[Bug 238796] ipfilter: fix unremovable rules and rules checksum for comparison
bugzilla-noreply at freebsd.org
bugzilla-noreply at freebsd.org
Wed Jun 26 05:01:22 UTC 2019
https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=238796
--- Comment #3 from WHR <msl0000023508 at gmail.com> ---
I'm actually didn't noticed that 'fd_local' is just been set but not used in
the code; but it doesn't cause the issue in my test, 'fd_local' is 0 in all
rules.
By inserting printf(8)s to 'ipf_rule_compare', and manually comparing each
possible members, I can only seen the string index numbers in 'fr_ifnames' and
'fd_name' different between 2 instances representing a same rule.
'fd_ptr' value didn't change in the last test, because ifunit(9) returns the
same pointer to 'struct ifnet' for same interface; but what if that interface
recreated with same name? The 'fd_ptr' may have a different value than the new
pointer returned by ifunit(9).
BTW, this bug is already exists in IP Filter 4.*; but the only problematic
variable was 'fd_ptr', may be plus the unused space in 'fr_ifnames' (type char
[4][LIFNAMSIZ]), in that version.
I has first discovered this bug on a Solaris system, and found the 'fd_ifp' (in
'frdest_t', renamed to 'fd_ptr' in v5 branch) is changing between old and new
instances of 'struct frentry'. I later fixed this bug in IP Filter 4.1.34 for
Solaris
(https://git.nsscn.top/Low-power/IPFilter/commit/9bb6c656ac6fef52e53890833703bf7ddea1e18b).
--
You are receiving this mail because:
You are on the CC list for the bug.
More information about the freebsd-net
mailing list