From owner-freebsd-bugs@FreeBSD.ORG  Tue Jan  3 00:30:11 2006
Return-Path: <owner-freebsd-bugs@FreeBSD.ORG>
X-Original-To: freebsd-bugs@hub.freebsd.org
Delivered-To: freebsd-bugs@hub.freebsd.org
Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125])
	by hub.freebsd.org (Postfix) with ESMTP id 6437916A44E
	for <freebsd-bugs@hub.freebsd.org>;
	Tue,  3 Jan 2006 00:30:11 +0000 (GMT)
	(envelope-from gnats@FreeBSD.org)
Received: from freefall.freebsd.org (freefall.freebsd.org [216.136.204.21])
	by mx1.FreeBSD.org (Postfix) with ESMTP id 428D743D45
	for <freebsd-bugs@hub.freebsd.org>;
	Tue,  3 Jan 2006 00:30:10 +0000 (GMT)
	(envelope-from gnats@FreeBSD.org)
Received: from freefall.freebsd.org (gnats@localhost [127.0.0.1])
	by freefall.freebsd.org (8.13.4/8.13.4) with ESMTP id k030U9ni085028
	for <freebsd-bugs@freefall.freebsd.org>; Tue, 3 Jan 2006 00:30:09 GMT
	(envelope-from gnats@freefall.freebsd.org)
Received: (from gnats@localhost)
	by freefall.freebsd.org (8.13.4/8.13.4/Submit) id k030U9TH085025;
	Tue, 3 Jan 2006 00:30:09 GMT (envelope-from gnats)
Resent-Date: Tue, 3 Jan 2006 00:30:09 GMT
Resent-Message-Id: <200601030030.k030U9TH085025@freefall.freebsd.org>
Resent-From: FreeBSD-gnats-submit@FreeBSD.org (GNATS Filer)
Resent-To: freebsd-bugs@FreeBSD.org
Resent-Reply-To: FreeBSD-gnats-submit@FreeBSD.org,
	Fredrik Lindberg <fli@shapeshifter.se>
Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125])
	by hub.freebsd.org (Postfix) with ESMTP id 8189516A41F
	for <FreeBSD-gnats-submit@freebsd.org>;
	Tue,  3 Jan 2006 00:27:39 +0000 (GMT)
	(envelope-from fli@shapeshifter.se)
Received: from mx1.h3q.net (manticore.shapeshifter.se [212.37.5.30])
	by mx1.FreeBSD.org (Postfix) with ESMTP id 8FCCB43D5E
	for <FreeBSD-gnats-submit@freebsd.org>;
	Tue,  3 Jan 2006 00:27:37 +0000 (GMT)
	(envelope-from fli@shapeshifter.se)
Received: from localhost (localhost [127.0.0.1])
	by mx1.h3q.net (Postfix) with ESMTP id 3A77A1A9D5
	for <FreeBSD-gnats-submit@freebsd.org>;
	Tue,  3 Jan 2006 01:27:35 +0100 (CET)
Received: from mx1.h3q.net ([127.0.0.1])
	by localhost (mx1.h3q.net [127.0.0.1]) (amavisd-new,
	port 10024) with ESMTP
	id 94924-08 for <FreeBSD-gnats-submit@freebsd.org>;
	Tue,  3 Jan 2006 01:27:34 +0100 (CET)
Received: from shapeshifter.se (81-234-243-91-o926.tbon.telia.com
	[81.234.243.91])
	(using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits))
	(No client certificate requested)
	by mx1.h3q.net (Postfix) with ESMTP id 790541A9D4
	for <FreeBSD-gnats-submit@freebsd.org>;
	Tue,  3 Jan 2006 01:27:33 +0100 (CET)
Received: by shapeshifter.se (sSMTP sendmail emulation);
	Tue,  3 Jan 2006 01:27:46 +0100
Message-Id: <20060103002733.790541A9D4@mx1.h3q.net>
Date: Tue,  3 Jan 2006 01:27:46 +0100
From: Fredrik Lindberg <fli@shapeshifter.se>
To: FreeBSD-gnats-submit@FreeBSD.org
X-Send-Pr-Version: 3.113
Cc: 
Subject: bin/91245: [patch] ipfw(8) sometimes treat ipv6 input as ipv4
X-BeenThere: freebsd-bugs@freebsd.org
X-Mailman-Version: 2.1.5
Precedence: list
List-Id: Bug reports <freebsd-bugs.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-bugs>,
	<mailto:freebsd-bugs-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-bugs>
List-Post: <mailto:freebsd-bugs@freebsd.org>
List-Help: <mailto:freebsd-bugs-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-bugs>,
	<mailto:freebsd-bugs-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Tue, 03 Jan 2006 00:30:11 -0000


>Number:         91245
>Category:       bin
>Synopsis:       [patch] ipfw(8) sometimes treat ipv6 input as ipv4
>Confidential:   no
>Severity:       non-critical
>Priority:       low
>Responsible:    freebsd-bugs
>State:          open
>Quarter:        
>Keywords:       
>Date-Required:
>Class:          sw-bug
>Submitter-Id:   current-users
>Arrival-Date:   Tue Jan 03 00:30:08 GMT 2006
>Closed-Date:
>Last-Modified:
>Originator:     Fredrik Lindberg
>Release:        FreeBSD 7.0-CURRENT i386
>Organization:
>Environment:
System: FreeBSD genesis.int.shapeshifter.se 7.0-CURRENT FreeBSD 7.0-CURRENT #6: Tue Dec 6 22:01:51 CET 2005 root@genesis.int.shapeshifter.se:/usr/obj/usr/src/sys/GENESIS i386


	
>Description:
ipfw(8) fails to parse ipv6 input when given a netmask or list of
ipv6 addresses. The input is then treated as ipv4 internally by ipfw(8).

>How-To-Repeat:
>Fix:
This occurs in add_src()/add_dst(). Because the ipfw commands which
triggers this never explicitly states that it is ipv6 (allow tcp from),
proto will never be set to IPPROTO_IPV6/IPPROTO_IP and the code will
resort to the inet_pton() check, which is fine with a single
ipv6-address but not with a netmask or a list.
 
This is the easiest possible fix. Treat input as ipv6 if there are
atleast two colon signs `:' in it.
 
Another solution might be to extract the recognition logic from
the fill_ip/fill_ip6 routines for use in add_src/add_dst, but
that would require alot more work.

--- ipfw2.c-20060102.patch begins here ---
Index: ipfw2.c
===================================================================
RCS file: /home/ncvs/src/sbin/ipfw/ipfw2.c,v
retrieving revision 1.80
diff -u -r1.80 ipfw2.c
--- ipfw2.c	29 Nov 2005 15:25:09 -0000	1.80
+++ ipfw2.c	2 Jan 2006 20:22:14 -0000
@@ -3703,7 +3703,8 @@
 	struct in6_addr a;
 
 	if (proto == IPPROTO_IPV6  || strcmp(av, "me6") == 0 ||
-	    inet_pton(AF_INET6, av, &a))
+	    inet_pton(AF_INET6, av, &a) ||
+	    strchr(av, ':') != strrchr(av, ':'))
 		return add_srcip6(cmd, av);
 	/* XXX: should check for IPv4, not !IPv6 */
 	if (proto == IPPROTO_IP || strcmp(av, "me") == 0 ||
@@ -3721,7 +3722,8 @@
 	struct in6_addr a;
 
 	if (proto == IPPROTO_IPV6  || strcmp(av, "me6") == 0 ||
-	    inet_pton(AF_INET6, av, &a))
+	    inet_pton(AF_INET6, av, &a) ||
+	    strchr(av, ':') != strrchr(av, ':'))
 		return add_dstip6(cmd, av);
 	/* XXX: should check for IPv4, not !IPv6 */
 	if (proto == IPPROTO_IP || strcmp(av, "me") == 0 ||
--- ipfw2.c-20060102.patch ends here ---


>Release-Note:
>Audit-Trail:
>Unformatted:
 >ipfw add allow tcp from 03f1::234:123:0342/24 to me
 ipfw: hostname ``03f1'' unknown
  
 >ipfw add allow tcp from 1234::234:123:1,03f1::234:123:2 to me
 ipfw: bad netmask ``:234:123:1,03f1::234:123:2''