From fli@shapeshifter.se  Tue Jan  3 00:27:39 2006
Return-Path: <fli@shapeshifter.se>
Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125])
	by hub.freebsd.org (Postfix) with ESMTP id 8189516A41F
	for <FreeBSD-gnats-submit@freebsd.org>; Tue,  3 Jan 2006 00:27:39 +0000 (GMT)
	(envelope-from fli@shapeshifter.se)
Received: from mx1.h3q.net (manticore.shapeshifter.se [212.37.5.30])
	by mx1.FreeBSD.org (Postfix) with ESMTP id 8FCCB43D5E
	for <FreeBSD-gnats-submit@freebsd.org>; Tue,  3 Jan 2006 00:27:37 +0000 (GMT)
	(envelope-from fli@shapeshifter.se)
Received: from localhost (localhost [127.0.0.1])
	by mx1.h3q.net (Postfix) with ESMTP id 3A77A1A9D5
	for <FreeBSD-gnats-submit@freebsd.org>; Tue,  3 Jan 2006 01:27:35 +0100 (CET)
Received: from mx1.h3q.net ([127.0.0.1])
 by localhost (mx1.h3q.net [127.0.0.1]) (amavisd-new, port 10024) with ESMTP
 id 94924-08 for <FreeBSD-gnats-submit@freebsd.org>;
 Tue,  3 Jan 2006 01:27:34 +0100 (CET)
Received: from shapeshifter.se (81-234-243-91-o926.tbon.telia.com [81.234.243.91])
	(using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits))
	(No client certificate requested)
	by mx1.h3q.net (Postfix) with ESMTP id 790541A9D4
	for <FreeBSD-gnats-submit@freebsd.org>; Tue,  3 Jan 2006 01:27:33 +0100 (CET)
Received: by shapeshifter.se (sSMTP sendmail emulation); Tue,  3 Jan 2006 01:27:46 +0100
Message-Id: <20060103002733.790541A9D4@mx1.h3q.net>
Date: Tue,  3 Jan 2006 01:27:46 +0100
From: Fredrik Lindberg <fli@shapeshifter.se>
To: FreeBSD-gnats-submit@freebsd.org
Subject: [patch] ipfw(8) sometimes treat ipv6 input as ipv4
X-Send-Pr-Version: 3.113
X-GNATS-Notify:

>Number:         91245
>Category:       bin
>Synopsis:       [patch] ipfw(8) sometimes treat ipv6 input as ipv4
>Confidential:   no
>Severity:       non-critical
>Priority:       low
>Responsible:    mlaier
>State:          closed
>Quarter:        
>Keywords:       
>Date-Required:  
>Class:          sw-bug
>Submitter-Id:   current-users
>Arrival-Date:   Tue Jan 03 00:30:08 GMT 2006
>Closed-Date:    Sun May 14 03:56:53 GMT 2006
>Last-Modified:  Sun May 14 03:56:53 GMT 2006
>Originator:     Fredrik Lindberg
>Release:        FreeBSD 7.0-CURRENT i386
>Organization:
>Environment:
System: FreeBSD genesis.int.shapeshifter.se 7.0-CURRENT FreeBSD 7.0-CURRENT #6: Tue Dec 6 22:01:51 CET 2005 root@genesis.int.shapeshifter.se:/usr/obj/usr/src/sys/GENESIS i386


	
>Description:
ipfw(8) fails to parse ipv6 input when given a netmask or list of
ipv6 addresses. The input is then treated as ipv4 internally by ipfw(8).

>How-To-Repeat:
>Fix:
This occurs in add_src()/add_dst(). Because the ipfw commands which
triggers this never explicitly states that it is ipv6 (allow tcp from),
proto will never be set to IPPROTO_IPV6/IPPROTO_IP and the code will
resort to the inet_pton() check, which is fine with a single
ipv6-address but not with a netmask or a list.
 
This is the easiest possible fix. Treat input as ipv6 if there are
atleast two colon signs `:' in it.
 
Another solution might be to extract the recognition logic from
the fill_ip/fill_ip6 routines for use in add_src/add_dst, but
that would require alot more work.

--- ipfw2.c-20060102.patch begins here ---
Index: ipfw2.c
===================================================================
RCS file: /home/ncvs/src/sbin/ipfw/ipfw2.c,v
retrieving revision 1.80
diff -u -r1.80 ipfw2.c
--- ipfw2.c	29 Nov 2005 15:25:09 -0000	1.80
+++ ipfw2.c	2 Jan 2006 20:22:14 -0000
@@ -3703,7 +3703,8 @@
 	struct in6_addr a;
 
 	if (proto == IPPROTO_IPV6  || strcmp(av, "me6") == 0 ||
-	    inet_pton(AF_INET6, av, &a))
+	    inet_pton(AF_INET6, av, &a) ||
+	    strchr(av, ':') != strrchr(av, ':'))
 		return add_srcip6(cmd, av);
 	/* XXX: should check for IPv4, not !IPv6 */
 	if (proto == IPPROTO_IP || strcmp(av, "me") == 0 ||
@@ -3721,7 +3722,8 @@
 	struct in6_addr a;
 
 	if (proto == IPPROTO_IPV6  || strcmp(av, "me6") == 0 ||
-	    inet_pton(AF_INET6, av, &a))
+	    inet_pton(AF_INET6, av, &a) ||
+	    strchr(av, ':') != strrchr(av, ':'))
 		return add_dstip6(cmd, av);
 	/* XXX: should check for IPv4, not !IPv6 */
 	if (proto == IPPROTO_IP || strcmp(av, "me") == 0 ||
--- ipfw2.c-20060102.patch ends here ---


>Release-Note:
>Audit-Trail:
Responsible-Changed-From-To: freebsd-bugs->freebsd-ipfw 
Responsible-Changed-By: linimon 
Responsible-Changed-When: Sat Jan 7 04:49:31 UTC 2006 
Responsible-Changed-Why:  
Over to maintainer(s). 

http://www.freebsd.org/cgi/query-pr.cgi?pr=91245 
Responsible-Changed-From-To: freebsd-ipfw->mlaier 
Responsible-Changed-By: mlaier 
Responsible-Changed-When: Sat May 13 15:50:52 UTC 2006 
Responsible-Changed-Why:  
I'll take care of this. 

http://www.freebsd.org/cgi/query-pr.cgi?pr=91245 
State-Changed-From-To: open->closed 
State-Changed-By: mlaier 
State-Changed-When: Sun May 14 03:55:57 UTC 2006 
State-Changed-Why:  
Fixed in ipfw2.c, rev. 1.87.  Thanks for the report. 

http://www.freebsd.org/cgi/query-pr.cgi?pr=91245 
>Unformatted:
 >ipfw add allow tcp from 03f1::234:123:0342/24 to me
 ipfw: hostname ``03f1'' unknown
  
 >ipfw add allow tcp from 1234::234:123:1,03f1::234:123:2 to me
 ipfw: bad netmask ``:234:123:1,03f1::234:123:2''
 
