From owner-freebsd-ipfw@FreeBSD.ORG Mon Jun 13 02:16:01 2011
Return-Path: <owner-freebsd-ipfw@FreeBSD.ORG>
Delivered-To: freebsd-ipfw@hub.freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34])
by hub.freebsd.org (Postfix) with ESMTP id 07C471065672;
Mon, 13 Jun 2011 02:16:01 +0000 (UTC)
(envelope-from linimon@FreeBSD.org)
Received: from freefall.freebsd.org (freefall.freebsd.org
[IPv6:2001:4f8:fff6::28])
by mx1.freebsd.org (Postfix) with ESMTP id D3B9E8FC17;
Mon, 13 Jun 2011 02:16:00 +0000 (UTC)
Received: from freefall.freebsd.org (localhost [127.0.0.1])
by freefall.freebsd.org (8.14.4/8.14.4) with ESMTP id p5D2G0HI071459;
Mon, 13 Jun 2011 02:16:00 GMT
(envelope-from linimon@freefall.freebsd.org)
Received: (from linimon@localhost)
by freefall.freebsd.org (8.14.4/8.14.4/Submit) id p5D2G0df071455;
Mon, 13 Jun 2011 02:16:00 GMT (envelope-from linimon)
Date: Mon, 13 Jun 2011 02:16:00 GMT
Message-Id: <201106130216.p5D2G0df071455@freefall.freebsd.org>
To: linimon@FreeBSD.org, freebsd-bugs@FreeBSD.org, freebsd-ipfw@FreeBSD.org
From: linimon@FreeBSD.org
Cc:
Subject: Re: kern/157796: [ipfw] IPFW in-kernel NAT nat loopback / Default
Router Changes Unexpectedly
X-BeenThere: freebsd-ipfw@freebsd.org
X-Mailman-Version: 2.1.5
Precedence: list
List-Id: IPFW Technical Discussions <freebsd-ipfw.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-ipfw>,
<mailto:freebsd-ipfw-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-ipfw>
List-Post: <mailto:freebsd-ipfw@freebsd.org>
List-Help: <mailto:freebsd-ipfw-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-ipfw>,
<mailto:freebsd-ipfw-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Mon, 13 Jun 2011 02:16:01 -0000
Old Synopsis: IPFW in-kernel NAT nat loopback / Default Router Changes Unexpectedly
New Synopsis: [ipfw] IPFW in-kernel NAT nat loopback / Default Router Changes Unexpectedly
Responsible-Changed-From-To: freebsd-bugs->freebsd-ipfw
Responsible-Changed-By: linimon
Responsible-Changed-When: Mon Jun 13 02:15:48 UTC 2011
Responsible-Changed-Why:
Over to maintainer(s).
http://www.freebsd.org/cgi/query-pr.cgi?pr=157796
From owner-freebsd-ipfw@FreeBSD.ORG Mon Jun 13 06:37:10 2011
Return-Path: <owner-freebsd-ipfw@FreeBSD.ORG>
Delivered-To: freebsd-ipfw@freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34])
by hub.freebsd.org (Postfix) with ESMTP id C1FD4106564A
for <freebsd-ipfw@freebsd.org>; Mon, 13 Jun 2011 06:37:10 +0000 (UTC)
(envelope-from smithi@nimnet.asn.au)
Received: from sola.nimnet.asn.au (paqi.nimnet.asn.au [115.70.110.159])
by mx1.freebsd.org (Postfix) with ESMTP id 382288FC0C
for <freebsd-ipfw@freebsd.org>; Mon, 13 Jun 2011 06:37:09 +0000 (UTC)
Received: from localhost (localhost [127.0.0.1])
by sola.nimnet.asn.au (8.14.2/8.14.2) with ESMTP id p5D6Q8o4028082;
Mon, 13 Jun 2011 16:26:08 +1000 (EST)
(envelope-from smithi@nimnet.asn.au)
Date: Mon, 13 Jun 2011 16:26:08 +1000 (EST)
From: Ian Smith <smithi@nimnet.asn.au>
To: Ozkan KIRIK <ozkan.kirik@gmail.com>
In-Reply-To: <201106130216.p5D2G0df071455@freefall.freebsd.org>
Message-ID: <20110613153843.E34384@sola.nimnet.asn.au>
References: <201106130216.p5D2G0df071455@freefall.freebsd.org>
MIME-Version: 1.0
Content-Type: TEXT/PLAIN; charset=US-ASCII
Cc: freebsd-ipfw@freebsd.org
Subject: Re: kern/157796: [ipfw] IPFW in-kernel NAT nat loopback / Default
Router Changes Unexpectedly
X-BeenThere: freebsd-ipfw@freebsd.org
X-Mailman-Version: 2.1.5
Precedence: list
List-Id: IPFW Technical Discussions <freebsd-ipfw.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-ipfw>,
<mailto:freebsd-ipfw-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-ipfw>
List-Post: <mailto:freebsd-ipfw@freebsd.org>
List-Help: <mailto:freebsd-ipfw-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-ipfw>,
<mailto:freebsd-ipfw-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Mon, 13 Jun 2011 06:37:10 -0000
On Mon, 13 Jun 2011, linimon@freebsd.org wrote:
> http://www.freebsd.org/cgi/query-pr.cgi?pr=157796
Ozkan,
I'm not replying to your PR directly as this is purely speculative; I
have no idea about your default route changing. However your ruleset
raises a couple of possible issues:
> When a packet injects into ipfw in-kernel nat more then once,
> operating systems behave abnormally.
>
> Let's inspect the ruleset below:
>
> ipfw table 12 add 10.0.14.1/32 33
> ipfw table 13 add 193.X.128.30/32 33
>
> ipfw nat 33 config redirect_addr 10.0.14.1 193.X.128.30
> ipfw nat 799 config ip 3.3.3.3 reverse
>
> 55000 nat tablearg ip from table(12) to not 3.3.3.3 via em3
> 55000 nat tablearg ip from any to table(13) via em3
> 55000 nat 799 ip from any to table(13) not via em3
> 55000 nat tablearg ip from 3.3.3.3 to table(13)
> 55000 nat tablearg ip from table(12) to 3.3.3.3
> 55000 nat 799 ip from table(13) to 3.3.3.3
Firstly, if ipfw nat behaves the same as divert+natd in this respect,
and assuming net.inet.ip.fw.one_pass=0 from your description, then any
nat diversion would result in reentry of the ruleset at the next rule
with a higher rule number, not at the next sequential rule with the same
number. I've never been certain whether that's also true with ipfw nat,
but renumbering subsequent rules as 55001 etc would soon rule that out.
Secondly, I assume you're aware that 'via em3' on any outbound packets
applies to packets that were either received on or are being transmitted
on em3? It's often better to disambiguate 'via' with 'recv' and 'xmit'.
HTH, Ian
From owner-freebsd-ipfw@FreeBSD.ORG Mon Jun 13 11:07:05 2011
Return-Path: <owner-freebsd-ipfw@FreeBSD.ORG>
Delivered-To: freebsd-ipfw@FreeBSD.org
Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34])
by hub.freebsd.org (Postfix) with ESMTP id E6B0D1065679
for <freebsd-ipfw@FreeBSD.org>; Mon, 13 Jun 2011 11:07:05 +0000 (UTC)
(envelope-from owner-bugmaster@FreeBSD.org)
Received: from freefall.freebsd.org (freefall.freebsd.org
[IPv6:2001:4f8:fff6::28])
by mx1.freebsd.org (Postfix) with ESMTP id D540B8FC1A
for <freebsd-ipfw@FreeBSD.org>; Mon, 13 Jun 2011 11:07:05 +0000 (UTC)
Received: from freefall.freebsd.org (localhost [127.0.0.1])
by freefall.freebsd.org (8.14.4/8.14.4) with ESMTP id p5DB750d092101
for <freebsd-ipfw@FreeBSD.org>; Mon, 13 Jun 2011 11:07:05 GMT
(envelope-from owner-bugmaster@FreeBSD.org)
Received: (from gnats@localhost)
by freefall.freebsd.org (8.14.4/8.14.4/Submit) id p5DB75k1092099
for freebsd-ipfw@FreeBSD.org; Mon, 13 Jun 2011 11:07:05 GMT
(envelope-from owner-bugmaster@FreeBSD.org)
Date: Mon, 13 Jun 2011 11:07:05 GMT
Message-Id: <201106131107.p5DB75k1092099@freefall.freebsd.org>
X-Authentication-Warning: freefall.freebsd.org: gnats set sender to
owner-bugmaster@FreeBSD.org using -f
From: FreeBSD bugmaster <bugmaster@FreeBSD.org>
To: freebsd-ipfw@FreeBSD.org
Cc:
Subject: Current problem reports assigned to freebsd-ipfw@FreeBSD.org
X-BeenThere: freebsd-ipfw@freebsd.org
X-Mailman-Version: 2.1.5
Precedence: list
List-Id: IPFW Technical Discussions <freebsd-ipfw.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-ipfw>,
<mailto:freebsd-ipfw-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-ipfw>
List-Post: <mailto:freebsd-ipfw@freebsd.org>
List-Help: <mailto:freebsd-ipfw-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-ipfw>,
<mailto:freebsd-ipfw-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Mon, 13 Jun 2011 11:07:06 -0000
Note: to view an individual PR, use:
http://www.freebsd.org/cgi/query-pr.cgi?pr=(number).
The following is a listing of current problems submitted by FreeBSD users.
These represent problem reports covering all versions including
experimental development code and obsolete releases.
S Tracker Resp. Description
--------------------------------------------------------------------------------
o kern/157796 ipfw [ipfw] IPFW in-kernel NAT nat loopback / Default Route
o kern/157689 ipfw [ipfw] ipfw nat config does not accept nonexistent int
p kern/157379 ipfw [ipfw] mtr does not work if I use ipfw nat
o kern/157239 ipfw [ipfw] [dummynet] ipfw + dummynet corrupts ipv6 packet
o kern/156770 ipfw [ipfw] [dummynet] [patch]: performance improvement and
o bin/156653 ipfw ipfw(8) reports missing file as parameter problem
p kern/156410 ipfw [patch][ipfw] tablearg option for ipfw setfib
o kern/155927 ipfw [ipfw] ipfw stops to check packets for compliance with
o bin/153252 ipfw [ipfw][patch] ipfw lockdown system in subsequent call
o kern/153161 ipfw IPFIREWALL does not allow specify rules with ICMP code
o kern/152113 ipfw [ipfw] page fault on 8.1-RELEASE caused by certain amo
p kern/150798 ipfw [ipfw] ipfw2 fwd rule matches packets but does not do
o kern/148827 ipfw [ipfw] divert broken with in-kernel ipfw
o kern/148689 ipfw [ipfw] antispoof wrongly triggers on link local IPv6 a
o kern/148430 ipfw [ipfw] IPFW schedule delete broken.
f kern/148157 ipfw [ipfw] IPFW in kernel nat BUG found in FreeBSD 8.1-PRE
o kern/148091 ipfw [ipfw] ipfw ipv6 handling broken.
o kern/147720 ipfw [ipfw] ipfw dynamic rules and fwd
o kern/145305 ipfw [ipfw] ipfw problems, panics, data corruption, ipv6 so
o kern/144269 ipfw [ipfw] problem with ipfw tables
o kern/144187 ipfw [ipfw] deadlock using multiple ipfw nat and multiple l
o kern/143973 ipfw [ipfw] [panic] ipfw forward option causes kernel reboo
o kern/143621 ipfw [ipfw] [dummynet] [patch] dummynet and vnet use result
o kern/143474 ipfw [ipfw] ipfw table contains the same address
o kern/137346 ipfw [ipfw] ipfw nat redirect_proto is broken
o kern/137232 ipfw [ipfw] parser troubles
p kern/136695 ipfw [ipfw] [patch] fwd reached after skipto in dynamic rul
o kern/135476 ipfw [ipfw] IPFW table breaks after adding a large number o
p bin/134975 ipfw [patch] ipfw(8) can't work with set in rule file.
o kern/131817 ipfw [ipfw] blocks layer2 packets that should not be blocke
o kern/131558 ipfw [ipfw] Inconsistent "via" ipfw behavior
f bin/130132 ipfw [patch] ipfw(8): no way to get mask from ipfw pipe sho
o kern/129103 ipfw [ipfw] IPFW check state does not work =(
p kern/129093 ipfw [ipfw] ipfw nat must not drop packets
o kern/129036 ipfw [ipfw] 'ipfw fwd' does not change outgoing interface n
o kern/128260 ipfw [ipfw] [patch] ipfw_divert damages IPv6 packets
o kern/127230 ipfw [ipfw] [patch] Feature request to add UID and/or GID l
o kern/127209 ipfw [ipfw] IPFW table become corrupted after many changes
p bin/125370 ipfw [ipfw] [patch] increase a line buffer limit
o conf/123119 ipfw [patch] rc script for ipfw does not handle IPv6
o kern/122963 ipfw [ipfw] tcpdump does not show packets redirected by 'ip
p kern/122109 ipfw [ipfw] ipfw nat traceroute problem
s kern/121807 ipfw [request] TCP and UDP port_table in ipfw
o kern/121382 ipfw [dummynet] 6.3-RELEASE-p1 page fault in dummynet (corr
o kern/121122 ipfw [ipfw] [patch] add support to ToS IP PRECEDENCE fields
o kern/118993 ipfw [ipfw] page fault - probably it's a locking problem
o bin/117214 ipfw ipfw(8) fwd with IPv6 treats input as IPv4
o kern/116009 ipfw [ipfw] [patch] Ignore errors when loading ruleset from
o docs/113803 ipfw [patch] ipfw(8) - don't get bitten by the fwd rule
f kern/112561 ipfw [ipfw] ipfw fwd does not work with some TCP packets
o bin/104921 ipfw [patch] ipfw(8) sometimes treats ipv6 input as ipv4 (a
o kern/104682 ipfw [ipfw] [patch] Some minor language consistency fixes a
o kern/103454 ipfw [ipfw] [patch] [request] add a facility to modify DF b
o kern/103328 ipfw [ipfw] [request] sugestions about ipfw table
o kern/102471 ipfw [ipfw] [patch] add tos and dscp support
f kern/98831 ipfw [ipfw] ipfw has UDP hickups
o kern/97951 ipfw [ipfw] [patch] ipfw does not tie interface details to
o kern/95084 ipfw [ipfw] [regression] [patch] IPFW2 ignores "recv/xmit/v
f kern/93300 ipfw [ipfw] ipfw pipe lost packets
o kern/91847 ipfw [ipfw] ipfw with vlanX as the device
o kern/86957 ipfw [ipfw] [patch] ipfw mac logging
o bin/83046 ipfw [ipfw] ipfw2 error: "setup" is allowed for icmp, but s
o kern/82724 ipfw [ipfw] [patch] [request] Add setnexthop and defaultrou
o bin/78785 ipfw [patch] ipfw(8) verbosity locks machine if /etc/rc.fir
f kern/73910 ipfw [ipfw] serious bug on forwarding of packets after NAT
f kern/72987 ipfw [ipfw] ipfw/dummynet pipe/queue 'queue [BYTES]KBytes (
f kern/71366 ipfw [ipfw] "ipfw fwd" sometimes rewrites destination mac a
o kern/60719 ipfw [ipfw] Headerless fragments generate cryptic error mes
o kern/55984 ipfw [ipfw] [patch] time based firewalling support for ipfw
o kern/48172 ipfw [ipfw] [patch] ipfw does not log size and flags
o kern/46159 ipfw [ipfw] [patch] [request] ipfw dynamic rules lifetime f
a kern/26534 ipfw [ipfw] Add an option to ipfw to log gid/uid of who cau
72 problems total.
From owner-freebsd-ipfw@FreeBSD.ORG Tue Jun 14 04:38:37 2011
Return-Path: <owner-freebsd-ipfw@FreeBSD.ORG>
Delivered-To: freebsd-ipfw@hub.freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34])
by hub.freebsd.org (Postfix) with ESMTP id 539CE1065670;
Tue, 14 Jun 2011 04:38:37 +0000 (UTC) (envelope-from ae@FreeBSD.org)
Received: from freefall.freebsd.org (freefall.freebsd.org
[IPv6:2001:4f8:fff6::28])
by mx1.freebsd.org (Postfix) with ESMTP id 2C9848FC08;
Tue, 14 Jun 2011 04:38:37 +0000 (UTC)
Received: from freefall.freebsd.org (localhost [127.0.0.1])
by freefall.freebsd.org (8.14.4/8.14.4) with ESMTP id p5E4cb3w071379;
Tue, 14 Jun 2011 04:38:37 GMT (envelope-from ae@freefall.freebsd.org)
Received: (from ae@localhost)
by freefall.freebsd.org (8.14.4/8.14.4/Submit) id p5E4caHD071375;
Tue, 14 Jun 2011 04:38:36 GMT (envelope-from ae)
Date: Tue, 14 Jun 2011 04:38:36 GMT
Message-Id: <201106140438.p5E4caHD071375@freefall.freebsd.org>
To: melifaro@ipfw.ru, ae@FreeBSD.org, freebsd-ipfw@FreeBSD.org
From: ae@FreeBSD.org
Cc:
Subject: Re: kern/156410: [patch][ipfw] tablearg option for ipfw setfib
X-BeenThere: freebsd-ipfw@freebsd.org
X-Mailman-Version: 2.1.5
Precedence: list
List-Id: IPFW Technical Discussions <freebsd-ipfw.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-ipfw>,
<mailto:freebsd-ipfw-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-ipfw>
List-Post: <mailto:freebsd-ipfw@freebsd.org>
List-Help: <mailto:freebsd-ipfw-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-ipfw>,
<mailto:freebsd-ipfw-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Tue, 14 Jun 2011 04:38:37 -0000
Synopsis: [patch][ipfw] tablearg option for ipfw setfib
State-Changed-From-To: patched->closed
State-Changed-By: ae
State-Changed-When: Tue Jun 14 04:38:12 UTC 2011
State-Changed-Why:
Merged to stable/8. Thanks!
http://www.freebsd.org/cgi/query-pr.cgi?pr=156410
From owner-freebsd-ipfw@FreeBSD.ORG Tue Jun 14 04:40:09 2011
Return-Path: <owner-freebsd-ipfw@FreeBSD.ORG>
Delivered-To: freebsd-ipfw@hub.freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34])
by hub.freebsd.org (Postfix) with ESMTP id D545B106566B
for <freebsd-ipfw@hub.freebsd.org>;
Tue, 14 Jun 2011 04:40:09 +0000 (UTC)
(envelope-from gnats@FreeBSD.org)
Received: from freefall.freebsd.org (freefall.freebsd.org
[IPv6:2001:4f8:fff6::28])
by mx1.freebsd.org (Postfix) with ESMTP id C4E988FC13
for <freebsd-ipfw@hub.freebsd.org>;
Tue, 14 Jun 2011 04:40:09 +0000 (UTC)
Received: from freefall.freebsd.org (localhost [127.0.0.1])
by freefall.freebsd.org (8.14.4/8.14.4) with ESMTP id p5E4e9a0071464
for <freebsd-ipfw@freefall.freebsd.org>; Tue, 14 Jun 2011 04:40:09 GMT
(envelope-from gnats@freefall.freebsd.org)
Received: (from gnats@localhost)
by freefall.freebsd.org (8.14.4/8.14.4/Submit) id p5E4e9La071463;
Tue, 14 Jun 2011 04:40:09 GMT (envelope-from gnats)
Date: Tue, 14 Jun 2011 04:40:09 GMT
Message-Id: <201106140440.p5E4e9La071463@freefall.freebsd.org>
To: freebsd-ipfw@FreeBSD.org
From: dfilter@FreeBSD.ORG (dfilter service)
Cc:
Subject: Re: kern/156410: commit references a PR
X-BeenThere: freebsd-ipfw@freebsd.org
X-Mailman-Version: 2.1.5
Precedence: list
Reply-To: dfilter service <dfilter@FreeBSD.ORG>
List-Id: IPFW Technical Discussions <freebsd-ipfw.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-ipfw>,
<mailto:freebsd-ipfw-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-ipfw>
List-Post: <mailto:freebsd-ipfw@freebsd.org>
List-Help: <mailto:freebsd-ipfw-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-ipfw>,
<mailto:freebsd-ipfw-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Tue, 14 Jun 2011 04:40:09 -0000
The following reply was made to PR kern/156410; it has been noted by GNATS.
From: dfilter@FreeBSD.ORG (dfilter service)
To: bug-followup@FreeBSD.org
Cc:
Subject: Re: kern/156410: commit references a PR
Date: Tue, 14 Jun 2011 04:37:23 +0000 (UTC)
Author: ae
Date: Tue Jun 14 04:37:09 2011
New Revision: 223070
URL: http://svn.freebsd.org/changeset/base/223070
Log:
MFC r222473:
Add tablearg support for ipfw setfib.
PR: kern/156410
MFC r222474:
Wrap long line.
Modified:
stable/8/sbin/ipfw/ipfw.8
stable/8/sbin/ipfw/ipfw2.c
stable/8/sys/netinet/ipfw/ip_fw2.c
stable/8/sys/netinet/ipfw/ip_fw_sockopt.c
Directory Properties:
stable/8/sbin/ipfw/ (props changed)
stable/8/sys/ (props changed)
stable/8/sys/amd64/include/xen/ (props changed)
stable/8/sys/cddl/contrib/opensolaris/ (props changed)
stable/8/sys/contrib/dev/acpica/ (props changed)
stable/8/sys/contrib/pf/ (props changed)
Modified: stable/8/sbin/ipfw/ipfw.8
==============================================================================
--- stable/8/sbin/ipfw/ipfw.8 Tue Jun 14 04:34:20 2011 (r223069)
+++ stable/8/sbin/ipfw/ipfw.8 Tue Jun 14 04:37:09 2011 (r223070)
@@ -1,7 +1,7 @@
.\"
.\" $FreeBSD$
.\"
-.Dd July 27, 2010
+.Dd May 30, 2011
.Dt IPFW 8
.Os
.Sh NAME
@@ -867,13 +867,16 @@ for more information on
and
.Cm ngtee
actions.
-.It Cm setfib Ar fibnum
+.It Cm setfib Ar fibnum | tablearg
The packet is tagged so as to use the FIB (routing table)
.Ar fibnum
in any subsequent forwarding decisions.
Initially this is limited to the values 0 through 15, see
.Xr setfib 1 .
Processing continues at the next rule.
+It is possible to use the
+.Cm tablearg
+keyword with a setfib. If tablearg value is not within compiled FIB range packet fib is set to 0.
.It Cm reass
Queue and reassemble ip fragments.
If the packet is not fragmented, counters are updated and processing continues with the next rule.
@@ -1697,7 +1700,7 @@ is used.
The
.Cm tablearg
argument can be used with the following actions:
-.Cm nat, pipe , queue, divert, tee, netgraph, ngtee, fwd, skipto
+.Cm nat, pipe , queue, divert, tee, netgraph, ngtee, fwd, skipto, setfib,
action parameters:
.Cm tag, untag,
rule options:
Modified: stable/8/sbin/ipfw/ipfw2.c
==============================================================================
--- stable/8/sbin/ipfw/ipfw2.c Tue Jun 14 04:34:20 2011 (r223069)
+++ stable/8/sbin/ipfw/ipfw2.c Tue Jun 14 04:37:09 2011 (r223070)
@@ -2826,14 +2826,19 @@ chkarg:
size_t intsize = sizeof(int);
action->opcode = O_SETFIB;
- NEED1("missing fib number");
- action->arg1 = strtoul(*av, NULL, 10);
- if (sysctlbyname("net.fibs", &numfibs, &intsize, NULL, 0) == -1)
- errx(EX_DATAERR, "fibs not suported.\n");
- if (action->arg1 >= numfibs) /* Temporary */
- errx(EX_DATAERR, "fib too large.\n");
- av++;
- break;
+ NEED1("missing fib number");
+ if (_substrcmp(*av, "tablearg") == 0) {
+ action->arg1 = IP_FW_TABLEARG;
+ } else {
+ action->arg1 = strtoul(*av, NULL, 10);
+ if (sysctlbyname("net.fibs", &numfibs, &intsize,
+ NULL, 0) == -1)
+ errx(EX_DATAERR, "fibs not suported.\n");
+ if (action->arg1 >= numfibs) /* Temporary */
+ errx(EX_DATAERR, "fib too large.\n");
+ }
+ av++;
+ break;
}
case TOK_REASS:
Modified: stable/8/sys/netinet/ipfw/ip_fw2.c
==============================================================================
--- stable/8/sys/netinet/ipfw/ip_fw2.c Tue Jun 14 04:34:20 2011 (r223069)
+++ stable/8/sys/netinet/ipfw/ip_fw2.c Tue Jun 14 04:37:09 2011 (r223070)
@@ -2101,14 +2101,21 @@ do { \
done = 1; /* exit outer loop */
break;
- case O_SETFIB:
+ case O_SETFIB: {
+ uint32_t fib;
+
f->pcnt++; /* update stats */
f->bcnt += pktlen;
f->timestamp = time_uptime;
- M_SETFIB(m, cmd->arg1);
- args->f_id.fib = cmd->arg1;
+ fib = (cmd->arg1 == IP_FW_TABLEARG) ? tablearg:
+ cmd->arg1;
+ if (fib >= rt_numfibs)
+ fib = 0;
+ M_SETFIB(m, fib);
+ args->f_id.fib = fib;
l = 0; /* exit inner loop */
break;
+ }
case O_NAT:
if (!IPFW_NAT_LOADED) {
Modified: stable/8/sys/netinet/ipfw/ip_fw_sockopt.c
==============================================================================
--- stable/8/sys/netinet/ipfw/ip_fw_sockopt.c Tue Jun 14 04:34:20 2011 (r223069)
+++ stable/8/sys/netinet/ipfw/ip_fw_sockopt.c Tue Jun 14 04:37:09 2011 (r223070)
@@ -605,7 +605,8 @@ check_ipfw_struct(struct ip_fw *rule, in
case O_SETFIB:
if (cmdlen != F_INSN_SIZE(ipfw_insn))
goto bad_size;
- if (cmd->arg1 >= rt_numfibs) {
+ if ((cmd->arg1 != IP_FW_TABLEARG) &&
+ (cmd->arg1 >= rt_numfibs)) {
printf("ipfw: invalid fib number %d\n",
cmd->arg1);
return EINVAL;
_______________________________________________
svn-src-all@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/svn-src-all
To unsubscribe, send any mail to "svn-src-all-unsubscribe@freebsd.org"
From owner-freebsd-ipfw@FreeBSD.ORG Tue Jun 14 06:37:21 2011
Return-Path: <owner-freebsd-ipfw@FreeBSD.ORG>
Delivered-To: freebsd-ipfw@hub.freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34])
by hub.freebsd.org (Postfix) with ESMTP id 4066F1065675;
Tue, 14 Jun 2011 06:37:21 +0000 (UTC) (envelope-from ae@FreeBSD.org)
Received: from freefall.freebsd.org (freefall.freebsd.org
[IPv6:2001:4f8:fff6::28])
by mx1.freebsd.org (Postfix) with ESMTP id 18BA38FC08;
Tue, 14 Jun 2011 06:37:21 +0000 (UTC)
Received: from freefall.freebsd.org (localhost [127.0.0.1])
by freefall.freebsd.org (8.14.4/8.14.4) with ESMTP id p5E6bKjr086108;
Tue, 14 Jun 2011 06:37:20 GMT (envelope-from ae@freefall.freebsd.org)
Received: (from ae@localhost)
by freefall.freebsd.org (8.14.4/8.14.4/Submit) id p5E6bKGh086104;
Tue, 14 Jun 2011 06:37:20 GMT (envelope-from ae)
Date: Tue, 14 Jun 2011 06:37:20 GMT
Message-Id: <201106140637.p5E6bKGh086104@freefall.freebsd.org>
To: ae@FreeBSD.org, freebsd-bugs@FreeBSD.org, freebsd-ipfw@FreeBSD.org
From: ae@FreeBSD.org
Cc:
Subject: Re: kern/157867: [patch][ipfw] natd globalport support for ipfw nat
X-BeenThere: freebsd-ipfw@freebsd.org
X-Mailman-Version: 2.1.5
Precedence: list
List-Id: IPFW Technical Discussions <freebsd-ipfw.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-ipfw>,
<mailto:freebsd-ipfw-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-ipfw>
List-Post: <mailto:freebsd-ipfw@freebsd.org>
List-Help: <mailto:freebsd-ipfw-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-ipfw>,
<mailto:freebsd-ipfw-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Tue, 14 Jun 2011 06:37:21 -0000
Synopsis: [patch][ipfw] natd globalport support for ipfw nat
Responsible-Changed-From-To: freebsd-bugs->freebsd-ipfw
Responsible-Changed-By: ae
Responsible-Changed-When: Tue Jun 14 06:36:57 UTC 2011
Responsible-Changed-Why:
Over to maintainer(s).
http://www.freebsd.org/cgi/query-pr.cgi?pr=157867
From owner-freebsd-ipfw@FreeBSD.ORG Tue Jun 14 06:57:20 2011
Return-Path: <owner-freebsd-ipfw@FreeBSD.ORG>
Delivered-To: freebsd-ipfw@hub.freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34])
by hub.freebsd.org (Postfix) with ESMTP id 79B90106566C;
Tue, 14 Jun 2011 06:57:20 +0000 (UTC) (envelope-from ae@FreeBSD.org)
Received: from freefall.freebsd.org (freefall.freebsd.org
[IPv6:2001:4f8:fff6::28])
by mx1.freebsd.org (Postfix) with ESMTP id 528BB8FC15;
Tue, 14 Jun 2011 06:57:20 +0000 (UTC)
Received: from freefall.freebsd.org (localhost [127.0.0.1])
by freefall.freebsd.org (8.14.4/8.14.4) with ESMTP id p5E6vKZh006883;
Tue, 14 Jun 2011 06:57:20 GMT (envelope-from ae@freefall.freebsd.org)
Received: (from ae@localhost)
by freefall.freebsd.org (8.14.4/8.14.4/Submit) id p5E6vKkW006879;
Tue, 14 Jun 2011 06:57:20 GMT (envelope-from ae)
Date: Tue, 14 Jun 2011 06:57:20 GMT
Message-Id: <201106140657.p5E6vKkW006879@freefall.freebsd.org>
To: ae@FreeBSD.org, freebsd-net@FreeBSD.org, freebsd-ipfw@FreeBSD.org
From: ae@FreeBSD.org
Cc:
Subject: Re: kern/152360: [dummynet] [panic] Crash related to dummynet.
X-BeenThere: freebsd-ipfw@freebsd.org
X-Mailman-Version: 2.1.5
Precedence: list
List-Id: IPFW Technical Discussions <freebsd-ipfw.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-ipfw>,
<mailto:freebsd-ipfw-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-ipfw>
List-Post: <mailto:freebsd-ipfw@freebsd.org>
List-Help: <mailto:freebsd-ipfw-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-ipfw>,
<mailto:freebsd-ipfw-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Tue, 14 Jun 2011 06:57:20 -0000
Synopsis: [dummynet] [panic] Crash related to dummynet.
Responsible-Changed-From-To: freebsd-net->freebsd-ipfw
Responsible-Changed-By: ae
Responsible-Changed-When: Tue Jun 14 06:56:18 UTC 2011
Responsible-Changed-Why:
Reassign. It's ipfw related.
http://www.freebsd.org/cgi/query-pr.cgi?pr=152360
From owner-freebsd-ipfw@FreeBSD.ORG Tue Jun 14 13:40:15 2011
Return-Path: <owner-freebsd-ipfw@FreeBSD.ORG>
Delivered-To: freebsd-ipfw@hub.freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34])
by hub.freebsd.org (Postfix) with ESMTP id 708AB106568E
for <freebsd-ipfw@hub.freebsd.org>;
Tue, 14 Jun 2011 13:40:15 +0000 (UTC)
(envelope-from gnats@FreeBSD.org)
Received: from freefall.freebsd.org (freefall.freebsd.org
[IPv6:2001:4f8:fff6::28])
by mx1.freebsd.org (Postfix) with ESMTP id 6B98F8FC17
for <freebsd-ipfw@hub.freebsd.org>;
Tue, 14 Jun 2011 13:40:12 +0000 (UTC)
Received: from freefall.freebsd.org (localhost [127.0.0.1])
by freefall.freebsd.org (8.14.4/8.14.4) with ESMTP id p5EDeCBI009244
for <freebsd-ipfw@freefall.freebsd.org>; Tue, 14 Jun 2011 13:40:12 GMT
(envelope-from gnats@freefall.freebsd.org)
Received: (from gnats@localhost)
by freefall.freebsd.org (8.14.4/8.14.4/Submit) id p5EDeCnO009243;
Tue, 14 Jun 2011 13:40:12 GMT (envelope-from gnats)
Date: Tue, 14 Jun 2011 13:40:12 GMT
Message-Id: <201106141340.p5EDeCnO009243@freefall.freebsd.org>
To: freebsd-ipfw@FreeBSD.org
From: dfilter@FreeBSD.ORG (dfilter service)
Cc:
Subject: Re: kern/157867: commit references a PR
X-BeenThere: freebsd-ipfw@freebsd.org
X-Mailman-Version: 2.1.5
Precedence: list
Reply-To: dfilter service <dfilter@FreeBSD.ORG>
List-Id: IPFW Technical Discussions <freebsd-ipfw.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-ipfw>,
<mailto:freebsd-ipfw-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-ipfw>
List-Post: <mailto:freebsd-ipfw@freebsd.org>
List-Help: <mailto:freebsd-ipfw-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-ipfw>,
<mailto:freebsd-ipfw-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Tue, 14 Jun 2011 13:40:15 -0000
The following reply was made to PR kern/157867; it has been noted by GNATS.
From: dfilter@FreeBSD.ORG (dfilter service)
To: bug-followup@FreeBSD.org
Cc:
Subject: Re: kern/157867: commit references a PR
Date: Tue, 14 Jun 2011 13:35:34 +0000 (UTC)
Author: ae
Date: Tue Jun 14 13:35:24 2011
New Revision: 223080
URL: http://svn.freebsd.org/changeset/base/223080
Log:
Implement "global" mode for ipfw nat. It is similar to natd(8)
"globalport" option for multiple NAT instances.
If ipfw rule contains "global" keyword instead of nat_number, then
for each outgoing packet ipfw_nat looks up translation state in all
configured nat instances. If an entry is found, packet aliased
according to that entry, otherwise packet is passed unchanged.
User can specify "skip_global" option in NAT configuration to exclude
an instance from the lookup in global mode.
PR: kern/157867
Submitted by: Alexander V. Chernikov (previous version)
Tested by: Eugene Grosbein
Modified:
head/sbin/ipfw/ipfw.8
head/sbin/ipfw/ipfw2.c
head/sbin/ipfw/ipfw2.h
head/sbin/ipfw/nat.c
head/sys/netinet/ipfw/ip_fw2.c
head/sys/netinet/ipfw/ip_fw_nat.c
head/sys/netinet/libalias/alias.h
Modified: head/sbin/ipfw/ipfw.8
==============================================================================
--- head/sbin/ipfw/ipfw.8 Tue Jun 14 13:02:26 2011 (r223079)
+++ head/sbin/ipfw/ipfw.8 Tue Jun 14 13:35:24 2011 (r223080)
@@ -1,7 +1,7 @@
.\"
.\" $FreeBSD$
.\"
-.Dd May 30, 2011
+.Dd June 14, 2011
.Dt IPFW 8
.Os
.Sh NAME
@@ -2435,6 +2435,27 @@ Reset table of the packet aliasing engin
Reverse the way libalias handles aliasing.
.It Cm proxy_only
Obey transparent proxy rules only, packet aliasing is not performed.
+.It Cm skip_global
+Skip instance in case of global state lookup (see below).
+.El
+.Pp
+Some specials value can be supplied instead of
+.Va nat_number:
+.Bl -tag -width indent
+.It Cm global
+Looks up translation state in all configured nat instances.
+If an entry is found, packet is aliased according to that entry.
+If no entry was found in any of the instances, packet is passed unchanged,
+and no new entry will be created.
+See section
+.Sx MULTIPLE INSTANCES
+in
+.Xr natd 8
+for more information.
+.It Cm tablearg
+Uses argument supplied in lookup table. See
+.Sx LOOKUP TABLES
+section below for more information on lookup tables.
.El
.Pp
To let the packet continue after being (de)aliased, set the sysctl variable
Modified: head/sbin/ipfw/ipfw2.c
==============================================================================
--- head/sbin/ipfw/ipfw2.c Tue Jun 14 13:02:26 2011 (r223079)
+++ head/sbin/ipfw/ipfw2.c Tue Jun 14 13:35:24 2011 (r223080)
@@ -1121,8 +1121,11 @@ show_ipfw(struct ip_fw *rule, int pcwidt
break;
case O_NAT:
- PRINT_UINT_ARG("nat ", cmd->arg1);
- break;
+ if (cmd->arg1 != 0)
+ PRINT_UINT_ARG("nat ", cmd->arg1);
+ else
+ printf("nat global");
+ break;
case O_SETFIB:
PRINT_UINT_ARG("setfib ", cmd->arg1);
@@ -2738,9 +2741,14 @@ ipfw_add(char *av[])
break;
case TOK_NAT:
- action->opcode = O_NAT;
- action->len = F_INSN_SIZE(ipfw_insn_nat);
- goto chkarg;
+ action->opcode = O_NAT;
+ action->len = F_INSN_SIZE(ipfw_insn_nat);
+ if (_substrcmp(*av, "global") == 0) {
+ action->arg1 = 0;
+ av++;
+ break;
+ } else
+ goto chkarg;
case TOK_QUEUE:
action->opcode = O_QUEUE;
Modified: head/sbin/ipfw/ipfw2.h
==============================================================================
--- head/sbin/ipfw/ipfw2.h Tue Jun 14 13:02:26 2011 (r223079)
+++ head/sbin/ipfw/ipfw2.h Tue Jun 14 13:35:24 2011 (r223080)
@@ -178,6 +178,7 @@ enum tokens {
TOK_DENY_INC,
TOK_SAME_PORTS,
TOK_UNREG_ONLY,
+ TOK_SKIP_GLOBAL,
TOK_RESET_ADDR,
TOK_ALIAS_REV,
TOK_PROXY_ONLY,
Modified: head/sbin/ipfw/nat.c
==============================================================================
--- head/sbin/ipfw/nat.c Tue Jun 14 13:02:26 2011 (r223079)
+++ head/sbin/ipfw/nat.c Tue Jun 14 13:35:24 2011 (r223080)
@@ -53,6 +53,7 @@ static struct _s_x nat_params[] = {
{ "deny_in", TOK_DENY_INC },
{ "same_ports", TOK_SAME_PORTS },
{ "unreg_only", TOK_UNREG_ONLY },
+ { "skip_global", TOK_SKIP_GLOBAL },
{ "reset", TOK_RESET_ADDR },
{ "reverse", TOK_ALIAS_REV },
{ "proxy_only", TOK_PROXY_ONLY },
@@ -628,6 +629,9 @@ print_nat_config(unsigned char *buf)
} else if (n->mode & PKT_ALIAS_SAME_PORTS) {
printf(" same_ports");
n->mode &= ~PKT_ALIAS_SAME_PORTS;
+ } else if (n->mode & PKT_ALIAS_SKIP_GLOBAL) {
+ printf(" skip_global");
+ n->mode &= ~PKT_ALIAS_SKIP_GLOBAL;
} else if (n->mode & PKT_ALIAS_UNREGISTERED_ONLY) {
printf(" unreg_only");
n->mode &= ~PKT_ALIAS_UNREGISTERED_ONLY;
@@ -746,10 +750,11 @@ ipfw_config_nat(int ac, char **av)
case TOK_IP:
case TOK_IF:
ac1--; av1++;
- break;
+ break;
case TOK_ALOG:
case TOK_DENY_INC:
case TOK_SAME_PORTS:
+ case TOK_SKIP_GLOBAL:
case TOK_UNREG_ONLY:
case TOK_RESET_ADDR:
case TOK_ALIAS_REV:
@@ -821,6 +826,9 @@ ipfw_config_nat(int ac, char **av)
case TOK_UNREG_ONLY:
n->mode |= PKT_ALIAS_UNREGISTERED_ONLY;
break;
+ case TOK_SKIP_GLOBAL:
+ n->mode |= PKT_ALIAS_SKIP_GLOBAL;
+ break;
case TOK_RESET_ADDR:
n->mode |= PKT_ALIAS_RESET_ON_ADDR_CHANGE;
break;
Modified: head/sys/netinet/ipfw/ip_fw2.c
==============================================================================
--- head/sys/netinet/ipfw/ip_fw2.c Tue Jun 14 13:02:26 2011 (r223079)
+++ head/sys/netinet/ipfw/ip_fw2.c Tue Jun 14 13:35:24 2011 (r223080)
@@ -2194,6 +2194,13 @@ do { \
int nat_id;
set_match(args, f_pos, chain);
+ /* Check if this is 'global' nat rule */
+ if (cmd->arg1 == 0) {
+ retval = ipfw_nat_ptr(args, NULL, m);
+ l = 0;
+ done = 1;
+ break;
+ }
t = ((ipfw_insn_nat *)cmd)->nat;
if (t == NULL) {
nat_id = (cmd->arg1 == IP_FW_TABLEARG) ?
Modified: head/sys/netinet/ipfw/ip_fw_nat.c
==============================================================================
--- head/sys/netinet/ipfw/ip_fw_nat.c Tue Jun 14 13:02:26 2011 (r223079)
+++ head/sys/netinet/ipfw/ip_fw_nat.c Tue Jun 14 13:35:24 2011 (r223080)
@@ -207,7 +207,8 @@ ipfw_nat(struct ip_fw_args *args, struct
struct mbuf *mcl;
struct ip *ip;
/* XXX - libalias duct tape */
- int ldt, retval;
+ int ldt, retval, found;
+ struct ip_fw_chain *chain;
char *c;
ldt = 0;
@@ -256,12 +257,44 @@ ipfw_nat(struct ip_fw_args *args, struct
ldt = 1;
c = mtod(mcl, char *);
- if (args->oif == NULL)
- retval = LibAliasIn(t->lib, c,
- mcl->m_len + M_TRAILINGSPACE(mcl));
- else
- retval = LibAliasOut(t->lib, c,
- mcl->m_len + M_TRAILINGSPACE(mcl));
+
+ /* Check if this is 'global' instance */
+ if (t == NULL) {
+ if (args->oif == NULL) {
+ /* Wrong direction, skip processing */
+ args->m = mcl;
+ return (IP_FW_NAT);
+ }
+
+ found = 0;
+ chain = &V_layer3_chain;
+ IPFW_RLOCK(chain);
+ /* Check every nat entry... */
+ LIST_FOREACH(t, &chain->nat, _next) {
+ if ((t->mode & PKT_ALIAS_SKIP_GLOBAL) != 0)
+ continue;
+ retval = LibAliasOutTry(t->lib, c,
+ mcl->m_len + M_TRAILINGSPACE(mcl), 0);
+ if (retval == PKT_ALIAS_OK) {
+ /* Nat instance recognises state */
+ found = 1;
+ break;
+ }
+ }
+ IPFW_RUNLOCK(chain);
+ if (found != 1) {
+ /* No instance found, return ignore */
+ args->m = mcl;
+ return (IP_FW_NAT);
+ }
+ } else {
+ if (args->oif == NULL)
+ retval = LibAliasIn(t->lib, c,
+ mcl->m_len + M_TRAILINGSPACE(mcl));
+ else
+ retval = LibAliasOut(t->lib, c,
+ mcl->m_len + M_TRAILINGSPACE(mcl));
+ }
/*
* We drop packet when:
@@ -274,7 +307,7 @@ ipfw_nat(struct ip_fw_args *args, struct
if (retval == PKT_ALIAS_ERROR ||
(args->oif == NULL && (retval == PKT_ALIAS_UNRESOLVED_FRAGMENT ||
(retval == PKT_ALIAS_IGNORED &&
- (t->lib->packetAliasMode & PKT_ALIAS_DENY_INCOMING) != 0)))) {
+ (t->mode & PKT_ALIAS_DENY_INCOMING) != 0)))) {
/* XXX - should i add some logging? */
m_free(mcl);
args->m = NULL;
Modified: head/sys/netinet/libalias/alias.h
==============================================================================
--- head/sys/netinet/libalias/alias.h Tue Jun 14 13:02:26 2011 (r223079)
+++ head/sys/netinet/libalias/alias.h Tue Jun 14 13:35:24 2011 (r223080)
@@ -220,6 +220,12 @@ struct mbuf *m_megapullup(struct mbuf
#define PKT_ALIAS_PUNCH_FW 0x100
#endif
+/*
+ * If PKT_ALIAS_SKIP_GLOBAL is set, nat instance is not checked for matching
+ * states in 'ipfw nat global' rule.
+ */
+#define PKT_ALIAS_SKIP_GLOBAL 0x200
+
/* Function return codes. */
#define PKT_ALIAS_ERROR -1
#define PKT_ALIAS_OK 1
_______________________________________________
svn-src-all@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/svn-src-all
To unsubscribe, send any mail to "svn-src-all-unsubscribe@freebsd.org"
From owner-freebsd-ipfw@FreeBSD.ORG Tue Jun 14 14:40:13 2011
Return-Path: <owner-freebsd-ipfw@FreeBSD.ORG>
Delivered-To: freebsd-ipfw@hub.freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34])
by hub.freebsd.org (Postfix) with ESMTP id 483D81065672
for <freebsd-ipfw@hub.freebsd.org>;
Tue, 14 Jun 2011 14:40:13 +0000 (UTC)
(envelope-from gnats@FreeBSD.org)
Received: from freefall.freebsd.org (freefall.freebsd.org
[IPv6:2001:4f8:fff6::28])
by mx1.freebsd.org (Postfix) with ESMTP id 1F61E8FC12
for <freebsd-ipfw@hub.freebsd.org>;
Tue, 14 Jun 2011 14:40:13 +0000 (UTC)
Received: from freefall.freebsd.org (localhost [127.0.0.1])
by freefall.freebsd.org (8.14.4/8.14.4) with ESMTP id p5EEeC7t064003
for <freebsd-ipfw@freefall.freebsd.org>; Tue, 14 Jun 2011 14:40:12 GMT
(envelope-from gnats@freefall.freebsd.org)
Received: (from gnats@localhost)
by freefall.freebsd.org (8.14.4/8.14.4/Submit) id p5EEeCi7064002;
Tue, 14 Jun 2011 14:40:12 GMT (envelope-from gnats)
Date: Tue, 14 Jun 2011 14:40:12 GMT
Message-Id: <201106141440.p5EEeCi7064002@freefall.freebsd.org>
To: freebsd-ipfw@FreeBSD.org
From: Pawel Tyll <ptyll@nitronet.pl>
Cc:
Subject: Re: kern/152360: [dummynet] [panic] Crash related to dummynet.
