From fukaumi@soum.co.jp  Wed Oct  8 03:51:00 2003
Return-Path: <fukaumi@soum.co.jp>
Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125])
	by hub.freebsd.org (Postfix) with ESMTP id BF4E316A4BF
	for <FreeBSD-gnats-submit@freebsd.org>; Wed,  8 Oct 2003 03:51:00 -0700 (PDT)
Received: from gate.soum.co.jp (gate.soum.co.jp [202.221.40.2])
	by mx1.FreeBSD.org (Postfix) with ESMTP id 34C7943FDF
	for <FreeBSD-gnats-submit@freebsd.org>; Wed,  8 Oct 2003 03:50:58 -0700 (PDT)
	(envelope-from fukaumi@soum.co.jp)
Received: from force.soum.co.jp (force.soum.co.jp [IPv6:2001:240:c4:1:a00:20ff:fef0:4c9c])
	by gate.soum.co.jp (8.12.9/8.12.9) with ESMTP id h98AotS3022162
	for <FreeBSD-gnats-submit@freebsd.org>; Wed, 8 Oct 2003 19:50:55 +0900 (JST)
	(envelope-from fukaumi@soum.co.jp)
Received: from fun.soum.co.jp ([2001:240:c4:1:2e0:18ff:fe00:d8ee])
	by force.soum.co.jp (8.11.7/3.7W-2003052906) with ESMTP id h98Aosf13065
	for <FreeBSD-gnats-submit@freebsd.org>; Wed, 8 Oct 2003 19:50:54 +0900 (JST)
Message-Id: <1xwubgc8a9.wl@fun.soum.co.jp>
Date: Wed, 08 Oct 2003 19:50:54 +0900
From: FUKAUMI Naoki <fukaumi@soum.co.jp>
Reply-To: FUKAUMI Naoki <fukaumi@soum.co.jp>
To: FreeBSD-gnats-submit@freebsd.org
Subject: IP Filter IPv6 accounting bug

>Number:         57736
>Category:       kern
>Synopsis:       IP Filter IPv6 accounting bug
>Confidential:   no
>Severity:       critical
>Priority:       high
>Responsible:    darrenr
>State:          closed
>Quarter:        
>Keywords:       
>Date-Required:  
>Class:          sw-bug
>Submitter-Id:   current-users
>Arrival-Date:   Wed Oct 08 04:00:25 PDT 2003
>Closed-Date:    Mon Jul 05 16:25:18 GMT 2004
>Last-Modified:  Mon Jul 05 16:25:18 GMT 2004
>Originator:     FUKAUMI Naoki
>Release:        FreeBSD 4.9-PRERELEASE i386
>Organization:
SOUM Corporation
>Environment:
>Description:
	IP Filter IPv6 accounting (packet byte count) is broken.
>How-To-Repeat:
	# echo count in all | ipf -6 -f -
	# echo count out all | ipf -6 -f -
	(some IPv6 communication)
	# ipfstat -6 -aio
	(count is incorrect)
>Fix:
	This PR and patch was sent to author few minutes ago.

--- fil.c.orig	2003-06-28 00:29:37.000000000 +0900
+++ fil.c	2003-10-08 19:15:03.000000000 +0900
@@ -630,7 +630,7 @@
 {
 	register struct frentry *fr;
 	register fr_ip_t *fi = &fin->fin_fi;
-	int rulen, portcmp = 0, off, skip = 0, logged = 0;
+	int rulen, portcmp = 0, off, skip = 0, logged = 0, len, v = ip->ip_v;
 	u_32_t pass, passt, passl;
 	frentry_t *frl;
 
@@ -809,10 +809,20 @@
 		}
 #endif /* IPFILTER_LOG */
 		ATOMIC_INCL(fr->fr_hits);
-		if (passt & FR_ACCOUNT)
-			fr->fr_bytes += (U_QUAD_T)ip->ip_len;
-		else
+		if (passt & FR_ACCOUNT) {
+#ifdef	USE_INET6
+			if (v == 6) {
+				len = ntohs(((ip6_t*)ip)->ip6_plen);
+				len += sizeof(ip6_t);
+			} else
+#endif
+			{
+				len = ip->ip_len;
+			}
+			fr->fr_bytes += (U_QUAD_T)len;
+		} else {
 			fin->fin_icode = fr->fr_icode;
+		}
 		fin->fin_rule = rulen;
 		fin->fin_group = fr->fr_group;
 		if (fr->fr_grp != NULL) {
>Release-Note:
>Audit-Trail:
Responsible-Changed-From-To: freebsd-bugs->darrenr 
Responsible-Changed-By: kris 
Responsible-Changed-When: Thu Oct 16 23:27:09 PDT 2003 
Responsible-Changed-Why:  
Assign to ipfilter author 

http://www.freebsd.org/cgi/query-pr.cgi?pr=57736 
State-Changed-From-To: open->feedback 
State-Changed-By: darrenr 
State-Changed-When: Tue Apr 20 05:46:11 PDT 2004 
State-Changed-Why:  
working on fix with author 

http://www.freebsd.org/cgi/query-pr.cgi?pr=57736 

From: Darren Reed <darrenr@reed.wattle.id.au>
To: fukaumi@soum.co.jp, freebsd-gnats-submit@FreeBSD.org
Cc:  
Subject: Re: kern/57736: IP Filter IPv6 accounting bug
Date: Tue, 20 Apr 2004 22:43:26 +1000 (EST)

 This patch should also fix it.
 
 Darren
 
 Index: fil.c
 ===================================================================
 RCS file: /devel/CVS/IP-Filter/fil.c,v
 retrieving revision 2.35.2.80
 diff -c -r2.35.2.80 fil.c
 *** fil.c	2004/04/10 11:45:20	2.35.2.80
 --- fil.c	2004/04/20 12:41:59
 ***************
 *** 821,827 ****
   #endif /* IPFILTER_LOG */
   		ATOMIC_INCL(fr->fr_hits);
   		if (passt & FR_ACCOUNT)
 ! 			fr->fr_bytes += (U_QUAD_T)ip->ip_len;
   		else
   			fin->fin_icode = fr->fr_icode;
   		fin->fin_rule = rulen;
 --- 821,827 ----
   #endif /* IPFILTER_LOG */
   		ATOMIC_INCL(fr->fr_hits);
   		if (passt & FR_ACCOUNT)
 ! 			fr->fr_bytes += (U_QUAD_T)fin->fin_plen;
   		else
   			fin->fin_icode = fr->fr_icode;
   		fin->fin_rule = rulen;
State-Changed-From-To: feedback->closed 
State-Changed-By: darrenr 
State-Changed-When: Mon Jul 5 16:23:46 GMT 2004 
State-Changed-Why:  
patch supplied and fixed in -current & RELENG_4. 

http://www.freebsd.org/cgi/query-pr.cgi?pr=57736 
>Unformatted:
