From nobody@FreeBSD.org Sun Nov 25 07:24:44 2001 Return-Path: Received: from freefall.freebsd.org (freefall.FreeBSD.org [216.136.204.21]) by hub.freebsd.org (Postfix) with ESMTP id 8AEE337B416 for ; Sun, 25 Nov 2001 07:24:44 -0800 (PST) Received: (from nobody@localhost) by freefall.freebsd.org (8.11.4/8.11.4) id fAPFOir56831; Sun, 25 Nov 2001 07:24:44 -0800 (PST) (envelope-from nobody) Message-Id: <200111251524.fAPFOir56831@freefall.freebsd.org> Date: Sun, 25 Nov 2001 07:24:44 -0800 (PST) From: Brian Candler To: freebsd-gnats-submit@FreeBSD.org Subject: ipfw misreads 'skipto' rule number with leading zero X-Send-Pr-Version: www-1.0 >Number: 32270 >Category: bin >Synopsis: ipfw misreads 'skipto' rule number with leading zero >Confidential: no >Severity: non-critical >Priority: low >Responsible: freebsd-bugs >State: closed >Quarter: >Keywords: >Date-Required: >Class: sw-bug >Submitter-Id: current-users >Arrival-Date: Sun Nov 25 07:30:00 PST 2001 >Closed-Date: Sun Nov 25 08:29:32 PST 2001 >Last-Modified: Sun Nov 25 08:40:01 PST 2001 >Originator: Brian Candler >Release: FreeBSD-4.4 >Organization: >Environment: >Description: 'ipfw list' displays rule numbers as 5 digits with leading zeros. 'ipfw add nnnnn' accepts rule numbers with leading zeros. However, 'ipfw ... skipto nnnnn ...' fails when given a number with a leading zero; it appears to treat it as octal, but silently ignores non-octal digits (e.g. 02999 is accepted but treated as '2') The man page does not say that 'skipto' treats rule numbers any differently than elsewhere. Trivial to workaround - by dropping the leading zero - but wasted time trying to work out why my ruleset wasn't working! >How-To-Repeat: # ipfw add 00500 skipto 02999 ip from 1.2.3.4 to 5.6.7.8 00500 skipto 2 ip from 1.2.3.4 to 5.6.7.8 # ipfw add 00600 skipto 03777 ip from 1.2.3.4 to 5.6.7.8 00600 skipto 2047 ip from 1.2.3.4 to 5.6.7.8 # ipfw list ... 00500 skipto 2 ip from 1.2.3.4 to 5.6.7.8 00600 skipto 2047 ip from 1.2.3.4 to 5.6.7.8 >Fix: >Release-Note: >Audit-Trail: From: Peter Pentchev To: Brian Candler Cc: freebsd-gnats-submit@FreeBSD.org Subject: Re: bin/32270: ipfw misreads 'skipto' rule number with leading zero Date: Sun, 25 Nov 2001 17:42:21 +0200 On Sun, Nov 25, 2001 at 07:24:44AM -0800, Brian Candler wrote: > > >Number: 32270 > >Category: bin > >Synopsis: ipfw misreads 'skipto' rule number with leading zero > >Originator: Brian Candler > >Release: FreeBSD-4.4 > >Organization: > >Environment: > >Description: > 'ipfw list' displays rule numbers as 5 digits with leading zeros. > 'ipfw add nnnnn' accepts rule numbers with leading zeros. > > However, 'ipfw ... skipto nnnnn ...' fails when given a number with > a leading zero; it appears to treat it as octal, but silently ignores > non-octal digits (e.g. 02999 is accepted but treated as '2') [snip] > > >How-To-Repeat: > # ipfw add 00500 skipto 02999 ip from 1.2.3.4 to 5.6.7.8 > 00500 skipto 2 ip from 1.2.3.4 to 5.6.7.8 > # ipfw add 00600 skipto 03777 ip from 1.2.3.4 to 5.6.7.8 > 00600 skipto 2047 ip from 1.2.3.4 to 5.6.7.8 > # ipfw list > ... > 00500 skipto 2 ip from 1.2.3.4 to 5.6.7.8 > 00600 skipto 2047 ip from 1.2.3.4 to 5.6.7.8 I cannot reproduce this here: [root@straylight:v3 ~]# ipfw list 65535 allow ip from any to any [root@straylight:v3 ~]# ipfw add 00500 skipto 02999 ip from 1.2.3.4 to 5.6.7.8 00500 skipto 2999 ip from 1.2.3.4 to 5.6.7.8 [root@straylight:v3 ~]# ipfw add 00600 skipto 03777 ip from 1.2.3.4 to 5.6.7.8 00600 skipto 3777 ip from 1.2.3.4 to 5.6.7.8 [root@straylight:v3 ~]# ipfw list 00500 skipto 2999 ip from 1.2.3.4 to 5.6.7.8 00600 skipto 3777 ip from 1.2.3.4 to 5.6.7.8 65535 allow ip from any to any [root@straylight:v3 ~]# Are you running FreeBSD 4.4-RELEASE? If so, could you update to -stable and see if the problem is really fixed? I cannot find anything related to parsing rule numbers in the ipfw.c changes after 4.4-RELEASE, though.. G'luck, Peter -- No language can express every thought unambiguously, least of all this one. From: Brian Candler To: Peter Pentchev Cc: freebsd-gnats-submit@FreeBSD.org Subject: Re: bin/32270: ipfw misreads 'skipto' rule number with leading zero Date: Sun, 25 Nov 2001 15:56:10 +0000 On Sun, Nov 25, 2001 at 05:42:21PM +0200, Peter Pentchev wrote: > I cannot reproduce this here: ... > Are you running FreeBSD 4.4-RELEASE? Yes: the laptop I reproduced it on was recently upgraded to 4.4 via the 'upgrade' process, but the machine where it actually caused the headache was a freshly- installed 4.4-RELEASE. $ ls -l /sbin/ipfw -r-xr-xr-x 1 root wheel 260412 Sep 18 18:27 /sbin/ipfw $ md5 /sbin/ipfw MD5 (/sbin/ipfw) = 165f54834431e4437e192ac0c31ef4c3 (on both machines) From: Brian Candler To: Peter Pentchev Cc: freebsd-gnats-submit@FreeBSD.org Subject: Re: bin/32270: ipfw misreads 'skipto' rule number with leading zero Date: Sun, 25 Nov 2001 16:07:04 +0000 I can't upgrade to 4.4-STABLE at the moment, but I do see the following in ipfw.c from /src/ssbin.?? on the CD-ROM, line 1654: } else if (!strncmp(*av, "skipto", strlen(*av))) { rule.fw_flg |= IP_FW_F_SKIPTO; av++; ac--; if (!ac) show_usage("missing skipto rule number"); rule.fw_skipto_rule = strtoul(*av, NULL, 0); av++; ac--; I think the third parameter to strtoul should be 10, not 0. Regards, Brian. From: Peter Pentchev To: Brian Candler Cc: freebsd-gnats-submit@FreeBSD.org Subject: Re: bin/32270: ipfw misreads 'skipto' rule number with leading zero Date: Sun, 25 Nov 2001 18:14:45 +0200 On Sun, Nov 25, 2001 at 03:56:10PM +0000, Brian Candler wrote: > On Sun, Nov 25, 2001 at 05:42:21PM +0200, Peter Pentchev wrote: > > I cannot reproduce this here: > ... > > Are you running FreeBSD 4.4-RELEASE? > > Yes: the laptop I reproduced it on was recently upgraded to 4.4 via the > 'upgrade' process, but the machine where it actually caused the headache was > a freshly- installed 4.4-RELEASE. > > $ ls -l /sbin/ipfw > -r-xr-xr-x 1 root wheel 260412 Sep 18 18:27 /sbin/ipfw > $ md5 /sbin/ipfw > MD5 (/sbin/ipfw) = 165f54834431e4437e192ac0c31ef4c3 > > (on both machines) If the /sbin/ipfw files are exactly the same on both machines, then you do not really have a recent -stable. There have been several changes to the ipfw userland code.. and actually, come to think of it, I just found one that would seem to fix your problem: ru 2001/09/24 02:58:47 PDT Modified files: (Branch: RELENG_4) sbin/ipfw ipfw.c Log: MFC: 1.109: Non-decimal ``skipto'' rule numbers are confusing. This was committed on Sep 24, about two months ago; are you sure that your stable laptop is running a really recent -stable? G'luck, Peter -- If the meanings of 'true' and 'false' were switched, then this sentence wouldn't be false. State-Changed-From-To: open->closed State-Changed-By: roam State-Changed-When: Sun Nov 25 08:29:32 PST 2001 State-Changed-Why: The originator agrees that this was probably solved in rev. 1.109 and 1.80.2.12 of src/sbin/ipfw/ipfw.c. http://www.FreeBSD.org/cgi/query-pr.cgi?pr=32270 From: Brian Candler To: Peter Pentchev Cc: freebsd-gnats-submit@FreeBSD.org Subject: Re: bin/32270: ipfw misreads 'skipto' rule number with leading zero Date: Sun, 25 Nov 2001 16:28:42 +0000 On Sun, Nov 25, 2001 at 06:14:45PM +0200, Peter Pentchev wrote: > If the /sbin/ipfw files are exactly the same on both machines, then you > do not really have a recent -stable. That's right, I am running -RELEASE on both. > ru 2001/09/24 02:58:47 PDT > Modified files: (Branch: RELENG_4) > sbin/ipfw ipfw.c > Log: > MFC: 1.109: Non-decimal ``skipto'' rule numbers are confusing. That looks like the one. Thanks - problem closed. >Unformatted: