netbsd-bugs: kern/34284: when "ippool -F" is invoked, error is "ioctl(SIOCLOOKUPFLUSH): Bad address"

Subject: kern/34284: when "ippool -F" is invoked, error is "ioctl(SIOCLOOKUPFLUSH): Bad address"
To: None <kern-bug-people@netbsd.org, gnats-admin@netbsd.org,>
From: None <yancm@sdf.lonestar.org>
List: netbsd-bugs
Date: 08/26/2006 00:10:00

>Number:         34284
>Category:       kern
>Synopsis:       when "ippool -F" is invoked, error is "ioctl(SIOCLOOKUPFLUSH): Bad address"
>Confidential:   no
>Severity:       non-critical
>Priority:       medium
>Responsible:    kern-bug-people
>State:          open
>Class:          sw-bug
>Submitter-Id:   net
>Arrival-Date:   Sat Aug 26 00:10:00 +0000 2006
>Originator:     Gene ENonymous
>Release:        3 Stable
>Organization:
>Environment:
NetBSD sleepy 3.1_RC1 NetBSD 3.1_RC1 (GENERIC) #1: Thu Aug 24 06:52:07 EDT 2006  root@sleepy:/usr/obj/sys/arch/i386/compile/GENERIC i386
>Description:
After enabling ippool in the GENERIC kernel config, you can load
a simple pool. It gets loaded and can be verified. When you flush
you get the error, but the flush appears to have occured.

Test session:

# cat simple.pool
table role = ipf type = tree number = 5
{ 1/32; 159.146.0.0/16; 96.0.0.0/4; };
# ippool -l
# ippool -f simple.pool
# ippool -l
table role = ipf type = tree number = 5
{ 1/32; 159.146.0.0/16; 96.0.0.0/4; };
# ippool -F
ioctl(SIOCLOOKUPFLUSH): Bad address
# ippool -l
#
>How-To-Repeat:
Test session; remember, must have:
/dev/iplookup (if not rerun MAKEDEV all)
and compile a GENERIC kernel with 
options IPFILTER_LOOKUP

# cat simple.pool
table role = ipf type = tree number = 5
{ 1/32; 159.146.0.0/16; 96.0.0.0/4; };
# ippool -l
# ippool -f simple.pool
# ippool -l
table role = ipf type = tree number = 5
{ 1/32; 159.146.0.0/16; 96.0.0.0/4; };
# ippool -F
ioctl(SIOCLOOKUPFLUSH): Bad address
# ippool -l
#
>Fix:
This is Darren's fix, he says this fix will be included in 
ipf v4.1.14:

In kernel
/usr/src/dist/ipf/ip_lookup.c
and userland
/usr/src/sys/dist/ipf/netinet/ip_lookup.c

the following patch fixes the error message...

--- ip_lookup.c.cvs     2006-08-23 20:47:11.000000000 -0400
+++ ip_lookup.c 2006-08-24 06:39:02.000000000 -0400
@@ -489,7 +489,7 @@

        if (err == 0) {
                flush.iplf_count = num;
-               err = COPYOUT(&flush, data, sizeof(flush));
+               BCOPYOUT(&flush, data, sizeof(flush));
        }
        return err;
 }