D56618.id177870.diff
View Options

	diff --git a/sbin/ipfw/ipfw2.c b/sbin/ipfw/ipfw2.c
	--- a/sbin/ipfw/ipfw2.c
	+++ b/sbin/ipfw/ipfw2.c
	@@ -3595,12 +3595,13 @@
	* list unless it is the only item, in which case we
	* report an error.
	*/
	- if (cmd->o.len & F_NOT) { /* "not any" never matches */
	- if (av == NULL && len == 0) /* only this entry */
	+ if (av == NULL && len == 0) {
	+ if (cmd->o.len & F_NOT) /* "not any" never matches */
	errx(EX_DATAERR, "not any never matches");
	+ return;
	}
	/* else do nothing and skip this entry */
	- return;
	+ continue;
	}
	/* A single IP can be stored in an optimized format */
	if (d[1] == (uint32_t)~0 && av == NULL && len == 0) {
	diff --git a/sbin/ipfw/ipv6.c b/sbin/ipfw/ipv6.c
	--- a/sbin/ipfw/ipv6.c
	+++ b/sbin/ipfw/ipv6.c
	@@ -396,8 +396,6 @@
	n2mask(&d[1], masklen);
	}

	- APPLY_MASK(d, &d[1]); /* mask base address with mask */
	-
	av = q;

	/* Check this entry */
	@@ -408,11 +406,16 @@
	* list unless it is the only item, in which case we
	* report an error.
	*/
	- if (cmd->o.len & F_NOT && av == NULL && len == 0)
	- errx(EX_DATAERR, "not any never matches");
	+ if (av == NULL && len == 0) {
	+ if (cmd->o.len & F_NOT)
	+ errx(EX_DATAERR, "not any never matches");
	+ return (1);
	+ }
	continue;
	}

	+ APPLY_MASK(d, &d[1]); /* mask base address with mask */
	+
	/*
	* A single IP can be stored alone
	*/
	diff --git a/sbin/ipfw/tests/test_add_rule.py b/sbin/ipfw/tests/test_add_rule.py
	--- a/sbin/ipfw/tests/test_add_rule.py
	+++ b/sbin/ipfw/tests/test_add_rule.py
	@@ -135,6 +135,30 @@
	},
	id="test_rulenum",
	),
	+ pytest.param(
	+ {
	+ "in": "add allow ip4 from any to 1.2.3.4/0",
	+ "out": {
	+ "insns": [
	+ InsnEmpty(IpFwOpcode.O_IP4),
	+ InsnEmpty(IpFwOpcode.O_ACCEPT),
	+ ],
	+ },
	+ },
	+ id="test_zero_addrmask4",
	+ ),
	+ pytest.param(
	+ {
	+ "in": "add allow ip6 from any to ::/0",
	+ "out": {
	+ "insns": [
	+ InsnEmpty(IpFwOpcode.O_IP6),
	+ InsnEmpty(IpFwOpcode.O_ACCEPT),
	+ ],
	+ },
	+ },
	+ id="test_zero_addrmask6",
	+ ),
	pytest.param(
	{
	"in": "add allow ip from { 1.2.3.4 or 2.3.4.5 } to any",
	diff --git a/tests/atf_python/sys/netpfil/ipfw/insns.py b/tests/atf_python/sys/netpfil/ipfw/insns.py
	--- a/tests/atf_python/sys/netpfil/ipfw/insns.py
	+++ b/tests/atf_python/sys/netpfil/ipfw/insns.py
	@@ -682,6 +682,8 @@


	AttrDescr(IpFwOpcode.O_NOP, InsnComment),
	+ AttrDescr(IpFwOpcode.O_IP4, InsnEmpty),
	+ AttrDescr(IpFwOpcode.O_IP6, InsnEmpty),
	AttrDescr(IpFwOpcode.O_PROTO, InsnProto),
	AttrDescr(IpFwOpcode.O_PROB, InsnProb),
	AttrDescr(IpFwOpcode.O_IP_DST_ME, InsnEmpty),

File Metadata

Mime Type: text/plain
Expires: Tue, May 19, 9:57 PM (2 h, 4 m)
Storage Engine: blob
Storage Format: Raw Data
Storage Handle: 33329400
Default Alt Text: D56618.id177870.diff (3 KB)

D56618.id177870.diff
No OneTemporary
Actions

D56618.id177870.diff
View Options

File Metadata

Event Timeline

D56618.id177870.diffNo OneTemporaryActions

D56618.id177870.diffView Options

File Metadata

Event Timeline

D56618.id177870.diff
No OneTemporary
Actions

D56618.id177870.diff
View Options