Re[2]: kern/55179: ipfilter ip

Sorry, the reason I think this is a problem, comparing same value (is->is_sport or is->dport) to

sp (htons) or dp (ntohs).

--------

        if (tcp != NULL) {
                sp = htons(fin->fin_sport);
                dp = ntohs(fin->fin_dport);
        }

…

        /*
         * Match addresses and ports.
         */
        if (rev == 0) {
                if ((IP6_EQ(&is->is_dst, dst) || (flags & SI_W_DADDR)) &&
                    (IP6_EQ(&is->is_src, src) || (flags & SI_W_SADDR))) {

                        if (tcp) {
                                if ((sp == is->is_sport || flags & SI_W_SPORT)    <-------
                                    &&
                                    (dp == is->is_dport || flags & SI_W_DPORT))    <-------
                                        ret = 1;

                        } else {
                                ret = 1;
                        }
                }
        } else {
                if ((IP6_EQ(&is->is_dst, src) || (flags & SI_W_DADDR)) &&
                    (IP6_EQ(&is->is_src, dst) || (flags & SI_W_SADDR))) {
                        if (tcp) {
                                if ((dp == is->is_sport || flags & SI_W_SPORT)    <-------
                                    &&
                                    (sp == is->is_dport || flags & SI_W_DPORT))    <-------
                                        ret = 1;
                        } else {
                                ret = 1;
                        }
                }
        }

--------

Wednesday, April 15, 2020 7:20 PM +09:00 from gnats-admin%netbsd.org@localhost:

Thank you very much for your problem report.
It has the internal identification `kern/55179'.
The individual assigned to look at your
report is: kern-bug-people.

>Category: kern
>Responsible: kern-bug-people
>Synopsis: ipfilter ip_state.c's problem
>Arrival-Date: Wed Apr 15 10:20:00 +0000 2020

--
Kouichi Hashikawa <hashikaw%mail.ru@localhost>

Re[2]: kern/55179: ipfilter ip_state.c's problem