netbsd-bugs: kern/17096: FTP Proxy in IP Filter 3.4.27 not working correctly

Subject: kern/17096: FTP Proxy in IP Filter 3.4.27 not working correctly
To: None <gnats-bugs@gnats.netbsd.org>
From: None <maccult@pacbell.net>
List: netbsd-bugs
Date: 05/28/2002 19:43:39
>Number:         17096
>Category:       kern
>Synopsis:       FTP Proxy in IP Filter 3.4.27 not working correctly
>Confidential:   no
>Severity:       critical
>Priority:       high
>Responsible:    kern-bug-people
>State:          open
>Class:          sw-bug
>Submitter-Id:   net
>Arrival-Date:   Tue May 28 19:44:00 PDT 2002
>Closed-Date:
>Last-Modified:
>Originator:     Randy Beaudreault
>Release:        -current
>Organization:
>Environment:
NetBSD Guardian 1.5ZC NetBSD 1.5ZC (GENERIC) #0: Fri May 10 04:42:43 CDT 2002     fredb@tautology.immanent.net:/s/src-current/sys/arch/mac68k/compile/GENERIC mac68k
>Description:
The FTP Proxy in ipnat doesn't fully work in IP Filter 3.4.27.  All but one of my FTP clients on my regular workstation which sits behind my NetBSD firewall/router do not work.
>How-To-Repeat:
Try an FTP client.
>Fix:
This may patch the problem but I'm not sure yet.  The denizens of the IP Filter mailing know of this problem and a 100% patch should be out shortly.

Maybe a patch:
*** /home/xtang/src/ip_fil3.4.27/ip_ftp_pxy.c   Fri Apr 26 10:22:45 2002
--- ip_ftp_pxy.c        Fri May 10 15:13:17 2002
***************
*** 766,776 ****
        i = 0;
        sel = nat->nat_aps->aps_sel[1 - rv];
        if (rv) {
!               if (nat->nat_aps->aps_ackmin[sel] > ntohl(tcp->th_seq))
!                       i = nat->nat_aps->aps_ackoff[sel];
        } else {
!               if (nat->nat_aps->aps_seqmin[sel] > ntohl(tcp->th_seq))
!                       i = nat->nat_aps->aps_seqoff[sel];
        }
        /*
         * XXX - Ideally, this packet should get dropped because we now know
--- 766,774 ----
        i = 0;
        sel = nat->nat_aps->aps_sel[1 - rv];
        if (rv) {
!               i = nat->nat_aps->aps_ackoff[sel];
        } else {
!               i = nat->nat_aps->aps_seqoff[sel];
        }
        /*
         * XXX - Ideally, this packet should get dropped because we now know
***************
*** 780,789 ****
        if (f->ftps_len + f->ftps_seq == ntohl(tcp->th_seq))
                f->ftps_seq = ntohl(tcp->th_seq);
        else {
!               inc = ntohl(tcp->th_seq) - f->ftps_seq;
!               if (inc > i) {
!                       return APR_ERR(1);
!               }
        }
        inc = 0;
        f->ftps_len = mlen;
--- 778,785 ----
        if (f->ftps_len + f->ftps_seq == ntohl(tcp->th_seq))
                f->ftps_seq = ntohl(tcp->th_seq);
        else {
!               if (ntohl(tcp->th_seq) + i != f->ftps_seq)
!                 return APR_ERR(1);
        }
        inc = 0;
        f->ftps_len = mlen;
>Release-Note:
>Audit-Trail:
>Unformatted: