Bug in ipfw.c

Paul Russell (rusty@paul.tattersalls.com.au)
Tue, 20 Jan 1998 11:27:15 +1100

Hi bugsquishers,

I noticed this semantic change in DaveM's CVS tree before it got
merged in, but didn't think it significant until someone
(<mroos@hclub.ee>) pointed out that it's common to have the same
interface address for multiple ppp interfaces.

Summary: Specifying an interface by address may not work as expected
for recent (2.1.6x onwards?) kernels.

1) If an interface name and an interface address are both specified,
the address is ignored.

2) If an interface address which matches no interface is specified,
the rule will never match anything, even if an interface with that
address is later upped.

3) If an interface address matching an interface is specified, then
the rule is tied to that name, even if the address is changed.

4) If multiple interfaces exist with the same address, one is chosen
at random (I think; whatever ip_dev_find returns).

#ifdef FREE_AD
This is why my Generic IP Firewall Chains code doesn't used interface
addresses... http://www.adelaide.net.au/~rustcorp/ipfwchains/ipfwchains.html

I'll do a patch sometime this week if noone else does,

 .sig lost in the mail.