From owner-freebsd-ipfw@FreeBSD.ORG Sun Feb 7 03:08:35 2010 Return-Path: Delivered-To: freebsd-ipfw@hub.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id CADD51065670; Sun, 7 Feb 2010 03:08:35 +0000 (UTC) (envelope-from linimon@FreeBSD.org) Received: from freefall.freebsd.org (freefall.freebsd.org [IPv6:2001:4f8:fff6::28]) by mx1.freebsd.org (Postfix) with ESMTP id A28668FC0A; Sun, 7 Feb 2010 03:08:35 +0000 (UTC) Received: from freefall.freebsd.org (localhost [127.0.0.1]) by freefall.freebsd.org (8.14.3/8.14.3) with ESMTP id o1738Zil089876; Sun, 7 Feb 2010 03:08:35 GMT (envelope-from linimon@freefall.freebsd.org) Received: (from linimon@localhost) by freefall.freebsd.org (8.14.3/8.14.3/Submit) id o1738Yup089872; Sun, 7 Feb 2010 03:08:34 GMT (envelope-from linimon) Date: Sun, 7 Feb 2010 03:08:34 GMT Message-Id: <201002070308.o1738Yup089872@freefall.freebsd.org> To: hidden@4you.lt, linimon@FreeBSD.org, freebsd-ipfw@FreeBSD.org, linimon@FreeBSD.org From: linimon@FreeBSD.org Cc: Subject: Re: kern/107305: [ipfw] ipfw fwd doesn't seem to work X-BeenThere: freebsd-ipfw@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: IPFW Technical Discussions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sun, 07 Feb 2010 03:08:35 -0000 Synopsis: [ipfw] ipfw fwd doesn't seem to work State-Changed-From-To: open->feedback State-Changed-By: linimon State-Changed-When: Sun Feb 7 03:07:43 UTC 2010 State-Changed-Why: To submitter: this PR is quite old. Did the suggestion fix your problem? Responsible-Changed-From-To: freebsd-ipfw->linimon Responsible-Changed-By: linimon Responsible-Changed-When: Sun Feb 7 03:07:43 UTC 2010 Responsible-Changed-Why: http://www.freebsd.org/cgi/query-pr.cgi?pr=107305 From owner-freebsd-ipfw@FreeBSD.ORG Sun Feb 7 03:09:21 2010 Return-Path: Delivered-To: freebsd-ipfw@hub.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 6B0741065676; Sun, 7 Feb 2010 03:09:21 +0000 (UTC) (envelope-from linimon@FreeBSD.org) Received: from freefall.freebsd.org (freefall.freebsd.org [IPv6:2001:4f8:fff6::28]) by mx1.freebsd.org (Postfix) with ESMTP id 420AB8FC08; Sun, 7 Feb 2010 03:09:21 +0000 (UTC) Received: from freefall.freebsd.org (localhost [127.0.0.1]) by freefall.freebsd.org (8.14.3/8.14.3) with ESMTP id o1739Lcn089930; Sun, 7 Feb 2010 03:09:21 GMT (envelope-from linimon@freefall.freebsd.org) Received: (from linimon@localhost) by freefall.freebsd.org (8.14.3/8.14.3/Submit) id o1739Kb1089926; Sun, 7 Feb 2010 03:09:20 GMT (envelope-from linimon) Date: Sun, 7 Feb 2010 03:09:20 GMT Message-Id: <201002070309.o1739Kb1089926@freefall.freebsd.org> To: seal@inar.ru, linimon@FreeBSD.org, freebsd-ipfw@FreeBSD.org, linimon@FreeBSD.org From: linimon@FreeBSD.org Cc: Subject: Re: kern/112708: [ipfw] ipfw is seems to be broken to limit number of connections X-BeenThere: freebsd-ipfw@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: IPFW Technical Discussions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sun, 07 Feb 2010 03:09:21 -0000 Synopsis: [ipfw] ipfw is seems to be broken to limit number of connections State-Changed-From-To: open->feedback State-Changed-By: linimon State-Changed-When: Sun Feb 7 03:08:41 UTC 2010 State-Changed-Why: To submitter: feedback was requested quite some time ago. Does this problem still persist? Responsible-Changed-From-To: freebsd-ipfw->linimon Responsible-Changed-By: linimon Responsible-Changed-When: Sun Feb 7 03:08:41 UTC 2010 Responsible-Changed-Why: http://www.freebsd.org/cgi/query-pr.cgi?pr=112708 From owner-freebsd-ipfw@FreeBSD.ORG Sun Feb 7 05:34:24 2010 Return-Path: Delivered-To: freebsd-ipfw@hub.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id E22A01065672; Sun, 7 Feb 2010 05:34:24 +0000 (UTC) (envelope-from linimon@FreeBSD.org) Received: from freefall.freebsd.org (freefall.freebsd.org [IPv6:2001:4f8:fff6::28]) by mx1.freebsd.org (Postfix) with ESMTP id B7E408FC12; Sun, 7 Feb 2010 05:34:24 +0000 (UTC) Received: from freefall.freebsd.org (localhost [127.0.0.1]) by freefall.freebsd.org (8.14.3/8.14.3) with ESMTP id o175YO9G025920; Sun, 7 Feb 2010 05:34:24 GMT (envelope-from linimon@freefall.freebsd.org) Received: (from linimon@localhost) by freefall.freebsd.org (8.14.3/8.14.3/Submit) id o175YOP8025916; Sun, 7 Feb 2010 05:34:24 GMT (envelope-from linimon) Date: Sun, 7 Feb 2010 05:34:24 GMT Message-Id: <201002070534.o175YOP8025916@freefall.freebsd.org> To: linimon@FreeBSD.org, freebsd-bugs@FreeBSD.org, freebsd-ipfw@FreeBSD.org From: linimon@FreeBSD.org Cc: Subject: Re: kern/143621: [ipfw] [dummynet] [patch] dummynet and vnet use results in panic X-BeenThere: freebsd-ipfw@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: IPFW Technical Discussions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sun, 07 Feb 2010 05:34:25 -0000 Old Synopsis: [patch] dummynet and vnet use results in panic New Synopsis: [ipfw] [dummynet] [patch] dummynet and vnet use results in panic Responsible-Changed-From-To: freebsd-bugs->freebsd-ipfw Responsible-Changed-By: linimon Responsible-Changed-When: Sun Feb 7 05:33:05 UTC 2010 Responsible-Changed-Why: Patch is actually against ipfw, so over to that mailing list, although perhaps it should get to net@. http://www.freebsd.org/cgi/query-pr.cgi?pr=143621 From owner-freebsd-ipfw@FreeBSD.ORG Sun Feb 7 15:11:42 2010 Return-Path: Delivered-To: freebsd-ipfw@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 9E4EF1065676; Sun, 7 Feb 2010 15:11:42 +0000 (UTC) (envelope-from hidden@4you.lt) Received: from mail-ew0-f211.google.com (mail-ew0-f211.google.com [209.85.219.211]) by mx1.freebsd.org (Postfix) with ESMTP id 151F88FC1D; Sun, 7 Feb 2010 15:11:41 +0000 (UTC) Received: by ewy3 with SMTP id 3so2784250ewy.13 for ; Sun, 07 Feb 2010 07:11:41 -0800 (PST) Received: by 10.213.1.143 with SMTP id 15mr4590258ebf.42.1265553662149; Sun, 07 Feb 2010 06:41:02 -0800 (PST) Received: from bluebird.local (lan-84-240-25-195.vln.skynet.lt [84.240.25.195]) by mx.google.com with ESMTPS id 16sm2385462ewy.6.2010.02.07.06.41.00 (version=SSLv3 cipher=OTHER); Sun, 07 Feb 2010 06:41:00 -0800 (PST) Date: Sun, 7 Feb 2010 16:40:55 +0200 From: Timofej Dod Organization: UAB "Eilorita", 4you.lt X-Priority: 3 (Normal) Message-ID: <1568495910.20100207164055@4you.lt> To: linimon@FreeBSD.org In-Reply-To: <201002070308.o1738Yup089872@freefall.freebsd.org> References: <201002070308.o1738Yup089872@freefall.freebsd.org> MIME-Version: 1.0 Content-Type: text/plain; charset=windows-1251 Content-Transfer-Encoding: 8bit Cc: freebsd-ipfw@FreeBSD.org Subject: Re: kern/107305: [ipfw] ipfw fwd doesn't seem to work X-BeenThere: freebsd-ipfw@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list Reply-To: Timofej Dod List-Id: IPFW Technical Discussions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sun, 07 Feb 2010 15:11:42 -0000 Hi, No. I've never managed it to work and that machine is no more. ------------------- lFo> Synopsis: [ipfw] ipfw fwd doesn't seem to work lFo> State-Changed-From-To: open->feedback lFo> State-Changed-By: linimon lFo> State-Changed-When: Sun Feb 7 03:07:43 UTC 2010 lFo> State-Changed-Why: lFo> To submitter: this PR is quite old. Did the suggestion fix your lFo> problem? lFo> Responsible-Changed-From-To: freebsd-ipfw->linimon lFo> Responsible-Changed-By: linimon lFo> Responsible-Changed-When: Sun Feb 7 03:07:43 UTC 2010 lFo> Responsible-Changed-Why: lFo> http://www.freebsd.org/cgi/query-pr.cgi?pr=107305 -- Timofej Dod From owner-freebsd-ipfw@FreeBSD.ORG Mon Feb 8 03:55:30 2010 Return-Path: Delivered-To: freebsd-ipfw@hub.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id CA579106566C; Mon, 8 Feb 2010 03:55:30 +0000 (UTC) (envelope-from linimon@FreeBSD.org) Received: from freefall.freebsd.org (freefall.freebsd.org [IPv6:2001:4f8:fff6::28]) by mx1.freebsd.org (Postfix) with ESMTP id A1FDA8FC16; Mon, 8 Feb 2010 03:55:30 +0000 (UTC) Received: from freefall.freebsd.org (localhost [127.0.0.1]) by freefall.freebsd.org (8.14.3/8.14.3) with ESMTP id o183tUWW078627; Mon, 8 Feb 2010 03:55:30 GMT (envelope-from linimon@freefall.freebsd.org) Received: (from linimon@localhost) by freefall.freebsd.org (8.14.3/8.14.3/Submit) id o183tUeA078623; Mon, 8 Feb 2010 03:55:30 GMT (envelope-from linimon) Date: Mon, 8 Feb 2010 03:55:30 GMT Message-Id: <201002080355.o183tUeA078623@freefall.freebsd.org> To: linimon@FreeBSD.org, freebsd-bugs@FreeBSD.org, freebsd-ipfw@FreeBSD.org From: linimon@FreeBSD.org Cc: Subject: Re: kern/143653: [ipfw] [patch] ipfw nat redirect_port "buf is too small" error X-BeenThere: freebsd-ipfw@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: IPFW Technical Discussions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 08 Feb 2010 03:55:30 -0000 Old Synopsis: ipfw nat redirect_port "buf is too small" error New Synopsis: [ipfw] [patch] ipfw nat redirect_port "buf is too small" error Responsible-Changed-From-To: freebsd-bugs->freebsd-ipfw Responsible-Changed-By: linimon Responsible-Changed-When: Mon Feb 8 03:54:50 UTC 2010 Responsible-Changed-Why: Over to maintainer(s). http://www.freebsd.org/cgi/query-pr.cgi?pr=143653 From owner-freebsd-ipfw@FreeBSD.ORG Mon Feb 8 11:06:58 2010 Return-Path: Delivered-To: freebsd-ipfw@FreeBSD.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id DF1481065676 for ; Mon, 8 Feb 2010 11:06:58 +0000 (UTC) (envelope-from owner-bugmaster@FreeBSD.org) Received: from freefall.freebsd.org (freefall.freebsd.org [IPv6:2001:4f8:fff6::28]) by mx1.freebsd.org (Postfix) with ESMTP id CE76D8FC1A for ; Mon, 8 Feb 2010 11:06:58 +0000 (UTC) Received: from freefall.freebsd.org (localhost [127.0.0.1]) by freefall.freebsd.org (8.14.3/8.14.3) with ESMTP id o18B6w9j087421 for ; Mon, 8 Feb 2010 11:06:58 GMT (envelope-from owner-bugmaster@FreeBSD.org) Received: (from gnats@localhost) by freefall.freebsd.org (8.14.3/8.14.3/Submit) id o18B6wZb087419 for freebsd-ipfw@FreeBSD.org; Mon, 8 Feb 2010 11:06:58 GMT (envelope-from owner-bugmaster@FreeBSD.org) Date: Mon, 8 Feb 2010 11:06:58 GMT Message-Id: <201002081106.o18B6wZb087419@freefall.freebsd.org> X-Authentication-Warning: freefall.freebsd.org: gnats set sender to owner-bugmaster@FreeBSD.org using -f From: FreeBSD bugmaster To: freebsd-ipfw@FreeBSD.org Cc: Subject: Current problem reports assigned to freebsd-ipfw@FreeBSD.org X-BeenThere: freebsd-ipfw@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: IPFW Technical Discussions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 08 Feb 2010 11:06:59 -0000 Note: to view an individual PR, use: http://www.freebsd.org/cgi/query-pr.cgi?pr=(number). The following is a listing of current problems submitted by FreeBSD users. These represent problem reports covering all versions including experimental development code and obsolete releases. S Tracker Resp. Description -------------------------------------------------------------------------------- o kern/143653 ipfw [ipfw] [patch] ipfw nat redirect_port "buf is too smal o kern/143621 ipfw [ipfw] [dummynet] [patch] dummynet and vnet use result o kern/143474 ipfw [ipfw] ipfw table contains the same address o kern/139581 ipfw [ipfw] "ipfw pipe" not limiting bandwidth o kern/139226 ipfw [ipfw] install_state: entry already present, done o kern/137346 ipfw [ipfw] ipfw nat redirect_proto is broken o kern/137232 ipfw [ipfw] parser troubles o kern/136695 ipfw [ipfw] [patch] fwd reached after skipto in dynamic rul o kern/135476 ipfw [ipfw] IPFW table breaks after adding a large number o o bin/134975 ipfw [patch] ipfw(8) can't work with set in rule file. o kern/132553 ipfw [ipfw] ipfw doesn't understand ftp-data port o kern/131817 ipfw [ipfw] blocks layer2 packets that should not be blocke o kern/131601 ipfw [ipfw] [panic] 7-STABLE panic in nat_finalise (tcp=0) o kern/131558 ipfw [ipfw] Inconsistent "via" ipfw behavior o bin/130132 ipfw [patch] ipfw(8): no way to get mask from ipfw pipe sho o kern/129103 ipfw [ipfw] IPFW check state does not work =( o kern/129093 ipfw [ipfw] ipfw nat must not drop packets o kern/129036 ipfw [ipfw] 'ipfw fwd' does not change outgoing interface n o kern/128260 ipfw [ipfw] [patch] ipfw_divert damages IPv6 packets o kern/127230 ipfw [ipfw] [patch] Feature request to add UID and/or GID l o kern/127209 ipfw [ipfw] IPFW table become corrupted after many changes o bin/125370 ipfw [ipfw] [patch] increase a line buffer limit o conf/123119 ipfw [patch] rc script for ipfw does not handle IPv6 o kern/122963 ipfw [ipfw] tcpdump does not show packets redirected by 'ip s kern/121807 ipfw [request] TCP and UDP port_table in ipfw o kern/121382 ipfw [dummynet]: 6.3-RELEASE-p1 page fault in dummynet (cor o kern/121122 ipfw [ipfw] [patch] add support to ToS IP PRECEDENCE fields o kern/118993 ipfw [ipfw] page fault - probably it's a locking problem o bin/117214 ipfw ipfw(8) fwd with IPv6 treats input as IPv4 o kern/116009 ipfw [ipfw] [patch] Ignore errors when loading ruleset from o bin/115172 ipfw [patch] ipfw(8) list show some rules with a wrong form o docs/113803 ipfw [patch] ipfw(8) - don't get bitten by the fwd rule p kern/113388 ipfw [ipfw] [patch] Addition actions with rules within spec o kern/112561 ipfw [ipfw] ipfw fwd does not work with some TCP packets o kern/105330 ipfw [ipfw] [patch] ipfw (dummynet) does not allow to set q o bin/104921 ipfw [patch] ipfw(8) sometimes treats ipv6 input as ipv4 (a o kern/104682 ipfw [ipfw] [patch] Some minor language consistency fixes a o kern/103454 ipfw [ipfw] [patch] [request] add a facility to modify DF b o kern/103328 ipfw [ipfw] [request] sugestions about ipfw table o kern/102471 ipfw [ipfw] [patch] add tos and dscp support o kern/98831 ipfw [ipfw] ipfw has UDP hickups o kern/97951 ipfw [ipfw] [patch] ipfw does not tie interface details to o kern/97504 ipfw [ipfw] IPFW Rules bug o kern/95084 ipfw [ipfw] [regression] [patch] IPFW2 ignores "recv/xmit/v o kern/93300 ipfw [ipfw] ipfw pipe lost packets o kern/91847 ipfw [ipfw] ipfw with vlanX as the device o kern/88659 ipfw [modules] ipfw and ip6fw do not work properly as modul o kern/87032 ipfw [ipfw] [patch] ipfw ioctl interface implementation o kern/86957 ipfw [ipfw] [patch] ipfw mac logging o kern/82724 ipfw [ipfw] [patch] [request] Add setnexthop and defaultrou s kern/80642 ipfw [ipfw] [patch] ipfw small patch - new RULE OPTION o bin/78785 ipfw [patch] ipfw(8) verbosity locks machine if /etc/rc.fir o kern/74104 ipfw [ipfw] ipfw2/1 conflict not detected or reported, manp o kern/73910 ipfw [ipfw] serious bug on forwarding of packets after NAT o kern/72987 ipfw [ipfw] ipfw/dummynet pipe/queue 'queue [BYTES]KBytes ( o kern/71366 ipfw [ipfw] "ipfw fwd" sometimes rewrites destination mac a o kern/69963 ipfw [ipfw] install_state warning about already existing en o kern/60719 ipfw [ipfw] Headerless fragments generate cryptic error mes o kern/55984 ipfw [ipfw] [patch] time based firewalling support for ipfw o kern/51274 ipfw [ipfw] [patch] ipfw2 create dynamic rules with parent o kern/48172 ipfw [ipfw] [patch] ipfw does not log size and flags o kern/46159 ipfw [ipfw] [patch] [request] ipfw dynamic rules lifetime f a kern/26534 ipfw [ipfw] Add an option to ipfw to log gid/uid of who cau 63 problems total. From owner-freebsd-ipfw@FreeBSD.ORG Tue Feb 9 18:05:29 2010 Return-Path: Delivered-To: ipfw@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 64B001065676 for ; Tue, 9 Feb 2010 18:05:29 +0000 (UTC) (envelope-from roberthuff@rcn.com) Received: from smtp02.lnh.mail.rcn.net (smtp02.lnh.mail.rcn.net [207.172.157.102]) by mx1.freebsd.org (Postfix) with ESMTP id 1C82A8FC12 for ; Tue, 9 Feb 2010 18:05:28 +0000 (UTC) Received: from mr02.lnh.mail.rcn.net ([207.172.157.22]) by smtp02.lnh.mail.rcn.net with ESMTP; 09 Feb 2010 12:36:00 -0500 Received: from smtp01.lnh.mail.rcn.net (smtp01.lnh.mail.rcn.net [207.172.4.11]) by mr02.lnh.mail.rcn.net (MOS 3.10.7-GA) with ESMTP id QMJ23399; Tue, 9 Feb 2010 12:35:25 -0500 (EST) Received: from 209-6-91-204.c3-0.smr-ubr1.sbo-smr.ma.cable.rcn.com (HELO jerusalem.litteratus.org.litteratus.org) ([209.6.91.204]) by smtp01.lnh.mail.rcn.net with ESMTP; 09 Feb 2010 12:35:24 -0500 From: Robert Huff MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit Message-ID: <19313.40155.85381.966808@jerusalem.litteratus.org> Date: Tue, 9 Feb 2010 12:35:23 -0500 To: ipfw@freebsd.org X-Mailer: VM 7.17 under 21.5 (beta28) "fuki" XEmacs Lucid X-Junkmail-Whitelist: YES (by domain whitelist at mr02.lnh.mail.rcn.net) Cc: Subject: enabling NAT under -CURRENT X-BeenThere: freebsd-ipfw@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: IPFW Technical Discussions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 09 Feb 2010 18:05:29 -0000 (Please CC: me, as I am not subscribed.) Hello: I'm rebuilding a machine with today's source, and have run into a confusion. Section 30.6.1 of the Handbook says: IPFW is included in the basic FreeBSD install as a separate run time loadable module. The system will dynamically load the kernel module when the rc.conf statement firewall_enable="YES" is used. There is no need to compile IPFW into the FreeBSD kernel unless NAT functionality is desired. Section 30.6.2 of the Handbook says: options IPDIVERT This enables the use of NAT functionality. However, section 31.9.3 says: The kernel features for network address translation with natd(8) are not enabled in the GENERIC kernel, but they can be preloaded at boot time, by adding a couple of options to /boot/loader.conf: ipfw_load="YES" ipdivert_load="YES" Also: huff@> find /boot/kernel -name "ipf*.ko" /boot/kernel/ipfw.ko /boot/kernel/ipfw_nat.ko ????? What is the current working and prefered way to get ipfw+NAT working? Respectfully, Robert Huff From owner-freebsd-ipfw@FreeBSD.ORG Fri Feb 12 10:39:10 2010 Return-Path: Delivered-To: freebsd-ipfw@FreeBSD.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id CA336106566C; Fri, 12 Feb 2010 10:39:10 +0000 (UTC) (envelope-from bu7cher@yandex.ru) Received: from forward11.mail.yandex.net (forward11.mail.yandex.net [95.108.130.93]) by mx1.freebsd.org (Postfix) with ESMTP id 778E48FC0A; Fri, 12 Feb 2010 10:39:10 +0000 (UTC) Received: from smtp1.mail.yandex.net (smtp1.mail.yandex.net [77.88.46.101]) by forward11.mail.yandex.net (Yandex) with ESMTP id 5D3CDF490D8; Fri, 12 Feb 2010 13:25:24 +0300 (MSK) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=yandex.ru; s=mail; t=1265970324; bh=f6oTECAQkVuCKHrABfxWdWQd8rqQOjWJbZFRsEwtnDw=; h=Message-ID:Date:From:MIME-Version:To:CC:Subject:References: In-Reply-To:Content-Type:Content-Transfer-Encoding; b=ljKfBQggP3b1xIb8WExq/PklaYRaWJ+STqB2GUfWrDCaVIdgVS1Q8yomp1SbcHMk3 5rvEk3tyObzuxQN9W6VbEpkEklTBrO+RjD+c9Y8hK9ddMF5SKJ5uik3FIHBeC2m1TG K5uvtQspjr7+HGjw4SJtNMgdRyLJbstM258XjEu4= Received: from [127.0.0.1] (ns.kirov.so-ups.ru [77.72.136.145]) by smtp1.mail.yandex.net (Yandex) with ESMTPSA id 55C4AE60155; Fri, 12 Feb 2010 13:25:23 +0300 (MSK) Message-ID: <4B752C92.30705@yandex.ru> Date: Fri, 12 Feb 2010 13:25:22 +0300 From: "Andrey V. Elsukov" User-Agent: Mozilla Thunderbird 1.5 (FreeBSD/20051231) MIME-Version: 1.0 To: Luigi Rizzo References: <200912221901.nBMJ1mXQ072673@svn.freebsd.org> In-Reply-To: <200912221901.nBMJ1mXQ072673@svn.freebsd.org> Content-Type: text/plain; charset=KOI8-R; format=flowed Content-Transfer-Encoding: 7bit X-Yandex-TimeMark: 1265970323 X-Yandex-Spam: 1 X-Yandex-Front: smtp1.mail.yandex.net Cc: freebsd-ipfw@FreeBSD.org, svn-src-all@freebsd.org Subject: Re: svn commit: r200855 - in head/sys: net netgraph netinet netinet/ipfw X-BeenThere: freebsd-ipfw@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: IPFW Technical Discussions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 12 Feb 2010 10:39:10 -0000 On 22.12.2009 22:01, Luigi Rizzo wrote: > Author: luigi > Date: Tue Dec 22 19:01:47 2009 > New Revision: 200855 > URL: http://svn.freebsd.org/changeset/base/200855 > > Log: > merge code from ipfw3-head to reduce contention on the ipfw lock > and remove all O(N) sequences from kernel critical sections in ipfw. > > In detail: > > 1. introduce a IPFW_UH_LOCK to arbitrate requests from > the upper half of the kernel. Some things, such as 'ipfw show', > can be done holding this lock in read mode, whereas insert and > delete require IPFW_UH_WLOCK. > > The only (very small) regression is on dynamic rule lookup and this will > be fixed in a day or two, without changing the userland/kernel ABI > > Supported by: Valeria Paoli > MFC after: 1 month > > Modified: > head/sys/netinet/ipfw/ip_fw_sockopt.c Hi, Luigi. This commit also broke `ipfw set show` operation. It always show all sets enabled, because IP_FW_GET command gets small buffer and after calculating wanted size it returns back without copying anything. -- WBR, Andrey V. Elsukov