Re: bin/59511: some variable addresses not processed by firewall rules.

To: joe%netbsd.org@localhost, gnats-admin%netbsd.org@localhost, netbsd-bugs%netbsd.org@localhost, emmankoko519%gmail.com@localhost
Subject: Re: bin/59511: some variable addresses not processed by firewall rules.
From: "Michael van Elst via gnats" <gnats-admin%NetBSD.org@localhost>
Date: Sat, 5 Jul 2025 15:35:01 +0000 (UTC)

The following reply was made to PR bin/59511; it has been noted by GNATS.

From: mlelstv%serpens.de@localhost (Michael van Elst)
To: gnats-bugs%netbsd.org@localhost
Cc: 
Subject: Re: bin/59511: some variable addresses not processed by firewall rules.
Date: Sat, 5 Jul 2025 15:34:13 -0000 (UTC)

 emmankoko519%gmail.com@localhost writes:

 >>How-To-Repeat:
 >$home = { 192.168.100.5, 192.168.100.8}
 >$office = {192.168.64.3, 192.168.64.9}
 >$blocklist = {$home, $office }

 $blocklist is a list of two VAR_ID elements.

 This gets resolved in npf_var.c:263

         /*
          * Resolve if it is a reference to another variable.
          */
         if (el->e_type == NPFVAR_VAR_ID) {
                 const npfvar_t *rvp = npfvar_lookup(el->e_data);
                 return npfvar_get_element(rvp, 0, level + 1);
         }       

 but which fetches only index 0 of the element list stored in a variable.

 As a result you get { 192.168.100.5, 192.168.64.3 }.

 npfvar_get_element() either needs to handle such recursive lists or you
 need to derefence variables when constructing lists. The latter probably
 has more side effects.

Prev by Date: bin/59511: some variable addresses not processed by firewall rules.
Next by Date: Re: bin/59511: some variable addresses not processed by firewall rules.
Previous by Thread: bin/59511: some variable addresses not processed by firewall rules.
Next by Thread: Re: bin/59511: some variable addresses not processed by firewall rules.
Indexes:

Home | Main Index | Thread Index | Old Index