From owner-freebsd-net@FreeBSD.ORG Thu Aug 28 13:35:38 2003 Return-Path: Delivered-To: freebsd-net@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id B3BEA16A4C0 for ; Thu, 28 Aug 2003 13:35:38 -0700 (PDT) Received: from silver.he.iki.fi (silver.he.iki.fi [193.64.42.241]) by mx1.FreeBSD.org (Postfix) with ESMTP id 328AB43FDD for ; Thu, 28 Aug 2003 13:35:36 -0700 (PDT) (envelope-from pete@he.iki.fi) Received: from he.iki.fi (h81.vuokselantie10.fi [193.64.42.129]) by silver.he.iki.fi (8.12.9/8.11.4) with ESMTP id h7SKZY5L019955; Thu, 28 Aug 2003 23:35:34 +0300 (EEST) (envelope-from pete@he.iki.fi) Message-ID: <3F4E6793.4030101@he.iki.fi> Date: Thu, 28 Aug 2003 23:35:31 +0300 From: Petri Helenius User-Agent: Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.4) Gecko/20030624 X-Accept-Language: en-us, en MIME-Version: 1.0 To: Maxim Konovalov References: <3F4E5FAF.2080705@he.iki.fi> <20030829000533.K65653@news1.macomnet.ru> In-Reply-To: <20030829000533.K65653@news1.macomnet.ru> Content-Type: text/plain; charset=us-ascii; format=flowed Content-Transfer-Encoding: 7bit cc: freebsd-net@freebsd.org Subject: Re: ipfw parsing bug X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 28 Aug 2003 20:35:38 -0000 Maxim Konovalov wrote: >On Thu, 28 Aug 2003, 23:01+0300, Petri Helenius wrote: > > > >>ipfw seems to have developed a bug lately on 5-CURRENT; >># ipfw add 2042 allow tcp from 0.0.0.0/0 to me >>42 >>02042 allow tcp from me to me dst-port 42 >> >>It used to work that 0.0.0.0/0 was "any" instead of "me". Last I checked >>the notation is also widely used in networking gear for default route which >>is a "catch any" definition. >> >> > >Known ipfw2 bug. Try this: > It works, please press the big red COMMIT button! # ipfw add 2043 allow tcp from 0.0.0.0/0 to me dst-port 42 02043 allow tcp from any to me dst-port 42 Thanks, Pete >Index: ipfw2.c >=================================================================== >RCS file: /home/ncvs/src/sbin/ipfw/ipfw2.c,v >retrieving revision 1.38 >diff -u -r1.38 ipfw2.c >--- ipfw2.c 21 Jul 2003 09:56:05 -0000 1.38 >+++ ipfw2.c 28 Jul 2003 15:51:26 -0000 >@@ -2046,7 +2046,7 @@ > errx(EX_DATAERR, "not any never matches"); > } > /* else do nothing and skip this entry */ >- continue; >+ return; > } > /* A single IP can be stored in an optimized format */ > if (d[1] == IP_MASK_ALL && av == NULL && len == 0) { >%%% > > >