Date: 28 Sep 2001 20:32:02 +0200 From: Dag-Erling Smorgrav <des@ofug.org> To: Luigi Rizzo <luigi@FreeBSD.org> Cc: cvs-committers@FreeBSD.org, cvs-all@FreeBSD.org Subject: Re: cvs commit: src/sys/netinet ip_dummynet.c ip_dummynet.h ip_fw.c ip_fw.h ip_input.c ip_output.c src/sys/net bridge.c src/sbin/ipfw ipfw.8 ipfw.c Message-ID: <xzp8zezi2u5.fsf@flood.ping.uio.no> In-Reply-To: <xzpwv2jkx2q.fsf@flood.ping.uio.no> References: <200109272344.f8RNiSV40274@freefall.freebsd.org> <xzpwv2jkx2q.fsf@flood.ping.uio.no>
next in thread | previous in thread | raw e-mail | index | archive | help
--=-=-= Dag-Erling Smorgrav <des@ofug.org> writes: > 1) with these patches, installing the rule "pass ip from any to any > via lo0" (#2 in my ruleset) causes an immediate panic in > add_entry() (no core dump yet, but I'm working on it) Actually, from reading the code, any attempt to install an unnumbered (i.e. automatically numbered) rule will panic, because the loop (starting on line 1657 of ip_fw.c) that tries to find the highest existing rule number trashes the pointer to the rule you're about to install. See the attached (untested) patch. DES -- Dag-Erling Smorgrav - des@ofug.org --=-=-= Content-Type: text/x-patch Content-Disposition: attachment; filename=ipfw.diff Index: ip_fw.c =================================================================== RCS file: /home/ncvs/src/sys/netinet/ip_fw.c,v retrieving revision 1.170 diff -u -r1.170 ip_fw.c --- ip_fw.c 27 Sep 2001 23:44:26 -0000 1.170 +++ ip_fw.c 28 Sep 2001 18:27:58 -0000 @@ -1654,9 +1654,13 @@ /* If entry number is 0, find highest numbered rule and add 100 */ if (ftmp->fw_number == 0) { - LIST_FOREACH(ftmp, head, next) { - if (ftmp->fw_number != IPFW_DEFAULT_RULE) - nbr = ftmp->fw_number; + /* + * This works because the list is ordered, so the last + * non-default rule is also the highest-numbered one. + */ + LIST_FOREACH(fcp, head, next) { + if (fcp->fw_number != IPFW_DEFAULT_RULE) + nbr = fcp->fw_number; else break; } --=-=-=-- To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe cvs-all" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?xzp8zezi2u5.fsf>