kern/57492: Firewall can be disabled in securelevel 3
Bruce Evans
bde at zeta.org.au
Thu Oct 2 08:52:31 PDT 2003
> My apologies, I forgot that I have this problem fixed locally,
> but it's not in the FreeBSD repository. I will re-open the
> bug. The patch, FWIW, is as follows:
This has some style bugs:
> %%%
> Index: ip_fw.c
> ===================================================================
> RCS file: /home/ncvs/src/sys/netinet/Attic/ip_fw.c,v
> retrieving revision 1.131.2.39
> diff -u -p -r1.131.2.39 ip_fw.c
> --- ip_fw.c 20 Jan 2003 02:23:07 -0000 1.131.2.39
> +++ ip_fw.c 2 Oct 2003 12:07:35 -0000
> @@ -94,11 +94,21 @@ LIST_HEAD (ip_fw_head, ip_fw) ip_fw_chai
> MALLOC_DEFINE(M_IPFW, "IpFw/IpAcct", "IpFw/IpAcct chain's");
>
> #ifdef SYSCTL_NODE
> +
> +static int
> +sysctl_fw_securelevel_check(SYSCTL_HANDLER_ARGS)
Function in the middle of declarations.
> +{
> +
> + if (req->newptr && securelevel >= 3)
> + return (EPERM);
> + return sysctl_handle_int(oidp, arg1, arg2, req);
Missing parentheses around return value.
> +}
> +
> SYSCTL_NODE(_net_inet_ip, OID_AUTO, fw, CTLFLAG_RW, 0, "Firewall");
> -SYSCTL_INT(_net_inet_ip_fw, OID_AUTO, enable, CTLFLAG_RW,
> - &fw_enable, 0, "Enable ipfw");
> -SYSCTL_INT(_net_inet_ip_fw, OID_AUTO,one_pass,CTLFLAG_RW,
> - &fw_one_pass, 0,
> +SYSCTL_PROC(_net_inet_ip_fw, OID_AUTO, enable, CTLTYPE_INT|CTLFLAG_RW,
> + &fw_enable, 0, sysctl_fw_securelevel_check, "I", "Enable ipfw");
Missing spaces around binary operator `|'.
> +SYSCTL_PROC(_net_inet_ip_fw, OID_AUTO, one_pass, CTLTYPE_INT|CTLFLAG_RW,
> + &fw_one_pass, 0, sysctl_fw_securelevel_check, "I",
Many more of these.
> @@ -173,30 +183,40 @@ static u_int32_t static_count = 0 ; /* #
> ...
> +SYSCTL_PROC(_net_inet_ip_fw, OID_AUTO, curr_dyn_buckets, CTLTYPE_INT|CTLFLAG_RD,
> + &curr_dyn_buckets, 0, sysctl_fw_securelevel_check, "IU",
> + "Current Number of dyn. buckets");
Also this and others with too-long lines.
Bruce
More information about the freebsd-bugs
mailing list