From fli@biocandy.shapeshifter.se  Wed Sep  7 10:27:49 2005
Return-Path: <fli@biocandy.shapeshifter.se>
Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125])
	by hub.freebsd.org (Postfix) with ESMTP id 84A8716A41F
	for <FreeBSD-gnats-submit@freebsd.org>; Wed,  7 Sep 2005 10:27:49 +0000 (GMT)
	(envelope-from fli@biocandy.shapeshifter.se)
Received: from mx1.h3q.net (manticore.shapeshifter.se [212.37.5.30])
	by mx1.FreeBSD.org (Postfix) with ESMTP id 128B443D45
	for <FreeBSD-gnats-submit@freebsd.org>; Wed,  7 Sep 2005 10:27:48 +0000 (GMT)
	(envelope-from fli@biocandy.shapeshifter.se)
Received: from localhost (localhost [127.0.0.1])
	by mx1.h3q.net (Postfix) with ESMTP id B26631A744
	for <FreeBSD-gnats-submit@freebsd.org>; Wed,  7 Sep 2005 12:27:45 +0200 (CEST)
Received: from mx1.h3q.net ([127.0.0.1])
 by localhost (manticore.shapeshifter.se [127.0.0.1]) (amavisd-new, port 10024)
 with ESMTP id 64699-03 for <FreeBSD-gnats-submit@freebsd.org>;
 Wed,  7 Sep 2005 12:27:44 +0200 (CEST)
Received: from biocandy.shapeshifter.se (h4n2fls31o270.telia.com [217.208.199.4])
	by mx1.h3q.net (Postfix) with ESMTP id 9195B1A743
	for <FreeBSD-gnats-submit@freebsd.org>; Wed,  7 Sep 2005 12:27:44 +0200 (CEST)
Received: by biocandy.shapeshifter.se (Postfix, from userid 1001)
	id 5409942D5; Wed,  7 Sep 2005 12:27:44 +0200 (CEST)
Message-Id: <20050907102744.5409942D5@biocandy.shapeshifter.se>
Date: Wed,  7 Sep 2005 12:27:44 +0200 (CEST)
From: Fredrik Lindberg <fli@shapeshifter.se>
To: FreeBSD-gnats-submit@freebsd.org
Cc:
Subject: [patch] Unknown opcode panic when ipfw is compiled without INET6 	
X-Send-Pr-Version: 3.113
X-GNATS-Notify:

>Number:         85826
>Category:       kern
>Synopsis:       [patch] Unknown opcode panic when ipfw is compiled without INET6
>Confidential:   no
>Severity:       non-critical
>Priority:       low
>Responsible:    bz
>State:          closed
>Quarter:        
>Keywords:       
>Date-Required:  
>Class:          sw-bug
>Submitter-Id:   current-users
>Arrival-Date:   Wed Sep 07 10:30:13 GMT 2005
>Closed-Date:    Sat Sep 17 13:49:38 GMT 2005
>Last-Modified:  Sat Sep 17 13:49:38 GMT 2005
>Originator:     Fredrik Lindberg
>Release:        FreeBSD 7.0-CURRENT i386
>Organization:
>Environment:
System: FreeBSD biocandy.shapeshifter.se 7.0-CURRENT FreeBSD 7.0-CURRENT #18: Tue Sep 6 14:03:13 CEST 2005 root@biocandy.shapeshifter.se:/usr/obj/usr/src/sys/BIOCANDY-CURRENT i386


	
>Description:
It's possible to panic your system if ipfw(4) is compiled without INET6.
ipfw(8) still accepts ip6 rules and inserts them into the ruleset.
But since all ip6 code is behind INET6 ipfw_chk() won't recognize the
rule opcode and instead panic with "unknown opcode".

>How-To-Repeat:
> cd sys/modules/ipfw && make
> kldload ./ipfw.ko
> ipfw add allow ip6 from dead:cafe:babe::1 to me
<trigger some network traffic>

panic: -- unknown opcode 73

>Fix:
Return EOPNOTSUPP in check_ipfw_struct if a user tries to insert
ip6 rules to a ipfw(4) module compiled without INET6 support. 

> ipfw add allow ip6 from dead:cafe:babe::1 to me
ipfw: getsockopt(IP_FW_ADD): Operation not supported

--- ip_fw2.c-ip6-20050907.patch begins here ---
Index: ip_fw2.c
===================================================================
RCS file: /home/ncvs/src/sys/netinet/ip_fw2.c,v
retrieving revision 1.110
diff -u -r1.110 ip_fw2.c
--- ip_fw2.c	4 Sep 2005 17:33:40 -0000	1.110
+++ ip_fw2.c	7 Sep 2005 10:00:32 -0000
@@ -3553,6 +3553,22 @@
 			return EINVAL;
 		}
 		DEB(printf("ipfw: opcode %d\n", cmd->opcode);)
+#ifndef INET6
+		switch (cmd->opcode) {
+		case O_IP6_SRC_ME:
+		case O_IP6_DST_ME:
+		case O_IP6_SRC:
+		case O_IP6_DST:
+		case O_IP6:
+		case O_FLOW6ID:
+		case O_IP6_SRC_MASK:
+		case O_IP6_DST_MASK:
+		case O_ICMP6TYPE:
+			return (EOPNOTSUPP);
+		default:
+			break;
+		}
+#endif /* !INET6 */
 		switch (cmd->opcode) {
 		case O_PROBE_STATE:
 		case O_KEEP_STATE:
--- ip_fw2.c-ip6-20050907.patch ends here ---


>Release-Note:
>Audit-Trail:
Responsible-Changed-From-To: freebsd-bugs->bz 
Responsible-Changed-By: bz 
Responsible-Changed-When: Wed Sep 7 14:34:40 GMT 2005 
Responsible-Changed-Why:  
already know the code so handle this... 

http://www.freebsd.org/cgi/query-pr.cgi?pr=85826 
State-Changed-From-To: open->patched 
State-Changed-By: bz 
State-Changed-When: Wed Sep 14 07:54:26 GMT 2005 
State-Changed-Why:  
I committed an updated version of the patch (see ip_fw2.c rev. 1.111) 
sucessfully tested by submitter for all four cases w/ and w/o INET6, 
ipfw as module or compiled into kernel.. 

http://www.freebsd.org/cgi/query-pr.cgi?pr=85826 
State-Changed-From-To: patched->closed 
State-Changed-By: bz 
State-Changed-When: Sat Sep 17 13:48:35 GMT 2005 
State-Changed-Why:  
The patch comitted to HEAD has been MFCed. 
Many thanks for reporting and testing. 

http://www.freebsd.org/cgi/query-pr.cgi?pr=85826 
>Unformatted:
