From nobody@FreeBSD.org  Sat Mar 11 09:08:27 2000
Return-Path: <nobody@FreeBSD.org>
Received: from freefall.freebsd.org (freefall.FreeBSD.ORG [204.216.27.21])
	by hub.freebsd.org (Postfix) with ESMTP id 1579C37BC9D
	for <freebsd-gnats-submit@FreeBSD.org>; Sat, 11 Mar 2000 09:08:27 -0800 (PST)
	(envelope-from nobody@FreeBSD.org)
Received: (from nobody@localhost)
	by freefall.freebsd.org (8.9.3/8.9.2) id JAA63271;
	Sat, 11 Mar 2000 09:08:26 -0800 (PST)
	(envelope-from nobody@FreeBSD.org)
Message-Id: <200003111708.JAA63271@freefall.freebsd.org>
Date: Sat, 11 Mar 2000 09:08:26 -0800 (PST)
From: spock@techfour.net
Sender: nobody@FreeBSD.org
To: freebsd-gnats-submit@FreeBSD.org
Subject: [PATCH] ipfw logs ICMP and unknown packets, with same src and dest address
X-Send-Pr-Version: www-1.0

>Number:         17319
>Category:       kern
>Synopsis:       [PATCH] ipfw logs ICMP and unknown packets, with same src and dest address
>Confidential:   no
>Severity:       serious
>Priority:       high
>Responsible:    freebsd-bugs
>State:          closed
>Quarter:        
>Keywords:       
>Date-Required:  
>Class:          sw-bug
>Submitter-Id:   current-users
>Arrival-Date:   Sat Mar 11 09:10:01 PST 2000
>Closed-Date:    Tue Mar 14 12:37:00 PST 2000
>Last-Modified:  Tue Mar 14 12:38:01 PST 2000
>Originator:     Mike Heffner
>Release:        4.0-current
>Organization:
>Environment:
FreeBSD 4.0-CURRENT #5: Thu Mar  9 20:50:50 EST 2000
>Description:
ipfirewall will log packets that are ICMP or unknown ipproto with the 
same source and destination address. For example:

/kernel: ipfw: 271 Deny ICMP:8.0 205.156.51.204 205.156.51.204 in via ed1
/kernel: ipfw: 271 Deny ICMP:8.0 205.156.51.204 205.156.51.204 in via ed1
/kernel: ipfw: 146 Deny P:2 192.168.100.1 192.168.100.1 in via ed1
/kernel: ipfw: 146 Deny P:2 192.168.100.1 192.168.100.1 in via ed1
/kernel: ipfw: 146 Deny P:2 192.168.100.1 192.168.100.1 in via ed1

>How-To-Repeat:
have ipfw log icmp packets and/or unknown ipproto packets
>Fix:
The problem is due to incorrect use of inet_ntoa(3).

[sorry, patch might have whitespace errors]

Index: sys/netinet/ip_fw.c
===================================================================
RCS file: /home/ncvs/src/sys/netinet/ip_fw.c,v
retrieving revision 1.131
diff -u -r1.131 ip_fw.c
--- ip_fw.c     2000/02/29 17:51:25     1.131
+++ ip_fw.c     2000/03/10 20:04:13
@@ -464,7 +464,6 @@
                }
        }

-       len = 0;
        switch (ip->ip_p) {
        case IPPROTO_TCP:
                len = snprintf(SNPARGS(proto, 0), "TCP %s",
@@ -500,12 +499,13 @@
                            icmp->icmp_type, icmp->icmp_code);
                else
                        len = snprintf(SNPARGS(proto, 0), "ICMP ");
-               snprintf(SNPARGS(proto, len), "%s %s", inet_ntoa(ip->ip_src),
-                   inet_ntoa(ip->ip_dst));
+               len += snprintf(SNPARGS(proto, len), "%s", inet_ntoa(ip->ip_src));
+               snprintf(SNPARGS(proto, len), " %s", inet_ntoa(ip->ip_dst));
                break;
        default:
-               snprintf(SNPARGS(proto, 0), "P:%d %s %s", ip->ip_p,
-                   inet_ntoa(ip->ip_src), inet_ntoa(ip->ip_dst));
+               len = snprintf(SNPARGS(proto, 0), "P:%d %s", ip->ip_p,
+                              inet_ntoa(ip->ip_src));
+               snprintf(SNPARGS(proto, len), " %s", inet_ntoa(ip->ip_dst));
                break;
        }




>Release-Note:
>Audit-Trail:
State-Changed-From-To: open->closed 
State-Changed-By: ru 
State-Changed-When: Tue Mar 14 12:37:00 PST 2000 
State-Changed-Why:  
Patch committed, thanks! 
>Unformatted:
