From nobody@FreeBSD.org  Thu Apr 18 08:22:43 2013
Return-Path: <nobody@FreeBSD.org>
Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1])
	by hub.freebsd.org (Postfix) with ESMTP id CB356727
	for <freebsd-gnats-submit@FreeBSD.org>; Thu, 18 Apr 2013 08:22:43 +0000 (UTC)
	(envelope-from nobody@FreeBSD.org)
Received: from red.freebsd.org (red.freebsd.org [IPv6:2001:4f8:fff6::22])
	by mx1.freebsd.org (Postfix) with ESMTP id BBDA32D3
	for <freebsd-gnats-submit@FreeBSD.org>; Thu, 18 Apr 2013 08:22:43 +0000 (UTC)
Received: from red.freebsd.org (localhost [127.0.0.1])
	by red.freebsd.org (8.14.5/8.14.5) with ESMTP id r3I8MgUb030111
	for <freebsd-gnats-submit@FreeBSD.org>; Thu, 18 Apr 2013 08:22:42 GMT
	(envelope-from nobody@red.freebsd.org)
Received: (from nobody@localhost)
	by red.freebsd.org (8.14.5/8.14.5/Submit) id r3I8MgRg030110;
	Thu, 18 Apr 2013 08:22:42 GMT
	(envelope-from nobody)
Message-Id: <201304180822.r3I8MgRg030110@red.freebsd.org>
Date: Thu, 18 Apr 2013 08:22:42 GMT
From: Jukka Ukkonen <jau@oxit.fi>
To: freebsd-gnats-submit@FreeBSD.org
Subject: ipfw fails to parse port ranges (p1-p2) for udp
X-Send-Pr-Version: www-3.1
X-GNATS-Notify:

>Number:         177948
>Category:       kern
>Synopsis:       [ipfw] ipfw fails to parse port ranges (p1-p2) for udp
>Confidential:   no
>Severity:       non-critical
>Priority:       low
>Responsible:    freebsd-ipfw
>State:          open
>Quarter:        
>Keywords:       
>Date-Required:  
>Class:          sw-bug
>Submitter-Id:   current-users
>Arrival-Date:   Thu Apr 18 08:30:00 UTC 2013
>Closed-Date:    
>Last-Modified:  Mon Feb 17 15:50:00 UTC 2014
>Originator:     Jukka Ukkonen
>Release:        9.1-STABLE
>Organization:
-
>Environment:
FreeBSD sleipnir 9.1-STABLE FreeBSD 9.1-STABLE #0 r249607M: Thu Apr 18 09:18:42 EEST 2013     root@sleipnir:/usr/obj/usr/src/sys/Sleipnir  amd64

>Description:
ipfw does not understand port ranges on lines like this...

add 03011 deny log udp from any to any 1024-65535 in recv em1

Instead of treating the numbers and the dash between them as a port range
it complains about "-65535".

The error has been occurring only when the protocol has been UDP.
When the protocol is TCP ipfw properly handles the port range as expected.
Notice that SCTP has not been tested.

>How-To-Repeat:
Try adding a configuration line like the one shown in "full description",
restart ipfw, and see it complain something like this...

Line 7368: unrecognised option [-1] -65535

>Fix:
No idea yet.


>Release-Note:
>Audit-Trail:
Responsible-Changed-From-To: freebsd-bugs->freebsd-ipfw 
Responsible-Changed-By: linimon 
Responsible-Changed-When: Sat Apr 20 17:04:46 UTC 2013 
Responsible-Changed-Why:  
Over to maintainer(s). 

http://www.freebsd.org/cgi/query-pr.cgi?pr=177948 

From: Ian Smith <smithi@nimnet.asn.au>
To: bug-followup@FreeBSD.org, jau@oxit.fi
Cc:  
Subject: Re: kern/177948: [ipfw] ipfw fails to parse port ranges (p1-p2) for
 udp
Date: Sun, 21 Apr 2013 12:17:12 +1000

 I can't reproduce this on 9.1-RELEASE, unless I put a space anywhere
 amongst p1, '-' and p2, in which case I see the same error you show.
 
 # ipfw add 03011 deny log udp from any to any 1024-65535 in recv fxp0
 03011 deny log udp from any to any dst-port 1024-65535 in recv fxp0
 # ipfw list 3011
 03011 deny log udp from any to any dst-port 1024-65535 in recv fxp0
 
 # ipfw add 03011 deny log udp from any to any 1024 -65535 in recv fxp0
 ipfw: unrecognised option [-1] -65535
 
 # ipfw add 03011 deny log udp from any to any 1024- 65535 in recv fxp0
 ipfw: unrecognised option [-1] 1024-
 
 Can you verify that there is no whitespace (obvious, or perhaps some
 non-printing character?) on or near line 7368 of your config file?
 
 If that looks ok, can you show the byte offset of that line in your
 file, for example by placing that line at the bottom of the screen in
 less(1) then pressing '='?
 
 cheers, Ian

From: Jukka Ukkonen <jau@oxit.fi>
To: Ian Smith <smithi@nimnet.asn.au>
Cc: bug-followup@FreeBSD.org
Subject: Re: kern/177948: [ipfw] ipfw fails to parse port ranges (p1-p2) for
 udp
Date: Sun, 21 Apr 2013 14:33:07 +0300

 On 04/21/13 05:17, Ian Smith wrote:
 > I can't reproduce this on 9.1-RELEASE, unless I put a space anywhere
 > amongst p1, '-' and p2, in which case I see the same error you show.
 >
 > # ipfw add 03011 deny log udp from any to any 1024-65535 in recv fxp0
 > 03011 deny log udp from any to any dst-port 1024-65535 in recv fxp0
 > # ipfw list 3011
 > 03011 deny log udp from any to any dst-port 1024-65535 in recv fxp0
 >
 > # ipfw add 03011 deny log udp from any to any 1024 -65535 in recv fxp0
 > ipfw: unrecognised option [-1] -65535
 >
 > # ipfw add 03011 deny log udp from any to any 1024- 65535 in recv fxp0
 > ipfw: unrecognised option [-1] 1024-
 >
 > Can you verify that there is no whitespace (obvious, or perhaps some
 > non-printing character?) on or near line 7368 of your config file?
 >
 > If that looks ok, can you show the byte offset of that line in your
 > file, for example by placing that line at the bottom of the screen in
 > less(1) then pressing '='?
 >
 > cheers, Ian
 
 Right,
 
 After some further inspection I have news...
 
 This seems to be a problem in clang-cpp which adds an extra space
 before the dash in a macro which should have a value of the format
 "number1-number2". So, e.g. "1024-65535" becomes "1024 -65535".
 
 If I use gcpp instead, everything works just fine with ipfw.
 
 The fact that I did not see this happening with TCP rules as well was
 just lucky coincidence.
 
 So, this is a clang problem, not an ipfw problem!!!
 
 Cheers,
 --jau
 

From: Ian Smith <smithi@nimnet.asn.au>
To: Jukka Ukkonen <jau@oxit.fi>
Cc: bug-followup@FreeBSD.org
Subject: Re: kern/177948: [ipfw] ipfw fails to parse port ranges (p1-p2) for
 udp
Date: Sun, 21 Apr 2013 22:21:06 +1000 (EST)

 On Sun, 21 Apr 2013 14:33:07 +0300, Jukka Ukkonen wrote:
  > On 04/21/13 05:17, Ian Smith wrote:
  > > I can't reproduce this on 9.1-RELEASE, unless I put a space anywhere
  > > amongst p1, '-' and p2, in which case I see the same error you show.
 [..]
 
  > Right,
  > 
  > After some further inspection I have news...
  > 
  > This seems to be a problem in clang-cpp which adds an extra space
  > before the dash in a macro which should have a value of the format
  > "number1-number2". So, e.g. "1024-65535" becomes "1024 -65535".
 
 Naughty clang!  For one thing, that's emitting two values ..
 
  > If I use gcpp instead, everything works just fine with ipfw.
  > 
  > The fact that I did not see this happening with TCP rules as well was
  > just lucky coincidence.
  > 
  > So, this is a clang problem, not an ipfw problem!!!
  > 
  > Cheers,
  > --jau
 
 Good news for ipfw, anyway.  I don't know the correct form .. should 
 this PR be reassigned, or closed with a reference in a fresh clang PR?
 
 cheers, Ian

From: Jukka Ukkonen <jau@oxit.fi>
To: Ian Smith <smithi@nimnet.asn.au>
Cc: bug-followup@FreeBSD.org
Subject: Re: kern/177948: [ipfw] ipfw fails to parse port ranges (p1-p2) for
 udp
Date: Sun, 21 Apr 2013 15:33:03 +0300

 On 04/21/13 15:21, Ian Smith wrote:
 > On Sun, 21 Apr 2013 14:33:07 +0300, Jukka Ukkonen wrote:
 >  > On 04/21/13 05:17, Ian Smith wrote:
 >  > > I can't reproduce this on 9.1-RELEASE, unless I put a space anywhere
 >  > > amongst p1, '-' and p2, in which case I see the same error you show.
 > [..]
 >
 >  > Right,
 >  > 
 >  > After some further inspection I have news...
 >  > 
 >  > This seems to be a problem in clang-cpp which adds an extra space
 >  > before the dash in a macro which should have a value of the format
 >  > "number1-number2". So, e.g. "1024-65535" becomes "1024 -65535".
 >
 > Naughty clang!  For one thing, that's emitting two values ..
 >
 >  > If I use gcpp instead, everything works just fine with ipfw.
 >  > 
 >  > The fact that I did not see this happening with TCP rules as well was
 >  > just lucky coincidence.
 >  > 
 >  > So, this is a clang problem, not an ipfw problem!!!
 >  > 
 >  > Cheers,
 >  > --jau
 >
 > Good news for ipfw, anyway.  I don't know the correct form .. should 
 > this PR be reassigned, or closed with a reference in a fresh clang PR?
 >
 > cheers, Ian
 
 Please, try reassigning first.
 This is anyhow a pretty clear issue. If the clang experts then
 wish to have a separate fresh PR for clang, they can close
 this one and request a new PR.
 
 Cheers,
 --jau
 

From: Ian Smith <smithi@nimnet.asn.au>
To: bug-followup@FreeBSD.org, jau@oxit.fi
Cc:  
Subject: Re: kern/177948: [ipfw] ipfw fails to parse port ranges (p1-p2) for
 udp
Date: Tue, 18 Feb 2014 02:43:21 +1100

 Having been determined not to be an ipfw problem, could this be closed?
 
 If still an open clang issue, Jukka or somebody might reopen it there.
 
 cheers, Ian
>Unformatted:
