From nobody@FreeBSD.org  Wed Apr 30 11:42:37 2008
Return-Path: <nobody@FreeBSD.org>
Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34])
	by hub.freebsd.org (Postfix) with ESMTP id 74BA81065688
	for <freebsd-gnats-submit@FreeBSD.org>; Wed, 30 Apr 2008 11:42:37 +0000 (UTC)
	(envelope-from nobody@FreeBSD.org)
Received: from www.freebsd.org (www.freebsd.org [IPv6:2001:4f8:fff6::21])
	by mx1.freebsd.org (Postfix) with ESMTP id CFBCF8FC25
	for <freebsd-gnats-submit@FreeBSD.org>; Wed, 30 Apr 2008 11:42:36 +0000 (UTC)
	(envelope-from nobody@FreeBSD.org)
Received: from www.freebsd.org (localhost [127.0.0.1])
	by www.freebsd.org (8.14.2/8.14.2) with ESMTP id m3UBfvrf041106
	for <freebsd-gnats-submit@FreeBSD.org>; Wed, 30 Apr 2008 11:41:57 GMT
	(envelope-from nobody@www.freebsd.org)
Received: (from nobody@localhost)
	by www.freebsd.org (8.14.2/8.14.1/Submit) id m3UBfvaK041105;
	Wed, 30 Apr 2008 11:41:57 GMT
	(envelope-from nobody)
Message-Id: <200804301141.m3UBfvaK041105@www.freebsd.org>
Date: Wed, 30 Apr 2008 11:41:57 GMT
From: Eugenio Maffione <eugenio.maffione@telecomitalia.it>
To: freebsd-gnats-submit@FreeBSD.org
Subject: mistake in ng_bpf manpage
X-Send-Pr-Version: www-3.1
X-GNATS-Notify:

>Number:         123255
>Category:       docs
>Synopsis:       mistake in ng_bpf(4) manpage
>Confidential:   no
>Severity:       non-critical
>Priority:       low
>Responsible:    keramida
>State:          closed
>Quarter:        
>Keywords:       
>Date-Required:  
>Class:          doc-bug
>Submitter-Id:   current-users
>Arrival-Date:   Wed Apr 30 11:50:01 UTC 2008
>Closed-Date:    Mon Feb 02 05:02:53 UTC 2009
>Last-Modified:  Mon Feb 02 05:02:53 UTC 2009
>Originator:     Eugenio Maffione
>Release:        6.2
>Organization:
Telecomitalia
>Environment:
GENERIC!
>Description:
I'm writing to you because I think to have found a little mistake in the ng_bpf man page.

Actually the mistake is in the script proposed in the manpage.

I notice that in some cases the statement 
printf " { code=%d jt=%d jf=%d k=%d }", \$1, \$2, \$3, \$4; 
causes an incorrect programming of the bpf filter.

This happens when the "k" value exceed the MAX_INTEGER value as when, for example, the tcpdump expression refers a network where the the first octect is greater than 128.

In that case the awk generates a negative value for "k" and the bpf matches always (I don't understand why, but it happens).


>How-To-Repeat:
This happens when the "k" value exceed the MAX_INTEGER value as when, for example, the tcpdump expression refers a network where the the first octect is greater than 128. (e.g . PATTERN="udp and dst net 255.255.0.0/16")

>Fix:
I tried to change the printf statement changing the format for using a conversion to unsigned (%u) but  the poor result is to have the absolute value of "k" (so just deleting the minus) [this probably is a problem in awk].

Finallly, I've found that the working one format for the printg in the manpage is " { code=%d jt=%d jf=%d k=%s }" that preserves the right unsigned integer values.

Hopefully  this help some other novice...


>Release-Note:
>Audit-Trail:
Responsible-Changed-From-To: freebsd-bugs->freebsd-doc 
Responsible-Changed-By: linimon 
Responsible-Changed-When: Wed Apr 30 14:21:59 UTC 2008 
Responsible-Changed-Why:  
reclassify. 

http://www.freebsd.org/cgi/query-pr.cgi?pr=123255 
State-Changed-From-To: open->analyzed 
State-Changed-By: keramida 
State-Changed-When: Wed Jul 30 04:14:47 UTC 2008 
State-Changed-Why:  
I'll handle this. 


Responsible-Changed-From-To: freebsd-doc->keramida 
Responsible-Changed-By: keramida 
Responsible-Changed-When: Wed Jul 30 04:14:47 UTC 2008 
Responsible-Changed-Why:  

http://www.freebsd.org/cgi/query-pr.cgi?pr=123255 

From: Giorgos Keramidas <keramida@freebsd.org>
To: Eugenio Maffione <eugenio.maffione@telecomitalia.it>
Cc: freebsd-gnats-submit@freebsd.org
Subject: Re: kern/123255: mistake in ng_bpf manpage
Date: Wed, 30 Jul 2008 07:14:30 +0300

 On Wed, 30 Apr 2008 11:41:57 GMT, Eugenio Maffione <eugenio.maffione@telecomitalia.it> wrote:
 > I'm writing to you because I think to have found a little mistake in
 > the ng_bpf man page.
 >
 > Actually the mistake is in the script proposed in the manpage.
 
 Good catch :)
 
 > I notice that in some cases the statement
 > printf " { code=%d jt=%d jf=%d k=%d }", \$1, \$2, \$3, \$4;
 > causes an incorrect programming of the bpf filter.
 >
 > This happens when the "k" value exceed the MAX_INTEGER value as when,
 > for example, the tcpdump expression refers a network where the the
 > first octect is greater than 128.
 >
 > In that case the awk generates a negative value for "k" and the bpf
 > matches always (I don't understand why, but it happens).
 
 ACK.  I can reproduce this here.
 
 > This happens when the "k" value exceed the MAX_INTEGER value as when,
 > for example, the tcpdump expression refers a network where the the
 > first octect is greater than 128. (e.g . PATTERN="udp and dst net
 > 255.255.0.0/16")
 
 We don't really need awk for that.  A simple shell script will also do:
 
 : $ sudo tcpdump -s 8192 -ddd "udp and dst net 255.255.0.0/16" | \
 :     ( read len ; \
 :       echo "bpf_prog_len=$len" ; \
 :       echo "bpf_prog=[" ; \
 :       while read code jt jf k ; do \
 :           echo "{ code=$code jt=$jt jf=$jf k=$k }" ; \
 :       done ; \
 :       echo "]" )
 
 This yields:
 
 : bpf_prog_len=10
 : bpf_prog=[
 : { code=40 jt=0 jf=0 k=12 }
 : { code=21 jt=7 jf=0 k=34525 }
 : { code=21 jt=0 jf=6 k=2048 }
 : { code=48 jt=0 jf=0 k=23 }
 : { code=21 jt=0 jf=4 k=17 }
 : { code=32 jt=0 jf=0 k=30 }
 : { code=84 jt=0 jf=0 k=4294901760 }
 : { code=21 jt=0 jf=1 k=4294901760 }
 : { code=6 jt=0 jf=0 k=8192 }
 : { code=6 jt=0 jf=0 k=0 }
 : ]
 
 I'll replace the awk version with the shell code, if there are no
 objections in the next few days.
 
 Thank you for reporting what you noticed, and the for excellent analysis
 of why it happens :-)
 
State-Changed-From-To: analyzed->patched 
State-Changed-By: keramida 
State-Changed-When: Fri Jan 30 19:33:17 UTC 2009 
State-Changed-Why:  
Fixed in head.  I will merge the new example to the stable/6 
and stable/7 branches in a few days. 

http://www.freebsd.org/cgi/query-pr.cgi?pr=123255 

From: dfilter@FreeBSD.ORG (dfilter service)
To: bug-followup@FreeBSD.org
Cc:  
Subject: Re: docs/123255: commit references a PR
Date: Fri, 30 Jan 2009 19:33:22 +0000 (UTC)

 Author: keramida (doc committer)
 Date: Fri Jan 30 19:33:04 2009
 New Revision: 187935
 URL: http://svn.freebsd.org/changeset/base/187935
 
 Log:
   Sometimes, depending on the bpf filter rules used in $PATTERN,
   the example script of the manpage feeds awk(1) with values larger
   than UINT32_MAX.  Then awk prints a negative value, and this
   messes up $BPFPROG.  Trying to load the resulting bpf byte codes
   with ngctl then fails.
   
   For example, the output for PATTERN="udp and dst net 255.255.0.0/16"
   should be (all in one line):
   
       bpf_prog_len=10
       bpf_prog=[
         { code=40 jt=0 jf=0 k=12 }
         { code=21 jt=7 jf=0 k=34525 }
         { code=21 jt=0 jf=6 k=2048 }
         { code=48 jt=0 jf=0 k=23 }
         { code=21 jt=0 jf=4 k=17 }
         { code=32 jt=0 jf=0 k=30 }
         { code=84 jt=0 jf=0 k=4294901760 }
         { code=21 jt=0 jf=1 k=4294901760 }
         { code=6 jt=0 jf=0 k=8192 }
         { code=6 jt=0 jf=0 k=0 }
       ]
   
   The two k=4294901760 values are displayed as k=-2147483648 by awk.
   
   Replace the awk script of the manpage example with a slower but
   safer version, that doesn't really attempt to convert the byte
   code printed by tcpdump from string to number and back.
   
   PR:		docs/123255
   Submitted by:	Eugenio Maffione, eugenio.maffione at telecomitalia.it
   MFC after:	3 days
 
 Modified:
   head/share/man/man4/ng_bpf.4
 
 Modified: head/share/man/man4/ng_bpf.4
 ==============================================================================
 --- head/share/man/man4/ng_bpf.4	Fri Jan 30 18:34:54 2009	(r187934)
 +++ head/share/man/man4/ng_bpf.4	Fri Jan 30 19:33:04 2009	(r187935)
 @@ -156,21 +156,14 @@ INHOOK="hook1"
  MATCHHOOK="hook2"
  NOTMATCHHOOK="hook3"
  
 -cat > /tmp/bpf.awk << xxENDxx
 -{
 -  if (!init) {
 -    printf "bpf_prog_len=%d bpf_prog=[", \\$1;
 -    init=1;
 -  } else {
 -    printf " { code=%d jt=%d jf=%d k=%d }", \\$1, \\$2, \\$3, \\$4;
 -  }
 -}
 -END {
 -  print " ]"
 -}
 -xxENDxx
 -
 -BPFPROG=`tcpdump -s 8192 -ddd ${PATTERN} | awk -f /tmp/bpf.awk`
 +BPFPROG=$( tcpdump -s 8192 -ddd ${PATTERN} | \\
 +           ( read len ; \\
 +             echo -n "bpf_prog_len=$len" ; \\
 +             echo -n "bpf_prog=[" ; \\
 +             while read code jt jf k ; do \\
 +                 echo -n " { code=$code jt=$jt jf=$jf k=$k }" ; \\
 +             done ; \\
 +             echo " ]" ) )
  
  ngctl msg ${NODEPATH} setprogram { thisHook=\\"${INHOOK}\\" \\
    ifMatch=\\"${MATCHHOOK}\\" \\
 _______________________________________________
 svn-src-all@freebsd.org mailing list
 http://lists.freebsd.org/mailman/listinfo/svn-src-all
 To unsubscribe, send any mail to "svn-src-all-unsubscribe@freebsd.org"
 

From: dfilter@FreeBSD.ORG (dfilter service)
To: bug-followup@FreeBSD.org
Cc:  
Subject: Re: docs/123255: commit references a PR
Date: Mon,  2 Feb 2009 04:57:56 +0000 (UTC)

 Author: keramida (doc committer)
 Date: Mon Feb  2 04:57:36 2009
 New Revision: 187999
 URL: http://svn.freebsd.org/changeset/base/187999
 
 Log:
   MFC 187935 from /head
   
   Sometimes, depending on the bpf filter rules used in $PATTERN,
   the example script of the manpage feeds awk(1) with values larger
   than UINT32_MAX.  Then awk prints a negative value, and this
   messes up $BPFPROG.  Trying to load the resulting bpf byte codes
   with ngctl then fails.
   
   For example, the output for PATTERN="udp and dst net 255.255.0.0/16"
   should be (all in one line):
   
       bpf_prog_len=10
       bpf_prog=[
         { code=40 jt=0 jf=0 k=12 }
         { code=21 jt=7 jf=0 k=34525 }
         { code=21 jt=0 jf=6 k=2048 }
         { code=48 jt=0 jf=0 k=23 }
         { code=21 jt=0 jf=4 k=17 }
         { code=32 jt=0 jf=0 k=30 }
         { code=84 jt=0 jf=0 k=4294901760 }
         { code=21 jt=0 jf=1 k=4294901760 }
         { code=6 jt=0 jf=0 k=8192 }
         { code=6 jt=0 jf=0 k=0 }
       ]
   
   The two k=4294901760 values are displayed as k=-2147483648 by awk.
   
   Replace the awk script of the manpage example with a slower but
   safer version, that doesn't really attempt to convert the byte
   code printed by tcpdump from string to number and back.
   
   PR:           docs/123255
   Submitted by: Eugenio Maffione, eugenio.maffione at telecomitalia.it
 
 Modified:
   stable/7/share/man/man4/   (props changed)
   stable/7/share/man/man4/igb.4   (props changed)
   stable/7/share/man/man4/ng_bpf.4
 
 Modified: stable/7/share/man/man4/ng_bpf.4
 ==============================================================================
 --- stable/7/share/man/man4/ng_bpf.4	Mon Feb  2 04:53:39 2009	(r187998)
 +++ stable/7/share/man/man4/ng_bpf.4	Mon Feb  2 04:57:36 2009	(r187999)
 @@ -156,21 +156,14 @@ INHOOK="hook1"
  MATCHHOOK="hook2"
  NOTMATCHHOOK="hook3"
  
 -cat > /tmp/bpf.awk << xxENDxx
 -{
 -  if (!init) {
 -    printf "bpf_prog_len=%d bpf_prog=[", \\$1;
 -    init=1;
 -  } else {
 -    printf " { code=%d jt=%d jf=%d k=%d }", \\$1, \\$2, \\$3, \\$4;
 -  }
 -}
 -END {
 -  print " ]"
 -}
 -xxENDxx
 -
 -BPFPROG=`tcpdump -s 8192 -ddd ${PATTERN} | awk -f /tmp/bpf.awk`
 +BPFPROG=$( tcpdump -s 8192 -ddd ${PATTERN} | \\
 +           ( read len ; \\
 +             echo -n "bpf_prog_len=$len" ; \\
 +             echo -n "bpf_prog=[" ; \\
 +             while read code jt jf k ; do \\
 +                 echo -n " { code=$code jt=$jt jf=$jf k=$k }" ; \\
 +             done ; \\
 +             echo " ]" ) )
  
  ngctl msg ${NODEPATH} setprogram { thisHook=\\"${INHOOK}\\" \\
    ifMatch=\\"${MATCHHOOK}\\" \\
 _______________________________________________
 svn-src-all@freebsd.org mailing list
 http://lists.freebsd.org/mailman/listinfo/svn-src-all
 To unsubscribe, send any mail to "svn-src-all-unsubscribe@freebsd.org"
 

From: dfilter@FreeBSD.ORG (dfilter service)
To: bug-followup@FreeBSD.org
Cc:  
Subject: Re: docs/123255: commit references a PR
Date: Mon,  2 Feb 2009 04:59:21 +0000 (UTC)

 Author: keramida (doc committer)
 Date: Mon Feb  2 04:59:00 2009
 New Revision: 188000
 URL: http://svn.freebsd.org/changeset/base/188000
 
 Log:
   MFC 187935 from /head
   
   Sometimes, depending on the bpf filter rules used in $PATTERN,
   the example script of the manpage feeds awk(1) with values larger
   than UINT32_MAX.  Then awk prints a negative value, and this
   messes up $BPFPROG.  Trying to load the resulting bpf byte codes
   with ngctl then fails.
   
