[Bug 281082] sys/netgraph/ng_ipfw.c: Using 32bit cookies breaks ipfw ngtee

Reply: bugzilla-noreply_a_freebsd.org: "[Bug 281082] sys/netgraph/ng_ipfw.c: Using 32bit cookies breaks ipfw ngtee"
Go to: [ bottom of page ] [ top of archives ] [ this month ]

From: <bugzilla-noreply_at_freebsd.org>
Date: Mon, 26 Aug 2024 19:56:42 UTC

https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=281082

            Bug ID: 281082
           Summary: sys/netgraph/ng_ipfw.c: Using 32bit cookies breaks
                    ipfw ngtee
           Product: Base System
           Version: Unspecified
          Hardware: Any
                OS: Any
            Status: New
          Severity: Affects Some People
          Priority: ---
         Component: kern
          Assignee: bugs@FreeBSD.org
          Reporter: ruben@verweg.com

The MFC’ed commit 20e1f207cc789a28783344614d6d1d1c639c5797
(https://cgit.freebsd.org/src/commit/?id=20e1f207cc789a28783344614d6d1d1c639c5797)
MFC’ed to 14.1 as dadf64c5586e5fa5e1018a3d8a02c9873b1121b8 and to 13.3 as
0b9242dea68c44dc630921d3802f3f80f4d84b48 breaks ipfw_netflow.

Reversing the patch restores functionality.

This might be due to 
* sys/netinet/ip_fw.h’s ipfw_insn->arg1 still sit at u_int16_t, perhaps
truncating one or another so that it remains invisible for ng_ipfw and the rest
of netgraph
* sbin/ipfw/ipfw2.c chkarg in case TOK_NGTEE poses a limit of IP_FW_TABLEARG
(65535) on the ngtee parameter.

Tested on 13.3 with ipfw_netflow and a packetcapture on the receiving port /
sudo flowctl netflow: show human

Reversing the patch seems less impacting than to figure out where arg1 handling
needs to be adjusted for full 32bit operation.

-- 
You are receiving this mail because:
You are the assignee for the bug.