Date: Mon, 26 Aug 2024 19:56:42 +0000 From: bugzilla-noreply@freebsd.org To: bugs@FreeBSD.org Subject: [Bug 281082] sys/netgraph/ng_ipfw.c: Using 32bit cookies breaks ipfw ngtee Message-ID: <bug-281082-227@https.bugs.freebsd.org/bugzilla/>
next in thread | raw e-mail | index | archive | help
https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=3D281082 Bug ID: 281082 Summary: sys/netgraph/ng_ipfw.c: Using 32bit cookies breaks ipfw ngtee Product: Base System Version: Unspecified Hardware: Any OS: Any Status: New Severity: Affects Some People Priority: --- Component: kern Assignee: bugs@FreeBSD.org Reporter: ruben@verweg.com The MFC=E2=80=99ed commit 20e1f207cc789a28783344614d6d1d1c639c5797 (https://cgit.freebsd.org/src/commit/?id=3D20e1f207cc789a28783344614d6d1d1c= 639c5797) MFC=E2=80=99ed to 14.1 as dadf64c5586e5fa5e1018a3d8a02c9873b1121b8 and to 1= 3.3 as 0b9242dea68c44dc630921d3802f3f80f4d84b48 breaks ipfw_netflow. Reversing the patch restores functionality. This might be due to=20 * sys/netinet/ip_fw.h=E2=80=99s ipfw_insn->arg1 still sit at u_int16_t, per= haps truncating one or another so that it remains invisible for ng_ipfw and the = rest of netgraph * sbin/ipfw/ipfw2.c chkarg in case TOK_NGTEE poses a limit of IP_FW_TABLEARG (65535) on the ngtee parameter. Tested on 13.3 with ipfw_netflow and a packetcapture on the receiving port / sudo flowctl netflow: show human Reversing the patch seems less impacting than to figure out where arg1 hand= ling needs to be adjusted for full 32bit operation. --=20 You are receiving this mail because: You are the assignee for the bug.=
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?bug-281082-227>