From nobody@FreeBSD.org  Tue May  2 12:13:16 2000
Return-Path: <nobody@FreeBSD.org>
Received: from freefall.freebsd.org (freefall.FreeBSD.ORG [204.216.27.21])
	by hub.freebsd.org (Postfix) with ESMTP id 50CB637BC2A
	for <freebsd-gnats-submit@FreeBSD.org>; Tue,  2 May 2000 12:13:16 -0700 (PDT)
	(envelope-from nobody@FreeBSD.org)
Received: (from nobody@localhost)
	by freefall.freebsd.org (8.9.3/8.9.2) id MAA50860;
	Tue, 2 May 2000 12:13:16 -0700 (PDT)
	(envelope-from nobody@FreeBSD.org)
Message-Id: <200005021913.MAA50860@freefall.freebsd.org>
Date: Tue, 2 May 2000 12:13:16 -0700 (PDT)
From: darcy@wavefire.com
Sender: nobody@FreeBSD.org
To: freebsd-gnats-submit@FreeBSD.org
Subject: ipfw add with no rule number returns the wrong rule number
X-Send-Pr-Version: www-1.0

>Number:         18351
>Category:       bin
>Synopsis:       ipfw add with no rule number returns the wrong rule number
>Confidential:   no
>Severity:       non-critical
>Priority:       low
>Responsible:    ru
>State:          closed
>Quarter:        
>Keywords:       
>Date-Required:  
>Class:          sw-bug
>Submitter-Id:   current-users
>Arrival-Date:   Tue May  2 12:20:02 PDT 2000
>Closed-Date:    Tue Oct 17 06:45:04 PDT 2000
>Last-Modified:  Tue Oct 17 06:45:51 PDT 2000
>Originator:     Darcy Buskermolen
>Release:        3.4-STABLE
>Organization:
Wavefire Technologies Corp.
>Environment:
FreeBSD host.dbitech.bc.ca 3.4-STABLE FreeBSD 3.4-STABLE #9: Wed Mar 15 10:41:52 PST 2000     root@build.dbitech.bc.ca:/usr/src/sys/compile/DBITECH  i386
>Description:
when you do a ipfw add deny ip from  here to there ipfw will echo back 00000 as the rule number
ipfw show 00000 of course returns no such rule
(rule will be given 100 by default then default +100 for each next rule)
>How-To-Repeat:

>Fix:
I have a patch to the code to work around this problem

>Release-Note:
>Audit-Trail:

From: Darcy Buskermolen <darcy@ok-connect.com>
To: freebsd-gnats-submit@FreeBSD.org
Cc:  
Subject: bin/18351 ipfw add with no rule number returns the wrong rule
  number
Date: Tue, 02 May 2000 12:40:52 -0700

 --=====================_957321652==_
 Content-Type: text/plain; charset="us-ascii"
 
 Attached is my patch hopefully someone with a bit more hackers time can
 review and clean up this code
 
 \\DB
 
 --=====================_957321652==_
 Content-Type: text/plain; charset="us-ascii"
 Content-Disposition: attachment; filename="ipfw.patch"
 
 *** ipfw.c.org	Tue May  2 12:04:11 2000
 --- ipfw.c	Tue May  2 12:02:28 2000
 ***************
 *** 1281,1300 ****
   	int ac;
   	char **av;
   {
   	struct ip_fw rule;
   	int i;
   	u_char proto;
   	struct protoent *pe;
   	int saw_xmrc = 0, saw_via = 0;
 ! 	
   	memset(&rule, 0, sizeof rule);
   
   	av++; ac--;
   
   	/* Rule number */
   	if (ac && isdigit(**av)) {
   		rule.fw_number = atoi(*av); av++; ac--;
   	}
   
   	/* Action */
   	if (ac > 1 && !strncmp(*av, "prob", strlen(*av) ) ) {
 --- 1281,1341 ----
   	int ac;
   	char **av;
   {
 +   /*
 + 	struct ip_fw *rules;
 + 
 + 
 + 	void *data = NULL;
 + 	int pcwidth = 0;
 + 	int bcwidth = 0;
 + 	int n, num = 0;
 + 
 +    */
 + 	struct dn_pipe *pipes;
 + 	int nbytes;
 + 
 + 
   	struct ip_fw rule;
 +         struct ip_fw *rules;
   	int i;
   	u_char proto;
   	struct protoent *pe;
 +         int num = 0;
   	int saw_xmrc = 0, saw_via = 0;
 ! 	void *data=NULL;
   	memset(&rule, 0, sizeof rule);
   
   	av++; ac--;
   
 + 	{
 + 		const int unit = do_pipe ? sizeof(*pipes) : sizeof(*rules);
 + 		const int ocmd = do_pipe ? IP_DUMMYNET_GET : IP_FW_GET;
 + 		int nalloc = 0;
 + 
 + 		while (num >= nalloc) {
 + 			nalloc = nalloc * 2 + 200;
 + 			nbytes = nalloc * unit;
 + 			if ((data = realloc(data, nbytes)) == NULL)
 + 				err(EX_OSERR, "realloc");
 + 			if (getsockopt(s, IPPROTO_IP, ocmd, data, &nbytes) < 0)
 + 				err(EX_OSERR, "getsockopt(IP_%s_GET)",
 + 				    do_pipe ? "DUMMYNET" : "FW");
 + 			num = nbytes / unit;
 + 		}
 + 	}
 + 
   	/* Rule number */
   	if (ac && isdigit(**av)) {
   		rule.fw_number = atoi(*av); av++; ac--;
   	}
 +         else {
 +         	rules = (struct ip_fw *) data;
 + 		num = 0;
 + 		while (rules[num].fw_number < 65535){
 + 			num++;
 +                 }
 +         	rule.fw_number = num;
 +         }
   
   	/* Action */
   	if (ac > 1 && !strncmp(*av, "prob", strlen(*av) ) ) {
 
 --=====================_957321652==_--
 
 
State-Changed-From-To: open->feedback 
State-Changed-By: johan 
State-Changed-When: Thu Aug 24 05:33:05 PDT 2000 
State-Changed-Why:  
Alot has happened with ipfw in current and 4-Stable, 
do you know if this problem still exists in 4-Stable? 



Responsible-Changed-From-To: freebsd-bugs->luigi 
Responsible-Changed-By: johan 
Responsible-Changed-When: Thu Aug 24 05:33:05 PDT 2000 
Responsible-Changed-Why:  
Over to ipfw maintainer either as an MFC to releng_3 or 
with a patch for this problem. 

http://www.freebsd.org/cgi/query-pr.cgi?pr=18351 
Responsible-Changed-From-To: luigi->ru 
Responsible-Changed-By: ru 
Responsible-Changed-When: Wed Oct 11 07:40:11 PDT 2000 
Responsible-Changed-Why:  
I have a working patch. 

http://www.freebsd.org/cgi/query-pr.cgi?pr=18351 
State-Changed-From-To: feedback->closed 
State-Changed-By: ru 
State-Changed-When: Tue Oct 17 06:45:04 PDT 2000 
State-Changed-Why:  
Fixed in 5.0-CURRENT and 4.1.1-STABLE. 

http://www.freebsd.org/cgi/query-pr.cgi?pr=18351 
>Unformatted:
