From benny@pilgerer.de  Fri Mar 26 09:49:30 2004
Return-Path: <benny@pilgerer.de>
Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125])
	by hub.freebsd.org (Postfix) with ESMTP id BA93216A4CE
	for <FreeBSD-gnats-submit@freebsd.org>; Fri, 26 Mar 2004 09:49:30 -0800 (PST)
Received: from hamlet.pilgerer.de (hamlet.pilgerer.de [213.133.123.43])
	by mx1.FreeBSD.org (Postfix) with ESMTP id E806943D31
	for <FreeBSD-gnats-submit@freebsd.org>; Fri, 26 Mar 2004 09:49:29 -0800 (PST)
	(envelope-from benny@pilgerer.de)
Received: from hamlet.pilgerer.de (hamlet.pilgerer.de [213.133.123.43])
	by hamlet.pilgerer.de (8.12.10/8.12.10) with ESMTP id i2QHnG7m042539
	for <FreeBSD-gnats-submit@freebsd.org>; Fri, 26 Mar 2004 18:49:16 +0100 (CET)
Received: (from benny@localhost)
	by hamlet.pilgerer.de (8.12.10/8.12.7/Submit) id i2QHnGww042538;
	Fri, 26 Mar 2004 18:49:16 +0100 (CET)
Message-Id: <200403261749.i2QHnGww042538@hamlet.pilgerer.de>
Date: Fri, 26 Mar 2004 18:49:16 +0100 (CET)
From: "Benny v. M." <benny@pilgerer.de>
Reply-To: "Benny v. M." <benny@pilgerer.de>
To: FreeBSD-gnats-submit@freebsd.org
Cc:
Subject: IPFW2: incorrect parsing of 0.0.0.0/0 expression
X-Send-Pr-Version: 3.113
X-GNATS-Notify:

>Number:         64778
>Category:       kern
>Synopsis:       IPFW2: incorrect parsing of 0.0.0.0/0 expression
>Confidential:   no
>Severity:       non-critical
>Priority:       medium
>Responsible:    maxim
>State:          closed
>Quarter:        
>Keywords:       
>Date-Required:  
>Class:          sw-bug
>Submitter-Id:   current-users
>Arrival-Date:   Fri Mar 26 09:50:09 PST 2004
>Closed-Date:    Tue May 25 00:40:52 PDT 2004
>Last-Modified:  Tue May 25 00:40:52 PDT 2004
>Originator:     Benjamin von Mossner
>Release:        FreeBSD 5.2.1-RELEASE-p3 i386
>Organization:
pilgerer.org e.V.
>Environment:
System: FreeBSD oberon.pilgerer.org 5.2.1-RELEASE-p3 FreeBSD 5.2.1-RELEASE-p3 #1: Mon Mar 22 17:53:55 CET 2004 root@oberon.pilgerer.org:/usr/obj/usr/src/sys/OBERON i386


    
>Description:
    ipfw2 evaluates 0.0.0.0/0 ip/net expression to 'me' instead of 'any'.

>How-To-Repeat:
    bensons:/home/benny# ipfw add allow ip from any to 0.0.0.0/0
    00200 allow ip from any to me
    bensons:/home/benny# ipfw add allow ip from 0.0.0.0/0 to any
    00300 allow ip from me to any
    bensons:/home/benny# ipfw add allow ip from \{ 0.0.0.0/0 or 1.1.1.1/1 \} to any 
    00400 allow ip from { me or 0.0.0.0/1 } to any
    ...
>Fix:

    I'm not familiar enough with the ipfw2.c code. So no patch/fix available.

>Release-Note:
>Audit-Trail:

From: Maxim Konovalov <maxim@macomnet.ru>
To: "Benny v. M." <benny@pilgerer.de>
Cc: bug-followup@freebsd.org, luigi@freebsd.org
Subject: Re: kern/64778: IPFW2: incorrect parsing of 0.0.0.0/0 expression
Date: Fri, 26 Mar 2004 21:46:09 +0300 (MSK)

 Yes, it is known bug in ipfw2(8).
 
 Please try a fix I posted several months ago.  Perhaps I should go
 ahead and commit it.
 
 %%%
 
 From maxim@macomnet.ru Fri Mar 26 21:42:45 2004
 Date: Fri, 29 Aug 2003 00:07:01 +0400 (MSD)
 From: Maxim Konovalov <maxim@macomnet.ru>
 To: Petri Helenius <pete@he.iki.fi>
 Cc: freebsd-net@freebsd.org
 Subject: Re: ipfw parsing bug
 
 On Thu, 28 Aug 2003, 23:01+0300, Petri Helenius wrote:
 
 >
 > ipfw seems to have developed a bug lately on 5-CURRENT;
 > # ipfw add 2042 allow tcp from 0.0.0.0/0 to me
 > 42
 > 02042 allow tcp from me to me dst-port 42
 >
 > It used to work that 0.0.0.0/0 was "any" instead of "me". Last I checked
 > the notation is also widely used in networking gear for default route which
 > is a "catch any" definition.
 
 Known ipfw2 bug.  Try this:
 
 Index: ipfw2.c
 ===================================================================
 RCS file: /home/ncvs/src/sbin/ipfw/ipfw2.c,v
 retrieving revision 1.38
 diff -u -r1.38 ipfw2.c
 --- ipfw2.c	21 Jul 2003 09:56:05 -0000	1.38
 +++ ipfw2.c	28 Jul 2003 15:51:26 -0000
 @@ -2046,7 +2046,7 @@
  				errx(EX_DATAERR, "not any never matches");
  		}
  		/* else do nothing and skip this entry */
 -		continue;
 +		return;
  	}
  	/* A single IP can be stored in an optimized format */
  	if (d[1] == IP_MASK_ALL && av == NULL && len == 0) {
 %%%
 
 -- 
 Maxim Konovalov
State-Changed-From-To: open->patched 
State-Changed-By: maxim 
State-Changed-When: Fri Apr 9 10:26:05 PDT 2004 
State-Changed-Why:  
Fixed in rev. 1.46 src/sbin/ipfw/ipfw2.c in -CURRENT. 


Responsible-Changed-From-To: freebsd-bugs->maxim 
Responsible-Changed-By: maxim 
Responsible-Changed-When: Fri Apr 9 10:26:05 PDT 2004 
Responsible-Changed-Why:  
MFC reminder. 

http://www.freebsd.org/cgi/query-pr.cgi?pr=64778 
State-Changed-From-To: patched->closed 
State-Changed-By: maxim 
State-Changed-When: Tue May 25 00:40:10 PDT 2004 
State-Changed-Why:  
-STABLE does not have this bug. 

http://www.freebsd.org/cgi/query-pr.cgi?pr=64778 
>Unformatted:
