From owner-freebsd-ipfw@FreeBSD.ORG Mon Mar 21 11:01:58 2005 Return-Path: Delivered-To: freebsd-ipfw@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 5A47A16A4CE for ; Mon, 21 Mar 2005 11:01:58 +0000 (GMT) Received: from freefall.freebsd.org (freefall.freebsd.org [216.136.204.21]) by mx1.FreeBSD.org (Postfix) with ESMTP id 421C143D1F for ; Mon, 21 Mar 2005 11:01:58 +0000 (GMT) (envelope-from owner-bugmaster@freebsd.org) Received: from freefall.freebsd.org (localhost [127.0.0.1]) by freefall.freebsd.org (8.13.3/8.13.3) with ESMTP id j2LB1wSd014028 for ; Mon, 21 Mar 2005 11:01:58 GMT (envelope-from owner-bugmaster@freebsd.org) Received: (from peter@localhost) by freefall.freebsd.org (8.13.3/8.13.1/Submit) id j2LB1v6o014022 for ipfw@freebsd.org; Mon, 21 Mar 2005 11:01:57 GMT (envelope-from owner-bugmaster@freebsd.org) Date: Mon, 21 Mar 2005 11:01:57 GMT Message-Id: <200503211101.j2LB1v6o014022@freefall.freebsd.org> X-Authentication-Warning: freefall.freebsd.org: peter set sender to owner-bugmaster@freebsd.org using -f From: FreeBSD bugmaster To: ipfw@FreeBSD.org Subject: Current problem reports assigned to you X-BeenThere: freebsd-ipfw@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: IPFW Technical Discussions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 21 Mar 2005 11:01:58 -0000 Current FreeBSD problem reports Critical problems Serious problems S Submitted Tracker Resp. Description ------------------------------------------------------------------------------- o [2003/04/22] kern/51274 ipfw ipfw2 create dynamic rules with parent nu f [2003/04/24] kern/51341 ipfw ipfw rule 'deny icmp from any to any icmp o [2003/12/11] kern/60154 ipfw ipfw core (crash) o [2004/03/03] kern/63724 ipfw IPFW2 Queues dont t work f [2004/03/25] kern/64694 ipfw [ipfw] UID/GID matching in ipfw non-funct o [2004/11/13] kern/73910 ipfw [ipfw] serious bug on forwarding of packe o [2004/11/19] kern/74104 ipfw ipfw2/1 conflict not detected or reported o [2004/12/25] i386/75483 ipfw ipfw count does not count 8 problems total. Non-critical problems S Submitted Tracker Resp. Description ------------------------------------------------------------------------------- a [2001/04/13] kern/26534 ipfw Add an option to ipfw to log gid/uid of w o [2002/12/10] kern/46159 ipfw ipfw dynamic rules lifetime feature o [2003/02/11] kern/48172 ipfw ipfw does not log size and flags o [2003/03/10] kern/49086 ipfw [patch] Make ipfw2 log to different syslo o [2003/04/09] bin/50749 ipfw ipfw2 incorrectly parses ports and port r o [2003/08/26] kern/55984 ipfw [patch] time based firewalling support fo o [2003/12/30] kern/60719 ipfw ipfw: Headerless fragments generate cryp o [2004/08/03] kern/69963 ipfw ipfw: install_state warning about already o [2004/09/04] kern/71366 ipfw "ipfw fwd" sometimes rewrites destination 9 problems total. From owner-freebsd-ipfw@FreeBSD.ORG Thu Mar 24 13:34:09 2005 Return-Path: Delivered-To: freebsd-ipfw@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id E380E16A4CE for ; Thu, 24 Mar 2005 13:34:09 +0000 (GMT) Received: from ene.asda.gr (ene.asda.gr [193.92.118.161]) by mx1.FreeBSD.org (Postfix) with ESMTP id 740F543D1D for ; Thu, 24 Mar 2005 13:34:09 +0000 (GMT) (envelope-from lefty@ene.asda.gr) Received: by ene.asda.gr (Postfix, from userid 127) id D23EE11416; Thu, 24 Mar 2005 15:34:07 +0200 (EET) Received: from ene.asda.gr (lefty.ene.asda.gr [193.92.118.162]) (using SSLv3 with cipher RC4-MD5 (128/128 bits)) (Client CN "Lefteris Tsintjelis", Issuer "ASDA Root CA" (verified OK)) by ene.asda.gr (Postfix) with ESMTP id A76F611411 for ; Thu, 24 Mar 2005 15:34:04 +0200 (EET) Message-ID: <4242C1CA.2AF1BAAD@ene.asda.gr> Date: Thu, 24 Mar 2005 15:34:02 +0200 From: Lefteris Tsintjelis Organization: ASDA X-Mailer: Mozilla 4.8 [en] (Windows NT 5.0; U) X-Accept-Language: en,el MIME-Version: 1.0 To: freebsd-ipfw@freebsd.org Content-Type: text/plain; charset=iso-8859-7 Content-Transfer-Encoding: 7bit X-Spam-Checker-Version: SpamAssassin 3.0.2 (2004-11-16) on ene.asda.gr Subject: Denied broadcast packets in same interface with antispoofing X-BeenThere: freebsd-ipfw@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: IPFW Technical Discussions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 24 Mar 2005 13:34:10 -0000 Why are broadcast packets originating from the same interface denied access? Is this normal behavior or am I missing something here? FreeBSD 5.4-PRERELEASE #0: Thu Mar 17 16:41:58 EET 2005 ${fwcmd} add 400 deny log ip from any to any not antispoof in rl2: flags=8843 mtu 1500 inet 192.168.0.97 netmask 0xffffffe0 broadcast 192.168.0.127 /var/log/security: ipfw: 400 Deny ICMP:8.0 192.168.0.97 192.168.0.96 in via rl2 ipfw: 400 Deny ICMP:8.0 192.168.0.97 192.168.0.96 in via rl2 ipfw: 400 Deny ICMP:8.0 192.168.0.97 192.168.0.127 in via rl2 ipfw: 400 Deny ICMP:8.0 192.168.0.97 192.168.0.127 in via rl2 ipfw: 400 Deny UDP 192.168.0.97:123 192.168.0.127:123 in via rl2 Thanks in advance, Lefteris Tsintjelis From owner-freebsd-ipfw@FreeBSD.ORG Fri Mar 25 05:21:18 2005 Return-Path: Delivered-To: freebsd-ipfw@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 8ADD416A4CE for ; Fri, 25 Mar 2005 05:21:18 +0000 (GMT) Received: from ciao.gmane.org (main.gmane.org [80.91.229.2]) by mx1.FreeBSD.org (Postfix) with ESMTP id A5E4043D41 for ; Fri, 25 Mar 2005 05:21:17 +0000 (GMT) (envelope-from freebsd-ipfw@m.gmane.org) Received: from root by ciao.gmane.org with local (Exim 4.43) id 1DEhFh-0001Gs-UO for freebsd-ipfw@freebsd.org; Fri, 25 Mar 2005 06:20:59 +0100 Received: from 63-224-222-139.spkn.qwest.net ([63.224.222.139]) by main.gmane.org with esmtp (Gmexim 0.1 (Debian)) id 1AlnuQ-0007hv-00 for ; Fri, 25 Mar 2005 06:20:57 +0100 Received: from sergei by 63-224-222-139.spkn.qwest.net with local (Gmexim 0.1 (Debian)) id 1AlnuQ-0007hv-00 for ; Fri, 25 Mar 2005 06:20:57 +0100 X-Injected-Via-Gmane: http://gmane.org/ To: freebsd-ipfw@freebsd.org From: Sergei Gnezdov Date: Fri, 25 Mar 2005 05:07:30 +0000 (UTC) Lines: 18 Message-ID: X-Complaints-To: usenet@sea.gmane.org X-Gmane-NNTP-Posting-Host: 63-224-222-139.spkn.qwest.net User-Agent: slrn/0.9.8.1 (FreeBSD) Sender: news X-Gmane-MailScanner: Found to be clean X-Gmane-MailScanner: Found to be clean X-Gmane-MailScanner-SpamScore: s X-MailScanner-From: freebsd-ipfw@m.gmane.org X-MailScanner-To: freebsd-ipfw@freebsd.org Subject: DHCP with ipfw X-BeenThere: freebsd-ipfw@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list Reply-To: sergei@gnezdov.net List-Id: IPFW Technical Discussions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 25 Mar 2005 05:21:18 -0000 /etc/rc.conf: ifconfig_rl0="DHCP" firewall_type="client" firewall_enable="YES" When my machine boots firewall is initialized before DHCP obtains IP address. This results in incomplete firewall configuration. How do I fix this? My /etc/rc.firewall initialized with the following commands: net=`ifconfig rl0 | grep "inet " | awk '{print $6}'` mask="255.255.255.0" ip=`ifconfig rl0 | grep "inet " | awk '{print $2}'` From owner-freebsd-ipfw@FreeBSD.ORG Fri Mar 25 16:03:17 2005 Return-Path: Delivered-To: freebsd-ipfw@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id DF6F016A4CE for ; Fri, 25 Mar 2005 16:03:17 +0000 (GMT) Received: from mail1.wpi.edu (MAIL1.WPI.EDU [130.215.36.91]) by mx1.FreeBSD.org (Postfix) with ESMTP id 704E343D41 for ; Fri, 25 Mar 2005 16:03:17 +0000 (GMT) (envelope-from dmehta@WPI.EDU) Received: from mcafee.wpi.edu (MCAFEE.WPI.EDU [130.215.36.86]) by mail1.wpi.edu (8.13.3/8.13.3) with SMTP id j2PG3Gqg018733 for ; Fri, 25 Mar 2005 11:03:17 -0500 Received: from SMTP.WPI.EDU(130.215.36.186) by mcafee.wpi.edu via csmap id 730c29ec_9d47_11d9_8ddc_00304811e63a_8849; Fri, 25 Mar 2005 11:03:38 -0500 (EST) Received: from webmail.wpi.edu (UTILITY4.WPI.EDU [130.215.36.218]) by SMTP.WPI.EDU (8.13.3/8.13.3) with SMTP id j2PG3G4K029586 for ; Fri, 25 Mar 2005 11:03:16 -0500 Received: from 129.55.200.20 (SquirrelMail authenticated user dmehta) by webmail.WPI.EDU with HTTP; Fri, 25 Mar 2005 11:03:16 -0500 (EST) Message-ID: <42141.129.55.200.20.1111766596.squirrel@webmail.WPI.EDU> Date: Fri, 25 Mar 2005 11:03:16 -0500 (EST) From: dmehta@WPI.EDU To: freebsd-ipfw@freebsd.org User-Agent: SquirrelMail/1.4.2 MIME-Version: 1.0 Content-Type: text/plain;charset=iso-8859-1 Content-Transfer-Encoding: 8bit X-Priority: 3 Importance: Normal Subject: Dummynet errors X-BeenThere: freebsd-ipfw@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: IPFW Technical Discussions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 25 Mar 2005 16:03:18 -0000 Hi all, I am trying to use Dummynet on a modified FreeBSD 4.8 kernel. I have loaded Dummynet in to the kernel; and yes, I've confirmed this using sysctl and dmesg. I can add pipes fine, but pipe config returns the following error: # ipfw list 65535 allow ip from any to any # ipfw add pipe 1 ip from any to tc-le3 00100 pipe 1 ip from any to 172.18.1.103 # ipfw pipe 1 config delay 100ms ipfw: setsockopt(IP_DUMMYNET_CONFIGURE): Invalid argument Now I tried debugging this and the error is invoked in ip_dummynet.c here: case IP_DUMMYNET_CONFIGURE : p = &tmp_pipe ; error = sooptcopyin(sopt, p, sizeof *p, sizeof *p); if (error) break ; error = config_pipe(p); break ; inside the sooptcopyin() call which returns an EINVAL. Any ideas on what I should be doing? Thanks! Devan