Page MenuHomeFreeBSD
Differential D30164

sbin/ipfw: Fix parsing error in table based forward
ClosedPublic
Actions

Authored by donner on May 7 2021, 7:07 PM.
Tags
None
Referenced Files
F134119173: D30164.id88859.diff
Thu, Oct 30, 10:38 PM
Unknown Object (File)
Sat, Oct 25, 11:29 PM
Unknown Object (File)
Mon, Oct 20, 6:24 AM
Unknown Object (File)
Thu, Oct 9, 8:43 PM
Unknown Object (File)
Oct 1 2025, 1:07 AM
Unknown Object (File)
Sep 28 2025, 5:41 PM
Unknown Object (File)
Sep 23 2025, 4:52 AM
Unknown Object (File)
Sep 21 2025, 10:14 AM
View All Files
Subscribers
ae
imp
Contributor Reviews (src)

Details

Reviewers
nc
Group Reviewers
network
Commits
rG8addaaa5fb86: sbin/ipfw: Fix parsing error in table based forward
rG7200fdb9da3a: sbin/ipfw: Fix parsing error in table based forward
rG6cb13813caa0: sbin/ipfw: Fix parsing error in table based forward
Summary

The argument parser does not recognise the optional port for an
"tablearg" argument. Fix simplifies the code by make the internal
representation expicit for the parser.

PR: 252744
MFC: 1 week

Test Plan
# ipfw add 7110 fwd tablearg,8000 tcp from 'table(5)' to any dst-port 80,8000,8080
07110 fwd tablearg,8000 tcp from table(5) to any 80,8000,8080

Diff Detail

Repository
rG FreeBSD src repository
Lint
Lint Not Applicable
Unit
Tests Not Applicable

Event Timeline

donner created this revision.May 7 2021, 7:07 PM
Herald added subscribers: Contributor Reviews (src), imp. · View Herald TranscriptMay 7 2021, 7:07 PM
donner requested review of this revision.May 7 2021, 7:07 PM
Harbormaster completed remote builds in B39077: Diff 88859.May 7 2021, 7:08 PM
donner added reviewers: network, nc.May 7 2021, 7:10 PM
nc accepted this revision.May 8 2021, 7:34 PM

LGTM.

Keep in mind that I'm a ports committer. I'm not a src committer, and haven't really been doing much work on ipfw lately. I'm more focused on ports nowadays and if not that, then drm-kmod/linuxkpi (which I only started with). It's just that ports committers can commit to src with approval of a src committer, and vice versa.

I'd recommend getting a src committer to approve as well.

This revision is now accepted and ready to land.May 8 2021, 7:34 PM
Closed by commit rG6cb13813caa0: sbin/ipfw: Fix parsing error in table based forward (authored by donner). · Explain WhyMay 8 2021, 8:53 PM
This revision was automatically updated to reflect the committed changes.
donner added a commit: rG6cb13813caa0: sbin/ipfw: Fix parsing error in table based forward.
ae added a subscriber: ae.May 10 2021, 9:51 PM

Replacing _substrcmp() with strncmp(,,8) breaks the case, when "tablearg" is part of hostname:port syntax.

donner added a comment.May 11 2021, 5:27 AM
In D30164#678109, @ae wrote:

Replacing _substrcmp() with strncmp(,,8) breaks the case, when "tablearg" is part of hostname:port syntax.

No, it _substrcmp() is used to match any shorter string instead of "tablearg", and prints a depreciation warning.
It will never match "tablearg,80" to "tablearg", because the argument is longer than the searched string.
This behavior caused the initial problem report.

strncmp(,,8) does match "tablearg" exactly regardless of an optional port part.

ae added a comment.May 11 2021, 7:27 AM

I meant the case fwd tableargs.home.lan:8000.

donner added a comment.May 11 2021, 8:11 AM
In D30164#678274, @ae wrote:

I meant the case fwd tableargs.home.lan:8000.

Interesting case. Thank you.
This will be rejected.

donner added a commit: rG7200fdb9da3a: sbin/ipfw: Fix parsing error in table based forward.May 18 2021, 6:11 AM
donner added a commit: rG8addaaa5fb86: sbin/ipfw: Fix parsing error in table based forward.May 18 2021, 6:16 AM

Revision Contents
Changeset List

PathSize
sbin/
ipfw/
87 lines

Diff 88901

View Options

sbin/ipfw/ipfw2.c

Loading...