Subject: bin/26413: ipf 4.1.3 parsing problems (/sbin/ipf)
To: None <gnats-bugs@gnats.NetBSD.org>
From: None <gcw@primenet.com.au>
List: netbsd-bugs
Date: 07/23/2004 18:26:51
>Number: 26413
>Category: bin
>Synopsis: ipf parsing corrupts lines it sends to kernel
>Confidential: no
>Severity: serious
>Priority: medium
>Responsible: bin-bug-people
>State: open
>Class: sw-bug
>Submitter-Id: net
>Arrival-Date: Fri Jul 23 08:28:00 UTC 2004
>Closed-Date:
>Last-Modified:
>Originator: Geoff C. Wing
>Release: NetBSD 2.0G (2004-06-23)
>Organization:
>Environment:
System: NetBSD g.primenet.com.au 2.0G NetBSD 2.0G (G) #0: Fri Jul 23 16:33:49 EST 2004 gcw@g.primenet.com.au:/usr/netbsd/src/sys/arch/i386/compile/G i386
Architecture: i386
Machine: i386
>Description:
ipf after early July (and including recent 4.1.3 import) has problems
parsing. Port data information gets corrupted. I've only noticed it
when using groups and several lines with named ports, e.g. the
following lines
block in quick proto tcp from any to any port = nntp group 1
block in quick proto tcp from any to any port = ftp group 1
became
block in quick proto tcp from any to any port = 65535 group 1
block in quick proto tcp from any to any port = ftp group 1
After a couple more correct port lines every line with port
information becomes "port = 65535". Rewriting the lines so that
fewer groups are used avoids it. As does using numeric port lines.
>How-To-Repeat:
.
>Fix:
?
>Release-Note:
>Audit-Trail:
>Unformatted: