From root@ad.com.br  Sat Feb 16 13:25:02 2008
Return-Path: <root@ad.com.br>
Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34])
	by hub.freebsd.org (Postfix) with ESMTP id 9E10016A418
	for <FreeBSD-gnats-submit@freebsd.org>; Sat, 16 Feb 2008 13:25:02 +0000 (UTC)
	(envelope-from root@ad.com.br)
Received: from ad.com.br (200-205-66-188.adseguros.com.br [200.205.66.188])
	by mx1.freebsd.org (Postfix) with ESMTP id F266513C459
	for <FreeBSD-gnats-submit@freebsd.org>; Sat, 16 Feb 2008 13:25:01 +0000 (UTC)
	(envelope-from root@ad.com.br)
Received: (qmail 10618 invoked by uid 0); 16 Feb 2008 13:16:38 -0000
Message-Id: <20080216131638.10617.qmail@ad.com.br>
Date: 16 Feb 2008 13:16:38 -0000
From: Luiz Otavio O Souza <loos.br@gmail.com>
Reply-To: Luiz Otavio O Souza <loos.br@gmail.com>
To: FreeBSD-gnats-submit@freebsd.org
Cc:
Subject: [patch] ipfw nat has problems to show multiples nat rules
X-Send-Pr-Version: 3.113
X-GNATS-Notify:

>Number:         120734
>Category:       bin
>Synopsis:       [patch] ipfw(8): ipfw nat has problems to show multiples nat rules
>Confidential:   no
>Severity:       non-critical
>Priority:       low
>Responsible:    freebsd-ipfw
>State:          closed
>Quarter:        
>Keywords:       
>Date-Required:  
>Class:          sw-bug
>Submitter-Id:   current-users
>Arrival-Date:   Sat Feb 16 13:30:05 UTC 2008
>Closed-Date:    Thu Feb 21 23:01:38 UTC 2008
>Last-Modified:  Thu Feb 21 23:01:38 UTC 2008
>Originator:     Luiz Otavio O Souza
>Release:        FreeBSD 7.0-PRERELEASE i386
>Organization:
>Environment:
System: FreeBSD server.rede.int.br 7.0-PRERELEASE FreeBSD 7.0-PRERELEASE #5: Sun Jan 27 18:40:24 BRST 2008 root@server.rede.int.br:/usr/obj/usr/src/sys/FW i386


	
>Description:
	ipfw nat has problems to show multiples nat rules.
	the problem happen when ipfw parse the serialized data from kernel.
	this simple patch fix that, but may be all code should be audited to ensure the correct utilization (and parse) of serialized data (to and from kernel).

>How-To-Repeat:
	# ipfw nat 1 config if tun0 same_ports reset
	# ipfw nat 2 config ip 10.0.0.2 same_ports redirect_port tcp 129.0.0.1:23 10.0.0.3:23
	# ipfw nat 3 config ip 100.0.0.2 reset
	# ipfw nat show config
	ipfw nat 3 config ip 100.0.0.2 reset
	ipfw nat 0 config
	ipfw nat 0 config


	after fix:
	# /usr/src/sbin/ipfw/ipfw nat show config
	ipfw nat 3 config ip 100.0.0.2 reset
	ipfw nat 2 config ip 10.0.0.2 same_ports redirect_port tcp 129.0.0.1:23 10.0.0.3:23
	ipfw nat 1 config if tun0 same_ports reset

>Fix:

	this patch fix the parse of serialized data on ipfw (userland), kernel requires no changes at moment.
	the last part of patch is just style(9) fixes.


--- ipfw2.c.orig	2008-02-10 13:22:35.000000000 -0200
+++ ipfw2.c	2008-02-16 10:20:37.000000000 -0200
@@ -5963,14 +5963,16 @@
 		for (i = sizeof(nat_cnt); nat_cnt; nat_cnt--) {
 			n = (struct cfg_nat *)&data[i];
 			if (do_rule) {
-				if (!(frule <= n->id && lrule >= n->id))
-					continue;
-			}
-			print_nat_config(&data[i]);
+				if ((frule <= n->id && lrule >= n->id))
+					print_nat_config(&data[i]);
+			} else
+				print_nat_config(&data[i]);
+
 			i += sizeof(struct cfg_nat);
 			e = (struct cfg_redir *)&data[i];
-			if (e->mode == REDIR_ADDR || e->mode == REDIR_PORT ||
-			    e->mode == REDIR_PROTO)
+			if (n->redir_cnt > 0 &&
+			   (e->mode == REDIR_ADDR || e->mode == REDIR_PORT ||
+			    e->mode == REDIR_PROTO))
 				i += sizeof(struct cfg_redir) + e->spool_cnt * 
 				    sizeof(struct cfg_spool);
 		}
@@ -6226,16 +6228,16 @@
 			config_pipe(ac, av);
 		else if (do_nat && _substrcmp(*av, "config") == 0)
  			config_nat(ac, av);
-			else if (_substrcmp(*av, "set") == 0)
-				sets_handler(ac, av);
-			else if (_substrcmp(*av, "table") == 0)
-				table_handler(ac, av);
-			else if (_substrcmp(*av, "enable") == 0)
-				sysctl_handler(ac, av, 1);
-			else if (_substrcmp(*av, "disable") == 0)
-				sysctl_handler(ac, av, 0);
-			else
-				try_next = 1;
+		else if (_substrcmp(*av, "set") == 0)
+			sets_handler(ac, av);
+		else if (_substrcmp(*av, "table") == 0)
+			table_handler(ac, av);
+		else if (_substrcmp(*av, "enable") == 0)
+			sysctl_handler(ac, av, 1);
+		else if (_substrcmp(*av, "disable") == 0)
+			sysctl_handler(ac, av, 0);
+		else
+			try_next = 1;
 	}
 
 	if (use_set || try_next) {
>Release-Note:
>Audit-Trail:
Responsible-Changed-From-To: freebsd-bugs->freebsd-ipfw 
Responsible-Changed-By: linimon 
Responsible-Changed-When: Sat Feb 16 14:08:59 UTC 2008 
Responsible-Changed-Why:  
Over to maintainer(s). 

http://www.freebsd.org/cgi/query-pr.cgi?pr=120734 

From: dfilter@FreeBSD.ORG (dfilter service)
To: bug-followup@FreeBSD.org
Cc:  
Subject: Re: bin/120734: commit references a PR
Date: Mon, 18 Feb 2008 20:26:40 +0000 (UTC)

 piso        2008-02-18 20:26:34 UTC
 
   FreeBSD src repository
 
   Modified files:
     sbin/ipfw            ipfw2.c 
   Log:
   Fix display of multiple nat rules.
   
   Bug spotted by: Luiz Otavio O Souza
   PR:     120734
   MFC After: 3 days
   
   Revision  Changes    Path
   1.115     +4 -4      src/sbin/ipfw/ipfw2.c
 _______________________________________________
 cvs-all@freebsd.org mailing list
 http://lists.freebsd.org/mailman/listinfo/cvs-all
 To unsubscribe, send any mail to "cvs-all-unsubscribe@freebsd.org"
 
State-Changed-From-To: open->closed 
State-Changed-By: piso 
State-Changed-When: Thu Feb 21 22:59:51 UTC 2008 
State-Changed-Why:  
Fixed in v 1.116. 


http://www.freebsd.org/cgi/query-pr.cgi?pr=120734 
>Unformatted:
