From owner-FreeBSD-tech-jp@jp.freebsd.org  Mon Sep 29 13:00:03 1997
Received: by jaz.jp.freebsd.org (8.8.7+2.7Wbeta7/8.7.3) id NAA26879
	Mon, 29 Sep 1997 13:00:03 +0900 (JST)
Received: by jaz.jp.freebsd.org (8.8.7+2.7Wbeta7/8.7.3) with ESMTP id MAA26827
	for <freebsd-tech-jp@jp.freebsd.org>; Mon, 29 Sep 1997 12:59:52 +0900 (JST)
Received: from rd.njk.co.jp by abu.njk.co.jp (8.8.7/njk) with ESMTP id MAA15923 for <freebsd-tech-jp@jp.freebsd.org>; Mon, 29 Sep 1997 12:59:18 +0900 (JST)
Received: from pluto.rd.njk.co.jp by rd.njk.co.jp (8.8.5/mx) with ESMTP id MAA17179 for <freebsd-tech-jp@jp.freebsd.org>; Mon, 29 Sep 1997 12:59:15 +0900 (JST)
Received: from D-shibata.rd.njk.co.jp by pluto.rd.njk.co.jp (8.8.5/3.5Wpl4/pluto1.3) with SMTP id MAA09159 for <freebsd-tech-jp@jp.freebsd.org>; Mon, 29 Sep 1997 12:59:17 +0900 (JST)
Message-Id: <9709290359.AA03876@D-shibata.rd.njk.co.jp>
From: Chiharu Shibata <chi@rd.njk.co.jp>
Date: Mon, 29 Sep 1997 12:59:16 +0900
To: freebsd-tech-jp@jp.freebsd.org
Organization: NJK Corporation <http://www.njk.co.jp/>
MIME-Version: 1.0
X-Mailer: AL-Mail 1.32
Content-Type: text/plain; charset=iso-2022-jp
Reply-To: FreeBSD-tech-jp@jp.freebsd.org
Precedence: bulk
X-Distribute: distribute [version 2.1 (Alpha) patchlevel=20]
X-Sequence: FreeBSD-tech-jp 666
Subject: [FreeBSD-tech-jp 666] IIJ-PPP bug?
Errors-To: owner-FreeBSD-tech-jp@jp.freebsd.org
Sender: owner-FreeBSD-tech-jp@jp.freebsd.org

$B$3$s$K$A$O!"<FED$G$9!#(J
FreeBSD2.2.1R$B$N(JIIJ-PPP$B$G$9$,!"(Jfilter$B@_Dj<~$j$K%P%0$,$"$k$h$&$G$9!#(J

filtering$BK\BN$G$O$J$$$?$a!"%;%-%e%j%F%#>e$NLdBj$K$O$J$i$J$$$H;W$$(J
$B$^$9$,!"(Jfilter$B4XO"$G$"$k$3$H$K$O4V0c$$$,$J$$$N$G!"(Jsend-pr$BA0$K!"(J
$B$3$N(JML$B$N<1<T$N3'$5$s$N8+2r$r;G$$$?$$$H;W$$!"%a!<%k$7$^$7$?!#(J
$BLdBjE@$J$I$"$l$P!"%U%)%m!<$7$F$/$@$5$$!#(J

$B$J$*!"<+J,$O(Jdigest$B$G9XFI$7$F$$$^$9$N$G!"%j%W%i%$$N:]$K$O(JCc:$B$7$F(J
$B$$$?$@$1$k$H9,$$$G$9!#(J
$B!<!<!<!<$3$3$+$i(J
IIJ-PPP$B$N%U%#%k%?@_Dj4X78$N%P%0$K$D$$$F(J

(1)$B%]!<%HHV9f$r;XDj$;$:$K(Jestab$B$r;XDj$9$k$3$H$,=PMh$J$$(J
  $BNc(J)set ifilter 0 permit tcp estab

  $B860x(J:filter.c$B$N(JParseUdpOrTcp()$B$G!"%W%m%H%3%k$N8e$K%Q%i%a!<%?$,(J
       0$B!"$^$?$O(J3$B0J>e$G$J$$$H%(%i!<$K$7$F$$$k$?$a!#(J
  $B8+2r(J:ip.c$B$N(JFilterCheck()$B$G$O!"(Jsrcop$B$*$h$S(Jdstop$B$,6&$K(JOP_NONE$B$N(J
       $B>l9g!"%]!<%HHV9f$r%A%'%C%/$;$:$K!"(Jestab$B$+$I$&$+$@$1$rI>2A(J
       $BBP>]$K=PMh$k$h$&$K$J$C$F$$$k!#=>$C$F!"$3$N;XDj$O2DG=$G$"$k(J
       $B$Y$-!#(J

(2)$B%]!<%HHV9f$NHf3S$K(J"lt"$B$r;H$C$?>l9g!"%U%#%k%?@_DjFbMF$rI=<($5$;(J
  $B$k$H(J"lt"$B$NBe$o$j$K(J"none"$B$HI=<($5$l$k!#(J
  $BNc(J)set ifilter 0 deny udp src lt 1024
     show ifilter

  $B860x(J:filter.h$B$G!"(J"OP_LT"$B$,(J4$B$K(Jdefine$B$5$l$F$$$k$N$K!"(Jfilter.c$B$N(J
       opname[]$B$,!"(J[0]$B$+$i(J[3]$B$^$G$7$+Dj5A$5$l$F$$$J$$$?$a!#(J
  $B1F6A(J:"lt"$B$r;H$C$?%U%#%k%?$r(Jshow$B%3%^%s%I$GI=<($5$;$kEY$K!"G[Ns30(J
       $B%"%/%;%9$r5/$3$9!#(J

(3)$BH/(JIP$B%"%I%l%9$ND>8e$K%W%m%H%3%k$H%]!<%HHV9f$r;XDj$7$?>l9g!"(J
   $B%(%i!<$K$J$k(J
   $BNc(J)set ifilter 0 deny 172.16.1.1/24 tcp src eq 23

   $B860x(J:filter.c$B$N(JParse()$B$G!"H/(JIP$B%"%I%l%9$ND>8e$K%W%m%H%3%k$,(J
        $B;XDj$5$l$F$$$?>l9g!"(Jargv$B$r%$%s%/%j%a%s%H$9$k$Y$-$J$N$K(J
        $B$7$F$$$J$$$?$a!#(J

(4)UDP$B$K$D$$$F(Jestab$B;XDj$,=PMh$F$7$^$&(J
   $BNc(J)set ifilter 0 permit udp estab

   $B860x(J:filter.c$B$N(JParseUdpOrTcp()$B$G!"%W%m%H%3%k$,(JTCP$B$+(JUDP$B$+$K(J
        $B4X78$J$/!"(Jestab$B;XDj$NM-L5$r%A%'%C%/$7$F$$$k$?$a!#(J
   $B8+2r(J:estab$B$O(JTCP$B%W%m%H%3%k8GM-$G$"$k$N$G!"(JUDP$B$G$O;XDj=PMh$J$$(J
        $B$h$&$K$9$Y$-!#(J
   $B1F6A(J:ip.c$B$N(JFilterCheck()$B$G$O!"(JUDP$B;~!"L5>r7o$K(Jestab$B$G$"$k$H(J
        $B$_$J$7$F$$$k$N$G!"<B<AE*$J1F6A$OL5$7!#(J

(5)filter.c$B$N(JParseUdpOrTcp()$B$G!"(Jsrcop$B$*$h$S(Jdstop$B$KBeF~$9$Y$-(Jdefine
   $BCM$,4V0c$C$F$$$k(J

   $B8+2r(J:$B$=$NB>$N(Jsrcop$B$*$h$S(Jdstop$B$r;2>H$9$k$H$3$m$G$O!"(JOP_XXX$B$r(J
        $B;HMQ$7$F$*$j!"$^$?(JA_XXX$B$O(Jaction$B$K;HMQ$5$l$F$$$k$3$H$+$i!"(J
        $B4V0c$$$HH=CG$5$l$k!#(J
   $B1F6A(J:OP_NONE$B$H(JA_NONE$B$O!"6&$K(J0$B$G$"$k$?$a!"<B<AE*$J1F6A$OL5$7!#(J

