Attachment #206385 for bug #238796




}


/*
 * IFNAMES are located in the variable length field starting at
 * frentry.fr_names. As pointers within the struct cannot be passed
 * to the kernel from ipf(8), an offset is used. An offset of -1 means it
 * is unused (invalid). If it is used (valid) it is an offset to the
 * character string of an interface name or a comment. The following
 * macros will assist those who follow to understand the code.
 */
#define IPF_IFNAME_VALID(_a)	(_a != -1)
#define IPF_IFNAME_INVALID(_a)	(_a == -1)
#define IPF_IFNAMES_DIFFERENT(_a)	\
	!((IPF_IFNAME_INVALID(fr1->_a) &&	\
	IPF_IFNAME_INVALID(fr2->_a)) ||	\
	(IPF_IFNAME_VALID(fr1->_a) &&	\
	IPF_IFNAME_VALID(fr2->_a) &&	\
	!strcmp(FR_NAME(fr1, _a), FR_NAME(fr2, _a))))
#define IPF_FRDEST_DIFFERENT(_a)	\
	(memcmp(&fr1->_a.fd_addr, &fr2->_a.fd_addr,	\
	offsetof(frdest_t, fd_name) - offsetof(frdest_t, fd_addr)) ||	\
	IPF_IFNAMES_DIFFERENT(_a.fd_name))


/* ------------------------------------------------------------------------ */
/* Function:    ipf_rule_compare                                            */
/* Parameters:  fr1(I) - first rule structure to compare                    */

static int
ipf_rule_compare(frentry_t *fr1, frentry_t *fr2)
{
	int i;

	if (fr1->fr_cksum != fr2->fr_cksum)
		return (1);
	if (fr1->fr_size != fr2->fr_size)
		return (2);
	if (fr1->fr_dsize != fr2->fr_dsize)
		return (3);
	if (bcmp((char *)&fr1->fr_func, (char *)&fr2->fr_func, FR_CMPSIZ)
	    != 0)
		return (4);
	/*
	 * XXX:	There is still a bug here as different rules with the
	 *	the same interfaces but in a different order will compare
	 *	differently. But since multiple interfaces in a rule doesn't
	 *	work anyway a simple straightforward compare is performed
	 *	here. Ultimately frentry_t creation will need to be
	 *	revisited in ipf_y.y. While the other issue, recognition
	 *	of only the first interface in a list of interfaces will
	 *	need to be separately addressed along with why only four.
	 */
	for (i = 0; i < FR_NUM(fr1->fr_ifnames); i++) {
		/*
		 * XXX:	It's either the same index or uninitialized.
		 * 	We assume this because multiple interfaces
		 *	referenced by the same rule doesn't work anyway.
		 */
		if (IPF_IFNAMES_DIFFERENT(fr_ifnames[i]))
			return(5);
	}

	if (IPF_FRDEST_DIFFERENT(fr_tif))
		return (6);
	if (IPF_FRDEST_DIFFERENT(fr_rif))
		return (7);
	if (IPF_FRDEST_DIFFERENT(fr_dif))
		return (8);
	if (!fr1->fr_data && !fr2->fr_data)
		return (0);	/* move along, nothing to see here */
	if (fr1->fr_data && fr2->fr_data) {
		if (bcmp(fr1->fr_caddr, fr2->fr_caddr, fr1->fr_dsize) == 0)
			return (0);	/* same */
	}
	return (9);
}



Lines 735-746 typedef struct frentry { Link Here

(-)b/sys/contrib/ipfilter/netinet/ip_fil.h (-5 / +9 lines)
735	u_char fr_icode; /* return ICMP code */	735	u_char fr_icode; /* return ICMP code */
736	int fr_group; /* group to which this rule belongs */	736	int fr_group; /* group to which this rule belongs */
737	int fr_grhead; /* group # which this rule starts */	737	int fr_grhead; /* group # which this rule starts */
738	int fr_ifnames[4];
739	int fr_isctag;	738	int fr_isctag;
740	int fr_rpc; /* XID Filtering */	739	int fr_rpc; /* XID Filtering */
741	ipftag_t fr_nattag;	740	ipftag_t fr_nattag;
742	frdest_t fr_tifs[2]; /* "to"/"reply-to" interface */
743	frdest_t fr_dif; /* duplicate packet interface */
744	/*	741	/*
745	* These are all options related to stateful filtering	742	* These are all options related to stateful filtering
746	*/	743	*/
Lines 749-754 typedef struct frentry { Link Here
749	int fr_statemax; /* max reference count */	746	int fr_statemax; /* max reference count */
750	int fr_icmphead; /* ICMP group for state options */	747	int fr_icmphead; /* ICMP group for state options */
751	u_int fr_age[2]; /* non-TCP state timeouts */	748	u_int fr_age[2]; /* non-TCP state timeouts */
		749	/*
		750	* These are compared separately.
		751	*/
		752	int fr_ifnames[4];
		753	frdest_t fr_tifs[2]; /* "to"/"reply-to" interface */
		754	frdest_t fr_dif; /* duplicate packet interface */
752	/*	755	/*
753	* How big is the name buffer at the end?	756	* How big is the name buffer at the end?
754	*/	757	*/
Lines 827-835 typedef struct frentry { Link Here
827		830
828	#define FR_NOLOGTAG 0	831	#define FR_NOLOGTAG 0
829		832
830	#define FR_CMPSIZ(_f) ((_f)->fr_size - \	833	#define FR_CMPSIZ (offsetof(struct frentry, fr_ifnames) - \
831	offsetof(struct frentry, fr_func))	834	offsetof(struct frentry, fr_func))
832	#define FR_NAME(_f, _n) (_f)->fr_names + (_f)->_n	835	#define FR_NAME(_f, _n) (_f)->fr_names + (_f)->_n
		836	#define FR_NUM(_a) (sizeof(_a) / sizeof(*_a))
833		837
834		838
835	/*	839	/*

Return to bug 238796

Lines 4418-4423 ipf_matchicmpqueryreply(v, ic, icmp, rev) Link Here

(-)b/sys/contrib/ipfilter/netinet/fil.c (-2 / +52 lines)
4418	}	4418	}
4419		4419
4420		4420
		4421	/*
		4422	* IFNAMES are located in the variable length field starting at
		4423	* frentry.fr_names. As pointers within the struct cannot be passed
		4424	* to the kernel from ipf(8), an offset is used. An offset of -1 means it
		4425	* is unused (invalid). If it is used (valid) it is an offset to the
		4426	* character string of an interface name or a comment. The following
		4427	* macros will assist those who follow to understand the code.
		4428	*/
		4429	#define IPF_IFNAME_VALID(_a) (_a != -1)
		4430	#define IPF_IFNAME_INVALID(_a) (_a == -1)
		4431	#define IPF_IFNAMES_DIFFERENT(_a) \
		4432	!((IPF_IFNAME_INVALID(fr1->_a) && \
		4433	IPF_IFNAME_INVALID(fr2->_a)) \|\| \
		4434	(IPF_IFNAME_VALID(fr1->_a) && \
		4435	IPF_IFNAME_VALID(fr2->_a) && \
		4436	!strcmp(FR_NAME(fr1, _a), FR_NAME(fr2, _a))))
		4437	#define IPF_FRDEST_DIFFERENT(_a) \
		4438	(memcmp(&fr1->_a.fd_addr, &fr2->_a.fd_addr, \
		4439	offsetof(frdest_t, fd_name) - offsetof(frdest_t, fd_addr)) \|\| \
		4440	IPF_IFNAMES_DIFFERENT(_a.fd_name))
		4441
		4442
4421	/* ------------------------------------------------------------------------ */	4443	/* ------------------------------------------------------------------------ */
4422	/* Function: ipf_rule_compare */	4444	/* Function: ipf_rule_compare */
4423	/* Parameters: fr1(I) - first rule structure to compare */	4445	/* Parameters: fr1(I) - first rule structure to compare */
Lines 4430-4451 ipf_matchicmpqueryreply(v, ic, icmp, rev) Link Here
4430	static int	4452	static int
4431	ipf_rule_compare(frentry_t fr1, frentry_t fr2)	4453	ipf_rule_compare(frentry_t fr1, frentry_t fr2)
4432	{	4454	{
		4455	int i;
		4456
4433	if (fr1->fr_cksum != fr2->fr_cksum)	4457	if (fr1->fr_cksum != fr2->fr_cksum)
4434	return (1);	4458	return (1);
4435	if (fr1->fr_size != fr2->fr_size)	4459	if (fr1->fr_size != fr2->fr_size)
4436	return (2);	4460	return (2);
4437	if (fr1->fr_dsize != fr2->fr_dsize)	4461	if (fr1->fr_dsize != fr2->fr_dsize)
4438	return (3);	4462	return (3);
4439	if (bcmp((char )&fr1->fr_func, (char )&fr2->fr_func, FR_CMPSIZ(fr1))	4463	if (bcmp((char )&fr1->fr_func, (char )&fr2->fr_func, FR_CMPSIZ)
4440	!= 0)	4464	!= 0)
4441	return (4);	4465	return (4);
		4466	/*
		4467	* XXX: There is still a bug here as different rules with the
		4468	* the same interfaces but in a different order will compare
		4469	* differently. But since multiple interfaces in a rule doesn't
		4470	* work anyway a simple straightforward compare is performed
		4471	* here. Ultimately frentry_t creation will need to be
		4472	* revisited in ipf_y.y. While the other issue, recognition
		4473	* of only the first interface in a list of interfaces will
		4474	* need to be separately addressed along with why only four.
		4475	*/
		4476	for (i = 0; i < FR_NUM(fr1->fr_ifnames); i++) {
		4477	/*
		4478	* XXX: It's either the same index or uninitialized.
		4479	* We assume this because multiple interfaces
		4480	* referenced by the same rule doesn't work anyway.
		4481	*/
		4482	if (IPF_IFNAMES_DIFFERENT(fr_ifnames[i]))
		4483	return(5);
		4484	}
		4485
		4486	if (IPF_FRDEST_DIFFERENT(fr_tif))
		4487	return (6);
		4488	if (IPF_FRDEST_DIFFERENT(fr_rif))
		4489	return (7);
		4490	if (IPF_FRDEST_DIFFERENT(fr_dif))
		4491	return (8);
4442	if (!fr1->fr_data && !fr2->fr_data)	4492	if (!fr1->fr_data && !fr2->fr_data)
4443	return (0); /* move along, nothing to see here */	4493	return (0); /* move along, nothing to see here */
4444	if (fr1->fr_data && fr2->fr_data) {	4494	if (fr1->fr_data && fr2->fr_data) {
4445	if (bcmp(fr1->fr_caddr, fr2->fr_caddr, fr1->fr_dsize) == 0)	4495	if (bcmp(fr1->fr_caddr, fr2->fr_caddr, fr1->fr_dsize) == 0)
4446	return (0); /* same */	4496	return (0); /* same */
4447	}	4497	}
4448	return (5);	4498	return (9);
4449	}	4499	}
4450		4500
4451		4501