From owner-freebsd-bugs@FreeBSD.ORG Wed Sep 7 10:30:14 2005 Return-Path: X-Original-To: freebsd-bugs@hub.freebsd.org Delivered-To: freebsd-bugs@hub.freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 93B3A16A41F for ; Wed, 7 Sep 2005 10:30:14 +0000 (GMT) (envelope-from gnats@FreeBSD.org) Received: from freefall.freebsd.org (freefall.freebsd.org [216.136.204.21]) by mx1.FreeBSD.org (Postfix) with ESMTP id C343F43D45 for ; Wed, 7 Sep 2005 10:30:13 +0000 (GMT) (envelope-from gnats@FreeBSD.org) Received: from freefall.freebsd.org (gnats@localhost [127.0.0.1]) by freefall.freebsd.org (8.13.3/8.13.3) with ESMTP id j87AUDoD066752 for ; Wed, 7 Sep 2005 10:30:13 GMT (envelope-from gnats@freefall.freebsd.org) Received: (from gnats@localhost) by freefall.freebsd.org (8.13.3/8.13.1/Submit) id j87AUDMs066751; Wed, 7 Sep 2005 10:30:13 GMT (envelope-from gnats) Resent-Date: Wed, 7 Sep 2005 10:30:13 GMT Resent-Message-Id: <200509071030.j87AUDMs066751@freefall.freebsd.org> Resent-From: FreeBSD-gnats-submit@FreeBSD.org (GNATS Filer) Resent-To: freebsd-bugs@FreeBSD.org Resent-Reply-To: FreeBSD-gnats-submit@FreeBSD.org, Fredrik Lindberg Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 84A8716A41F for ; Wed, 7 Sep 2005 10:27:49 +0000 (GMT) (envelope-from fli@biocandy.shapeshifter.se) Received: from mx1.h3q.net (manticore.shapeshifter.se [212.37.5.30]) by mx1.FreeBSD.org (Postfix) with ESMTP id 128B443D45 for ; Wed, 7 Sep 2005 10:27:48 +0000 (GMT) (envelope-from fli@biocandy.shapeshifter.se) Received: from localhost (localhost [127.0.0.1]) by mx1.h3q.net (Postfix) with ESMTP id B26631A744 for ; Wed, 7 Sep 2005 12:27:45 +0200 (CEST) Received: from mx1.h3q.net ([127.0.0.1]) by localhost (manticore.shapeshifter.se [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 64699-03 for ; Wed, 7 Sep 2005 12:27:44 +0200 (CEST) Received: from biocandy.shapeshifter.se (h4n2fls31o270.telia.com [217.208.199.4]) by mx1.h3q.net (Postfix) with ESMTP id 9195B1A743 for ; Wed, 7 Sep 2005 12:27:44 +0200 (CEST) Received: by biocandy.shapeshifter.se (Postfix, from userid 1001) id 5409942D5; Wed, 7 Sep 2005 12:27:44 +0200 (CEST) Message-Id: <20050907102744.5409942D5@biocandy.shapeshifter.se> Date: Wed, 7 Sep 2005 12:27:44 +0200 (CEST) From: Fredrik Lindberg To: FreeBSD-gnats-submit@FreeBSD.org X-Send-Pr-Version: 3.113 Cc: Subject: kern/85826: [patch] Unknown opcode panic when ipfw is compiled without INET6 X-BeenThere: freebsd-bugs@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: Bug reports List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 07 Sep 2005 10:30:14 -0000 >Number: 85826 >Category: kern >Synopsis: [patch] Unknown opcode panic when ipfw is compiled without INET6 >Confidential: no >Severity: non-critical >Priority: low >Responsible: freebsd-bugs >State: open >Quarter: >Keywords: >Date-Required: >Class: sw-bug >Submitter-Id: current-users >Arrival-Date: Wed Sep 07 10:30:13 GMT 2005 >Closed-Date: >Last-Modified: >Originator: Fredrik Lindberg >Release: FreeBSD 7.0-CURRENT i386 >Organization: >Environment: System: FreeBSD biocandy.shapeshifter.se 7.0-CURRENT FreeBSD 7.0-CURRENT #18: Tue Sep 6 14:03:13 CEST 2005 root@biocandy.shapeshifter.se:/usr/obj/usr/src/sys/BIOCANDY-CURRENT i386 >Description: It's possible to panic your system if ipfw(4) is compiled without INET6. ipfw(8) still accepts ip6 rules and inserts them into the ruleset. But since all ip6 code is behind INET6 ipfw_chk() won't recognize the rule opcode and instead panic with "unknown opcode". >How-To-Repeat: > cd sys/modules/ipfw && make > kldload ./ipfw.ko > ipfw add allow ip6 from dead:cafe:babe::1 to me panic: -- unknown opcode 73 >Fix: Return EOPNOTSUPP in check_ipfw_struct if a user tries to insert ip6 rules to a ipfw(4) module compiled without INET6 support. > ipfw add allow ip6 from dead:cafe:babe::1 to me ipfw: getsockopt(IP_FW_ADD): Operation not supported --- ip_fw2.c-ip6-20050907.patch begins here --- Index: ip_fw2.c =================================================================== RCS file: /home/ncvs/src/sys/netinet/ip_fw2.c,v retrieving revision 1.110 diff -u -r1.110 ip_fw2.c --- ip_fw2.c 4 Sep 2005 17:33:40 -0000 1.110 +++ ip_fw2.c 7 Sep 2005 10:00:32 -0000 @@ -3553,6 +3553,22 @@ return EINVAL; } DEB(printf("ipfw: opcode %d\n", cmd->opcode);) +#ifndef INET6 + switch (cmd->opcode) { + case O_IP6_SRC_ME: + case O_IP6_DST_ME: + case O_IP6_SRC: + case O_IP6_DST: + case O_IP6: + case O_FLOW6ID: + case O_IP6_SRC_MASK: + case O_IP6_DST_MASK: + case O_ICMP6TYPE: + return (EOPNOTSUPP); + default: + break; + } +#endif /* !INET6 */ switch (cmd->opcode) { case O_PROBE_STATE: case O_KEEP_STATE: --- ip_fw2.c-ip6-20050907.patch ends here --- >Release-Note: >Audit-Trail: >Unformatted: