Current problem reports assigned to freebsd-ipfw@FreeBSD.org
Note: to view an individual PR, use: http://www.freebsd.org/cgi/query-pr.cgi?pr=(number). The following is a listing of current problems submitted by FreeBSD users. These represent problem reports covering all versions including experimental development code and obsolete releases. S Tracker Resp. Description o kern/180731 ipfw [ipfw] problem with displaying 255.255.255.255 address o kern/180729 ipfw [ipfw] ipfw nat show empty output o kern/178482 ipfw [ipfw] logging problem from vnet jail o kern/178480 ipfw [ipfw] dynamically loaded ipfw with a vimage kernel do o kern/178317 ipfw [ipfw] ipfw options need to specifed in specific order o kern/177948 ipfw [ipfw] ipfw fails to parse port ranges (p1-p2) for udp o kern/176503 ipfw [ipfw] ipfw layer2 problem o conf/167822 ipfw [ipfw] [patch] start script doesn't load firewall_type o kern/166406 ipfw [ipfw] ipfw does not set ALTQ identifier for ipv6 traf o kern/165939 ipfw [ipfw] bug: incomplete firewall rules loaded if tables o kern/165190 ipfw [ipfw] [lo] [patch] loopback interface is not marking o kern/158066 ipfw [ipfw] ipfw + netgraph + multicast = multicast packets o kern/157689 ipfw [ipfw] ipfw nat config does not accept nonexistent int f kern/155927 ipfw [ipfw] ipfw stops to check packets for compliance with o bin/153252 ipfw [ipfw][patch] ipfw lockdown system in subsequent call o kern/153161 ipfw [ipfw] does not support specifying rules with ICMP cod o kern/148827 ipfw [ipfw] divert broken with in-kernel ipfw o kern/148430 ipfw [ipfw] IPFW schedule delete broken. o kern/148091 ipfw [ipfw] ipfw ipv6 handling broken. f kern/143973 ipfw [ipfw] [panic] ipfw forward option causes kernel reboo o kern/143621 ipfw [ipfw] [dummynet] [patch] dummynet and vnet use result o kern/137346 ipfw [ipfw] ipfw nat redirect_proto is broken o kern/137232 ipfw [ipfw] parser troubles o kern/129036 ipfw [ipfw] 'ipfw fwd' does not change outgoing interface n o kern/127230 ipfw [ipfw] [patch] Feature request to add UID and/or GID l f kern/122963 ipfw [ipfw] tcpdump does not show packets redirected by 'ip s kern/121807 ipfw [request] TCP and UDP port_table in ipfw o kern/116009 ipfw [ipfw] [patch] Ignore errors when loading ruleset from o kern/104682 ipfw [ipfw] [patch] Some minor language consistency fixes a o kern/103454 ipfw [ipfw] [patch] [request] add a facility to modify DF b o kern/103328 ipfw [ipfw] [request] sugestions about ipfw table o kern/97951 ipfw [ipfw] [patch] ipfw does not tie interface details to o kern/95084 ipfw [ipfw] [regression] [patch] IPFW2 ignores "recv/xmit/v o kern/86957 ipfw [ipfw] [patch] ipfw mac logging o bin/83046ipfw [ipfw] ipfw2 error: "setup" is allowed for icmp, but s o kern/82724 ipfw [ipfw] [patch] [request] Add setnexthop and defaultrou o bin/78785ipfw [patch] ipfw(8) verbosity locks machine if /etc/rc.fir o kern/60719 ipfw [ipfw] Headerless fragments generate cryptic error mes s kern/55984 ipfw [ipfw] [patch] time based firewalling support for ipfw o kern/48172 ipfw [ipfw] [patch] ipfw does not log size and flags o kern/46159 ipfw [ipfw] [patch] [request] ipfw dynamic rules lifetime f a kern/26534 ipfw [ipfw] Add an option to ipfw to log gid/uid of who cau 42 problems total. ___ freebsd-ipfw@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-ipfw To unsubscribe, send any mail to "freebsd-ipfw-unsubscr...@freebsd.org"
Re: ipfw table add problem
On Mon, 2013-11-25 at 15:30 +1100, Ian Smith wrote: > On Sun, 24 Nov 2013 23:56:14 +0400, Alexander V. Chernikov wrote: > > On 24.11.2013 19:43, Özkan KIRIK wrote: > > > Hi, > > > > > > I tested patch. This patch solves, ipfw table 1 add 4899 > > Ok. So I'll commit this fix soon. > > > > > > But, ipfw table 1 add 10.2.3.01 works incorrectly. > > > output is below. > > > # ./ipfw table 1 flush > > > # ./ipfw table 1 add 10.2.3.01 > > inet_pton() does not recognize this as valid IPv4 address, so it is > > treated as usigned unteger key. It looks like this behavior is mentioned > > in STANDARDS section. > > > # ./ipfw table 1 list > > > 0.0.0.10/32 0 > > I'm wondering if "so don't do that" is really sufficient to deal with > this? If it's not recognised as a valid address, shouldn't it fail to > add anything, with a complaint? I don't see how a string containing > dots can be seen as a valid unsigned integer? It's still not clear to me that inet_pton() is doing the right thing. Per the rfc cited earlier in the thread, it's not supposed to interpret the digits as octal or hex -- they are specifically declared to be decimal numbers. There's nothing invalid about "01" as a decimal number. The fact that many of us have a C-programming background and tend to think of leading-zero as implying octal doesn't change that. -- Ian ___ freebsd-ipfw@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-ipfw To unsubscribe, send any mail to "freebsd-ipfw-unsubscr...@freebsd.org"
Re: ipfw table add problem
In message <1385391778.1220.4.ca...@revolution.hippie.lan>, Ian Lepore writes: > On Mon, 2013-11-25 at 15:30 +1100, Ian Smith wrote: > > On Sun, 24 Nov 2013 23:56:14 +0400, Alexander V. Chernikov wrote: > > > On 24.11.2013 19:43, =D6zkan KIRIK wrote: > > > > Hi, > > > > = > > > > > I tested patch. This patch solves, ipfw table 1 add 4899 > > > Ok. So I'll commit this fix soon. > > > > = > > > > > But, ipfw table 1 add 10.2.3.01 works incorrectly. > > > > output is below. > > > > # ./ipfw table 1 flush > > > > # ./ipfw table 1 add 10.2.3.01 > > > inet_pton() does not recognize this as valid IPv4 address, so it is > > > treated as usigned unteger key. It looks like this behavior is mention= > ed > > > in STANDARDS section. > > > > # ./ipfw table 1 list > > > > 0.0.0.10/32 0 > > = > > > I'm wondering if "so don't do that" is really sufficient to deal with = > > > this? If it's not recognised as a valid address, shouldn't it fail to = > > > add anything, with a complaint? I don't see how a string containing = > > > dots can be seen as a valid unsigned integer? > > It's still not clear to me that inet_pton() is doing the right thing. > Per the rfc cited earlier in the thread, it's not supposed to interpret > the digits as octal or hex -- they are specifically declared to be > decimal numbers. There's nothing invalid about "01" as a decimal > number. The fact that many of us have a C-programming background and > tend to think of leading-zero as implying octal doesn't change that. But it does result in unexpected results when there is code that does treat 070 as 56 not 70. Rejecting ambigious input is a good thing. Part of what inet_pton() was trying to do was to get rid of the ambiguity in address inputs by tightening up the specification. 10.2.3.70 is not ambigious 10.2.3.070 is ambigious Mark > -- Ian > > > > > ___ > freebsd-sta...@freebsd.org mailing list > http://lists.freebsd.org/mailman/listinfo/freebsd-stable > To unsubscribe, send any mail to "freebsd-stable-unsubscr...@freebsd.org" -- Mark Andrews, ISC 1 Seymour St., Dundas Valley, NSW 2117, Australia PHONE: +61 2 9871 4742 INTERNET: ma...@isc.org ___ freebsd-ipfw@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-ipfw To unsubscribe, send any mail to "freebsd-ipfw-unsubscr...@freebsd.org"
