From owner-freebsd-ipfw@FreeBSD.ORG Sun Jun 21 21:55:58 2009 Return-Path: Delivered-To: freebsd-ipfw@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 7E82B106564A; Sun, 21 Jun 2009 21:55:58 +0000 (UTC) (envelope-from joost@jodocus.org) Received: from viefep23-int.chello.at (viefep23-int.chello.at [62.179.121.43]) by mx1.freebsd.org (Postfix) with ESMTP id 9DACB8FC15; Sun, 21 Jun 2009 21:55:57 +0000 (UTC) (envelope-from joost@jodocus.org) Received: from edge02.upc.biz ([192.168.13.237]) by viefep19-int.chello.at (InterMail vM.7.09.01.00 201-2219-108-20080618) with ESMTP id <20090621214000.VKCQ8900.viefep19-int.chello.at@edge02.upc.biz>; Sun, 21 Jun 2009 23:40:00 +0200 Received: from bps.jodocus.org ([77.248.200.61]) by edge02.upc.biz with edge id 6lfz1c00T1Kyz9102lg02h; Sun, 21 Jun 2009 23:40:00 +0200 X-SourceIP: 77.248.200.61 Received: from jodocus.org (localhost [IPv6:::1]) by bps.jodocus.org (8.14.2/8.14.2) with ESMTP id n5LLdvMm006895; Sun, 21 Jun 2009 23:39:57 +0200 (CEST) (envelope-from joost@jodocus.org) Received: from 192.168.100.250 (SquirrelMail authenticated user joost) by jodocus.org with HTTP; Sun, 21 Jun 2009 23:39:58 +0200 (CEST) Message-ID: <62767.192.168.100.250.1245620398.squirrel@jodocus.org> In-Reply-To: References: Date: Sun, 21 Jun 2009 23:39:58 +0200 (CEST) From: "Joost Bekkers" To: "Ivan Voras" User-Agent: SquirrelMail/1.4.13 MIME-Version: 1.0 Content-Type: text/plain;charset=iso-8859-1 Content-Transfer-Encoding: 8bit X-Priority: 3 (Normal) Importance: Normal X-Greylist: Sender IP whitelisted, not delayed by milter-greylist-4.0.1 (bps.jodocus.org [IPv6:::1]); Sun, 21 Jun 2009 23:39:58 +0200 (CEST) X-Virus-Scanned: clamav-milter 0.95.1 at bps.jodocus.org X-Virus-Status: Clean Cc: freebsd-ipfw@freebsd.org Subject: Re: PR kern/117234 - ipfw + ipv6 tcp acks X-BeenThere: freebsd-ipfw@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: IPFW Technical Discussions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sun, 21 Jun 2009 21:55:58 -0000 On Thu, June 18, 2009 12:54, Ivan Voras wrote: > Hi, > > Can someone please review and if possible commit this PR: > > http://www.freebsd.org/cgi/query-pr.cgi?pr=117234 I don't think they are hearing us. :-( > > There are multiple versions of the patch in the PR, there is none for > -CURRENT. There is now. Joost. From owner-freebsd-ipfw@FreeBSD.ORG Sun Jun 21 22:00:15 2009 Return-Path: Delivered-To: freebsd-ipfw@hub.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 62AA41065674 for ; Sun, 21 Jun 2009 22:00:15 +0000 (UTC) (envelope-from gnats@FreeBSD.org) Received: from freefall.freebsd.org (freefall.freebsd.org [IPv6:2001:4f8:fff6::28]) by mx1.freebsd.org (Postfix) with ESMTP id 5059F8FC12 for ; Sun, 21 Jun 2009 22:00:15 +0000 (UTC) (envelope-from gnats@FreeBSD.org) Received: from freefall.freebsd.org (gnats@localhost [127.0.0.1]) by freefall.freebsd.org (8.14.3/8.14.3) with ESMTP id n5LM0FAF070038 for ; Sun, 21 Jun 2009 22:00:15 GMT (envelope-from gnats@freefall.freebsd.org) Received: (from gnats@localhost) by freefall.freebsd.org (8.14.3/8.14.3/Submit) id n5LM0FVu070037; Sun, 21 Jun 2009 22:00:15 GMT (envelope-from gnats) Date: Sun, 21 Jun 2009 22:00:15 GMT Message-Id: <200906212200.n5LM0FVu070037@freefall.freebsd.org> To: freebsd-ipfw@FreeBSD.org From: "Joost Bekkers" Cc: Subject: Re: kern/117234: [ipfw] [patch] ipfw send_pkt() and ipfw_tick() don't seem to support IPV6 X-BeenThere: freebsd-ipfw@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list Reply-To: Joost Bekkers List-Id: IPFW Technical Discussions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sun, 21 Jun 2009 22:00:15 -0000 The following reply was made to PR kern/117234; it has been noted by GNATS. From: "Joost Bekkers" To: bug-followup@FreeBSD.org Cc: Subject: Re: kern/117234: [ipfw] [patch] ipfw send_pkt() and ipfw_tick() don't seem to support IPV6 Date: Sun, 21 Jun 2009 23:35:11 +0200 (CEST) ------=_20090621233511_54797 Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: 8bit Updated the patch for use with 8.0-current This patch is against version 1.1 of src/sys/netinet/ipfw/ip_fw2.c It applies cleanly to HEAD (version 1.5) as well. ------=_20090621233511_54797 Content-Type: application/octet-stream; name="ip_fw2.c-80-current-200906.diff" Content-Transfer-Encoding: base64 Content-Disposition: attachment; filename="ip_fw2.c-80-current-200906.diff" LS0tIGlwX2Z3Mi5jLm9yZwkyMDA5LTA2LTIxIDE5OjUyOjM2LjAwMDAwMDAwMCArMDAwMAorKysg aXBfZncyLmMJMjAwOS0wNi0yMSAyMDo1NDowMy4wMDAwMDAwMDAgKzAwMDAKQEAgLTk3LDYgKzk3 LDcgQEAKICNpbmNsdWRlIDxuZXRpbmV0L2ljbXA2Lmg+CiAjaWZkZWYgSU5FVDYKICNpbmNsdWRl IDxuZXRpbmV0Ni9zY29wZTZfdmFyLmg+CisjaW5jbHVkZSA8bmV0aW5ldDYvaXA2X3Zhci5oPgog I2VuZGlmCiAKICNpbmNsdWRlIDxtYWNoaW5lL2luX2Nrc3VtLmg+CS8qIFhYWCBmb3IgaW5fY2tz dW0gKi8KQEAgLTI0OSw2ICsyNTAsMTAgQEAKICNkZWZpbmUJSVBGV19EWU5fVU5MT0NLKCkJbXR4 X3VubG9jaygmaXBmd19keW5fbXR4KQogI2RlZmluZQlJUEZXX0RZTl9MT0NLX0FTU0VSVCgpCW10 eF9hc3NlcnQoJmlwZndfZHluX210eCwgTUFfT1dORUQpCiAKK3N0YXRpYyBzdHJ1Y3QgbWJ1ZiAq c2VuZF9wa3Qoc3RydWN0IG1idWYgKiwgc3RydWN0IGlwZndfZmxvd19pZCAqLAorICAgIHVfaW50 MzJfdCwgdV9pbnQzMl90LCBpbnQpOworCisKIC8qCiAgKiBUaW1lb3V0cyBmb3IgdmFyaW91cyBl dmVudHMgaW4gaGFuZGluZyBkeW5hbWljIHJ1bGVzLgogICovCkBAIC03MDAsNjAgKzcwNSwxNyBA QAogCW0gPSBhcmdzLT5tOwogCWlmIChjb2RlID09IElDTVA2X1VOUkVBQ0hfUlNUICYmIGFyZ3Mt PmZfaWQucHJvdG8gPT0gSVBQUk9UT19UQ1ApIHsKIAkJc3RydWN0IHRjcGhkciAqdGNwOwotCQl0 Y3Bfc2VxIGFjaywgc2VxOwotCQlpbnQgZmxhZ3M7Ci0JCXN0cnVjdCB7Ci0JCQlzdHJ1Y3QgaXA2 X2hkciBpcDY7Ci0JCQlzdHJ1Y3QgdGNwaGRyIHRoOwotCQl9IHRpOwogCQl0Y3AgPSAoc3RydWN0 IHRjcGhkciAqKSgoY2hhciAqKWlwNiArIGhsZW4pOwogCi0JCWlmICgodGNwLT50aF9mbGFncyAm IFRIX1JTVCkgIT0gMCkgewotCQkJbV9mcmVlbShtKTsKLQkJCWFyZ3MtPm0gPSBOVUxMOwotCQkJ cmV0dXJuOworICAgICAgICAgICAgICAgIGlmICgodGNwLT50aF9mbGFncyAmIFRIX1JTVCkgPT0g MCkgeworICAgICAgICAgICAgICAgICAgICAgICAgc3RydWN0IG1idWYgKm0wOworICAgICAgICAg ICAgICAgICAgICAgICAgbTAgPSBzZW5kX3BrdChhcmdzLT5tLCAmKGFyZ3MtPmZfaWQpLAorICAg ICAgICAgICAgICAgICAgICAgICAgICAgICAgICBudG9obCh0Y3AtPnRoX3NlcSksIG50b2hsKHRj cC0+dGhfYWNrKSwKKyAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgdGNwLT50aF9mbGFn cyB8IFRIX1JTVCk7CisgICAgICAgICAgICAgICAgICAgICAgICBpZiAobTAgIT0gTlVMTCkKKyAg ICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgaXA2X291dHB1dChtMCwgTlVMTCwgTlVMTCwg MCwgTlVMTCwgTlVMTCwgTlVMTCk7CiAJCX0KLQotCQl0aS5pcDYgPSAqaXA2OwotCQl0aS50aCA9 ICp0Y3A7Ci0JCXRpLnRoLnRoX3NlcSA9IG50b2hsKHRpLnRoLnRoX3NlcSk7Ci0JCXRpLnRoLnRo X2FjayA9IG50b2hsKHRpLnRoLnRoX2Fjayk7Ci0JCXRpLmlwNi5pcDZfbnh0ID0gSVBQUk9UT19U Q1A7Ci0KLQkJaWYgKHRpLnRoLnRoX2ZsYWdzICYgVEhfQUNLKSB7Ci0JCQlhY2sgPSAwOwotCQkJ c2VxID0gdGkudGgudGhfYWNrOwotCQkJZmxhZ3MgPSBUSF9SU1Q7Ci0JCX0gZWxzZSB7Ci0JCQlh Y2sgPSB0aS50aC50aF9zZXE7Ci0JCQlpZiAoKG0tPm1fZmxhZ3MgJiBNX1BLVEhEUikgIT0gMCkg ewotCQkJCS8qCi0JCQkJICogdG90YWwgbmV3IGRhdGEgdG8gQUNLIGlzOgotCQkJCSAqIHRvdGFs IHBhY2tldCBsZW5ndGgsCi0JCQkJICogbWludXMgdGhlIGhlYWRlciBsZW5ndGgsCi0JCQkJICog bWludXMgdGhlIHRjcCBoZWFkZXIgbGVuZ3RoLgotCQkJCSAqLwotCQkJCWFjayArPSBtLT5tX3Br dGhkci5sZW4gLSBobGVuCi0JCQkJCS0gKHRpLnRoLnRoX29mZiA8PCAyKTsKLQkJCX0gZWxzZSBp ZiAoaXA2LT5pcDZfcGxlbikgewotCQkJCWFjayArPSBudG9ocyhpcDYtPmlwNl9wbGVuKSArIHNp emVvZigqaXA2KSAtCi0JCQkJICAgIGhsZW4gLSAodGkudGgudGhfb2ZmIDw8IDIpOwotCQkJfSBl bHNlIHsKLQkJCQltX2ZyZWVtKG0pOwotCQkJCXJldHVybjsKLQkJCX0KLQkJCWlmICh0Y3AtPnRo X2ZsYWdzICYgVEhfU1lOKQotCQkJCWFjaysrOwotCQkJc2VxID0gMDsKLQkJCWZsYWdzID0gVEhf UlNUfFRIX0FDSzsKLQkJfQotCQliY29weSgmdGksIGlwNiwgc2l6ZW9mKHRpKSk7Ci0JCS8qCi0J CSAqIG0gaXMgb25seSB1c2VkIHRvIHJlY3ljbGUgdGhlIG1idWYKLQkJICogVGhlIGRhdGEgaW4g aXQgaXMgbmV2ZXIgcmVhZCBzbyB3ZSBkb24ndCBuZWVkCi0JCSAqIHRvIGNvcnJlY3QgdGhlIG9m ZnNldHMgb3IgYW55dGhpbmcKLQkJICovCi0JCXRjcF9yZXNwb25kKE5VTEwsIGlwNiwgdGNwLCBt LCBhY2ssIHNlcSwgZmxhZ3MpOworCQltX2ZyZWVtKG0pOwogCX0gZWxzZSBpZiAoY29kZSAhPSBJ Q01QNl9VTlJFQUNIX1JTVCkgeyAvKiBTZW5kIGFuIElDTVB2NiB1bnJlYWNoLiAqLwogI2lmIDAK IAkJLyoKQEAgLTE2NTAsMTMgKzE2MTIsMTYgQEAKIHsKIAlJTklUX1ZORVRfSU5FVChjdXJ2bmV0 KTsKIAlzdHJ1Y3QgbWJ1ZiAqbTsKLQlzdHJ1Y3QgaXAgKmlwOwotCXN0cnVjdCB0Y3BoZHIgKnRj cDsKKyAgICAgICAgaW50IGxlbiwgZGlyOworICAgICAgICBzdHJ1Y3QgaXAgKmggPSBOVUxMOyAg ICAgICAgICAgIC8qIHN0dXBpZCBjb21waWxlciAqLworI2lmZGVmIElORVQ2CisgICAgICAgIHN0 cnVjdCBpcDZfaGRyICpoNiA9IE5VTEw7CisjZW5kaWYKKyAgICAgICAgc3RydWN0IHRjcGhkciAq dGggPSBOVUxMOwogCiAJTUdFVEhEUihtLCBNX0RPTlRXQUlULCBNVF9EQVRBKTsKLQlpZiAobSA9 PSAwKQorCWlmIChtID09IE5VTEwpCiAJCXJldHVybiAoTlVMTCk7Ci0JbS0+bV9wa3RoZHIucmN2 aWYgPSAoc3RydWN0IGlmbmV0ICopMDsKIAogCU1fU0VURklCKG0sIGlkLT5maWIpOwogI2lmZGVm IE1BQwpAQCAtMTY2OCw2NyArMTYzMywxMTggQEAKIAkodm9pZClyZXBseXRvOwkJLyogZG9uJ3Qg d2FybiBhYm91dCB1bnVzZWQgYXJnICovCiAjZW5kaWYKIAotCW0tPm1fcGt0aGRyLmxlbiA9IG0t Pm1fbGVuID0gc2l6ZW9mKHN0cnVjdCBpcCkgKyBzaXplb2Yoc3RydWN0IHRjcGhkcik7CisgICAg ICAgIHN3aXRjaCAoaWQtPmFkZHJfdHlwZSkgeworICAgICAgICBjYXNlIDQ6CisgICAgICAgICAg ICAgICAgbGVuID0gc2l6ZW9mKHN0cnVjdCBpcCkgKyBzaXplb2Yoc3RydWN0IHRjcGhkcik7Cisg ICAgICAgICAgICAgICAgYnJlYWs7CisjaWZkZWYgSU5FVDYKKyAgICAgICAgY2FzZSA2OgorICAg ICAgICAgICAgICAgIGxlbiA9IHNpemVvZihzdHJ1Y3QgaXA2X2hkcikgKyBzaXplb2Yoc3RydWN0 IHRjcGhkcik7CisgICAgICAgICAgICAgICAgYnJlYWs7CisjZW5kaWYKKyAgICAgICAgZGVmYXVs dDoKKyAgICAgICAgICAgICAgICAvKiBYWFg6IGxvZyBtZT8hPyAqLworICAgICAgICAgICAgICAg IG1fZnJlZW0obSk7CisgICAgICAgICAgICAgICAgcmV0dXJuIChOVUxMKTsKKyAgICAgICAgfQor ICAgICAgICBkaXIgPSAoKGZsYWdzICYgKFRIX1NZTiB8IFRIX1JTVCkpID09IFRIX1NZTik7CisK IAltLT5tX2RhdGEgKz0gbWF4X2xpbmtoZHI7CisgICAgICAgIG0tPm1fZmxhZ3MgfD0gTV9TS0lQ X0ZJUkVXQUxMOworICAgICAgICBtLT5tX3BrdGhkci5sZW4gPSBtLT5tX2xlbiA9IGxlbjsKKyAg ICAgICAgbS0+bV9wa3RoZHIucmN2aWYgPSBOVUxMOworICAgICAgICBiemVybyhtLT5tX2RhdGEs IGxlbik7CisKKyAgICAgICAgc3dpdGNoIChpZC0+YWRkcl90eXBlKSB7CisgICAgICAgIGNhc2Ug NDoKKyAgICAgICAgICAgICAgICBoID0gbXRvZChtLCBzdHJ1Y3QgaXAgKik7CisKKyAgICAgICAg ICAgICAgICAvKiBwcmVwYXJlIGZvciBjaGVja3N1bSAqLworICAgICAgICAgICAgICAgIGgtPmlw X3AgPSBJUFBST1RPX1RDUDsKKyAgICAgICAgICAgICAgICBoLT5pcF9sZW4gPSBodG9ucyhzaXpl b2Yoc3RydWN0IHRjcGhkcikpOworICAgICAgICAgICAgICAgIGlmIChkaXIpIHsKKyAgICAgICAg ICAgICAgICAgICAgICAgIGgtPmlwX3NyYy5zX2FkZHIgPSBodG9ubChpZC0+c3JjX2lwKTsKKyAg ICAgICAgICAgICAgICAgICAgICAgIGgtPmlwX2RzdC5zX2FkZHIgPSBodG9ubChpZC0+ZHN0X2lw KTsKKyAgICAgICAgICAgICAgICB9IGVsc2UgeworICAgICAgICAgICAgICAgICAgICAgICAgaC0+ aXBfc3JjLnNfYWRkciA9IGh0b25sKGlkLT5kc3RfaXApOworICAgICAgICAgICAgICAgICAgICAg ICAgaC0+aXBfZHN0LnNfYWRkciA9IGh0b25sKGlkLT5zcmNfaXApOworICAgICAgICAgICAgICAg IH0KIAotCWlwID0gbXRvZChtLCBzdHJ1Y3QgaXAgKik7Ci0JYnplcm8oaXAsIG0tPm1fbGVuKTsK LQl0Y3AgPSAoc3RydWN0IHRjcGhkciAqKShpcCArIDEpOyAvKiBubyBJUCBvcHRpb25zICovCi0J aXAtPmlwX3AgPSBJUFBST1RPX1RDUDsKLQl0Y3AtPnRoX29mZiA9IDU7Ci0JLyoKLQkgKiBBc3N1 bWUgd2UgYXJlIHNlbmRpbmcgYSBSU1QgKG9yIGEga2VlcGFsaXZlIGluIHRoZSByZXZlcnNlCi0J ICogZGlyZWN0aW9uKSwgc3dhcCBzcmMgYW5kIGRlc3RpbmF0aW9uIGFkZHJlc3NlcyBhbmQgcG9y dHMuCi0JICovCi0JaXAtPmlwX3NyYy5zX2FkZHIgPSBodG9ubChpZC0+ZHN0X2lwKTsKLQlpcC0+ aXBfZHN0LnNfYWRkciA9IGh0b25sKGlkLT5zcmNfaXApOwotCXRjcC0+dGhfc3BvcnQgPSBodG9u cyhpZC0+ZHN0X3BvcnQpOwotCXRjcC0+dGhfZHBvcnQgPSBodG9ucyhpZC0+c3JjX3BvcnQpOwot CWlmIChmbGFncyAmIFRIX1JTVCkgewkvKiB3ZSBhcmUgc2VuZGluZyBhIFJTVCAqLworICAgICAg ICAgICAgICAgIHRoID0gKHN0cnVjdCB0Y3BoZHIgKikoaCArIDEpOworICAgICAgICAgICAgICAg IGJyZWFrOworI2lmZGVmIElORVQ2CisgICAgICAgIGNhc2UgNjoKKyAgICAgICAgICAgICAgICBo NiA9IG10b2QobSwgc3RydWN0IGlwNl9oZHIgKik7CisKKyAgICAgICAgICAgICAgICAvKiBwcmVw YXJlIGZvciBjaGVja3N1bSAqLworICAgICAgICAgICAgICAgIGg2LT5pcDZfbnh0ID0gSVBQUk9U T19UQ1A7CisgICAgICAgICAgICAgICAgaDYtPmlwNl9wbGVuID0gaHRvbnMoc2l6ZW9mKHN0cnVj dCB0Y3BoZHIpKTsKKyAgICAgICAgICAgICAgICBpZiAoZGlyKSB7CisgICAgICAgICAgICAgICAg ICAgICAgICBoNi0+aXA2X3NyYyA9IGlkLT5zcmNfaXA2OworICAgICAgICAgICAgICAgICAgICAg ICAgaDYtPmlwNl9kc3QgPSBpZC0+ZHN0X2lwNjsKKyAgICAgICAgICAgICAgICB9IGVsc2Ugewor ICAgICAgICAgICAgICAgICAgICAgICAgaDYtPmlwNl9zcmMgPSBpZC0+ZHN0X2lwNjsKKyAgICAg ICAgICAgICAgICAgICAgICAgIGg2LT5pcDZfZHN0ID0gaWQtPnNyY19pcDY7CisgICAgICAgICAg ICAgICAgfQorCisgICAgICAgICAgICAgICAgdGggPSAoc3RydWN0IHRjcGhkciAqKShoNiArIDEp OworICAgICAgICAgICAgICAgIGJyZWFrOworI2VuZGlmCisgICAgICAgIH0KKworICAgICAgICBp ZiAoZGlyKSB7CisgICAgICAgICAgICAgICAgdGgtPnRoX3Nwb3J0ID0gaHRvbnMoaWQtPnNyY19w b3J0KTsKKyAgICAgICAgICAgICAgICB0aC0+dGhfZHBvcnQgPSBodG9ucyhpZC0+ZHN0X3BvcnQp OworICAgICAgICB9IGVsc2UgeworICAgICAgICAgICAgICAgIHRoLT50aF9zcG9ydCA9IGh0b25z KGlkLT5kc3RfcG9ydCk7CisgICAgICAgICAgICAgICAgdGgtPnRoX2Rwb3J0ID0gaHRvbnMoaWQt PnNyY19wb3J0KTsKKyAgICAgICAgfQorICAgICAgICB0aC0+dGhfb2ZmID0gc2l6ZW9mKHN0cnVj dCB0Y3BoZHIpID4+IDI7CisKKyAgICAgICAgaWYgKGZsYWdzICYgVEhfUlNUKSB7CiAJCWlmIChm bGFncyAmIFRIX0FDSykgewotCQkJdGNwLT50aF9zZXEgPSBodG9ubChhY2spOwotCQkJdGNwLT50 aF9hY2sgPSBodG9ubCgwKTsKLQkJCXRjcC0+dGhfZmxhZ3MgPSBUSF9SU1Q7CisgICAgICAgICAg ICAgICAgICAgICAgICB0aC0+dGhfc2VxID0gaHRvbmwoYWNrKTsKKyAgICAgICAgICAgICAgICAg ICAgICAgIHRoLT50aF9mbGFncyA9IFRIX1JTVDsKIAkJfSBlbHNlIHsKIAkJCWlmIChmbGFncyAm IFRIX1NZTikKIAkJCQlzZXErKzsKLQkJCXRjcC0+dGhfc2VxID0gaHRvbmwoMCk7Ci0JCQl0Y3At PnRoX2FjayA9IGh0b25sKHNlcSk7Ci0JCQl0Y3AtPnRoX2ZsYWdzID0gVEhfUlNUIHwgVEhfQUNL OworICAgICAgICAgICAgICAgICAgICAgICAgdGgtPnRoX2FjayA9IGh0b25sKHNlcSk7CisgICAg ICAgICAgICAgICAgICAgICAgICB0aC0+dGhfZmxhZ3MgPSBUSF9SU1QgfCBUSF9BQ0s7CiAJCX0K IAl9IGVsc2UgewogCQkvKgotCQkgKiBXZSBhcmUgc2VuZGluZyBhIGtlZXBhbGl2ZS4gZmxhZ3Mg JiBUSF9TWU4gZGV0ZXJtaW5lcwotCQkgKiB0aGUgZGlyZWN0aW9uLCBmb3J3YXJkIGlmIHNldCwg cmV2ZXJzZSBpZiBjbGVhci4KLQkJICogTk9URTogc2VxIGFuZCBhY2sgYXJlIGFsd2F5cyBhc3N1 bWVkIHRvIGJlIGNvcnJlY3QKLQkJICogYXMgc2V0IGJ5IHRoZSBjYWxsZXIuIFRoaXMgbWF5IGJl IGNvbmZ1c2luZy4uLgorICAgICAgICAgICAgICAgICAqIEtlZXBhbGl2ZSAtIHVzZSBjYWxsZXIg cHJvdmlkZWQgc2VxdWVuY2UgbnVtYmVycwogCQkgKi8KLQkJaWYgKGZsYWdzICYgVEhfU1lOKSB7 Ci0JCQkvKgotCQkJICogd2UgaGF2ZSB0byByZXdyaXRlIHRoZSBjb3JyZWN0IGFkZHJlc3NlcyEK LQkJCSAqLwotCQkJaXAtPmlwX2RzdC5zX2FkZHIgPSBodG9ubChpZC0+ZHN0X2lwKTsKLQkJCWlw LT5pcF9zcmMuc19hZGRyID0gaHRvbmwoaWQtPnNyY19pcCk7Ci0JCQl0Y3AtPnRoX2Rwb3J0ID0g aHRvbnMoaWQtPmRzdF9wb3J0KTsKLQkJCXRjcC0+dGhfc3BvcnQgPSBodG9ucyhpZC0+c3JjX3Bv cnQpOwotCQl9Ci0JCXRjcC0+dGhfc2VxID0gaHRvbmwoc2VxKTsKLQkJdGNwLT50aF9hY2sgPSBo dG9ubChhY2spOwotCQl0Y3AtPnRoX2ZsYWdzID0gVEhfQUNLOworICAgICAgICAgICAgICAgIHRo LT50aF9zZXEgPSBodG9ubChzZXEpOworICAgICAgICAgICAgICAgIHRoLT50aF9hY2sgPSBodG9u bChhY2spOworICAgICAgICAgICAgICAgIHRoLT50aF9mbGFncyA9IFRIX0FDSzsKKyAgICAgICAg fQorCisgICAgICAgIHN3aXRjaCAoaWQtPmFkZHJfdHlwZSkgeworICAgICAgICBjYXNlIDQ6Cisg ICAgICAgICAgICAgICAgdGgtPnRoX3N1bSA9IGluX2Nrc3VtKG0sIGxlbik7CisKKyAgICAgICAg ICAgICAgICAvKiBmaW5pc2ggdGhlIGlwIGhlYWRlciAqLworICAgICAgICAgICAgICAgIGgtPmlw X3YgPSA0OworICAgICAgICAgICAgICAgIGgtPmlwX2hsID0gc2l6ZW9mKCpoKSA+PiAyOworICAg ICAgICAgICAgICAgIGgtPmlwX3RvcyA9IElQVE9TX0xPV0RFTEFZOworICAgICAgICAgICAgICAg IGgtPmlwX29mZiA9IDA7CisgICAgICAgICAgICAgICAgaC0+aXBfbGVuID0gbGVuOworICAgICAg ICAgICAgICAgIGgtPmlwX3R0bCA9IFZfaXBfZGVmdHRsOworICAgICAgICAgICAgICAgIGgtPmlw X3N1bSA9IDA7CisgICAgICAgICAgICAgICAgYnJlYWs7CisjaWZkZWYgSU5FVDYKKyAgICAgICAg Y2FzZSA2OgorICAgICAgICAgICAgICAgIHRoLT50aF9zdW0gPSBpbjZfY2tzdW0obSwgSVBQUk9U T19UQ1AsIHNpemVvZigqaDYpLAorICAgICAgICAgICAgICAgICAgICBzaXplb2Yoc3RydWN0IHRj cGhkcikpOworCisgICAgICAgICAgICAgICAgLyogZmluaXNoIHRoZSBpcDYgaGVhZGVyICovCisg ICAgICAgICAgICAgICAgaDYtPmlwNl92ZmMgfD0gSVBWNl9WRVJTSU9OOworICAgICAgICAgICAg ICAgIGg2LT5pcDZfaGxpbSA9IElQVjZfREVGSExJTTsKKyAgICAgICAgICAgICAgICBicmVhazsK KyNlbmRpZgogCX0KLQkvKgotCSAqIHNldCBpcF9sZW4gdG8gdGhlIHBheWxvYWQgc2l6ZSBzbyB3 ZSBjYW4gY29tcHV0ZQotCSAqIHRoZSB0Y3AgY2hlY2tzdW0gb24gdGhlIHBzZXVkb2hlYWRlcgot CSAqIFhYWCBjaGVjayB0aGlzLCBjb3VsZCBzYXZlIGEgY291cGxlIG9mIHdvcmRzID8KLQkgKi8K LQlpcC0+aXBfbGVuID0gaHRvbnMoc2l6ZW9mKHN0cnVjdCB0Y3BoZHIpKTsKLQl0Y3AtPnRoX3N1 bSA9IGluX2Nrc3VtKG0sIG0tPm1fcGt0aGRyLmxlbik7Ci0JLyoKLQkgKiBub3cgZmlsbCBmaWVs ZHMgbGVmdCBvdXQgZWFybGllcgotCSAqLwotCWlwLT5pcF90dGwgPSBWX2lwX2RlZnR0bDsKLQlp cC0+aXBfbGVuID0gbS0+bV9wa3RoZHIubGVuOwotCW0tPm1fZmxhZ3MgfD0gTV9TS0lQX0ZJUkVX QUxMOworCiAJcmV0dXJuIChtKTsKIH0KIApAQCAtNDU0MCw2ICs0NTU2LDkgQEAKIHsKIAlJTklU X1ZORVRfSVBGVyhjdXJ2bmV0KTsKIAlzdHJ1Y3QgbWJ1ZiAqbTAsICptLCAqbW5leHQsICoqbXRh aWxwOworI2lmZGVmIElORVQ2CisgICAgICAgIHN0cnVjdCBtYnVmICptNiwgKiptNl90YWlscDsK KyNlbmRpZgogCWludCBpOwogCWlwZndfZHluX3J1bGUgKnE7CiAKQEAgLTQ1NTQsNiArNDU3Mywx MCBAQAogCSAqLwogCW0wID0gTlVMTDsKIAltdGFpbHAgPSAmbTA7CisjaWZkZWYgSU5FVDYKKyAg ICAgICAgbTYgPSBOVUxMOworICAgICAgICBtNl90YWlscCA9ICZtNjsKKyNlbmRpZgogCUlQRldf RFlOX0xPQ0soKTsKIAlmb3IgKGkgPSAwIDsgaSA8IFZfY3Vycl9keW5fYnVja2V0cyA7IGkrKykg ewogCQlmb3IgKHEgPSBWX2lwZndfZHluX3ZbaV0gOyBxIDsgcSA9IHEtPm5leHQgKSB7CkBAIC00 NTY5LDE0ICs0NTkyLDM3IEBACiAJCQlpZiAoVElNRV9MRVEocS0+ZXhwaXJlLCB0aW1lX3VwdGlt ZSkpCiAJCQkJY29udGludWU7CS8qIHRvbyBsYXRlLCBydWxlIGV4cGlyZWQgKi8KIAotCQkJKm10 YWlscCA9IHNlbmRfcGt0KE5VTEwsICYocS0+aWQpLCBxLT5hY2tfcmV2IC0gMSwKKwkJCW0gPSBz ZW5kX3BrdChOVUxMLCAmKHEtPmlkKSwgcS0+YWNrX3JldiAtIDEsCiAJCQkJcS0+YWNrX2Z3ZCwg VEhfU1lOKTsKLQkJCWlmICgqbXRhaWxwICE9IE5VTEwpCi0JCQkJbXRhaWxwID0gJigqbXRhaWxw KS0+bV9uZXh0cGt0OwotCQkJKm10YWlscCA9IHNlbmRfcGt0KE5VTEwsICYocS0+aWQpLCBxLT5h Y2tfZndkIC0gMSwKKwkJCW1uZXh0ID0gc2VuZF9wa3QoTlVMTCwgJihxLT5pZCksIHEtPmFja19m d2QgLSAxLAogCQkJCXEtPmFja19yZXYsIDApOwotCQkJaWYgKCptdGFpbHAgIT0gTlVMTCkKLQkJ CQltdGFpbHAgPSAmKCptdGFpbHApLT5tX25leHRwa3Q7CisKKyAgICAgICAgICAgICAgICAgICAg ICAgIHN3aXRjaCAocS0+aWQuYWRkcl90eXBlKSB7CisgICAgICAgICAgICAgICAgICAgICAgICBj YXNlIDQ6CisgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgIGlmIChtICE9IE5VTEwpIHsK KyAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAqbXRhaWxwID0gbTsKKyAg ICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICBtdGFpbHAgPSAmKCptdGFpbHAp LT5tX25leHRwa3Q7CisgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgIH0KKyAgICAgICAg ICAgICAgICAgICAgICAgICAgICAgICAgaWYgKG1uZXh0ICE9IE5VTEwpIHsKKyAgICAgICAgICAg ICAgICAgICAgICAgICAgICAgICAgICAgICAgICAqbXRhaWxwID0gbW5leHQ7CisgICAgICAgICAg ICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgbXRhaWxwID0gJigqbXRhaWxwKS0+bV9uZXh0 cGt0OworICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICB9CisgICAgICAgICAgICAgICAg ICAgICAgICAgICAgICAgIGJyZWFrOworI2lmZGVmIElORVQ2CisgICAgICAgICAgICAgICAgICAg ICAgICBjYXNlIDY6CisgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgIGlmIChtICE9IE5V TEwpIHsKKyAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAqbTZfdGFpbHAg PSBtOworICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgIG02X3RhaWxwID0g JigqbTZfdGFpbHApLT5tX25leHRwa3Q7CisgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAg IH0KKyAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgaWYgKG1uZXh0ICE9IE5VTEwpIHsK KyAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAqbTZfdGFpbHAgPSBtbmV4 dDsKKyAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICBtNl90YWlscCA9ICYo Km02X3RhaWxwKS0+bV9uZXh0cGt0OworICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICB9 CisgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgIGJyZWFrOworI2VuZGlmCisgICAgICAg ICAgICAgICAgICAgICAgICB9CisKKyAgICAgICAgICAgICAgICAgICAgICAgIG0gPSBtbmV4dCA9 IE5VTEw7CiAJCX0KIAl9CiAJSVBGV19EWU5fVU5MT0NLKCk7CkBAIC00NTg1LDYgKzQ2MzEsMTMg QEAKIAkJbS0+bV9uZXh0cGt0ID0gTlVMTDsKIAkJaXBfb3V0cHV0KG0sIE5VTEwsIE5VTEwsIDAs IE5VTEwsIE5VTEwpOwogCX0KKyNpZmRlZiBJTkVUNgorICAgICAgICBmb3IgKG0gPSBtbmV4dCA9 IG02OyBtICE9IE5VTEw7IG0gPSBtbmV4dCkgeworICAgICAgICAgICAgICAgIG1uZXh0ID0gbS0+ bV9uZXh0cGt0OworICAgICAgICAgICAgICAgIG0tPm1fbmV4dHBrdCA9IE5VTEw7CisgICAgICAg ICAgICAgICAgaXA2X291dHB1dChtLCBOVUxMLCBOVUxMLCAwLCBOVUxMLCBOVUxMLCBOVUxMKTsK KyAgICAgICAgfQorI2VuZGlmCiBkb25lOgogCWNhbGxvdXRfcmVzZXQoJlZfaXBmd190aW1lb3V0 LCBWX2R5bl9rZWVwYWxpdmVfcGVyaW9kICogaHosCiAJCSAgICAgIGlwZndfdGljaywgTlVMTCk7 Cg== ------=_20090621233511_54797-- From owner-freebsd-ipfw@FreeBSD.ORG Mon Jun 22 11:06:57 2009 Return-Path: Delivered-To: freebsd-ipfw@FreeBSD.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id EDD3F106567B for ; Mon, 22 Jun 2009 11:06:57 +0000 (UTC) (envelope-from owner-bugmaster@FreeBSD.org) Received: from freefall.freebsd.org (freefall.freebsd.org [IPv6:2001:4f8:fff6::28]) by mx1.freebsd.org (Postfix) with ESMTP id DABA08FC18 for ; Mon, 22 Jun 2009 11:06:57 +0000 (UTC) (envelope-from owner-bugmaster@FreeBSD.org) Received: from freefall.freebsd.org (localhost [127.0.0.1]) by freefall.freebsd.org (8.14.3/8.14.3) with ESMTP id n5MB6vT7018070 for ; Mon, 22 Jun 2009 11:06:57 GMT (envelope-from owner-bugmaster@FreeBSD.org) Received: (from gnats@localhost) by freefall.freebsd.org (8.14.3/8.14.3/Submit) id n5MB6vq9018066 for freebsd-ipfw@FreeBSD.org; Mon, 22 Jun 2009 11:06:57 GMT (envelope-from owner-bugmaster@FreeBSD.org) Date: Mon, 22 Jun 2009 11:06:57 GMT Message-Id: <200906221106.n5MB6vq9018066@freefall.freebsd.org> X-Authentication-Warning: freefall.freebsd.org: gnats set sender to owner-bugmaster@FreeBSD.org using -f From: FreeBSD bugmaster To: freebsd-ipfw@FreeBSD.org Cc: Subject: Current problem reports assigned to freebsd-ipfw@FreeBSD.org X-BeenThere: freebsd-ipfw@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: IPFW Technical Discussions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 22 Jun 2009 11:06:58 -0000 Note: to view an individual PR, use: http://www.freebsd.org/cgi/query-pr.cgi?pr=(number). The following is a listing of current problems submitted by FreeBSD users. These represent problem reports covering all versions including experimental development code and obsolete releases. S Tracker Resp. Description -------------------------------------------------------------------------------- o kern/135476 ipfw [ipfw] IPFW table breaks after adding a large number o o bin/134975 ipfw [patch] ipfw(8) can't work with set in rule file. o kern/132553 ipfw [ipfw] ipfw doesn't understand ftp-data port o kern/131817 ipfw [ipfw] blocks layer2 packets that should not be blocke o kern/131601 ipfw [ipfw] [panic] 7-STABLE panic in nat_finalise (tcp=0) o kern/131558 ipfw [ipfw] Inconsistent "via" ipfw behavior o bin/130132 ipfw [patch] ipfw(8): no way to get mask from ipfw pipe sho o kern/129103 ipfw [ipfw] IPFW check state does not work =( o kern/129093 ipfw [ipfw] ipfw nat must not drop packets o kern/129036 ipfw [ipfw] 'ipfw fwd' does not change outgoing interface n o kern/128260 ipfw [ipfw] [patch] ipfw_divert damages IPv6 packets o kern/127230 ipfw [ipfw] [patch] Feature request to add UID and/or GID l o kern/127209 ipfw [ipfw] IPFW table become corrupted after many changes o bin/125370 ipfw [ipfw] [patch] increase a line buffer limit o conf/123119 ipfw [patch] rc script for ipfw does not handle IPv6 o kern/122963 ipfw [ipfw] tcpdump does not show packets redirected by 'ip s kern/121807 ipfw [request] TCP and UDP port_table in ipfw o kern/121382 ipfw [dummynet]: 6.3-RELEASE-p1 page fault in dummynet (cor o kern/121122 ipfw [ipfw] [patch] add support to ToS IP PRECEDENCE fields o kern/118993 ipfw [ipfw] page fault - probably it's a locking problem o kern/117234 ipfw [ipfw] [patch] ipfw send_pkt() and ipfw_tick() don't s o bin/117214 ipfw ipfw(8) fwd with IPv6 treats input as IPv4 o kern/116009 ipfw [ipfw] [patch] Ignore errors when loading ruleset from p kern/115755 ipfw [ipfw] [patch] unify message and add a rule number whe o bin/115172 ipfw [patch] ipfw(8) list show some rules with a wrong form o docs/113803 ipfw [patch] ipfw(8) - don't get bitten by the fwd rule p kern/113388 ipfw [ipfw] [patch] Addition actions with rules within spec o kern/112708 ipfw [ipfw] ipfw is seems to be broken to limit number of c o kern/112561 ipfw [ipfw] ipfw fwd does not work with some TCP packets o kern/107305 ipfw [ipfw] ipfw fwd doesn't seem to work o kern/105330 ipfw [ipfw] [patch] ipfw (dummynet) does not allow to set q o bin/104921 ipfw [patch] ipfw(8) sometimes treats ipv6 input as ipv4 (a o kern/104682 ipfw [ipfw] [patch] Some minor language consistency fixes a o kern/103454 ipfw [ipfw] [patch] [request] add a facility to modify DF b o kern/103328 ipfw [ipfw] [request] sugestions about ipfw table o kern/102471 ipfw [ipfw] [patch] add tos and dscp support o kern/98831 ipfw [ipfw] ipfw has UDP hickups o kern/97951 ipfw [ipfw] [patch] ipfw does not tie interface details to o kern/97504 ipfw [ipfw] IPFW Rules bug o kern/95084 ipfw [ipfw] [regression] [patch] IPFW2 ignores "recv/xmit/v o kern/93300 ipfw [ipfw] ipfw pipe lost packets o kern/91847 ipfw [ipfw] ipfw with vlanX as the device o kern/88659 ipfw [modules] ipfw and ip6fw do not work properly as modul o kern/87032 ipfw [ipfw] [patch] ipfw ioctl interface implementation o kern/86957 ipfw [ipfw] [patch] ipfw mac logging o kern/82724 ipfw [ipfw] [patch] [request] Add setnexthop and defaultrou s kern/80642 ipfw [ipfw] [patch] ipfw small patch - new RULE OPTION o bin/78785 ipfw [patch] ipfw(8) verbosity locks machine if /etc/rc.fir o kern/74104 ipfw [ipfw] ipfw2/1 conflict not detected or reported, manp o kern/73910 ipfw [ipfw] serious bug on forwarding of packets after NAT o kern/72987 ipfw [ipfw] ipfw/dummynet pipe/queue 'queue [BYTES]KBytes ( o kern/71366 ipfw [ipfw] "ipfw fwd" sometimes rewrites destination mac a o kern/69963 ipfw [ipfw] install_state warning about already existing en o kern/60719 ipfw [ipfw] Headerless fragments generate cryptic error mes o kern/55984 ipfw [ipfw] [patch] time based firewalling support for ipfw o kern/51274 ipfw [ipfw] [patch] ipfw2 create dynamic rules with parent o kern/48172 ipfw [ipfw] [patch] ipfw does not log size and flags o kern/46159 ipfw [ipfw] [patch] [request] ipfw dynamic rules lifetime f a kern/26534 ipfw [ipfw] Add an option to ipfw to log gid/uid of who cau 59 problems total. From owner-freebsd-ipfw@FreeBSD.ORG Mon Jun 22 16:50:17 2009 Return-Path: Delivered-To: ipfw@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id D3A3B1065672 for ; Mon, 22 Jun 2009 16:50:17 +0000 (UTC) (envelope-from luigi@onelab2.iet.unipi.it) Received: from onelab2.iet.unipi.it (onelab2.iet.unipi.it [131.114.9.129]) by mx1.freebsd.org (Postfix) with ESMTP id 9AF4D8FC22 for ; Mon, 22 Jun 2009 16:50:17 +0000 (UTC) (envelope-from luigi@onelab2.iet.unipi.it) Received: by onelab2.iet.unipi.it (Postfix, from userid 275) id C8E2273098; Mon, 22 Jun 2009 18:36:19 +0200 (CEST) Date: Mon, 22 Jun 2009 18:36:19 +0200 From: Luigi Rizzo To: ipfw@freebsd.org Message-ID: <20090622163619.GA27560@onelab2.iet.unipi.it> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline User-Agent: Mutt/1.4.2.3i Cc: Marta Carbone , Luigi Rizzo Subject: ipfw and dummynet for linux now available X-BeenThere: freebsd-ipfw@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: IPFW Technical Discussions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 22 Jun 2009 16:50:18 -0000 With Marta Carbone we have recently completed a port to Linux of ipfw and dummynet, and we also took the chance to put online some updated picobsd images for FreeBSD. Code, papers and binary modules are available at http://info.iet.unipi.it/~luigi/dummynet/ cheers luigi From owner-freebsd-ipfw@FreeBSD.ORG Tue Jun 23 10:50:46 2009 Return-Path: Delivered-To: freebsd-ipfw@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 8475B1065678 for ; Tue, 23 Jun 2009 10:50:46 +0000 (UTC) (envelope-from on@cs.ait.ac.th) Received: from mail.cs.ait.ac.th (mail.cs.ait.ac.th [192.41.170.16]) by mx1.freebsd.org (Postfix) with ESMTP id E32178FC1A for ; Tue, 23 Jun 2009 10:50:45 +0000 (UTC) (envelope-from on@cs.ait.ac.th) Received: from banyan.cs.ait.ac.th (banyan.cs.ait.ac.th [192.41.170.5]) by mail.cs.ait.ac.th (8.13.1/8.13.1) with ESMTP id n5NAGnKS031028 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=NO) for ; Tue, 23 Jun 2009 17:16:49 +0700 (ICT) (envelope-from on@cs.ait.ac.th) Received: (from on@localhost) by banyan.cs.ait.ac.th (8.14.3/8.14.3/Submit) id n5NALD27006751; Tue, 23 Jun 2009 17:21:13 +0700 (ICT) (envelope-from on) Date: Tue, 23 Jun 2009 17:21:13 +0700 (ICT) Message-Id: <200906231021.n5NALD27006751@banyan.cs.ait.ac.th> From: Olivier Nicole To: freebsd-ipfw@freebsd.org X-Virus-Scanned: on CSIM by amavisd-milter (http://www.amavis.org/) Subject: PCI-X SATA card for FreeBSD X-BeenThere: freebsd-ipfw@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: IPFW Technical Discussions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 23 Jun 2009 10:50:46 -0000 Hi, I am not sure if any card of the type exists, but I am looking for a PCI-X card with external SATA connector (1 or 2) to supports port multiplier. Idea is to attach a bank of disk to use a backup media. TIA, Olivier From owner-freebsd-ipfw@FreeBSD.ORG Wed Jun 24 04:13:57 2009 Return-Path: Delivered-To: freebsd-ipfw@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id D4F2F106566C for ; Wed, 24 Jun 2009 04:13:57 +0000 (UTC) (envelope-from on@cs.ait.ac.th) Received: from mail.cs.ait.ac.th (mail.cs.ait.ac.th [192.41.170.16]) by mx1.freebsd.org (Postfix) with ESMTP id 3FA7E8FC0A for ; Wed, 24 Jun 2009 04:13:56 +0000 (UTC) (envelope-from on@cs.ait.ac.th) Received: from banyan.cs.ait.ac.th (banyan.cs.ait.ac.th [192.41.170.5]) by mail.cs.ait.ac.th (8.13.1/8.13.1) with ESMTP id n5O49UAZ014116 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=NO) for ; Wed, 24 Jun 2009 11:09:30 +0700 (ICT) (envelope-from on@cs.ait.ac.th) Received: (from on@localhost) by banyan.cs.ait.ac.th (8.14.3/8.14.3/Submit) id n5O4DpZg004113; Wed, 24 Jun 2009 11:13:51 +0700 (ICT) (envelope-from on) Date: Wed, 24 Jun 2009 11:13:51 +0700 (ICT) Message-Id: <200906240413.n5O4DpZg004113@banyan.cs.ait.ac.th> From: Olivier Nicole To: freebsd-ipfw@freebsd.org X-Virus-Scanned: on CSIM by amavisd-milter (http://www.amavis.org/) Subject: security/pgp on amd64 X-BeenThere: freebsd-ipfw@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: IPFW Technical Discussions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 24 Jun 2009 04:13:58 -0000 Hi, Is the port security/pgp working on amd64 system? I copied my public and private keyrings from i386 to amd64 system and I cannot decipher any file, it keeps on complaining that the pass phrase is bad. TIA, Olivier From owner-freebsd-ipfw@FreeBSD.ORG Wed Jun 24 05:00:19 2009 Return-Path: Delivered-To: freebsd-ipfw@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id B85021065670 for ; Wed, 24 Jun 2009 05:00:19 +0000 (UTC) (envelope-from max@love2party.net) Received: from moutng.kundenserver.de (moutng.kundenserver.de [212.227.17.9]) by mx1.freebsd.org (Postfix) with ESMTP id 4D0D58FC1F for ; Wed, 24 Jun 2009 05:00:19 +0000 (UTC) (envelope-from max@love2party.net) Received: from vampire.homelinux.org (dslb-088-066-040-016.pools.arcor-ip.net [88.66.40.16]) by mrelayeu.kundenserver.de (node=mrbap1) with ESMTP (Nemesis) id 0MKt2u-1MJKOe3h0Y-00057M; Wed, 24 Jun 2009 06:47:45 +0200 Received: (qmail 78006 invoked from network); 24 Jun 2009 04:47:44 -0000 Received: from kvm.laiers.local (HELO kvm.localnet) (192.168.4.187) by mx.laiers.local with SMTP; 24 Jun 2009 04:47:44 -0000 From: Max Laier Organization: FreeBSD To: freebsd-ipfw@freebsd.org Date: Wed, 24 Jun 2009 06:47:42 +0200 User-Agent: KMail/1.11.3 (Linux/2.6.30-rc5-ARCH; KDE/4.2.3; x86_64; ; ) References: <200906240413.n5O4DpZg004113@banyan.cs.ait.ac.th> In-Reply-To: <200906240413.n5O4DpZg004113@banyan.cs.ait.ac.th> MIME-Version: 1.0 Content-Type: Text/Plain; charset="iso-8859-15" Content-Transfer-Encoding: 7bit Content-Disposition: inline Message-Id: <200906240647.43334.max@love2party.net> X-Provags-ID: V01U2FsdGVkX1/H11u76r9sRcc1vs99LVha5IwWn7hTcDL6NM5 pFahcaBz70+6hC1l15mMVe3VhDqizorH8lxz9AzGD4A7EvMVwH dZDVH1L8yTn0oLouKqIbg== Cc: Olivier Nicole Subject: Re: security/pgp on amd64 X-BeenThere: freebsd-ipfw@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: IPFW Technical Discussions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 24 Jun 2009 05:00:20 -0000 On Wednesday 24 June 2009 06:13:51 Olivier Nicole wrote: > Is the port security/pgp working on amd64 system? > > I copied my public and private keyrings from i386 to amd64 system and > I cannot decipher any file, it keeps on complaining that the pass > phrase is bad. Clearly the wrong mailing list. The file format might be different. Try exporting an ascii armored version on i386 and importing it on amd64. -- /"\ Best regards, | mlaier@freebsd.org \ / Max Laier | ICQ #67774661 X http://pf4freebsd.love2party.net/ | mlaier@EFnet / \ ASCII Ribbon Campaign | Against HTML Mail and News From owner-freebsd-ipfw@FreeBSD.ORG Fri Jun 26 08:54:50 2009 Return-Path: Delivered-To: freebsd-ipfw@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id C30F71065677 for ; Fri, 26 Jun 2009 08:54:50 +0000 (UTC) (envelope-from holger.rauch@empic.de) Received: from ox.heitec.net (ox.heitec.net [93.93.253.50]) by mx1.freebsd.org (Postfix) with SMTP id 469658FC1D for ; Fri, 26 Jun 2009 08:54:49 +0000 (UTC) (envelope-from holger.rauch@empic.de) Received: from ox.heitec.net ([10.100.1.50]) by eSafe SMTP Relay 1245200454; Fri, 26 Jun 2009 10:54:48 +0200 Received: by ox.heitec.net (Postfix, from userid 110) id A88131A002; Fri, 26 Jun 2009 10:54:48 +0200 (CEST) Received: from siena.er.heitec.net (unknown [10.64.150.150]) by ox.heitec.net (Postfix) with ESMTPSA id A04EB1A001 for ; Fri, 26 Jun 2009 10:54:48 +0200 (CEST) Received: by siena.er.heitec.net (Postfix, from userid 1000) id E5E8D1E8B; Fri, 26 Jun 2009 10:55:30 +0200 (CEST) Date: Fri, 26 Jun 2009 10:55:30 +0200 From: Holger Rauch To: freebsd-ipfw@freebsd.org Message-ID: <20090626085530.GA2623@heitec.de> MIME-Version: 1.0 Content-Type: multipart/signed; micalg=pgp-sha1; protocol="application/pgp-signature"; boundary="Q68bSM7Ycu6FN28Q" Content-Disposition: inline User-Agent: Mutt/1.5.18 (2008-05-17) Organization: EMPIC GmbH, Werner-von-Siemens-Str. 61, 91052 Erlangen, Germany, Reg. No: 2873 / Fuerth / Germany, CEO / Managing Director: Joerg K. Kottenbrink, WWW: http://www.empic.eu X-ESAFE-STATUS: [esafe] Mail clean X-ESAFE-DETAILS: [esafe] Subject: Any *Working* Examples of kernel-based (IPFW2-based) NAT onFreeBSD 7.1-STABLE? X-BeenThere: freebsd-ipfw@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: IPFW Technical Discussions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 26 Jun 2009 08:54:51 -0000 --Q68bSM7Ycu6FN28Q Content-Type: text/plain; charset=utf-8 Content-Disposition: inline Content-Transfer-Encoding: quoted-printable Hi, I'm having trouble setting up "hide NAT" (hiding several internal addresses "behind" an external one) and "1:1 NAT" (one certain external IP address for each corresponding internal one) on a FreeBSD 7.1-STABLE system (AMD64 architecture). My questions: - Does kernel-based (IPFW2-based) NAT work at all with FreeBSD 7.1-STABLE? - If so, can someone please provide some working examples? - In case it doesn't, do you recommend me to use user-space natd instaed? =20 - For user-space natd, it's probably best to run two instances like the natd man page suggests? =20 In case someone is interested in further details, please take a look at my previous message posted to this list: http://lists.freebsd.org/pipermail/freebsd-ipfw/2009-June/003909.html Thanks in advance for any advice! Kind regards, Holger --Q68bSM7Ycu6FN28Q Content-Type: application/pgp-signature; name="signature.asc" Content-Description: Digital signature Content-Disposition: inline -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.9 (GNU/Linux) iEYEARECAAYFAkpEjQIACgkQbiVtWpZdKQIEPACdH1RBy0AHvhYkVGWwDXJhfgo7 clsAnAqGbwzWj5OR1YX5hsJlndkwgrOS =g0FR -----END PGP SIGNATURE----- --Q68bSM7Ycu6FN28Q-- From owner-freebsd-ipfw@FreeBSD.ORG Fri Jun 26 09:04:11 2009 Return-Path: Delivered-To: freebsd-ipfw@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 5594C1065674 for ; Fri, 26 Jun 2009 09:04:11 +0000 (UTC) (envelope-from max@love2party.net) Received: from moutng.kundenserver.de (moutng.kundenserver.de [212.227.17.8]) by mx1.freebsd.org (Postfix) with ESMTP id A16FE8FC08 for ; Fri, 26 Jun 2009 09:04:10 +0000 (UTC) (envelope-from max@love2party.net) Received: from vampire.homelinux.org (dslb-088-066-005-052.pools.arcor-ip.net [88.66.5.52]) by mrelayeu.kundenserver.de (node=mrbap0) with ESMTP (Nemesis) id 0MKsym-1MK7Lt1L9E-000O1G; Fri, 26 Jun 2009 11:04:09 +0200 Received: (qmail 50911 invoked from network); 26 Jun 2009 09:04:08 -0000 Received: from kvm.laiers.local (HELO kvm.localnet) (192.168.4.187) by laiers.local with SMTP; 26 Jun 2009 09:04:08 -0000 From: Max Laier Organization: FreeBSD To: freebsd-current@freebsd.org Date: Fri, 26 Jun 2009 11:04:06 +0200 User-Agent: KMail/1.11.3 (Linux/2.6.30-rc5-ARCH; KDE/4.2.3; x86_64; ; ) References: <4A444BC2.4010606@FreeBSD.org> In-Reply-To: <4A444BC2.4010606@FreeBSD.org> MIME-Version: 1.0 Content-Type: Text/Plain; charset="utf-8" Content-Transfer-Encoding: 7bit Content-Disposition: inline Message-Id: <200906261104.07597.max@love2party.net> X-Provags-ID: V01U2FsdGVkX19cotJMtoMW3JgncrqbVOuFrOBZR7k9H8oqaZ3 F6t4ywdlJt9/2x6u2ubIoYHvxUJcoLOqUJ1jQfofCEEfXg8M/g 2euMpyX33eyDnj1jEMqZg== Cc: freebsd-ipfw@freebsd.org, Doug Barton , freebsd-pf@freebsd.org Subject: Re: pfsync rc script breaks pfsync on cloned interfaces X-BeenThere: freebsd-ipfw@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: IPFW Technical Discussions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 26 Jun 2009 09:04:11 -0000 On Friday 26 June 2009 06:17:06 Doug Barton wrote: > I have reverted the change that caused pf and ipfw to appear before > netif in the rcorder. While I still feel strongly that it is the > "right thing" to configure the firewalls first, the changes caused too > many problems for too many users, and it's too late in the release > cycle to make a change like this that has significant side effects. > > I would like to strongly encourage those who use pf and ipfw to > consider doing the work required to make this change possible. With > ipfw it's not quite as urgent since by default it does not pass > packets till it is configured. This is not the case with pf, as its > default is wide open until it is configured. It's not a simple problem and I'm not sure we can really come up with a "one-size-fits-all" solution. That does not mean we shouldn't try, though. My idea how this should work is something along the following lines: 1) Very early in the boot (just after the necessary firewall configuration tools are available [NFS-root might be a problem here!]) setup an "initial firewall" configuration. For most users this could be a default (allow dhcp, outgoing DNS, maybe ssh in/out, NFS(???), ...). 2) After setting up the interfaces have the option to start a more involved firewall that is fully user supplied. At this point we should be able to look up DNS (though this is clearly a bad idea from the security PoV unless you have DNSSEC), get interface configurations and maybe even routing information. The latter could be another chicken-egg-problem as we might need a routing daemon active to get this. However, people who really need that should be able to modify the early setup accordingly. It is unclear to me where stage 2 should be located. I would argue that with a reasonable default setup we can easily get away with putting stage 2 at the very end of the start up procedure. If people need early holes in the firewall (e.g. for smbfs, routing daemons, ...) they can place them in the early stage. I would like input about how a very simple "save default" setup could look like. A ruleset for pf or ipfw that allows most of the boot process to complete without opening the host to the outside world, yet. For extra points this ruleset is aware of the rc.conf variables and adjusts accordingly (e.g. opening access to sshd iff it is configured). In addition there might be *one or two* configuration variables for the early stage to open additional ports or to select a default interface. However, the fewer the better. Input greatly appreciated! -- /"\ Best regards, | mlaier@freebsd.org \ / Max Laier | ICQ #67774661 X http://pf4freebsd.love2party.net/ | mlaier@EFnet / \ ASCII Ribbon Campaign | Against HTML Mail and News From owner-freebsd-ipfw@FreeBSD.ORG Fri Jun 26 11:58:22 2009 Return-Path: Delivered-To: freebsd-ipfw@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id AC2361065742; Fri, 26 Jun 2009 11:58:22 +0000 (UTC) (envelope-from dimitry@andric.com) Received: from tensor.andric.com (cl-327.ede-01.nl.sixxs.net [IPv6:2001:7b8:2ff:146::2]) by mx1.freebsd.org (Postfix) with ESMTP id 697E78FC18; Fri, 26 Jun 2009 11:58:22 +0000 (UTC) (envelope-from dimitry@andric.com) Received: from [IPv6:2001:7b8:3a7:0:98bc:1464:29cc:daae] (unknown [IPv6:2001:7b8:3a7:0:98bc:1464:29cc:daae]) (using TLSv1 with cipher DHE-RSA-CAMELLIA256-SHA (256/256 bits)) (No client certificate requested) by tensor.andric.com (Postfix) with ESMTPSA id 95F105C42; Fri, 26 Jun 2009 13:58:21 +0200 (CEST) Message-ID: <4A44B7DE.2090503@andric.com> Date: Fri, 26 Jun 2009 13:58:22 +0200 From: Dimitry Andric User-Agent: Mozilla/5.0 (Windows; U; Windows NT 5.2; en-US; rv:1.9.1pre) Gecko/20090620 Shredder/3.0b3pre MIME-Version: 1.0 To: Max Laier References: <4A444BC2.4010606@FreeBSD.org> <200906261104.07597.max@love2party.net> In-Reply-To: <200906261104.07597.max@love2party.net> Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 7bit Cc: freebsd-ipfw@freebsd.org, freebsd-current@freebsd.org, freebsd-pf@freebsd.org, Doug Barton Subject: Re: pfsync rc script breaks pfsync on cloned interfaces X-BeenThere: freebsd-ipfw@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: IPFW Technical Discussions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 26 Jun 2009 11:58:24 -0000 On 2009-06-26 11:04, Max Laier wrote: > I would like input about how a very simple "save default" setup could look > like. A ruleset for pf or ipfw that allows most of the boot process to > complete without opening the host to the outside world, yet. For extra > points this ruleset is aware of the rc.conf variables and adjusts > accordingly (e.g. opening access to sshd iff it is configured). In > addition there might be *one or two* configuration variables for the early > stage to open additional ports or to select a default interface. However, > the fewer the better. If you look at how OpenBSD implements their /etc/rc script, you will see it first loads a simple PF ruleset, which allows ssh, dns, icmp echo and (if applicable) IPv6 routing and neighbor advertisements. Then it does the regular network setup (/etc/netstart), followed by loading the full PF rules. Relevant excerpt: ###################### if [ X"${pf}" != X"NO" ]; then RULES="block all" RULES="$RULES\npass on lo0" RULES="$RULES\npass in proto tcp from any to any port 22 keep state" RULES="$RULES\npass out proto { tcp, udp } from any to any port 53 keep state" RULES="$RULES\npass out inet proto icmp all icmp-type echoreq keep state" if ifconfig lo0 inet6 >/dev/null 2>&1; then RULES="$RULES\npass out inet6 proto icmp6 all icmp6-type neighbrsol" RULES="$RULES\npass in inet6 proto icmp6 all icmp6-type neighbradv" RULES="$RULES\npass out inet6 proto icmp6 all icmp6-type routersol" RULES="$RULES\npass in inet6 proto icmp6 all icmp6-type routeradv" fi RULES="$RULES\npass proto carp keep state (no-sync)" case `sysctl vfs.mounts.nfs 2>/dev/null` in *[1-9]*) # don't kill NFS RULES="set reassemble yes no-df\n$RULES" RULES="$RULES\npass in proto { tcp, udp } from any port { 111, 2049 } to any" RULES="$RULES\npass out proto { tcp, udp } from any to any port { 111, 2049 }" ;; esac echo $RULES | pfctl -f - pfctl -e fi # Fill net.inet.(tcp|udp).baddynamic lists from /etc/services fill_baddynamic udp fill_baddynamic tcp sysctl_conf # set hostname, turn on network echo 'starting network' ifconfig -g carp carpdemote 128 if [ -f /etc/resolv.conf.save ]; then mv /etc/resolv.conf.save /etc/resolv.conf touch /etc/resolv.conf fi . /etc/netstart if [ X"${pf}" != X"NO" ]; then if [ -f ${pf_rules} ]; then pfctl -f ${pf_rules} fi # bring up pfsync after the working ruleset has been loaded if [ -f /etc/hostname.pfsync0 ]; then . /etc/netstart pfsync0 fi fi ###################### Perhaps this approach can be molded into /etc/rc.d form? :) From owner-freebsd-ipfw@FreeBSD.ORG Fri Jun 26 15:21:22 2009 Return-Path: Delivered-To: freebsd-ipfw@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 02C971065672 for ; Fri, 26 Jun 2009 15:21:22 +0000 (UTC) (envelope-from dougb@FreeBSD.org) Received: from mail2.fluidhosting.com (mx21.fluidhosting.com [204.14.89.4]) by mx1.freebsd.org (Postfix) with ESMTP id 8E9B48FC15 for ; Fri, 26 Jun 2009 15:21:21 +0000 (UTC) (envelope-from dougb@FreeBSD.org) Received: (qmail 2695 invoked by uid 399); 26 Jun 2009 14:56:26 -0000 Received: from localhost (HELO foreign.dougb.net) (dougb@dougbarton.us@127.0.0.1) by localhost with ESMTPAM; 26 Jun 2009 14:56:26 -0000 X-Originating-IP: 127.0.0.1 X-Sender: dougb@dougbarton.us Message-ID: <4A44E198.3050004@FreeBSD.org> Date: Fri, 26 Jun 2009 07:56:24 -0700 From: Doug Barton Organization: http://www.FreeBSD.org/ User-Agent: Thunderbird 2.0.0.22 (X11/20090625) MIME-Version: 1.0 To: Dimitry Andric References: <4A444BC2.4010606@FreeBSD.org> <200906261104.07597.max@love2party.net> <4A44B7DE.2090503@andric.com> In-Reply-To: <4A44B7DE.2090503@andric.com> X-Enigmail-Version: 0.95.7 OpenPGP: id=D5B2F0FB Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 7bit Cc: Max Laier , freebsd-current@freebsd.org, freebsd-pf@freebsd.org, freebsd-ipfw@freebsd.org Subject: Re: pfsync rc script breaks pfsync on cloned interfaces X-BeenThere: freebsd-ipfw@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: IPFW Technical Discussions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 26 Jun 2009 15:21:22 -0000 Dimitry Andric wrote: > On 2009-06-26 11:04, Max Laier wrote: >> I would like input about how a very simple "save default" setup could look >> like. A ruleset for pf or ipfw that allows most of the boot process to >> complete without opening the host to the outside world, yet. For extra >> points this ruleset is aware of the rc.conf variables and adjusts >> accordingly (e.g. opening access to sshd iff it is configured). In >> addition there might be *one or two* configuration variables for the early >> stage to open additional ports or to select a default interface. However, >> the fewer the better. > > If you look at how OpenBSD implements their /etc/rc script, you will see > it first loads a simple PF ruleset, which allows ssh, dns, icmp echo and > (if applicable) IPv6 routing and neighbor advertisements. > > Then it does the regular network setup (/etc/netstart), followed by > loading the full PF rules. I think that would be a great approach, it's just waiting for someone familiar with pf to implement it. :) I also forgot to mention, there is no need to include me on future cc's for this topic. Regards, Doug -- This .signature sanitized for your protection