   For example, the output for PATTERN="udp and dst net 255.255.0.0/16"
   should be (all in one line):
   
       bpf_prog_len=10
       bpf_prog=[
         { code=40 jt=0 jf=0 k=12 }
         { code=21 jt=7 jf=0 k=34525 }
         { code=21 jt=0 jf=6 k=2048 }
         { code=48 jt=0 jf=0 k=23 }
         { code=21 jt=0 jf=4 k=17 }
         { code=32 jt=0 jf=0 k=30 }
         { code=84 jt=0 jf=0 k=4294901760 }
         { code=21 jt=0 jf=1 k=4294901760 }
         { code=6 jt=0 jf=0 k=8192 }
         { code=6 jt=0 jf=0 k=0 }
       ]
   
   The two k=4294901760 values are displayed as k=-2147483648 by awk.
   
   Replace the awk script of the manpage example with a slower but
   safer version, that doesn't really attempt to convert the byte
   code printed by tcpdump from string to number and back.
   
   PR:           docs/123255
   Submitted by: Eugenio Maffione, eugenio.maffione at telecomitalia.it
 
 Modified:
   stable/6/share/man/man4/   (props changed)
   stable/6/share/man/man4/ng_bpf.4
   stable/6/share/man/man4/xl.4   (props changed)
 
 Modified: stable/6/share/man/man4/ng_bpf.4
 ==============================================================================
 --- stable/6/share/man/man4/ng_bpf.4	Mon Feb  2 04:57:36 2009	(r187999)
 +++ stable/6/share/man/man4/ng_bpf.4	Mon Feb  2 04:59:00 2009	(r188000)
 @@ -156,21 +156,14 @@ INHOOK="hook1"
  MATCHHOOK="hook2"
  NOTMATCHHOOK="hook3"
  
 -cat > /tmp/bpf.awk << xxENDxx
 -{
 -  if (!init) {
 -    printf "bpf_prog_len=%d bpf_prog=[", \\$1;
 -    init=1;
 -  } else {
 -    printf " { code=%d jt=%d jf=%d k=%d }", \\$1, \\$2, \\$3, \\$4;
 -  }
 -}
 -END {
 -  print " ]"
 -}
 -xxENDxx
 -
 -BPFPROG=`tcpdump -s 8192 -ddd ${PATTERN} | awk -f /tmp/bpf.awk`
 +BPFPROG=$( tcpdump -s 8192 -ddd ${PATTERN} | \\
 +           ( read len ; \\
 +             echo -n "bpf_prog_len=$len" ; \\
 +             echo -n "bpf_prog=[" ; \\
 +             while read code jt jf k ; do \\
 +                 echo -n " { code=$code jt=$jt jf=$jf k=$k }" ; \\
 +             done ; \\
 +             echo " ]" ) )
  
  ngctl msg ${NODEPATH} setprogram { thisHook=\\"${INHOOK}\\" \\
    ifMatch=\\"${MATCHHOOK}\\" \\
 _______________________________________________
 svn-src-all@freebsd.org mailing list
 http://lists.freebsd.org/mailman/listinfo/svn-src-all
 To unsubscribe, send any mail to "svn-src-all-unsubscribe@freebsd.org"
 
State-Changed-From-To: patched->closed 
State-Changed-By: keramida 
State-Changed-When: Mon Feb 2 05:00:46 UTC 2009 
State-Changed-Why:  
Thanks for submitting the original problem to Gnats, and 
for being patient while I pondered about a good way to 
solve this. 

I have merged the fix to the stable/6 [r188000] and the 
stable/7 [r187999] branches now. 

http://www.freebsd.org/cgi/query-pr.cgi?pr=123255 
>Unformatted:
