In struct ip_fw, the member timespace becomes padded with 32-bits
because a pointer follows it.  This causes the RULESIZE() macro to
miscalculate the size of the rule by 4 bytes.  Resulting in EINVAL
and kernel warnings:

bowie# ipfw add allow all from me to
00000 allow ip from me to
ipfw: size mismatch (have 64 want 68)
ipfw: getsockopt(IP_FW_ADD): Invalid argument

(Shouldn't 00000 be 00100?)

I worked around the breakage by moving next_rule to the second
position in the struct.  I imagine the real solution involves not
jamming kernel pointers into public interfaces.

Also, ipfw(8) has lots of warnings as a result of printf()s with
deprecated quad_t's.  This should be easily fixed by using intmax_t's.

Best regards,
Mike Barcroft

To Unsubscribe: send mail to [EMAIL PROTECTED]
with "unsubscribe freebsd-current" in the body of the message

Reply via email to