From owner-freebsd-ipfw@FreeBSD.ORG  Sun Jul  3 16:10:08 2011
Return-Path: <owner-freebsd-ipfw@FreeBSD.ORG>
Delivered-To: freebsd-ipfw@FreeBSD.org
Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34])
	by hub.freebsd.org (Postfix) with ESMTP id 5EFBD106564A;
	Sun,  3 Jul 2011 16:10:08 +0000 (UTC)
	(envelope-from eugen@grosbein.pp.ru)
Received: from eg.sd.rdtc.ru (unknown [IPv6:2a03:3100:c:13::5])
	by mx1.freebsd.org (Postfix) with ESMTP id A66AB8FC15;
	Sun,  3 Jul 2011 16:10:07 +0000 (UTC)
Received: from eg.sd.rdtc.ru (localhost [127.0.0.1])
	by eg.sd.rdtc.ru (8.14.4/8.14.4) with ESMTP id p63GA4xZ003287;
	Sun, 3 Jul 2011 23:10:04 +0700 (NOVST)
	(envelope-from eugen@grosbein.pp.ru)
Message-ID: <4E109457.2@grosbein.pp.ru>
Date: Sun, 03 Jul 2011 23:09:59 +0700
From: Eugene Grosbein <eugen@grosbein.pp.ru>
User-Agent: Mozilla/5.0 (X11; U; FreeBSD i386; ru-RU;
	rv:1.9.2.13) Gecko/20110112 Thunderbird/3.1.7
MIME-Version: 1.0
To: ae@FreeBSD.org
References: <201107010904.p6194wKd035651@freefall.freebsd.org>
In-Reply-To: <201107010904.p6194wKd035651@freefall.freebsd.org>
Content-Type: text/plain; charset=KOI8-R
Content-Transfer-Encoding: 8bit
Cc: freebsd-ipfw@FreeBSD.org
Subject: Re: kern/131817: [ipfw] blocks layer2 packets that should not be
 blocked
X-BeenThere: freebsd-ipfw@freebsd.org
X-Mailman-Version: 2.1.5
Precedence: list
List-Id: IPFW Technical Discussions <freebsd-ipfw.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-ipfw>,
	<mailto:freebsd-ipfw-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-ipfw>
List-Post: <mailto:freebsd-ipfw@freebsd.org>
List-Help: <mailto:freebsd-ipfw-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-ipfw>,
	<mailto:freebsd-ipfw-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Sun, 03 Jul 2011 16:10:08 -0000

01.07.2011 16:04, ae@FreeBSD.org пишет:
> Synopsis: [ipfw] blocks layer2 packets that should not be blocked
> 
> State-Changed-From-To: open->feedback
> State-Changed-By: ae
> State-Changed-When: Fri Jul 1 09:04:38 UTC 2011
> State-Changed-Why: 
> Feedback requested.
> 
> http://www.freebsd.org/cgi/query-pr.cgi?pr=131817

Your patch works, thanks!

Eugene Grosbein

From owner-freebsd-ipfw@FreeBSD.ORG  Sun Jul  3 16:26:00 2011
Return-Path: <owner-freebsd-ipfw@FreeBSD.ORG>
Delivered-To: freebsd-ipfw@freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34])
	by hub.freebsd.org (Postfix) with ESMTP id 016EF1065674
	for <freebsd-ipfw@freebsd.org>; Sun,  3 Jul 2011 16:26:00 +0000 (UTC)
	(envelope-from www@petitiononline.com)
Received: from petitiononline.com (petitiononline.com [198.104.184.58])
	by mx1.freebsd.org (Postfix) with ESMTP id 914758FC08
	for <freebsd-ipfw@freebsd.org>; Sun,  3 Jul 2011 16:25:59 +0000 (UTC)
Received: from petitiononline.com (localhost [127.0.0.1])
	by petitiononline.com (8.13.6.20060614/8.13.6) with ESMTP id
	p63G9mnH054456
	for <freebsd-ipfw@freebsd.org>; Sun, 3 Jul 2011 09:09:48 -0700 (PDT)
Received: (from www@localhost)
	by petitiononline.com (8.13.6.20060614/8.13.6/Submit) id p63G9mcZ054455;
	Sun, 3 Jul 2011 09:09:48 -0700 (PDT)
Date: Sun, 3 Jul 2011 09:09:48 -0700 (PDT)
Message-Id: <201107031609.p63G9mcZ054455@petitiononline.com>
From: petitions@petitiononline.com (PetitionOnline)
To: okapia-2zacx <freebsd-ipfw@freebsd.org>
Organization: Artifice
MIME-Version: 1.0
Subject: Signature Confirmation - We are for Sony Ericsson without ODM -
	6132 - se2011
X-BeenThere: freebsd-ipfw@freebsd.org
X-Mailman-Version: 2.1.5
Precedence: list
Reply-To: xamid13@yandex.ru
List-Id: IPFW Technical Discussions <freebsd-ipfw.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-ipfw>,
	<mailto:freebsd-ipfw-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-ipfw>
List-Post: <mailto:freebsd-ipfw@freebsd.org>
List-Help: <mailto:freebsd-ipfw-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-ipfw>,
	<mailto:freebsd-ipfw-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Sun, 03 Jul 2011 16:26:00 -0000

Dear okapia-2zacx,

This email message is sent to you from PetitionOnline to confirm your signature as "okapia-2zacx" on the online petition:

   "We are for Sony Ericsson without ODM"

hosted on the web by our free online petition service, at:

   http://www.PetitionOnline.com/se2011/

Your signature on the petition is already complete, and there is no need
to reply to this message.

Your signature number for this petition is 6132.

At PetitionOnline, we host the petition you've signed, but we didn't
create it. If you would like to comment on the petition, or otherwise 
communicate directly with the petition author, you can contact the author at:

   , xamid13@yandex.ru
   OK
   www.sony-ericsson.ru, www.mobilefree.ru, www.topse.ru, www.se-zone.ru, www.se-nse.net, www.esato.com, www.centrumse.pl. www.topsony.com

                       -- * --
 Please contribute $1.00 or more to PetitionOnline and help maintain 
 this premiere free speech forum.  Your contribution is completely 
 voluntary -- and generous support from visitors like you is what keeps 
 PetitionOnline going!  Contributing is quick, easy, private, and secure, 
 either directly to PetitionOnline:
    https://artifice.securesites.com/cgi-bin/support_petitiononline.cgi
   
 or with PayPal, including international currencies and eChecks:
https://www.paypal.com/xclick/business=support%40petitiononline.com&item_name=PetitionOnline&no_shipping=1&cn=Comments
                       -- * --


If you would like to help some more to support the cause of this
petition, it would be great to take a moment now and send a quick email
message to let some friends and allies know about it.

Here's some text you can just copy and paste into your own email message
to help spread the word about this petition:

        + --------- copy from here --------- +

Dear Friends,

I have just read and signed the online petition:

   "We are for Sony Ericsson without ODM"

hosted on the web by PetitionOnline.com, the free online petition
service, at:

   http://www.PetitionOnline.com/se2011/

I personally agree with what this petition says, and I think you might
agree, too.  If you can spare a moment, please take a look, and consider
signing yourself.

Best wishes,

okapia-2zacx

        + --------- down to here ---------- +
        + paste into your own email, & send +


A note along those lines, sent from you to your friends, can make an
especially effective contribution to the petition.  A successful
petition is a grassroots collaborative effort, and now it's your turn. 
The power of the Internet is in your hands -- so spread the word!

Note, however, that in helping to promote this petition you are expressly prohibited from sending unsolicited bulk mail messages ("junk mail" or "spam").  This includes, but is not limited to, bulk-mailing of commercial advertising, information announcements, and political tracts.  Such material may only be sent to those who have specifically requested it.

Confirmation in Error?

On the other hand, if you believe you have received this confirmation of
signature in error, and, if you received the email _directly_ from
PetitionOnline.com, then please forward THIS ENTIRE MESSAGE, with
a brief explanation, to:

   support@PetitionOnline.org

An erroneous signature confirmation is most often caused by a typographic error by a legitimate signer.  With millions of email addresses on the internet, there are very many addresses that are only one letter apart.  However, an erroneous signature confirmation could also be caused by abuse of the petition system, so all confirmation errors will be investigated carefully.

By the way, we don't keep any email distribution lists associated with petition signers at PetitionOnline.com, so there is never any mail list here you'd need to be unsubscribed from.  

We honor you for the courage of your convictions.  And we thank you for participating in the free and open expression of public opinion.

Best wishes,

Kevin Matthews
Director
PetitionOnline
www.PetitionOnline.com provides free hosting of public petitions for responsible public advocacy.  There is NO EXPRESS OR IMPLIED ENDORSEMENT OF THIS PETITION or other hosted petitions by Artifice, Inc. or our sponsors.

                 http://www.PetitionOnline.org

It's quick and easy.  Create your own free online petition today at
PetitionOnline!

+ - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - +
   Artifice, Inc.                            http://www.artifice.com
   http://www.archiplanet.org
   http://www.petitiononline.org
   http://www.greatbuildings.com
   http://www.architectureweek.com
   541.345.7421 voice  .  541.345.7438 fax  .  Eugene, Oregon, USA
   new tools and media for creative living and grassroots democracy
+ - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - +

   Privacy Policy:  http://www.PetitionOnline.org/privacy-pets.html

Unsubscribe:
This Signature Confirmation email message is not part of any mailing list at PetitionOnline.com.  It is a one time communication in response to signing a
petition at PetitionOnline.com.  There is simply nothing to unsubscribe from.

Contributions to help support PetitionOnline.com are warmly appreciated via
PayPal in U.S. Dollars, Canadian Dollars, Euros, Pounds Sterling, and Yen.
PayPal accepts eChecks as well as major credit cards.  Contributing is
secure, fast, and easy:
https://www.paypal.com/xclick/business=support%40petitiononline.com&item_name=PetitionOnline&no_shipping=1&cn=Comments

Or if you prefer to contribute offline, please make checks payable to:

    Artifice, Inc.
    PetitionOnline.com
    PO Box 1588
    Eugene, OR 97440
    
Thank you!
    
+ - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - +


From owner-freebsd-ipfw@FreeBSD.ORG  Sun Jul  3 21:20:11 2011
Return-Path: <owner-freebsd-ipfw@FreeBSD.ORG>
Delivered-To: freebsd-ipfw@hub.freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34])
	by hub.freebsd.org (Postfix) with ESMTP id A8721106566B
	for <freebsd-ipfw@hub.freebsd.org>;
	Sun,  3 Jul 2011 21:20:11 +0000 (UTC)
	(envelope-from gnats@FreeBSD.org)
Received: from freefall.freebsd.org (freefall.freebsd.org
	[IPv6:2001:4f8:fff6::28])
	by mx1.freebsd.org (Postfix) with ESMTP id 7EF7D8FC15
	for <freebsd-ipfw@hub.freebsd.org>;
	Sun,  3 Jul 2011 21:20:11 +0000 (UTC)
Received: from freefall.freebsd.org (localhost [127.0.0.1])
	by freefall.freebsd.org (8.14.4/8.14.4) with ESMTP id p63LKBVu094648
	for <freebsd-ipfw@freefall.freebsd.org>; Sun, 3 Jul 2011 21:20:11 GMT
	(envelope-from gnats@freefall.freebsd.org)
Received: (from gnats@localhost)
	by freefall.freebsd.org (8.14.4/8.14.4/Submit) id p63LKB0P094647;
	Sun, 3 Jul 2011 21:20:11 GMT (envelope-from gnats)
Date: Sun, 3 Jul 2011 21:20:11 GMT
Message-Id: <201107032120.p63LKB0P094647@freefall.freebsd.org>
To: freebsd-ipfw@FreeBSD.org
From: Eugene Grosbein <eugen@grosbein.pp.ru>
Cc: 
Subject: Re: kern/131817: [ipfw] blocks layer2 packets that should not be
 blocked
X-BeenThere: freebsd-ipfw@freebsd.org
X-Mailman-Version: 2.1.5
Precedence: list
Reply-To: Eugene Grosbein <eugen@grosbein.pp.ru>
List-Id: IPFW Technical Discussions <freebsd-ipfw.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-ipfw>,
	<mailto:freebsd-ipfw-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-ipfw>
List-Post: <mailto:freebsd-ipfw@freebsd.org>
List-Help: <mailto:freebsd-ipfw-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-ipfw>,
	<mailto:freebsd-ipfw-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Sun, 03 Jul 2011 21:20:11 -0000

The following reply was made to PR kern/131817; it has been noted by GNATS.

From: Eugene Grosbein <eugen@grosbein.pp.ru>
To: bug-followup@FreeBSD.ORG
Cc:  
Subject: Re: kern/131817: [ipfw] blocks layer2 packets that should not be
 blocked
Date: Mon, 04 Jul 2011 04:12:46 +0700

 01.07.2011 16:04, ae@FreeBSD.org пишет:
 > Synopsis: [ipfw] blocks layer2 packets that should not be blocked
 > 
 > State-Changed-From-To: open->feedback
 > State-Changed-By: ae
 > State-Changed-When: Fri Jul 1 09:04:38 UTC 2011
 > State-Changed-Why: 
 > Feedback requested.
 > 
 > http://www.freebsd.org/cgi/query-pr.cgi?pr=131817
 
 Your patch works, thanks!
 
 Eugene Grosbein

From owner-freebsd-ipfw@FreeBSD.ORG  Mon Jul  4 05:49:11 2011
Return-Path: <owner-freebsd-ipfw@FreeBSD.ORG>
Delivered-To: freebsd-ipfw@hub.freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34])
	by hub.freebsd.org (Postfix) with ESMTP id 2E996106567A;
	Mon,  4 Jul 2011 05:49:11 +0000 (UTC) (envelope-from ae@FreeBSD.org)
Received: from freefall.freebsd.org (freefall.freebsd.org
	[IPv6:2001:4f8:fff6::28])
	by mx1.freebsd.org (Postfix) with ESMTP id 074D08FC1F;
	Mon,  4 Jul 2011 05:49:11 +0000 (UTC)
Received: from freefall.freebsd.org (localhost [127.0.0.1])
	by freefall.freebsd.org (8.14.4/8.14.4) with ESMTP id p645nAbs067109;
	Mon, 4 Jul 2011 05:49:10 GMT (envelope-from ae@freefall.freebsd.org)
Received: (from ae@localhost)
	by freefall.freebsd.org (8.14.4/8.14.4/Submit) id p645nA2r067103;
	Mon, 4 Jul 2011 05:49:10 GMT (envelope-from ae)
Date: Mon, 4 Jul 2011 05:49:10 GMT
Message-Id: <201107040549.p645nA2r067103@freefall.freebsd.org>
To: eugen@grosbein.pp.ru, ae@FreeBSD.org, freebsd-ipfw@FreeBSD.org
From: ae@FreeBSD.org
Cc: 
Subject: Re: kern/131817: [ipfw] blocks layer2 packets that should not be
	blocked
X-BeenThere: freebsd-ipfw@freebsd.org
X-Mailman-Version: 2.1.5
Precedence: list
List-Id: IPFW Technical Discussions <freebsd-ipfw.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-ipfw>,
	<mailto:freebsd-ipfw-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-ipfw>
List-Post: <mailto:freebsd-ipfw@freebsd.org>
List-Help: <mailto:freebsd-ipfw-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-ipfw>,
	<mailto:freebsd-ipfw-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Mon, 04 Jul 2011 05:49:11 -0000

Synopsis: [ipfw] blocks layer2 packets that should not be blocked

State-Changed-From-To: feedback->patched
State-Changed-By: ae
State-Changed-When: Mon Jul 4 05:48:49 UTC 2011
State-Changed-Why: 
Patched in head/. Thanks!

http://www.freebsd.org/cgi/query-pr.cgi?pr=131817

From owner-freebsd-ipfw@FreeBSD.ORG  Mon Jul  4 05:50:09 2011
Return-Path: <owner-freebsd-ipfw@FreeBSD.ORG>
Delivered-To: freebsd-ipfw@hub.freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34])
	by hub.freebsd.org (Postfix) with ESMTP id 69874106566C
	for <freebsd-ipfw@hub.freebsd.org>;
	Mon,  4 Jul 2011 05:50:09 +0000 (UTC)
	(envelope-from gnats@FreeBSD.org)
Received: from freefall.freebsd.org (freefall.freebsd.org
	[IPv6:2001:4f8:fff6::28])
	by mx1.freebsd.org (Postfix) with ESMTP id 5A2B68FC0A
	for <freebsd-ipfw@hub.freebsd.org>;
	Mon,  4 Jul 2011 05:50:09 +0000 (UTC)
Received: from freefall.freebsd.org (localhost [127.0.0.1])
	by freefall.freebsd.org (8.14.4/8.14.4) with ESMTP id p645o9YB067281
	for <freebsd-ipfw@freefall.freebsd.org>; Mon, 4 Jul 2011 05:50:09 GMT
	(envelope-from gnats@freefall.freebsd.org)
Received: (from gnats@localhost)
	by freefall.freebsd.org (8.14.4/8.14.4/Submit) id p645o9Z2067280;
	Mon, 4 Jul 2011 05:50:09 GMT (envelope-from gnats)
Date: Mon, 4 Jul 2011 05:50:09 GMT
Message-Id: <201107040550.p645o9Z2067280@freefall.freebsd.org>
To: freebsd-ipfw@FreeBSD.org
From: dfilter@FreeBSD.ORG (dfilter service)
Cc: 
Subject: Re: kern/131817: commit references a PR
X-BeenThere: freebsd-ipfw@freebsd.org
X-Mailman-Version: 2.1.5
Precedence: list
Reply-To: dfilter service <dfilter@FreeBSD.ORG>
List-Id: IPFW Technical Discussions <freebsd-ipfw.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-ipfw>,
	<mailto:freebsd-ipfw-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-ipfw>
List-Post: <mailto:freebsd-ipfw@freebsd.org>
List-Help: <mailto:freebsd-ipfw-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-ipfw>,
	<mailto:freebsd-ipfw-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Mon, 04 Jul 2011 05:50:09 -0000

The following reply was made to PR kern/131817; it has been noted by GNATS.

From: dfilter@FreeBSD.ORG (dfilter service)
To: bug-followup@FreeBSD.org
Cc:  
Subject: Re: kern/131817: commit references a PR
Date: Mon,  4 Jul 2011 05:48:00 +0000 (UTC)

 Author: ae
 Date: Mon Jul  4 05:47:48 2011
 New Revision: 223753
 URL: http://svn.freebsd.org/changeset/base/223753
 
 Log:
   ARP code reuses mbuf from ARP request to make a reply, but it does not
   reset rcvif to NULL. Since rcvif is not NULL, ipfw(4) supposes that ARP
   replies were received on specified interface.
   Reset rcvif to NULL for ARP replies to fix this issue.
   
   PR:		kern/131817
   Reviewed by:	glebius
   MFC after:	1 month
 
 Modified:
   head/sys/netinet/if_ether.c
 
 Modified: head/sys/netinet/if_ether.c
 ==============================================================================
 --- head/sys/netinet/if_ether.c	Mon Jul  4 03:19:06 2011	(r223752)
 +++ head/sys/netinet/if_ether.c	Mon Jul  4 05:47:48 2011	(r223753)
 @@ -857,6 +857,7 @@ reply:
  	ah->ar_pro = htons(ETHERTYPE_IP); /* let's be sure! */
  	m->m_len = sizeof(*ah) + (2 * ah->ar_pln) + (2 * ah->ar_hln);   
  	m->m_pkthdr.len = m->m_len;   
 +	m->m_pkthdr.rcvif = NULL;
  	sa.sa_family = AF_ARP;
  	sa.sa_len = 2;
  	(*ifp->if_output)(ifp, m, &sa, NULL);
 _______________________________________________
 svn-src-all@freebsd.org mailing list
 http://lists.freebsd.org/mailman/listinfo/svn-src-all
 To unsubscribe, send any mail to "svn-src-all-unsubscribe@freebsd.org"
 

From owner-freebsd-ipfw@FreeBSD.ORG  Mon Jul  4 11:07:04 2011
Return-Path: <owner-freebsd-ipfw@FreeBSD.ORG>
Delivered-To: freebsd-ipfw@FreeBSD.org
Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34])
	by hub.freebsd.org (Postfix) with ESMTP id 96C9D1065680
	for <freebsd-ipfw@FreeBSD.org>; Mon,  4 Jul 2011 11:07:04 +0000 (UTC)
	(envelope-from owner-bugmaster@FreeBSD.org)
Received: from freefall.freebsd.org (freefall.freebsd.org
	[IPv6:2001:4f8:fff6::28])
	by mx1.freebsd.org (Postfix) with ESMTP id 7B2FF8FC1C
	for <freebsd-ipfw@FreeBSD.org>; Mon,  4 Jul 2011 11:07:04 +0000 (UTC)
Received: from freefall.freebsd.org (localhost [127.0.0.1])
	by freefall.freebsd.org (8.14.4/8.14.4) with ESMTP id p64B74be040465
	for <freebsd-ipfw@FreeBSD.org>; Mon, 4 Jul 2011 11:07:04 GMT
	(envelope-from owner-bugmaster@FreeBSD.org)
Received: (from gnats@localhost)
	by freefall.freebsd.org (8.14.4/8.14.4/Submit) id p64B73FY040463
	for freebsd-ipfw@FreeBSD.org; Mon, 4 Jul 2011 11:07:03 GMT
	(envelope-from owner-bugmaster@FreeBSD.org)
Date: Mon, 4 Jul 2011 11:07:03 GMT
Message-Id: <201107041107.p64B73FY040463@freefall.freebsd.org>
X-Authentication-Warning: freefall.freebsd.org: gnats set sender to
	owner-bugmaster@FreeBSD.org using -f
From: FreeBSD bugmaster <bugmaster@FreeBSD.org>
To: freebsd-ipfw@FreeBSD.org
Cc: 
Subject: Current problem reports assigned to freebsd-ipfw@FreeBSD.org
X-BeenThere: freebsd-ipfw@freebsd.org
X-Mailman-Version: 2.1.5
Precedence: list
List-Id: IPFW Technical Discussions <freebsd-ipfw.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-ipfw>,
	<mailto:freebsd-ipfw-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-ipfw>
List-Post: <mailto:freebsd-ipfw@freebsd.org>
List-Help: <mailto:freebsd-ipfw-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-ipfw>,
	<mailto:freebsd-ipfw-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Mon, 04 Jul 2011 11:07:04 -0000

Note: to view an individual PR, use:
  http://www.freebsd.org/cgi/query-pr.cgi?pr=(number).

The following is a listing of current problems submitted by FreeBSD users.
These represent problem reports covering all versions including
experimental development code and obsolete releases.


S Tracker      Resp.      Description
--------------------------------------------------------------------------------
o kern/158066  ipfw       [ipfw] ipfw + netgraph + multicast = multicast packets
p kern/157957  ipfw       [libalias][patch] alias_ftp does not alias data sessio
p kern/157867  ipfw       [patch][ipfw] natd globalport support for ipfw nat
o kern/157796  ipfw       [ipfw] IPFW in-kernel NAT nat loopback / Default Route
o kern/157689  ipfw       [ipfw] ipfw nat config does not accept nonexistent int
p kern/157379  ipfw       [ipfw] mtr does not work if I use ipfw nat
p kern/157239  ipfw       [ipfw] [dummynet] ipfw + dummynet corrupts ipv6 packet
o kern/156770  ipfw       [ipfw] [dummynet] [patch]: performance improvement and
p bin/156653   ipfw       ipfw(8) reports missing file as parameter problem
f kern/155927  ipfw       [ipfw] ipfw stops to check packets for compliance with
o bin/153252   ipfw       [ipfw][patch] ipfw lockdown system in subsequent call 
o kern/153161  ipfw       IPFIREWALL does not allow specify rules with ICMP code
o kern/152113  ipfw       [ipfw] page fault on 8.1-RELEASE caused by certain amo
p kern/150798  ipfw       [ipfw] ipfw2 fwd rule matches packets but does not do 
o kern/148827  ipfw       [ipfw] divert broken with in-kernel ipfw
o kern/148689  ipfw       [ipfw] antispoof wrongly triggers on link local IPv6 a
o kern/148430  ipfw       [ipfw] IPFW schedule delete broken.
o kern/148091  ipfw       [ipfw] ipfw ipv6 handling broken.
p kern/147720  ipfw       [ipfw] ipfw dynamic rules and fwd
o kern/144269  ipfw       [ipfw] problem with ipfw tables
o kern/143973  ipfw       [ipfw] [panic] ipfw forward option causes kernel reboo
o kern/143621  ipfw       [ipfw] [dummynet] [patch] dummynet and vnet use result
o kern/143474  ipfw       [ipfw] ipfw table contains the same address
o kern/137346  ipfw       [ipfw] ipfw nat redirect_proto is broken
o kern/137232  ipfw       [ipfw] parser troubles
p kern/136695  ipfw       [ipfw] [patch] fwd reached after skipto in dynamic rul
o kern/135476  ipfw       [ipfw] IPFW table breaks after adding a large number o
p kern/131817  ipfw       [ipfw] blocks layer2 packets that should not be blocke
p kern/129093  ipfw       [ipfw] ipfw nat must not drop packets
f kern/129036  ipfw       [ipfw] 'ipfw fwd' does not change outgoing interface n
p kern/128260  ipfw       [ipfw] [patch] ipfw_divert damages IPv6 packets
o kern/127230  ipfw       [ipfw] [patch] Feature request to add UID and/or GID l
o kern/127209  ipfw       [ipfw] IPFW table become corrupted after many changes
o kern/122963  ipfw       [ipfw] tcpdump does not show packets redirected by 'ip
p kern/122109  ipfw       [ipfw] ipfw nat traceroute problem
s kern/121807  ipfw       [request] TCP and UDP port_table in ipfw
o kern/121122  ipfw       [ipfw] [patch] add support to ToS IP PRECEDENCE fields
o bin/117214   ipfw       ipfw(8) fwd with IPv6 treats input as IPv4
o kern/116009  ipfw       [ipfw] [patch] Ignore errors when loading ruleset from
o bin/104921   ipfw       [patch] ipfw(8) sometimes treats ipv6 input as ipv4 (a
o kern/104682  ipfw       [ipfw] [patch] Some minor language consistency fixes a
o kern/103454  ipfw       [ipfw] [patch] [request] add a facility to modify DF b
o kern/103328  ipfw       [ipfw] [request] sugestions about ipfw table
o kern/102471  ipfw       [ipfw] [patch] add tos and dscp support
o kern/97951   ipfw       [ipfw] [patch] ipfw does not tie interface details to 
o kern/95084   ipfw       [ipfw] [regression] [patch] IPFW2 ignores "recv/xmit/v
f kern/91847   ipfw       [ipfw] ipfw with vlanX as the device
o kern/86957   ipfw       [ipfw] [patch] ipfw mac logging
o bin/83046    ipfw       [ipfw] ipfw2 error: "setup" is allowed for icmp, but s
o kern/82724   ipfw       [ipfw] [patch] [request] Add setnexthop and defaultrou
o bin/78785    ipfw       [patch] ipfw(8) verbosity locks machine if /etc/rc.fir
o kern/60719   ipfw       [ipfw] Headerless fragments generate cryptic error mes
s kern/55984   ipfw       [ipfw] [patch] time based firewalling support for ipfw
o kern/48172   ipfw       [ipfw] [patch] ipfw does not log size and flags
o kern/46159   ipfw       [ipfw] [patch] [request] ipfw dynamic rules lifetime f
a kern/26534   ipfw       [ipfw] Add an option to ipfw to log gid/uid of who cau

56 problems total.


From owner-freebsd-ipfw@FreeBSD.ORG  Mon Jul  4 12:47:09 2011
Return-Path: <owner-freebsd-ipfw@FreeBSD.ORG>
Delivered-To: freebsd-ipfw@freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34])
	by hub.freebsd.org (Postfix) with ESMTP id B654B106566B
	for <freebsd-ipfw@freebsd.org>; Mon,  4 Jul 2011 12:47:09 +0000 (UTC)
	(envelope-from gregoire.leroy@retenodus.net)
Received: from relay4-d.mail.gandi.net (relay4-d.mail.gandi.net
	[217.70.183.196])
	by mx1.freebsd.org (Postfix) with ESMTP id 0D5A28FC1A
	for <freebsd-ipfw@freebsd.org>; Mon,  4 Jul 2011 12:47:08 +0000 (UTC)
X-Originating-IP: 217.70.178.134
Received: from mfilter4-d.gandi.net (mfilter4-d.gandi.net [217.70.178.134])
	by relay4-d.mail.gandi.net (Postfix) with ESMTP id EDB6B17209F
	for <freebsd-ipfw@freebsd.org>; Mon,  4 Jul 2011 14:46:57 +0200 (CEST)
X-Virus-Scanned: Debian amavisd-new at mfilter4-d.gandi.net
Received: from relay4-d.mail.gandi.net ([217.70.183.196])
	by mfilter4-d.gandi.net (mfilter4-d.gandi.net [10.0.15.180])
	(amavisd-new, port 10024)
	with ESMTP id mq-aLRv2sjjn for <freebsd-ipfw@freebsd.org>;
	Mon,  4 Jul 2011 14:46:56 +0200 (CEST)
X-Originating-IP: 212.234.55.192
Received: from rena.localnet (unknown [212.234.55.192])
	(Authenticated sender: lupuscramus@hyperthese.net)
	by relay4-d.mail.gandi.net (Postfix) with ESMTPSA id 62D6A172081
	for <freebsd-ipfw@freebsd.org>; Mon,  4 Jul 2011 14:46:56 +0200 (CEST)
From: =?iso-8859-1?q?Gr=E9goire_Leroy?= <gregoire.leroy@retenodus.net>
To: freebsd-ipfw@freebsd.org
Date: Mon, 4 Jul 2011 14:46:55 +0200
User-Agent: KMail/1.13.7 (Linux/2.6.39-2-amd64; KDE/4.6.4; x86_64; ; )
X-KMail-Markup: true
MIME-Version: 1.0
Message-Id: <201107041446.55415.gregoire.leroy@retenodus.net>
Content-Type: text/plain;
  charset="iso-8859-1"
Content-Transfer-Encoding: quoted-printable
X-Content-Filtered-By: Mailman/MimeDel 2.1.5
Subject: Natd + dummynet
X-BeenThere: freebsd-ipfw@freebsd.org
X-Mailman-Version: 2.1.5
Precedence: list
List-Id: IPFW Technical Discussions <freebsd-ipfw.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-ipfw>,
	<mailto:freebsd-ipfw-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-ipfw>
List-Post: <mailto:freebsd-ipfw@freebsd.org>
List-Help: <mailto:freebsd-ipfw-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-ipfw>,
	<mailto:freebsd-ipfw-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Mon, 04 Jul 2011 12:47:09 -0000

Hi,

I try to use dummynet with natd, but I don't understand where I must write=
=20
pipes/queues lines.

I want to use fair queueing on my sdsl line, and I don't understand if I mu=
st=20
write rules :
1) before the firsts lines of nat
2) Between nat and chek-state
3) before allow/deny
4) After allow/deny
5) After lasts natd lines.

I wonder also if pipes rules replace allow rules : if a packet is accepted =
in=20
a pipe, it's also allowed, isn't it ?

My rules are :=20

# Les paquets autorises sont nattes -> important
$cmd 55300 divert 8868 ip from any to any in via $adsl1_if
$cmd 55301 divert 8869 ip from any to any in via $adsl2_if
$cmd 55302 divert 8870 ip from any to any in via $sdsl_if

# On accepte les paquets autorises par keep-state
$cmd 55320 check-state

=2E.. some deny/allow/skipto lines ...

#nat everything that get's here, should be ok as local allowed in first
$cmd 61000 divert 8868 ip from $interne to any in
$cmd 61100 divert 8868 ip from $interne to any out
$cmd 61300 allow all from any to any

$cmd 62000 divert 8869 ip from $interne to any out
$cmd 62500 divert 8869 ip from $interne to any in
$cmd 62700 allow all from any to any
$cmd 63000 divert 8870 ip from $interne_all to any out
$cmd 63500 divert 8870 ip from $interne_all to any in
$cmd 63600 allow all from any to any

#policy route to send traffic to correct isp
$cmd 61200 fwd $isp1 ip from $adsl1_ip to any
$cmd 62550 fwd $isp2 ip from $adsl2_ip to any
$cmd 63700 fwd $isp3 ip from $sdsl_ip to any

$cmd 65534 allow all from any to any

Tkanks for your help,
Gr=E9goire Leroy

From owner-freebsd-ipfw@FreeBSD.ORG  Tue Jul  5 10:59:58 2011
Return-Path: <owner-freebsd-ipfw@FreeBSD.ORG>
Delivered-To: freebsd-ipfw@freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34])
	by hub.freebsd.org (Postfix) with ESMTP id 5F09E1065670
	for <freebsd-ipfw@freebsd.org>; Tue,  5 Jul 2011 10:59:58 +0000 (UTC)
	(envelope-from unga888@yahoo.com)
Received: from nm29-vm0.bullet.mail.bf1.yahoo.com
	(nm29-vm0.bullet.mail.bf1.yahoo.com [98.139.213.166])
	by mx1.freebsd.org (Postfix) with SMTP id DC6608FC0A
	for <freebsd-ipfw@freebsd.org>; Tue,  5 Jul 2011 10:59:57 +0000 (UTC)
Received: from [98.139.212.149] by nm29.bullet.mail.bf1.yahoo.com with NNFMP;
	05 Jul 2011 10:47:02 -0000
Received: from [98.139.212.230] by tm6.bullet.mail.bf1.yahoo.com with NNFMP;
	05 Jul 2011 10:47:02 -0000
Received: from [127.0.0.1] by omp1039.mail.bf1.yahoo.com with NNFMP;
	05 Jul 2011 10:47:02 -0000
X-Yahoo-Newman-Property: ymail-3
X-Yahoo-Newman-Id: 865648.45766.bm@omp1039.mail.bf1.yahoo.com
Received: (qmail 10425 invoked by uid 60001); 5 Jul 2011 10:47:02 -0000
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=yahoo.com; s=s1024;
	t=1309862822; bh=sZefuMy5lGxQzQXR2nlutsPpimjJRHErGdmiBAtJzLY=;
	h=X-YMail-OSG:Received:X-Mailer:Message-ID:Date:From:Subject:To:MIME-Version:Content-Type;
	b=VYbMGHyoxd5gFZuU8V4Clw90gtivDAw6EiPcgAb9gtMwS5mL9Ej7pclM1DRAHGBAvZozqspsyWn8MYNT3rIueP74r/P6cRF0GLZcjxGw3n9iykX3dhSgFH05emBFrF+LVKJbYv7NKyUMZTVCMlL+ecROgwA9mLHZZOXnFuJgqC4=
DomainKey-Signature: a=rsa-sha1; q=dns; c=nofws; s=s1024; d=yahoo.com;
	h=X-YMail-OSG:Received:X-Mailer:Message-ID:Date:From:Subject:To:MIME-Version:Content-Type;
	b=ufWd6uWn/FHuNHw7RVYWZr8aoNX+aUnydF3DNt7cYSM8kDIhM3asgSb8DT8CQDFzDRaxLNYoXbJ3gV6hxxImzlYzOHWXSiW9upIf4Ecrsi+WKbQF/1rmgLSMEMnZM3diwH/J0VN1ZD+PUlqfTG9c00gd+DHkY67RLy0LwxgX6Qk=;
X-YMail-OSG: GjwsKkgVM1lA3IOPaYLrYgSGARNrPYJvJ_NC8tlMHDbMnH0
	o2R9f.Q_kNn103d0l84oRlWdG7FfPEq7MHm8LRkH7PcNuLh9uYZBN2tPPOvm
	E8v7xz8BtjWLb1kydJ57GzBUeYlGrwO93APqL7HwQKKw0vC725dLs2fX2Cmr
	0oKbxxJ6fP_2yQZRrraXHE1KRlv9rW5g.h5nr5J7QqhzTBKjIf4Fi8sVvC7_
	604hwRuV3Ie4I4TxQNJctHtRsM4Kl9kM0Gh6ewUokbqiv245hk5ZPL_xtKOH
	c2dcYlTgWBCg.eyI_TVytjkDBp3UEd9yy2xriTPjKQdcCcGdUb.AskEBrmV1
	XLWTIbfVJCmudfl6sC1cmV7LgfNt73_nHvlJsgCGiLXMWC0TACSb5igbolxB
	twao7XTko2k7b9_SneRmQxCO9Ql9NY2BJcpUCslfYQ7o0vbCKjT4l8Q--
Received: from [112.134.99.185] by web160107.mail.bf1.yahoo.com via HTTP;
	Tue, 05 Jul 2011 03:47:02 PDT
X-Mailer: YahooMailClassic/14.0.3 YahooMailWebService/0.8.112.307740
Message-ID: <1309862822.4608.YahooMailClassic@web160107.mail.bf1.yahoo.com>
Date: Tue, 5 Jul 2011 03:47:02 -0700 (PDT)
From: Unga <unga888@yahoo.com>
To: freebsd-ipfw@freebsd.org
MIME-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Subject: ipfw fwd on FreeBSD 8.1, does it work?
X-BeenThere: freebsd-ipfw@freebsd.org
X-Mailman-Version: 2.1.5
Precedence: list
List-Id: IPFW Technical Discussions <freebsd-ipfw.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-ipfw>,
	<mailto:freebsd-ipfw-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-ipfw>
List-Post: <mailto:freebsd-ipfw@freebsd.org>
List-Help: <mailto:freebsd-ipfw-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-ipfw>,
	<mailto:freebsd-ipfw-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Tue, 05 Jul 2011 10:59:58 -0000

Hi all

Following ipfw rule develop error indicated:
ipfw add 100 fwd 127.0.0.1,1234 tcp from any to any 1234 out via wlan0

Error:
ipfw: getsockopt(IP_FW_ADD): Invalid argument

What I want to do is forward any packet going out of the computer to port 1234 forward back to 127.0.0.1:1234.

There is a test daemon listening to port 1234. The wlan0 exists and used for all Internet traffic.

The objective is to test a daemon. In actual practice the router is expected forward packets passing to port 1234 to this daemon.

I have built the kernel with "options IPFIREWALL_FORWARD".

This is FreeBSD 8.1.

What's the error here? Is the rule incorrect?

Does ipfw fwd work with FreeBSD 8.1?

Can I forward packets generating in the computer back to the same computer with ipfw fwd?

Many thanks in advance.

Unga

From owner-freebsd-ipfw@FreeBSD.ORG  Tue Jul  5 13:59:00 2011
Return-Path: <owner-freebsd-ipfw@FreeBSD.ORG>
Delivered-To: freebsd-ipfw@hub.freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34])
	by hub.freebsd.org (Postfix) with ESMTP id D8B531065670;
	Tue,  5 Jul 2011 13:59:00 +0000 (UTC)
	(envelope-from emaste@FreeBSD.org)
Received: from freefall.freebsd.org (freefall.freebsd.org
	[IPv6:2001:4f8:fff6::28])
	by mx1.freebsd.org (Postfix) with ESMTP id B1D938FC14;
	Tue,  5 Jul 2011 13:59:00 +0000 (UTC)
Received: from freefall.freebsd.org (localhost [127.0.0.1])
	by freefall.freebsd.org (8.14.4/8.14.4) with ESMTP id p65Dx0dI065034;
	Tue, 5 Jul 2011 13:59:00 GMT
	(envelope-from emaste@freefall.freebsd.org)
Received: (from emaste@localhost)
	by freefall.freebsd.org (8.14.4/8.14.4/Submit) id p65Dx0AA065030;
	Tue, 5 Jul 2011 13:59:00 GMT (envelope-from emaste)
Date: Tue, 5 Jul 2011 13:59:00 GMT
Message-Id: <201107051359.p65Dx0AA065030@freefall.freebsd.org>
To: emaste@FreeBSD.org, freebsd-ipfw@FreeBSD.org, bz@FreeBSD.org
From: emaste@FreeBSD.org
Cc: 
Subject: Re: bin/117214: ipfw(8) fwd with IPv6 treats input as IPv4
X-BeenThere: freebsd-ipfw@freebsd.org
X-Mailman-Version: 2.1.5
Precedence: list
List-Id: IPFW Technical Discussions <freebsd-ipfw.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-ipfw>,
	<mailto:freebsd-ipfw-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-ipfw>
List-Post: <mailto:freebsd-ipfw@freebsd.org>
List-Help: <mailto:freebsd-ipfw-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-ipfw>,
	<mailto:freebsd-ipfw-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Tue, 05 Jul 2011 13:59:00 -0000

Synopsis: ipfw(8) fwd with IPv6 treats input as IPv4

Responsible-Changed-From-To: freebsd-ipfw->bz
Responsible-Changed-By: emaste
Responsible-Changed-When: Tue Jul 5 13:57:09 UTC 2011
Responsible-Changed-Why: 
Sandvine has a patch to implement ipv6 fwd that bz@'s going to clean
up and get into the tree.

http://www.freebsd.org/cgi/query-pr.cgi?pr=117214

From owner-freebsd-ipfw@FreeBSD.ORG  Tue Jul  5 14:00:17 2011
Return-Path: <owner-freebsd-ipfw@FreeBSD.ORG>
Delivered-To: freebsd-ipfw@freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34])
	by hub.freebsd.org (Postfix) with ESMTP id 4A0CE1065670
	for <freebsd-ipfw@freebsd.org>; Tue,  5 Jul 2011 14:00:17 +0000 (UTC)
	(envelope-from fabian@wenks.ch)
Received: from batman.home4u.ch (batman.home4u.ch [IPv6:2001:8a8:1005:1::2])
	by mx1.freebsd.org (Postfix) with ESMTP id C10D38FC15
	for <freebsd-ipfw@freebsd.org>; Tue,  5 Jul 2011 14:00:16 +0000 (UTC)
X-Virus-Scanned: amavisd-new at home4u.ch
Received: from flashback.wenks.ch (fabian@flashback.wenks.ch [62.12.173.4])
	(authenticated bits=0)
	by batman.home4u.ch (8.14.4/8.14.4) with ESMTP id p65E0Exr024068
	(version=TLSv1/SSLv3 cipher=DHE-RSA-CAMELLIA256-SHA bits=256 verify=NO)
	for <freebsd-ipfw@freebsd.org>; Tue, 5 Jul 2011 16:00:15 +0200 (CEST)
	(envelope-from fabian@wenks.ch)
Message-ID: <4E1318EE.7020602@wenks.ch>
Date: Tue, 05 Jul 2011 16:00:14 +0200
From: Fabian Wenk <fabian@wenks.ch>
User-Agent: Mozilla/5.0 (Macintosh; U; Intel Mac OS X 10.6; en-US;
	rv:1.9.2.18) Gecko/20110616 Thunderbird/3.1.11
MIME-Version: 1.0
To: freebsd-ipfw@freebsd.org
References: <1309862822.4608.YahooMailClassic@web160107.mail.bf1.yahoo.com>
In-Reply-To: <1309862822.4608.YahooMailClassic@web160107.mail.bf1.yahoo.com>
Content-Type: text/plain; charset=ISO-8859-1; format=flowed
Content-Transfer-Encoding: 7bit
Subject: Re: ipfw fwd on FreeBSD 8.1, does it work?
X-BeenThere: freebsd-ipfw@freebsd.org
X-Mailman-Version: 2.1.5
Precedence: list
List-Id: IPFW Technical Discussions <freebsd-ipfw.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-ipfw>,
	<mailto:freebsd-ipfw-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-ipfw>
List-Post: <mailto:freebsd-ipfw@freebsd.org>
List-Help: <mailto:freebsd-ipfw-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-ipfw>,
	<mailto:freebsd-ipfw-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Tue, 05 Jul 2011 14:00:17 -0000

Hello Unga

On 05.07.2011 12:47, Unga wrote:

> Following ipfw rule develop error indicated:
> ipfw add 100 fwd 127.0.0.1,1234 tcp from any to any 1234 out via wlan0
>
> Error:
> ipfw: getsockopt(IP_FW_ADD): Invalid argument

Does your kernel have 'options IPFIREWALL_FORWARD' (if this is 
needed for 8.1, I still run at 7.x)?

Else try the rule like this:
ipfw add 100 fwd 127.0.0.1 ip4 from me to any 1234 out via wlan0
or:
ipfw add 100 fwd 127.0.0.1 tcp from me to any 1234 out via wlan0

The fwd rule does only match the packets which match the rule 'ip4 
from me to any 1234 out via wlan0' (me = alias for local IP 
addresses), so they will be directed to 127.0.0.1 on the same 
destination port. Other packets not for destination port 1234 will 
just go out as usual.


bye
Fabian

From owner-freebsd-ipfw@FreeBSD.ORG  Tue Jul  5 17:20:04 2011
Return-Path: <owner-freebsd-ipfw@FreeBSD.ORG>
Delivered-To: freebsd-ipfw@freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34])
	by hub.freebsd.org (Postfix) with ESMTP id 7C285106564A
	for <freebsd-ipfw@freebsd.org>; Tue,  5 Jul 2011 17:20:04 +0000 (UTC)
	(envelope-from unga888@yahoo.com)
Received: from nm22-vm0.bullet.mail.bf1.yahoo.com
	(nm22-vm0.bullet.mail.bf1.yahoo.com [98.139.212.126])
	by mx1.freebsd.org (Postfix) with SMTP id 14ED78FC08
	for <freebsd-ipfw@freebsd.org>; Tue,  5 Jul 2011 17:20:03 +0000 (UTC)
Received: from [98.139.212.144] by nm22.bullet.mail.bf1.yahoo.com with NNFMP;
	05 Jul 2011 17:20:03 -0000
Received: from [98.139.212.200] by tm1.bullet.mail.bf1.yahoo.com with NNFMP;
	05 Jul 2011 17:20:03 -0000
Received: from [127.0.0.1] by omp1009.mail.bf1.yahoo.com with NNFMP;
	05 Jul 2011 17:20:03 -0000
X-Yahoo-Newman-Property: ymail-3
X-Yahoo-Newman-Id: 386162.84113.bm@omp1009.mail.bf1.yahoo.com
Received: (qmail 837 invoked by uid 60001); 5 Jul 2011 17:20:03 -0000
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=yahoo.com; s=s1024;
	t=1309886403; bh=uIaQySpGsjEHW2uNQVvu1HjArLb2ju+wbVd+ELR5bS8=;
	h=X-YMail-OSG:Received:X-Mailer:Message-ID:Date:From:Subject:To:In-Reply-To:MIME-Version:Content-Type;
	b=BxtZfTllwX3V/LnY4YMBOjsOqP3dzSgByhLP7AWzjygQvj88t9dyJVfM89QYO+G8AhzT1pyLjvNQo7dyicE5IcpJ3Vs0YnC726NiYt792qxgUmRXEb5s0p76QAgCZ/1X3dMCxwchXyZVqP2+X4IjaLln2KIXKjFAB9ngAc4IN9w=
DomainKey-Signature: a=rsa-sha1; q=dns; c=nofws; s=s1024; d=yahoo.com;
	h=X-YMail-OSG:Received:X-Mailer:Message-ID:Date:From:Subject:To:In-Reply-To:MIME-Version:Content-Type;
	b=XQANcXC+BL/47CGNx9NXYIVIc+uDifOYhRb3dJUDGg8e8ZI6zs6sa7MufHkPDv61S+Vyl6CzmA+JILRvX4Mrt6ZU8Lp4/F73ANpAc6McHvgbPcCBZVkDxWGMmjekGt4blh3LYO10spUhwqEV0clWRkf0l4QuOs20KDYVnHXAKQw=;
X-YMail-OSG: hicmhucVM1n5LA07GzydhQGjvp0o_FFCnuA1Y3l_dnEiGgu
	BlyyHyqwLjPW.ZsFyfNyJBvWsuoCw9YUx_BYe1EnMT6dBn2r_7Rfdib6rTU2
	jZbxmT3v0d_E6q7fBrb6ks2Kfd5G.7qxd.hy48fk8V3Frh6R9lf4O.dFsYlQ
	qbnh2VwRloReK9.betwDoDVS2Q3kZgwxBmHEHLw6XbAldfv8ihAYs.yZaKZW
	q1NjiONJtDvghYyQWafOAE2XIuhwHW96qXY84IvSjvOPL5pv.QIprYzcloze
	xdE8c93TqX81OpvVdFWI9Le3waiAtaDi3enOTHi8cCX3iixcSfjpm25fBE1s
	sUJ4t5tSCt_BNFyYe7Isf0znHHcBZJmR7PUrocGkJWsVgDFWvgqsh1fhNWKO
	QbkdvaJIaLW5ylENk_w--
Received: from [112.134.99.185] by web160111.mail.bf1.yahoo.com via HTTP;
	Tue, 05 Jul 2011 10:20:02 PDT
X-Mailer: YahooMailClassic/14.0.3 YahooMailWebService/0.8.112.307740
Message-ID: <1309886402.433.YahooMailClassic@web160111.mail.bf1.yahoo.com>
Date: Tue, 5 Jul 2011 10:20:02 -0700 (PDT)
From: Unga <unga888@yahoo.com>
To: freebsd-ipfw@freebsd.org, Fabian Wenk <fabian@wenks.ch>
In-Reply-To: <4E1318EE.7020602@wenks.ch>
MIME-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Cc: 
Subject: Re: ipfw fwd on FreeBSD 8.1, does it work?
X-BeenThere: freebsd-ipfw@freebsd.org
X-Mailman-Version: 2.1.5
Precedence: list
List-Id: IPFW Technical Discussions <freebsd-ipfw.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-ipfw>,
	<mailto:freebsd-ipfw-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-ipfw>
List-Post: <mailto:freebsd-ipfw@freebsd.org>
List-Help: <mailto:freebsd-ipfw-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-ipfw>,
	<mailto:freebsd-ipfw-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Tue, 05 Jul 2011 17:20:04 -0000



--- On Tue, 7/5/11, Fabian Wenk <fabian@wenks.ch> wrote:

> From: Fabian Wenk <fabian@wenks.ch>
> Subject: Re: ipfw fwd on FreeBSD 8.1, does it work?
> To: freebsd-ipfw@freebsd.org
> Date: Tuesday, July 5, 2011, 10:00 PM
> Hello Unga
> 
> On 05.07.2011 12:47, Unga wrote:
> 
> > Following ipfw rule develop error indicated:
> > ipfw add 100 fwd 127.0.0.1,1234 tcp from any to any
> 1234 out via wlan0
> > 
> > Error:
> > ipfw: getsockopt(IP_FW_ADD): Invalid argument
> 
> Does your kernel have 'options IPFIREWALL_FORWARD' (if this
> is needed for 8.1, I still run at 7.x)?
> 
> Else try the rule like this:
> ipfw add 100 fwd 127.0.0.1 ip4 from me to any 1234 out via
> wlan0
> or:
> ipfw add 100 fwd 127.0.0.1 tcp from me to any 1234 out via
> wlan0
> 
> The fwd rule does only match the packets which match the
> rule 'ip4 from me to any 1234 out via wlan0' (me = alias for
> local IP addresses), so they will be directed to 127.0.0.1
> on the same destination port. Other packets not for
> destination port 1234 will just go out as usual.
> 
> 
Hi Fabian

Thanks for the reply.

The 'options IPFIREWALL_FORWARD' is already built in the custom kernel.

Both rules you suggested develop the same error:
ipfw: getsockopt(IP_FW_ADD): Invalid argument

Unga




From owner-freebsd-ipfw@FreeBSD.ORG  Tue Jul  5 18:07:07 2011
Return-Path: <owner-freebsd-ipfw@FreeBSD.ORG>
Delivered-To: freebsd-ipfw@freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34])
	by hub.freebsd.org (Postfix) with ESMTP id 9A921106567F
	for <freebsd-ipfw@freebsd.org>; Tue,  5 Jul 2011 18:07:07 +0000 (UTC)
	(envelope-from bu7cher@yandex.ru)
Received: from forward15.mail.yandex.net (forward15.mail.yandex.net
	[95.108.130.119])
	by mx1.freebsd.org (Postfix) with ESMTP id 379D08FC15
	for <freebsd-ipfw@freebsd.org>; Tue,  5 Jul 2011 18:07:06 +0000 (UTC)
Received: from smtp13.mail.yandex.net (smtp13.mail.yandex.net [95.108.130.68])
	by forward15.mail.yandex.net (Yandex) with ESMTP id C41FD9E1C51;
	Tue,  5 Jul 2011 21:51:21 +0400 (MSD)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=yandex.ru; s=mail;
	t=1309888281; bh=VSDdhDlgNebdMUE3dWYuhfWBCOiLNYfulkod64IhYY8=;
	h=Message-ID:Date:From:MIME-Version:To:CC:Subject:References:
	In-Reply-To:Content-Type;
	b=Dd6UGyM2qSqoHwTVAUXRZ/jxScCWfJBEhOzly0t7Y7SdKLSQsK6YuHy+7D5Z81xsE
	OgbqXhGceXj0avxLzE/mp0Q4wiIPGoNGwaqJyNZlKMoI8JoBp9G4W/PVuFFQ5fQ8Nk
	Esse9oa26E8CXCk7CR1ha7ngXK3N7QUs5wGR2sWk=
Received: from [10.9.8.2] (dynamic-178-141-127-207.kirov.comstar-r.ru
	[178.141.127.207])
	by smtp13.mail.yandex.net (Yandex) with ESMTPSA id 5B246389806A;
	Tue,  5 Jul 2011 21:51:21 +0400 (MSD)
Message-ID: <4E134F07.8080302@yandex.ru>
Date: Tue, 05 Jul 2011 21:51:03 +0400
From: "Andrey V. Elsukov" <bu7cher@yandex.ru>
User-Agent: Mozilla/5.0 (X11; U; FreeBSD amd64; en-US;
	rv:1.9.2.17) Gecko/20110429 Thunderbird/3.1.10
MIME-Version: 1.0
To: Unga <unga888@yahoo.com>
References: <1309886402.433.YahooMailClassic@web160111.mail.bf1.yahoo.com>
In-Reply-To: <1309886402.433.YahooMailClassic@web160111.mail.bf1.yahoo.com>
X-Enigmail-Version: 1.1.2
Content-Type: multipart/signed; micalg=pgp-sha1;
	protocol="application/pgp-signature";
	boundary="------------enig89D85872ECD34DE7B2F636CA"
X-Yandex-Spam: 1
Cc: freebsd-ipfw@freebsd.org, Fabian Wenk <fabian@wenks.ch>
Subject: Re: ipfw fwd on FreeBSD 8.1, does it work?
X-BeenThere: freebsd-ipfw@freebsd.org
X-Mailman-Version: 2.1.5
Precedence: list
List-Id: IPFW Technical Discussions <freebsd-ipfw.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-ipfw>,
	<mailto:freebsd-ipfw-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-ipfw>
List-Post: <mailto:freebsd-ipfw@freebsd.org>
List-Help: <mailto:freebsd-ipfw-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-ipfw>,
	<mailto:freebsd-ipfw-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Tue, 05 Jul 2011 18:07:07 -0000

This is an OpenPGP/MIME signed message (RFC 2440 and 3156)
--------------enig89D85872ECD34DE7B2F636CA
Content-Type: text/plain; charset=KOI8-R
Content-Transfer-Encoding: quoted-printable

On 05.07.2011 21:20, Unga wrote:
> Thanks for the reply.
>=20
> The 'options IPFIREWALL_FORWARD' is already built in the custom kernel.=

>=20
> Both rules you suggested develop the same error:
> ipfw: getsockopt(IP_FW_ADD): Invalid argument

Hi,

You should add 'options IPFIREWALL' in the your kernel config too.

--=20
WBR, Andrey V. Elsukov


--------------enig89D85872ECD34DE7B2F636CA
Content-Type: application/pgp-signature; name="signature.asc"
Content-Description: OpenPGP digital signature
Content-Disposition: attachment; filename="signature.asc"

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2.0.17 (FreeBSD)

iQEcBAEBAgAGBQJOE08HAAoJEAHF6gQQyKF6dRMH/RrSlOA50JP/bH2BsgRUKO9v
WktlazJri0YsIUK1wNs2NvylLzPVN0J7lMzIe09HPozV7/1IAAzw7ahWkT3xPd9b
8rUd5tSRNv5/H5Ambfgwjo+F95PiA7EIFJZeq7eMIw0BAJmDeAH1BTdlvtAURF7o
HhaKAtcYzocvWc6DMQstZrF0fiEzV4q5ianWz9oS8yti69AffW5AjRQ4t7QRyetS
fxaGAKTd2NqwugxDcEmX1WUMjCsm5U2E7qtswJBBhHt1DdqwE9WdjTA7NskIkFLO
1mI9R2uUNSAJK2bceuUHS9gFcwjpVExCMlF4QHIwi5XUSHJACJDU1y7uKa/wDfo=
=ET6P
-----END PGP SIGNATURE-----