(6)$BH/(JIP$B%"%I%l%9$G$b%W%m%H%3%k$G$b$J$$$b$N$r;XDj$7$F$b!"%(%i!<$K(J
   $B$J$i$J$$(J
   $BNc(J)set ifilter 0 deny XXXX

   $B860x(J:filter.c$B$N(JParseAddr()$B$G!"(Jinet_addr()$B$r;HMQ$7$F$*$j!"$+$D(J
        $B$=$NJV$jCM$r%A%'%C%/$7$F$$$J$$$?$a!#(J
   $B8+2r(J:inet_addr(3)$B$N(Jman$B%Z!<%8$K$O!"(J

     The value INADDR_NONE (0xffffffff) is a valid broadcast address,
     but inet_addr() cannot return that value without indicating failure.

        $B$H$$$&5-=R$,$"$k!#8=:_$N%=!<%9$G$O!"$=$l8N$KJV$jCM$r%A%'%C%/(J
        $B$7$F$$$J$$(J($B=PMh$J$$(J)$B$H;W$o$l$k!#(J
        man$B%Z!<%8$K$O!"(Jinet_aton(3)$B$O!"$3$NLdBj$,5/$3$i$J$$$H=q$+$l$F(J
        $B$*$j!"$3$l$r;H$C$F=q$-D>$9$Y$-!#(J

--- filter.c.orig	Thu Jan 11 06:27:43 1996
+++ filter.c	Thu Sep 25 23:53:00 1997
@@ -56,7 +56,6 @@
 struct in_addr *pmask;
 int *pwidth;
 {
-  u_long addr;
   int bits;
   char *cp, *wp;
 
@@ -70,8 +69,9 @@
   pmask->s_addr = -1;		/* Assume 255.255.255.255 as default */
   cp = index(*argv, '/');
   if (cp) *cp++ = '\0';
-  addr = inet_addr(*argv);
-  paddr->s_addr = addr;
+  if (inet_aton(*argv, paddr) == 0) {
+    return(0);
+  }
   if (cp && *cp) {
     bits = strtol(cp, &wp, 0);
     if (cp == wp || bits < 0 || bits > 32) {
@@ -201,17 +201,20 @@
 int proto;
 {
 
+  filterdata.opt.srcop = filterdata.opt.dstop = OP_NONE;
+  filterdata.opt.estab = 0;
   if (argc == 0) {
     /* permit/deny all tcp traffic */
-    filterdata.opt.srcop = filterdata.opt.dstop = A_NONE;
     return(1);
   }
+#if 0	/* XXX: allow estab only */
   if (argc < 3) {
 #ifdef notdef
     printf("bad udp syntax.\n");
 #endif
     return(0);
   }
+#endif	/* 0 */
   if (argc >= 3 && STREQ(*argv, "src")) {
     filterdata.opt.srcop = ParseOp(argv[1]);
     if (filterdata.opt.srcop == OP_NONE) {
@@ -238,7 +241,7 @@
     if (argc == 0)
       return(1);
   }
-  if (argc == 1) {
+  if (argc == 1 && proto == P_TCP) {
     if (STREQ(*argv, "estab")) {
       filterdata.opt.estab = 1;
       return(1);
@@ -251,7 +254,9 @@
   return(0);
 }
 
-char *opname[] = { "none", "eq", "gt", "lt" };
+/* XXX: OP_LT defines 4 in filter.h			*/
+/*                 0       1     2     3     4		*/
+char *opname[] = { "none", "eq", "gt", NULL, "lt" };
 
 static int
 Parse(argc, argv, ofp)
@@ -323,9 +328,9 @@
 	  argc--; argv++;
 	}
 	proto = ParseProto(argc, argv);
-	if (proto) {
-	  argc--; argv++;
-	}
+      }
+      if (proto != P_NONE) {
+	argc--; argv++;
       }
     } else {
       printf("Address/protocol expected.\n");
$B!<!<!<!<$3$3$^$G(J

-- 
$B<FED(J $B@i=U(J($B!i(J)  chi@rd.njk.co.jp, HQG00246@niftyserve.or.jp
