Hi, I\'m playing around the auth rule and the sample userauth.c of
IP Filter on FreeBSD 4.2-RELEASE and below are some results and
questions:
1. There is a typo in ip_auth.c which causes the ioctl(SIOCAUTHW)
unable to fetch all the fields of the frauth_t struct. Below is
a patch for 4.2-RELEASE stock version 3.4.8:
*** /sys/netinet/ip_auth.c Sat Dec 30 22:38:09 2000
--- /sys/netinet/ip_auth.c.orig Sat Dec 30 23:35:33 2000
***************
*** 354,358 ****
if ((fr_authnext != fr_authend) && fr_authpkts[fr_authnext])
{
error = IWCOPYPTR((char *)&fr_auth[fr_authnext],
data,
! sizeof(frauth_t));
RWLOCK_EXIT(&ipf_auth);
if (error)
--- 354,358 ----
if ((fr_authnext != fr_authend) && fr_authpkts[fr_authnext])
{
error = IWCOPYPTR((char *)&fr_auth[fr_authnext],
data,
! sizeof(fr_info_t));
RWLOCK_EXIT(&ipf_auth);
if (error)
2. userauth.c should open IPAUTH_NAME instead of IPL_NAME for ioctl.
Maybe on other platforms it should be IPL_NAME?
3. It seems that \"keep state\" does not work for auth rules. For
example,
the rule:
auth in proto tcp from any to 127.0.0.1/32 port = telnet keep
state
makes every incoming telnet packet to go through the
authentication
despite the \"keep state\" option.
4. \"auth out ...\" rule does not work :-(. It makes the system hang
for a
while and then reboot.
5. auth in IP Filter 3.4.15 does not work in FreeBSD 4.2-RELEASE. The
authenticated packets nerver reach the destination even though the
variable fr_authstats.fas_queok increase as normal. I built the
KLD
module as follow:
# make freebsd4
# make install-bsd
# kldload ipf
Any hints?
Regards,
Song Bo Run
To Unsubscribe: send mail to [EMAIL PROTECTED]
with "unsubscribe freebsd-net" in the body of the message
