Re: PR/44070 CVS commit: src/sys/dist/ipf/netinet

[List Mail User <track%Plectere.com@localhost>]

The following reply was made to PR kern/44070; it has been noted by GNATS.

From: List Mail User <track%Plectere.com@localhost>
To: christos%netbsd.org@localhost, gnats-bugs%netbsd.org@localhost
Cc: track%Plectere.com@localhost
Subject: Re: PR/44070 CVS commit: src/sys/dist/ipf/netinet
Date: Sat, 12 Feb 2011 10:48:14 -0800 (PST)

 >...
 > Log Message:
 > PR/44070: Avoid zero divide in modulo operations.
 > 
 > 
 > To generate a diff of this commit:
 > cvs rdiff -u -r1.41 -r1.42 src/sys/dist/ipf/netinet/ip_nat.c
 >...
 
        Hi again,
 
        Actually, the change in 1.42 is unfortunately not correct:
 The problem is that the syntax for minimum and maximum ports is
 _inclusive_ of the endpoint values, therefore any value between
 OR either if bth of the minimum and maximum port values should be
 possible;  The change in rev 1.42 does fix the original problem _I_
 had (i.e. when minimum == maximum to force a single port to be used),
 but the "fix" in 1.42 has a side effect that the maximum port number
 cannot be used for any specification larger than a single port - i.e.
 a rule like "... 167:168" will only use port 167 and can never use 168
 (this seems the "worst" case to me:  A single "fallback" is allowed for
 rare collisions, but doesn't have any effect/functionality because of
 the logic error).
 
        Of well, the panic is gone, so I can safely allow any of my
 local changes to bit-rot, but a (new/related) bug still remains :-(
 
        Thanks,
 
        Paul Shupak