netbsd-bugs: kern/17403: ipmon does not log correctly on big-endian, 64-bit platforms

Subject: kern/17403: ipmon does not log correctly on big-endian, 64-bit platforms
To: None <gnats-bugs@gnats.netbsd.org>
From: None <wizard@sik.oulu.fi>
List: netbsd-bugs
Date: 06/26/2002 06:18:27

>Number:         17403
>Category:       kern
>Synopsis:       ipmon does not log correctly on big-endian, 64-bit platforms
>Confidential:   no
>Severity:       critical
>Priority:       high
>Responsible:    kern-bug-people
>State:          open
>Class:          sw-bug
>Submitter-Id:   net
>Arrival-Date:   Wed Jun 26 06:19:01 PDT 2002
>Closed-Date:
>Last-Modified:
>Originator:     Tomi Nylund
>Release:        NetBSD 1.6_BETA2
>Organization:
University of Oulu
>Environment:
sikw4:(root)/tmp# uname -a
NetBSD sikw4 1.6_BETA2 NetBSD 1.6_BETA2 (SIK-TESTI-IPv6) #1: Wed Jun 26 14:03:44 EEST 2002     root@sikw4:/usr/src/sys/arch/sparc64/compile/SIK-TESTI-IPv6 sparc64
sikw4:(root)/tmp# 

>Description:
When running ipmon on 64-bit, big-endian platforms, ipmon loses
timestamp info from the data it reads from /dev/ipl. Log entries have the time/date set to 1970-something, microseconds log correctly, though.

This is due to using 64-bit data store ipl_sec in ipmon.c, and then casting a pointer to it into time_t (32-bit) in order to get localtime.
This bug goes unnoticed on little-endian 64-bit platforms, like
for example alpha, where first four bytes give correct (small enough) values, while on ultrasparc64 first four bytes are zero, giving always zero value.
>How-To-Repeat:
Use NetBSD/sparc64, configure ipf to block, for example, ping packets:
1) add for example following line to ipf.conf
block in log quick on le0 proto icmp from 192.168.8.6/32 to 192.168.6.13/32.
2) ping from another machine, whose pings are to be blocked
3) watch output from ipmon be FUBAR wrt. timestamps.
>Fix:
Please fetch a tarball from
http://www.ee.oulu.fi/~wizard/ipmon_patch.tar
which contains diffs against src/sys/netinet/ip_log.c,
src/sys/netinet/ip_fil.h, and src/dist/ipf/ipmon.c to change the
timetypes to more portable ones.
After applying the patches, the timestamps should work on sparc64,
and of course on other platforms too. It was tested only on sparc64,
though.

The patches come, of course, without any warranty :)

>Release-Note:
>Audit-Trail:
>Unformatted: