Bug 211796

Summary: missing htonl calls in pf range check
Product: Base System Reporter: Michael Coulter <freebsd>
Component: kernAssignee: freebsd-pf (Nobody) <pf>
Status: Closed FIXED    
Severity: Affects Some People CC: gonzo, kp, melifaro, mmokhi
Priority: ---    
Version: CURRENT   
Hardware: Any   
OS: Any   

Description Michael Coulter 2016-08-12 21:10:24 UTC 
Greetings fellow packet filterers!

Ranges in pf seem to be broken.

After some digging, it looks like this patch was missed:

http://cvsweb.openbsd.org/cgi-bin/cvsweb/src/sys/net/pf.c.diff?r1=1.696&r2=1.696.2.1

Cheers!
- mjc
Comment 1 Mark Linimon freebsd_committer freebsd_triage 2016-08-14 12:55:29 UTC 
Adding the two most recent committers to pf.c into the Cc: list for comment.
Comment 2 commit-hook freebsd_committer freebsd_triage 2016-08-15 12:13:41 UTC 
A commit references this bug:

Author: kp
Date: Mon Aug 15 12:13:14 UTC 2016
New revision: 304152
URL: https://svnweb.freebsd.org/changeset/base/304152

Log:
  pf: Add missing byte-order swap to pf_match_addr_range

  Without this, rules using address ranges (e.g. "10.1.1.1 - 10.1.1.5") did not
  match addresses correctly on little-endian systems.

  PR:		211796
  Obtained from:	OpenBSD (sthen)
  MFC after:	3 days

Changes:
  head/sys/netpfil/pf/pf.c
Comment 3 commit-hook freebsd_committer freebsd_triage 2016-08-19 11:32:13 UTC 
A commit references this bug:

Author: kp
Date: Fri Aug 19 11:31:30 UTC 2016
New revision: 304462
URL: https://svnweb.freebsd.org/changeset/base/304462

Log:
  MFC r304152:

  pf: Add missing byte-order swap to pf_match_addr_range

  Without this, rules using address ranges (e.g. "10.1.1.1 - 10.1.1.5") did not
  match addresses correctly on little-endian systems.

  PR:       211796
  Obtained from:    OpenBSD (sthen)

Changes:
_U  stable/11/
  stable/11/sys/netpfil/pf/pf.c
Comment 4 commit-hook freebsd_committer freebsd_triage 2016-08-19 11:36:16 UTC 
A commit references this bug:

Author: kp
Date: Fri Aug 19 11:36:00 UTC 2016
New revision: 304463
URL: https://svnweb.freebsd.org/changeset/base/304463

Log:
  MFC r304152:

  pf: Add missing byte-order swap to pf_match_addr_range

  Without this, rules using address ranges (e.g. "10.1.1.1 - 10.1.1.5") did not
  match addresses correctly on little-endian systems.

  PR:       211796
  Obtained from:    OpenBSD (sthen)

Changes:
_U  stable/10/
  stable/10/sys/netpfil/pf/pf.c
Comment 5 commit-hook freebsd_committer freebsd_triage 2016-08-19 13:40:29 UTC 
A commit references this bug:

Author: kp
Date: Fri Aug 19 13:39:37 UTC 2016
New revision: 304466
URL: https://svnweb.freebsd.org/changeset/base/304466

Log:
  MFC r304152:

  pf: Add missing byte-order swap to pf_match_addr_range

  Without this, rules using address ranges (e.g. "10.1.1.1 - 10.1.1.5") did not
  match addresses correctly on little-endian systems.

  PR:       211796
  Obtained from:    OpenBSD (sthen)

Changes:
  stable/9/sys/contrib/pf/net/pf.c
Comment 6 Oleksandr Tymoshenko freebsd_committer freebsd_triage 2019-01-21 19:17:26 UTC 
There is a commit referencing this PR, but it's still not closed and has been inactive for some time. Closing the PR as fixed but feel free to re-open it if the issue hasn't been completely resolved.

Thanks
Comment 7 Oleksandr Tymoshenko freebsd_committer freebsd_triage 2019-01-21 19:17:37 UTC 
There is a commit referencing this PR, but it's still not closed and has been inactive for some time. Closing the PR as fixed but feel free to re-open it if the issue hasn't been completely resolved.

Thanks