From owner-freebsd-current Sun Nov 25 19:40:54 2001 Delivered-To: freebsd-current@freebsd.org Received: from mailout01.sul.t-online.de (mailout01.sul.t-online.com [194.25.134.80]) by hub.freebsd.org (Postfix) with ESMTP id B4C5437B416 for ; Sun, 25 Nov 2001 19:40:45 -0800 (PST) Received: from fwd01.sul.t-online.de by mailout01.sul.t-online.de with smtp id 168CdQ-00046T-01; Mon, 26 Nov 2001 04:40:44 +0100 Received: from server.rock.net (340029380333-0001@[217.224.19.196]) by fmrl01.sul.t-online.com with esmtp id 168CdM-0X1WACC; Mon, 26 Nov 2001 04:40:40 +0100 Received: from t-online.de (server [172.23.7.1]) by server.rock.net (8.12.1/Rock) with ESMTP id fAQ3eJU3008303 for ; Mon, 26 Nov 2001 04:40:19 +0100 (MET) Message-ID: <3C01B9A3.CFE7157@t-online.de> Date: Mon, 26 Nov 2001 04:40:19 +0100 From: Daniel Rock X-Mailer: Mozilla 4.76 [de] (X11; U; SunOS 5.8 i86pc) X-Accept-Language: de, en MIME-Version: 1.0 To: current@freebsd.org Subject: Bug in libalias (firewall manipulating) Content-Type: multipart/mixed; boundary="------------1ED430FD412D197DF89C8DAE" X-Sender: 340029380333-0001@t-dialin.net Sender: owner-freebsd-current@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.ORG Dies ist eine mehrteilige Nachricht im MIME-Format. --------------1ED430FD412D197DF89C8DAE Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit Hi, just noticed: adding dynamic rules to ipfw via PKT_ALIAS_PUNCH_FW (or the command "nat punch_fw" in ppp) doesn't work: For adding firewall rules, IP_FW_ADD requires getsockopt() instead of setsockopt(). This should also be reflected in the manual page. Below is my fix and a quick test suggest it is indeed working now. Daniel --------------1ED430FD412D197DF89C8DAE Content-Type: text/plain; charset=us-ascii; name="libalias.diff" Content-Transfer-Encoding: 7bit Content-Disposition: inline; filename="libalias.diff" Index: alias_db.c =================================================================== RCS file: /data/cvs/src/lib/libalias/alias_db.c,v retrieving revision 1.47 diff -u -r1.47 alias_db.c --- alias_db.c 3 Nov 2001 11:34:09 -0000 1.47 +++ alias_db.c 26 Nov 2001 03:34:22 -0000 @@ -2688,6 +2688,7 @@ PunchFWHole(struct alias_link *link) { int r; /* Result code */ struct ip_fw rule; /* On-the-fly built rule */ + int rsz; int fwhole; /* Where to punch hole */ /* Don't do anything unless we are asked to */ @@ -2744,19 +2745,21 @@ (Code should be left even if the problem is fixed - it is a clear optimization) */ if (rule.fw_uar.fw_pts[0] != 0 && rule.fw_uar.fw_pts[1] != 0) { - r = setsockopt(fireWallFD, IPPROTO_IP, IP_FW_ADD, &rule, sizeof rule); + rsz = sizeof(rule); + r = getsockopt(fireWallFD, IPPROTO_IP, IP_FW_ADD, &rule, &rsz); #ifdef DEBUG if (r) - err(1, "alias punch inbound(1) setsockopt(IP_FW_ADD)"); + err(1, "alias punch inbound(1) getsockopt(IP_FW_ADD)"); #endif rule.fw_src = GetDestAddress(link); rule.fw_dst = GetOriginalAddress(link); rule.fw_uar.fw_pts[0] = ntohs(GetDestPort(link)); rule.fw_uar.fw_pts[1] = ntohs(GetOriginalPort(link)); - r = setsockopt(fireWallFD, IPPROTO_IP, IP_FW_ADD, &rule, sizeof rule); + rsz = sizeof(rule); + r = getsockopt(fireWallFD, IPPROTO_IP, IP_FW_ADD, &rule, &rsz); #ifdef DEBUG if (r) - err(1, "alias punch inbound(2) setsockopt(IP_FW_ADD)"); + err(1, "alias punch inbound(2) getsockopt(IP_FW_ADD)"); #endif } /* Indicate hole applied */ --------------1ED430FD412D197DF89C8DAE-- To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-current" in the body of the message