>Number:         29249
>Category:       bin
>Synopsis:       ipnat does not parse "tcpudp" correctly
>Confidential:   no
>Severity:       non-critical
>Priority:       medium
>Responsible:    bin-bug-people
>State:          open
>Class:          sw-bug
>Submitter-Id:   net
>Arrival-Date:   Sun Feb 06 05:07:00 +0000 2005
>Originator:     grant beattie
>Release:        NetBSD 2.0_STABLE
>Organization:
>Environment:
System: NetBSD 2.0_STABLE (firewall) #4: Sat Feb  5 15:08:39 EST 2005 grant@beastie:/data1/netbsd/netbsd-2-0/obj.i386/sys/arch/i386/compile/firewall i386
Architecture: i386
Machine: i386
>Description:
ipnat accepts input of these rules:

rdr fxp0 from any to 1.2.3.4 -> 1.2.3.4 port 0 tcpudp
rdr fxp1 from any to 5.6.7.8 -> 5.6.7.8 port 0 tcpudp

but they do not get inserted into the kernel correctly:

# ipnat -l | grep ^rdr
rdr fxp0 from any to 1.2.3.4/32 -> 1.2.3.4 port 0 -1
rdr fxp1 from any to 5.6.7.8/32 -> 5.6.7.8 port 0 -1

the correct syntax is "tcp/udp", however the code in lib/natparse.c
seems to treat both "tcpudp" and "tcp/udp" as the same.

# /sbin/ipf -V
ipf: IP Filter: v4.1.3 (396)
Kernel: IP Filter: v4.1.3               
Running: yes
Log Flags: 0 = none set
Default: pass all, Logging: unavailable
Active list: 0
Feature mask: 0x108

>How-To-Repeat:
see above.
>Fix:
ipnat should error on this syntax or insert the rules correctly. the
latter appears to be the intention of the code.