 >Closed-Date: >Last-Modified: >Originator: Matthew George >Release: FreeBSD 4.8-RELEASE-p1 i386 >Organization: SecureWorks >Environment: System: FreeBSD fbsd.secureworks.net 4.8-RELEASE-p1 FreeBSD 4.8-RELEASE-p1 #4: Thu Sep 25 12:29:50 EDT 2003 mdg@fbsd.secureworks.net:/usr/src/sys/compile/SW-GENERIC-SMP i386 >Description: The docs in ipnat(5) provide the following description of ipnat map with regards to protocol specification: map ::= mapit ifname ipmask "->" dstipmask [ mapport ] mapoptions. mapoptions ::= [ tcpudp ] [ "frag" ] [ age ] [ clamp ] . tcpudp ::= "tcp/udp" | protocol . protocol ::= protocol-name | decnumber . However, ipnat refuses to properly parse a rule with a protocol specified. >How-To-Repeat: # ipnat -f - map dc0 from 192.168.0.0/16 to any -> w.x.y.z/32 icmp 1: extra junk at the end of the line: icmp 1: syntax error in "map" >Fix: I only looked at this very shortly, but the problem appears to be around line 458 of natparse.c. It looks like the protocol is only examined and dealt with if !(ipn.in_redir & (NAT_MAP|NAT_MAPBLK)). -- Matthew George SecureWorks Technical Operations >Release-Note: >Audit-Trail: >Unformatted:
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20031020120039.O33518>