X-BeenThere: freebsd-ipfw@freebsd.org
X-Mailman-Version: 2.1.5
Precedence: list
Reply-To: Pawel Tyll <ptyll@nitronet.pl>
List-Id: IPFW Technical Discussions <freebsd-ipfw.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-ipfw>,
<mailto:freebsd-ipfw-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-ipfw>
List-Post: <mailto:freebsd-ipfw@freebsd.org>
List-Help: <mailto:freebsd-ipfw-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-ipfw>,
<mailto:freebsd-ipfw-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Tue, 14 Jun 2011 14:40:13 -0000
The following reply was made to PR kern/152360; it has been noted by GNATS.
From: Pawel Tyll <ptyll@nitronet.pl>
To: bug-followup@FreeBSD.org, ptyll@nitronet.pl
Cc:
Subject: Re: kern/152360: [dummynet] [panic] Crash related to dummynet.
Date: Tue, 14 Jun 2011 16:10:52 +0200
Hi,
It has been fixed already. Thanks.
Kind regards.
From owner-freebsd-ipfw@FreeBSD.ORG Tue Jun 14 14:54:44 2011
Return-Path: <owner-freebsd-ipfw@FreeBSD.ORG>
Delivered-To: freebsd-ipfw@hub.freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34])
by hub.freebsd.org (Postfix) with ESMTP id D34AF1065674;
Tue, 14 Jun 2011 14:54:44 +0000 (UTC) (envelope-from ae@FreeBSD.org)
Received: from freefall.freebsd.org (freefall.freebsd.org
[IPv6:2001:4f8:fff6::28])
by mx1.freebsd.org (Postfix) with ESMTP id ABD408FC0C;
Tue, 14 Jun 2011 14:54:44 +0000 (UTC)
Received: from freefall.freebsd.org (localhost [127.0.0.1])
by freefall.freebsd.org (8.14.4/8.14.4) with ESMTP id p5EEsiOL080957;
Tue, 14 Jun 2011 14:54:44 GMT (envelope-from ae@freefall.freebsd.org)
Received: (from ae@localhost)
by freefall.freebsd.org (8.14.4/8.14.4/Submit) id p5EEsiZM080953;
Tue, 14 Jun 2011 14:54:44 GMT (envelope-from ae)
Date: Tue, 14 Jun 2011 14:54:44 GMT
Message-Id: <201106141454.p5EEsiZM080953@freefall.freebsd.org>
To: ptyll@nitronet.pl, ae@FreeBSD.org, freebsd-ipfw@FreeBSD.org
From: ae@FreeBSD.org
Cc:
Subject: Re: kern/152360: [dummynet] [panic] Crash related to dummynet.
X-BeenThere: freebsd-ipfw@freebsd.org
X-Mailman-Version: 2.1.5
Precedence: list
List-Id: IPFW Technical Discussions <freebsd-ipfw.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-ipfw>,
<mailto:freebsd-ipfw-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-ipfw>
List-Post: <mailto:freebsd-ipfw@freebsd.org>
List-Help: <mailto:freebsd-ipfw-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-ipfw>,
<mailto:freebsd-ipfw-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Tue, 14 Jun 2011 14:54:44 -0000
Synopsis: [dummynet] [panic] Crash related to dummynet.
State-Changed-From-To: open->closed
State-Changed-By: ae
State-Changed-When: Tue Jun 14 14:52:41 UTC 2011
State-Changed-Why:
Submitter has confirmed that the problem is already fixed.
http://www.freebsd.org/cgi/query-pr.cgi?pr=152360
From owner-freebsd-ipfw@FreeBSD.ORG Tue Jun 14 14:55:36 2011
Return-Path: <owner-freebsd-ipfw@FreeBSD.ORG>
Delivered-To: freebsd-ipfw@hub.freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34])
by hub.freebsd.org (Postfix) with ESMTP id 530FD1065677;
Tue, 14 Jun 2011 14:55:36 +0000 (UTC) (envelope-from ae@FreeBSD.org)
Received: from freefall.freebsd.org (freefall.freebsd.org
[IPv6:2001:4f8:fff6::28])
by mx1.freebsd.org (Postfix) with ESMTP id 2BE668FC16;
Tue, 14 Jun 2011 14:55:36 +0000 (UTC)
Received: from freefall.freebsd.org (localhost [127.0.0.1])
by freefall.freebsd.org (8.14.4/8.14.4) with ESMTP id p5EEtaSs081031;
Tue, 14 Jun 2011 14:55:36 GMT (envelope-from ae@freefall.freebsd.org)
Received: (from ae@localhost)
by freefall.freebsd.org (8.14.4/8.14.4/Submit) id p5EEtZrg081027;
Tue, 14 Jun 2011 14:55:35 GMT (envelope-from ae)
Date: Tue, 14 Jun 2011 14:55:35 GMT
Message-Id: <201106141455.p5EEtZrg081027@freefall.freebsd.org>
To: melifaro@ipfw.ru, ae@FreeBSD.org, freebsd-ipfw@FreeBSD.org
From: ae@FreeBSD.org
Cc:
Subject: Re: kern/157867: [patch][ipfw] natd globalport support for ipfw nat
X-BeenThere: freebsd-ipfw@freebsd.org
X-Mailman-Version: 2.1.5
Precedence: list
List-Id: IPFW Technical Discussions <freebsd-ipfw.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-ipfw>,
<mailto:freebsd-ipfw-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-ipfw>
List-Post: <mailto:freebsd-ipfw@freebsd.org>
List-Help: <mailto:freebsd-ipfw-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-ipfw>,
<mailto:freebsd-ipfw-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Tue, 14 Jun 2011 14:55:36 -0000
Synopsis: [patch][ipfw] natd globalport support for ipfw nat
State-Changed-From-To: open->patched
State-Changed-By: ae
State-Changed-When: Tue Jun 14 14:55:08 UTC 2011
State-Changed-Why:
Patched in head/. Thanks!
http://www.freebsd.org/cgi/query-pr.cgi?pr=157867
From owner-freebsd-ipfw@FreeBSD.ORG Tue Jun 14 15:40:10 2011
Return-Path: <owner-freebsd-ipfw@FreeBSD.ORG>
Delivered-To: freebsd-ipfw@hub.freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34])
by hub.freebsd.org (Postfix) with ESMTP id 43EC1106566B
for <freebsd-ipfw@hub.freebsd.org>;
Tue, 14 Jun 2011 15:40:10 +0000 (UTC)
(envelope-from gnats@FreeBSD.org)
Received: from freefall.freebsd.org (freefall.freebsd.org
[IPv6:2001:4f8:fff6::28])
by mx1.freebsd.org (Postfix) with ESMTP id 3403D8FC12
for <freebsd-ipfw@hub.freebsd.org>;
Tue, 14 Jun 2011 15:40:10 +0000 (UTC)
Received: from freefall.freebsd.org (localhost [127.0.0.1])
by freefall.freebsd.org (8.14.4/8.14.4) with ESMTP id p5EFe9h0018743
for <freebsd-ipfw@freefall.freebsd.org>; Tue, 14 Jun 2011 15:40:09 GMT
(envelope-from gnats@freefall.freebsd.org)
Received: (from gnats@localhost)
by freefall.freebsd.org (8.14.4/8.14.4/Submit) id p5EFe9ok018742;
Tue, 14 Jun 2011 15:40:09 GMT (envelope-from gnats)
Date: Tue, 14 Jun 2011 15:40:09 GMT
Message-Id: <201106141540.p5EFe9ok018742@freefall.freebsd.org>
To: freebsd-ipfw@FreeBSD.org
From: ten <dm@211.ru>
Cc:
Subject: Re: kern/122109: [ipfw] ipfw nat traceroute problem
X-BeenThere: freebsd-ipfw@freebsd.org
X-Mailman-Version: 2.1.5
Precedence: list
Reply-To: ten <dm@211.ru>
List-Id: IPFW Technical Discussions <freebsd-ipfw.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-ipfw>,
<mailto:freebsd-ipfw-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-ipfw>
List-Post: <mailto:freebsd-ipfw@freebsd.org>
List-Help: <mailto:freebsd-ipfw-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-ipfw>,
<mailto:freebsd-ipfw-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Tue, 14 Jun 2011 15:40:10 -0000
The following reply was made to PR kern/122109; it has been noted by GNATS.
From: ten <dm@211.ru>
To: "Andrey V. Elsukov" <bu7cher@yandex.ru>, bug-followup@FreeBSD.org
Cc:
Subject: Re: kern/122109: [ipfw] ipfw nat traceroute problem
Date: Tue, 14 Jun 2011 22:32:03 +0700
--000e0cd2bd02de68fe04a5adbcee
Content-Type: text/plain; charset=ISO-8859-1
Yes, works. Thanks.
On 06.06.2011 14:31, Andrey V. Elsukov wrote:
> On 06.06.2011 18:50, ten wrote:
> > Subject: Re: kern/122109: [ipfw] ipfw nat traceroute problem
> > Date: Mon, 6 Jun 2011 21:38:36 +0700
> >
> > --000e0cd22f68002b4704a50c0f97
> > Content-Type: text/plain; charset=ISO-8859-1
> >
> > It seems I have too old version, and patch not applicable to me
> >
> > 7.3-STABLE FreeBSD 7.3-STABLE #2 amd64
>
> I adapted the patch for stable/7:
> http://people.freebsd.org/~ae/ipfw_nat7.diff
>
> --
> WBR, Andrey V. Elsukov
>
>
--000e0cd2bd02de68fe04a5adbcee
Content-Type: text/html; charset=ISO-8859-1
Content-Transfer-Encoding: quoted-printable
Yes, works. Thanks.<br><br><div class=3D"gmail_quote">On 06.06.2011 14:31, =
Andrey V. Elsukov wrote:<br><blockquote class=3D"gmail_quote" style=3D"marg=
in:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex;">On 06.06.2011 1=
8:50, ten wrote:<br>
> Subject: Re: kern/122109: [ipfw] ipfw nat traceroute problem<br>
> Date: Mon, 6 Jun 2011 21:38:36 +0700<br>
><br>
> =A0--000e0cd22f68002b4704a50c0f97<br>
> =A0Content-Type: text/plain; charset=3DISO-8859-1<br>
<div class=3D"im">><br>
> =A0It seems I have too old version, and patch not applicable to me<br>
><br>
> =A07.3-STABLE FreeBSD 7.3-STABLE #2 amd64<br>
<br>
</div>I adapted the patch for stable/7:<br>
<a href=3D"http://people.freebsd.org/%7Eae/ipfw_nat7.diff" target=3D"_blank=
">http://people.freebsd.org/~ae/ipfw_nat7.diff</a><br>
<font color=3D"#888888"><br>
--<br>
WBR, Andrey V. Elsukov<br>
<br>
</font></blockquote></div><br>
--000e0cd2bd02de68fe04a5adbcee--
From owner-freebsd-ipfw@FreeBSD.ORG Wed Jun 15 12:31:57 2011
Return-Path: <owner-freebsd-ipfw@FreeBSD.ORG>
Delivered-To: freebsd-ipfw@freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34])
by hub.freebsd.org (Postfix) with ESMTP id 20CD6106566B
for <freebsd-ipfw@freebsd.org>; Wed, 15 Jun 2011 12:31:57 +0000 (UTC)
(envelope-from matt@chronos.org.uk)
Received: from chronos.org.uk (chronos-pt.tunnel.tserv5.lon1.ipv6.he.net
[IPv6:2001:470:1f08:12b::2])
by mx1.freebsd.org (Postfix) with ESMTP id 6EEF98FC19
for <freebsd-ipfw@freebsd.org>; Wed, 15 Jun 2011 12:31:56 +0000 (UTC)
Received: from workstation1.localnet (workstation1.local.chronos.org.uk
[IPv6:2001:470:1f09:12b::20]) (authenticated bits=0)
by chronos.org.uk (8.14.4/8.14.4) with ESMTP id p5FCVrCx007213
(version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=NO)
for <freebsd-ipfw@freebsd.org>; Wed, 15 Jun 2011 13:31:53 +0100 (BST)
(envelope-from matt@chronos.org.uk)
X-DKIM: Sendmail DKIM Filter v2.8.3 chronos.org.uk p5FCVrCx007213
DKIM-Signature: v=1; a=rsa-sha256; c=simple/simple; d=chronos.org.uk;
s=mail; t=1308141113;
bh=lpMJydjMxkj/D7wL6Kx7lwCgK7XN6Ze+XpYKccznZU0=;
h=From:To:Subject:Date:References:In-Reply-To:MIME-Version:
Content-Type:Content-Transfer-Encoding:Message-Id;
b=D5J6UGjnMLoJnXA1cA7jz25ZPPTzy3HPFF+KV5NDqs3TBF8M3Y8pmx4XTU4Hnni3I
/i5uEM4rvmUern06VHnSi956cavdRVcT60iAhXYswKL9Z+RzAq/wN7gbn3dYNNTuaf
bS5H2gcaMlC4iQqKS2BOiQyZ5fMb5v2a6e6pj8Ns=
From: Matt Dawson <matt@chronos.org.uk>
To: freebsd-ipfw@freebsd.org
Date: Wed, 15 Jun 2011 13:31:49 +0100
User-Agent: KMail/1.13.7 (FreeBSD/8.2-RELEASE; KDE/4.6.3; amd64; ; )
References: <20110615120028.8733C1065705@hub.freebsd.org>
In-Reply-To: <20110615120028.8733C1065705@hub.freebsd.org>
X-Face: Uq{{&_!oO{M&ydj<DA1zX|w-l1]w>?-f%{D]bN7/|/]a+utod35[+IyH#R>F~YPffK,=?utf-8?q?=25=60=7D=25=0A?=FTMbmzo,]0X3K:N&{h7],FI{?EkORzB;
f:V3"vKXsUNw5Yh`}ef4MZ*a4,=?utf-8?q?ObuJ=5F=26=5B1S=27zP=5CK0wcKZP=0A?==?utf-8?q?_=60=23L=25=5Dq*OUPQ-4T=3FHZ=7EAKX0=7D3W=25o=3DP?=<g-V5B.b\Y7
MIME-Version: 1.0
Content-Type: Text/Plain;
charset="iso-8859-15"
Content-Transfer-Encoding: 7bit
Message-Id: <201106151331.51191.matt@chronos.org.uk>
X-Greylist: Sender succeeded SMTP AUTH, not delayed by milter-greylist-4.2.7
(chronos.org.uk [IPv6:2001:470:1f09:12b::1]);
Wed, 15 Jun 2011 13:31:54 +0100 (BST)
X-Virus-Scanned: clamav-milter 0.97 at central.local.chronos.org.uk
X-Virus-Status: Clean
X-Spam-Status: No, score=-100.9 required=3.0 tests=BAYES_00,
DATE_IN_FUTURE_96_Q,DKIM_SIGNED,DKIM_VALID,DKIM_VALID_AU,SPF_PASS,
T_RP_MATCHES_RCVD,USER_IN_WHITELIST autolearn=no version=3.3.1
X-Spam-Checker-Version: SpamAssassin 3.3.1 (2010-03-16) on
central.local.chronos.org.uk
Subject: IPFW2 IPv6 tables
X-BeenThere: freebsd-ipfw@freebsd.org
X-Mailman-Version: 2.1.5
Precedence: list
List-Id: IPFW Technical Discussions <freebsd-ipfw.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-ipfw>,
<mailto:freebsd-ipfw-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-ipfw>
List-Post: <mailto:freebsd-ipfw@freebsd.org>
List-Help: <mailto:freebsd-ipfw-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-ipfw>,
<mailto:freebsd-ipfw-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Wed, 15 Jun 2011 12:31:57 -0000
Is there a patchset for 8.2R to add IPv6 table functionality to IPFW2?
I seem to recall one floating about for 7 (Luigi?) a while ago. I'm
currently using individual rules, but it's becoming cumbersome.
--
Matt Dawson
MTD15-RIPE
matt@chronos.org.uk
From owner-freebsd-ipfw@FreeBSD.ORG Wed Jun 15 16:24:15 2011
Return-Path: <owner-freebsd-ipfw@FreeBSD.ORG>
Delivered-To: freebsd-ipfw@freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34])
by hub.freebsd.org (Postfix) with ESMTP id BF5E9106564A
for <freebsd-ipfw@freebsd.org>; Wed, 15 Jun 2011 16:24:15 +0000 (UTC)
(envelope-from crest@informatik.uni-bremen.de)
Received: from informatik.uni-bremen.de (mailhost.informatik.uni-bremen.de
[134.102.201.18])
by mx1.freebsd.org (Postfix) with ESMTP id 4F9698FC13
for <freebsd-ipfw@freebsd.org>; Wed, 15 Jun 2011 16:24:13 +0000 (UTC)
Received: from smtp-fb3.informatik.uni-bremen.de
(smtp-fb3.informatik.uni-bremen.de [134.102.224.120])
by informatik.uni-bremen.de (8.14.3/8.14.3) with ESMTP id
p5EEitGq027621
for <freebsd-ipfw@freebsd.org>; Tue, 14 Jun 2011 16:44:55 +0200 (CEST)
Received: from eduroam-0977.wlan.uni-bremen.de
(eduroam-0977.wlan.uni-bremen.de [134.102.19.209])
(using TLSv1 with cipher AES128-SHA (128/128 bits))
(No client certificate requested)
by smtp-fb3.informatik.uni-bremen.de (Postfix) with ESMTPSA id 438B1581
for <freebsd-ipfw@freebsd.org>; Tue, 14 Jun 2011 16:44:55 +0200 (CEST)
Content-Type: text/plain; charset=us-ascii
Mime-Version: 1.0 (Apple Message framework v1084)
From: crest <crest@informatik.uni-bremen.de>
In-Reply-To: <CB5F654C-227D-43C0-8A13-F57C19A1861C@informatik.uni-bremen.de>
Date: Tue, 14 Jun 2011 16:44:54 +0200
Content-Transfer-Encoding: quoted-printable
Message-Id: <B4003759-75D3-4663-87E0-FD9374227D60@informatik.uni-bremen.de>
References: <201106041300.p54D0Oji030792@freefall.freebsd.org>
<CB5F654C-227D-43C0-8A13-F57C19A1861C@informatik.uni-bremen.de>
To: freebsd-ipfw@freebsd.org
X-Mailer: Apple Mail (2.1084)
Subject: Re: kern/157239: [ipfw] [dummynet] ipfw + dummynet corrupts ipv6
packets
X-BeenThere: freebsd-ipfw@freebsd.org
X-Mailman-Version: 2.1.5
Precedence: list
List-Id: IPFW Technical Discussions <freebsd-ipfw.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-ipfw>,
<mailto:freebsd-ipfw-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-ipfw>
List-Post: <mailto:freebsd-ipfw@freebsd.org>
List-Help: <mailto:freebsd-ipfw-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-ipfw>,
<mailto:freebsd-ipfw-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Wed, 15 Jun 2011 16:24:15 -0000
On 06.06.2011, at 19:30, crest wrote:
>=20
> On 04.06.2011, at 15:00, Manuel Kasper wrote:
>=20
>> The following reply was made to PR kern/157239; it has been noted by =
GNATS.
>>=20
>> Also, I believe I've found the cause: ipfw/dummynet code uses =3D
>> SET_HOST_IPLEN on IPv6 packets in two instances, thus inadvertently =3D=
>> swapping the next header and hop limit fields in the IPv6 header, =3D
>> causing the "Unknown Extension Header" warnings and dropped packets =
(or =3D
>> bad packets appearing on the wire if =3D
>> net.inet6.ip6.fw.deny_unknown_exthdrs=3D3D0).
>>=20
>> A patch against 8.2-RELEASE that fixes this issue for me is attached =
- =3D
>> Jan, could you please verify if this fixes the issue for you too?
>=20
> I tested the patch and it solved the problem for a simple test setup. =
I'll test it in a more complex setup this evening/ night (TZ=3DCEST).
I tried the patch on 3 Boxes (2 x amd64, 1 x i386). The patch solves the =
reported problem. I detected no regression.=
From owner-freebsd-ipfw@FreeBSD.ORG Thu Jun 16 18:39:40 2011
Return-Path: <owner-freebsd-ipfw@FreeBSD.ORG>
Delivered-To: freebsd-ipfw@hub.freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34])
by hub.freebsd.org (Postfix) with ESMTP id 273511065674;
Thu, 16 Jun 2011 18:39:40 +0000 (UTC) (envelope-from ae@FreeBSD.org)
Received: from freefall.freebsd.org (freefall.freebsd.org
[IPv6:2001:4f8:fff6::28])
by mx1.freebsd.org (Postfix) with ESMTP id F291E8FC12;
Thu, 16 Jun 2011 18:39:39 +0000 (UTC)
Received: from freefall.freebsd.org (localhost [127.0.0.1])
by freefall.freebsd.org (8.14.4/8.14.4) with ESMTP id p5GIdd9C001471;
Thu, 16 Jun 2011 18:39:39 GMT (envelope-from ae@freefall.freebsd.org)
Received: (from ae@localhost)
by freefall.freebsd.org (8.14.4/8.14.4/Submit) id p5GIdd9K001466;
Thu, 16 Jun 2011 18:39:39 GMT (envelope-from ae)
Date: Thu, 16 Jun 2011 18:39:39 GMT
Message-Id: <201106161839.p5GIdd9K001466@freefall.freebsd.org>
To: eugen@eg.svzserv.kuzbass.ru, ae@FreeBSD.org, freebsd-ipfw@FreeBSD.org
From: ae@FreeBSD.org
Cc:
Subject: Re: kern/129036: [ipfw] 'ipfw fwd' does not change outgoing
interface name
X-BeenThere: freebsd-ipfw@freebsd.org
X-Mailman-Version: 2.1.5
Precedence: list
List-Id: IPFW Technical Discussions <freebsd-ipfw.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-ipfw>,
<mailto:freebsd-ipfw-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-ipfw>
List-Post: <mailto:freebsd-ipfw@freebsd.org>
List-Help: <mailto:freebsd-ipfw-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-ipfw>,
<mailto:freebsd-ipfw-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Thu, 16 Jun 2011 18:39:40 -0000
Synopsis: [ipfw] 'ipfw fwd' does not change outgoing interface name
State-Changed-From-To: open->feedback
State-Changed-By: ae
State-Changed-When: Thu Jun 16 18:38:43 UTC 2011
State-Changed-Why:
Can you still reproduce this on a supported release?
http://www.freebsd.org/cgi/query-pr.cgi?pr=129036
From owner-freebsd-ipfw@FreeBSD.ORG Thu Jun 16 21:00:27 2011
Return-Path: <owner-freebsd-ipfw@FreeBSD.ORG>
Delivered-To: freebsd-ipfw@hub.freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34])
by hub.freebsd.org (Postfix) with ESMTP id 6844D1065693
for <freebsd-ipfw@hub.freebsd.org>;
Thu, 16 Jun 2011 21:00:27 +0000 (UTC)
(envelope-from gnats@FreeBSD.org)
Received: from freefall.freebsd.org (freefall.freebsd.org
[IPv6:2001:4f8:fff6::28])
by mx1.freebsd.org (Postfix) with ESMTP id E93D68FC25
for <freebsd-ipfw@hub.freebsd.org>;
Thu, 16 Jun 2011 21:00:24 +0000 (UTC)
Received: from freefall.freebsd.org (localhost [127.0.0.1])
by freefall.freebsd.org (8.14.4/8.14.4) with ESMTP id p5GL0OnQ039126
for <freebsd-ipfw@freefall.freebsd.org>; Thu, 16 Jun 2011 21:00:24 GMT
(envelope-from gnats@freefall.freebsd.org)
Received: (from gnats@localhost)
by freefall.freebsd.org (8.14.4/8.14.4/Submit) id p5GL0Ob1039125;
Thu, 16 Jun 2011 21:00:24 GMT (envelope-from gnats)
Date: Thu, 16 Jun 2011 21:00:24 GMT
Message-Id: <201106162100.p5GL0Ob1039125@freefall.freebsd.org>
To: freebsd-ipfw@FreeBSD.org
From: Eugene Grosbein <egrosbein@rdtc.ru>
Cc:
Subject: Re: kern/129036: [ipfw] 'ipfw fwd' does not change outgoing
interface name
X-BeenThere: freebsd-ipfw@freebsd.org
X-Mailman-Version: 2.1.5
Precedence: list
Reply-To: Eugene Grosbein <egrosbein@rdtc.ru>
List-Id: IPFW Technical Discussions <freebsd-ipfw.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-ipfw>,
<mailto:freebsd-ipfw-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-ipfw>
List-Post: <mailto:freebsd-ipfw@freebsd.org>
List-Help: <mailto:freebsd-ipfw-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-ipfw>,
<mailto:freebsd-ipfw-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Thu, 16 Jun 2011 21:00:27 -0000
The following reply was made to PR kern/129036; it has been noted by GNATS.
From: Eugene Grosbein <egrosbein@rdtc.ru>
To: bug-followup@FreeBSD.ORG
Cc: ae@FreeBSD.ORG
Subject: Re: kern/129036: [ipfw] 'ipfw fwd' does not change outgoing interface
name
Date: Fri, 17 Jun 2011 03:54:30 +0700
> Can you still reproduce this on a supported release?
Yes, the same problem can be reproduced with 8.2-STABLE.
Eugene Grosbein.
P.S. Please note that my original e-mail of this PR is no longer valid.
From owner-freebsd-ipfw@FreeBSD.ORG Fri Jun 17 18:37:57 2011
Return-Path: <owner-freebsd-ipfw@FreeBSD.ORG>
Delivered-To: freebsd-ipfw@hub.freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34])
by hub.freebsd.org (Postfix) with ESMTP id E5A501065679;
Fri, 17 Jun 2011 18:37:57 +0000 (UTC) (envelope-from ae@FreeBSD.org)
Received: from freefall.freebsd.org (freefall.freebsd.org
[IPv6:2001:4f8:fff6::28])
by mx1.freebsd.org (Postfix) with ESMTP id BDEE18FC1A;
Fri, 17 Jun 2011 18:37:57 +0000 (UTC)
Received: from freefall.freebsd.org (localhost [127.0.0.1])
by freefall.freebsd.org (8.14.4/8.14.4) with ESMTP id p5HIbvsL002456;
Fri, 17 Jun 2011 18:37:57 GMT (envelope-from ae@freefall.freebsd.org)
Received: (from ae@localhost)
by freefall.freebsd.org (8.14.4/8.14.4/Submit) id p5HIbvmA002452;
Fri, 17 Jun 2011 18:37:57 GMT (envelope-from ae)
Date: Fri, 17 Jun 2011 18:37:57 GMT
Message-Id: <201106171837.p5HIbvmA002452@freefall.freebsd.org>
To: ae@FreeBSD.org, freebsd-bugs@FreeBSD.org, freebsd-ipfw@FreeBSD.org
From: ae@FreeBSD.org
Cc:
Subject: Re: kern/157957: [libalias][patch] alias_ftp does not alias data
sessions corretly
X-BeenThere: freebsd-ipfw@freebsd.org
X-Mailman-Version: 2.1.5
Precedence: list
List-Id: IPFW Technical Discussions <freebsd-ipfw.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-ipfw>,
<mailto:freebsd-ipfw-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-ipfw>
List-Post: <mailto:freebsd-ipfw@freebsd.org>
List-Help: <mailto:freebsd-ipfw-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-ipfw>,
<mailto:freebsd-ipfw-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Fri, 17 Jun 2011 18:37:58 -0000
Synopsis: [libalias][patch] alias_ftp does not alias data sessions corretly
Responsible-Changed-From-To: freebsd-bugs->freebsd-ipfw
Responsible-Changed-By: ae
Responsible-Changed-When: Fri Jun 17 18:35:50 UTC 2011
Responsible-Changed-Why:
Over to maintainer(s).
http://www.freebsd.org/cgi/query-pr.cgi?pr=157957