Date: Mon, 26 Nov 2001 04:40:19 +0100 From: Daniel Rock <D.Rock@t-online.de> To: current@freebsd.org Subject: Bug in libalias (firewall manipulating) Message-ID: <3C01B9A3.CFE7157@t-online.de>
next in thread | raw e-mail | index | archive | help
Dies ist eine mehrteilige Nachricht im MIME-Format.
--------------1ED430FD412D197DF89C8DAE
Content-Type: text/plain; charset=us-ascii
Content-Transfer-Encoding: 7bit
Hi,
just noticed:
adding dynamic rules to ipfw via PKT_ALIAS_PUNCH_FW (or the command
"nat punch_fw" in ppp) doesn't work:
For adding firewall rules, IP_FW_ADD requires getsockopt() instead of
setsockopt().
This should also be reflected in the manual page.
Below is my fix and a quick test suggest it is indeed working now.
Daniel
--------------1ED430FD412D197DF89C8DAE
Content-Type: text/plain; charset=us-ascii;
name="libalias.diff"
Content-Transfer-Encoding: 7bit
Content-Disposition: inline;
filename="libalias.diff"
Index: alias_db.c
===================================================================
RCS file: /data/cvs/src/lib/libalias/alias_db.c,v
retrieving revision 1.47
diff -u -r1.47 alias_db.c
--- alias_db.c 3 Nov 2001 11:34:09 -0000 1.47
+++ alias_db.c 26 Nov 2001 03:34:22 -0000
@@ -2688,6 +2688,7 @@
PunchFWHole(struct alias_link *link) {
int r; /* Result code */
struct ip_fw rule; /* On-the-fly built rule */
+ int rsz;
int fwhole; /* Where to punch hole */
/* Don't do anything unless we are asked to */
@@ -2744,19 +2745,21 @@
(Code should be left even if the problem is fixed - it is a
clear optimization) */
if (rule.fw_uar.fw_pts[0] != 0 && rule.fw_uar.fw_pts[1] != 0) {
- r = setsockopt(fireWallFD, IPPROTO_IP, IP_FW_ADD, &rule, sizeof rule);
+ rsz = sizeof(rule);
+ r = getsockopt(fireWallFD, IPPROTO_IP, IP_FW_ADD, &rule, &rsz);
#ifdef DEBUG
if (r)
- err(1, "alias punch inbound(1) setsockopt(IP_FW_ADD)");
+ err(1, "alias punch inbound(1) getsockopt(IP_FW_ADD)");
#endif
rule.fw_src = GetDestAddress(link);
rule.fw_dst = GetOriginalAddress(link);
rule.fw_uar.fw_pts[0] = ntohs(GetDestPort(link));
rule.fw_uar.fw_pts[1] = ntohs(GetOriginalPort(link));
- r = setsockopt(fireWallFD, IPPROTO_IP, IP_FW_ADD, &rule, sizeof rule);
+ rsz = sizeof(rule);
+ r = getsockopt(fireWallFD, IPPROTO_IP, IP_FW_ADD, &rule, &rsz);
#ifdef DEBUG
if (r)
- err(1, "alias punch inbound(2) setsockopt(IP_FW_ADD)");
+ err(1, "alias punch inbound(2) getsockopt(IP_FW_ADD)");
#endif
}
/* Indicate hole applied */
--------------1ED430FD412D197DF89C8DAE--
To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-current" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?3C01B9A3.CFE7157>