--------------enig89D85872ECD34DE7B2F636CA--

From owner-freebsd-ipfw@FreeBSD.ORG  Tue Jul  5 18:22:38 2011
Return-Path: <owner-freebsd-ipfw@FreeBSD.ORG>
Delivered-To: freebsd-ipfw@freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34])
	by hub.freebsd.org (Postfix) with ESMTP id 1FFF61065672
	for <freebsd-ipfw@freebsd.org>; Tue,  5 Jul 2011 18:22:38 +0000 (UTC)
	(envelope-from unga888@yahoo.com)
Received: from nm7-vm0.bullet.mail.bf1.yahoo.com
	(nm7-vm0.bullet.mail.bf1.yahoo.com [98.139.213.151])
	by mx1.freebsd.org (Postfix) with SMTP id AF6898FC08
	for <freebsd-ipfw@freebsd.org>; Tue,  5 Jul 2011 18:22:37 +0000 (UTC)
Received: from [98.139.212.144] by nm7.bullet.mail.bf1.yahoo.com with NNFMP;
	05 Jul 2011 18:22:37 -0000
Received: from [98.139.212.197] by tm1.bullet.mail.bf1.yahoo.com with NNFMP;
	05 Jul 2011 18:22:37 -0000
Received: from [127.0.0.1] by omp1006.mail.bf1.yahoo.com with NNFMP;
	05 Jul 2011 18:22:37 -0000
X-Yahoo-Newman-Property: ymail-3
X-Yahoo-Newman-Id: 10019.876.bm@omp1006.mail.bf1.yahoo.com
Received: (qmail 60668 invoked by uid 60001); 5 Jul 2011 18:22:36 -0000
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=yahoo.com; s=s1024;
	t=1309890156; bh=oxbU8swjycG7RkbWeEbtDXs+UgN5W0ipXxkk9ANjpTw=;
	h=X-YMail-OSG:Received:X-Mailer:Message-ID:Date:From:Subject:To:Cc:In-Reply-To:MIME-Version:Content-Type;
	b=SmsfnMT8CwQPxrgsK2+soyby9kcr9ankpdPobi0pzcVQULm0IS4GeGxQvZjfa5ziEnbe3IorL+MTisGcc1y+SODABQq77UA1ilB07cGRd2qEdqxj+Owye6b5T+UDNZiD5r3ys5G4yHqox3q1H1VL7QGlJCWcJgSeKoiyGp8Ds0Q=
DomainKey-Signature: a=rsa-sha1; q=dns; c=nofws; s=s1024; d=yahoo.com;
	h=X-YMail-OSG:Received:X-Mailer:Message-ID:Date:From:Subject:To:Cc:In-Reply-To:MIME-Version:Content-Type;
	b=zWosZ32wLg7mMRacrZQbsjEDXA0oCJY5LKLbMBX14TIMissVCAJNBI2UgABW0n8JTEo5C3QzZefE6NLuF6k2NZVSnsGYbCsXVg5PF7xbNM18YQJHMoTA6HlwVmO5q0VKbNe1bBhjw7BeUAkouOSODsw5XDlQ8aGXWJvt1Bf7xPQ=;
X-YMail-OSG: cS83wGEVM1nEG2g61vpKZDqqbeyfxgu4SpJAAwXajU.SYGB
	BcFsYoSQe.hcO7TKjzBeaSWS42Ho2E_7.TVmdpedOKyB.dUmCyMUtvtnF9Dq
	lK9lhq9HH7ZQ52Gz4Rcho0z9YLFnlqxUe95UISjhQKeanBmDxQtLT.iZM5qE
	Hz4B0ACG1BDwlrn8Yg0aahJjdBMOgripyQwYFu4YRSYyIMuMMYP8XFgvk1Kh
	99imVfis6fS.TpEQ_5OhL0foDLVj_fk3AZfyP6PINX4IAdQaxBCVOa4TKeZn
	aIn3tW9B88B57L5xSH0LlM.jopl7H9wQnpqx0XgOB65g.lIGNO8h4pAmaGNx
	cnH1nV76PJyzNk03UyqWp8N6cZC5gQxFHOGHCMjLfpmzLQWIFsM3ItGEysqt
	20xOS2OXoxo_X5v3mwA--
Received: from [112.134.99.185] by web160113.mail.bf1.yahoo.com via HTTP;
	Tue, 05 Jul 2011 11:22:36 PDT
X-Mailer: YahooMailClassic/14.0.3 YahooMailWebService/0.8.112.307740
Message-ID: <1309890156.56237.YahooMailClassic@web160113.mail.bf1.yahoo.com>
Date: Tue, 5 Jul 2011 11:22:36 -0700 (PDT)
From: Unga <unga888@yahoo.com>
To: "Andrey V. Elsukov" <bu7cher@yandex.ru>
In-Reply-To: <4E134F07.8080302@yandex.ru>
MIME-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Cc: freebsd-ipfw@freebsd.org, Fabian Wenk <fabian@wenks.ch>
Subject: Re: ipfw fwd on FreeBSD 8.1, does it work?
X-BeenThere: freebsd-ipfw@freebsd.org
X-Mailman-Version: 2.1.5
Precedence: list
List-Id: IPFW Technical Discussions <freebsd-ipfw.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-ipfw>,
	<mailto:freebsd-ipfw-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-ipfw>
List-Post: <mailto:freebsd-ipfw@freebsd.org>
List-Help: <mailto:freebsd-ipfw-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-ipfw>,
	<mailto:freebsd-ipfw-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Tue, 05 Jul 2011 18:22:38 -0000



--- On Wed, 7/6/11, Andrey V. Elsukov <bu7cher@yandex.ru> wrote:

> From: Andrey V. Elsukov <bu7cher@yandex.ru>
> Subject: Re: ipfw fwd on FreeBSD 8.1, does it work?
> To: "Unga" <unga888@yahoo.com>
> Cc: freebsd-ipfw@freebsd.org, "Fabian Wenk" <fabian@wenks.ch>
> Date: Wednesday, July 6, 2011, 1:51 AM
> On 05.07.2011 21:20, Unga wrote:
> > Thanks for the reply.
> > 
> > The 'options IPFIREWALL_FORWARD' is already built in
> the custom kernel.
> > 
> > Both rules you suggested develop the same error:
> > ipfw: getsockopt(IP_FW_ADD): Invalid argument
> 
> Hi,
> 
> You should add 'options IPFIREWALL' in the your kernel
> config too.
> 
> -- 
> WBR, Andrey V. Elsukov
> 

Hi Andrey

Thank you for the reply.

ipfw(8) man page for 'fwd' shows to add only the IPFIREWALL_FORWARD.

I'll add the 'options IPFIREWALL' also and rebuild all and give it a try again and let the list know the outcome.

Thanks everyone again.

Unga



From owner-freebsd-ipfw@FreeBSD.ORG  Tue Jul  5 18:46:07 2011
Return-Path: <owner-freebsd-ipfw@FreeBSD.ORG>
Delivered-To: freebsd-ipfw@freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34])
	by hub.freebsd.org (Postfix) with ESMTP id 9A913106566B
	for <freebsd-ipfw@freebsd.org>; Tue,  5 Jul 2011 18:46:07 +0000 (UTC)
	(envelope-from fabian@wenks.ch)
Received: from batman.home4u.ch (batman.home4u.ch [IPv6:2001:8a8:1005:1::2])
	by mx1.freebsd.org (Postfix) with ESMTP id 36B378FC08
	for <freebsd-ipfw@freebsd.org>; Tue,  5 Jul 2011 18:46:06 +0000 (UTC)
X-Virus-Scanned: amavisd-new at home4u.ch
Received: from flashback.wenks.ch (fabian@flashback.wenks.ch [62.12.173.4])
	(authenticated bits=0)
	by batman.home4u.ch (8.14.4/8.14.4) with ESMTP id p65Ik4FE047588
	(version=TLSv1/SSLv3 cipher=DHE-RSA-CAMELLIA256-SHA bits=256 verify=NO)
	for <freebsd-ipfw@freebsd.org>; Tue, 5 Jul 2011 20:46:05 +0200 (CEST)
	(envelope-from fabian@wenks.ch)
Message-ID: <4E135BEC.80708@wenks.ch>
Date: Tue, 05 Jul 2011 20:46:04 +0200
From: Fabian Wenk <fabian@wenks.ch>
User-Agent: Mozilla/5.0 (Macintosh; U; Intel Mac OS X 10.6; en-US;
	rv:1.9.2.18) Gecko/20110616 Thunderbird/3.1.11
MIME-Version: 1.0
To: freebsd-ipfw@freebsd.org
References: <1309890156.56237.YahooMailClassic@web160113.mail.bf1.yahoo.com>
In-Reply-To: <1309890156.56237.YahooMailClassic@web160113.mail.bf1.yahoo.com>
Content-Type: text/plain; charset=ISO-8859-1; format=flowed
Content-Transfer-Encoding: 7bit
Subject: Re: ipfw fwd on FreeBSD 8.1, does it work?
X-BeenThere: freebsd-ipfw@freebsd.org
X-Mailman-Version: 2.1.5
Precedence: list
Reply-To: freebsd-ipfw@freebsd.org
List-Id: IPFW Technical Discussions <freebsd-ipfw.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-ipfw>,
	<mailto:freebsd-ipfw-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-ipfw>
List-Post: <mailto:freebsd-ipfw@freebsd.org>
List-Help: <mailto:freebsd-ipfw-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-ipfw>,
	<mailto:freebsd-ipfw-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Tue, 05 Jul 2011 18:46:07 -0000

Hello Unga

On 05.07.2011 20:22, Unga wrote:

> --- On Wed, 7/6/11, Andrey V. Elsukov<bu7cher@yandex.ru>  wrote:

>>  You should add 'options IPFIREWALL' in the your kernel
>>  config too.

> ipfw(8) man page for 'fwd' shows to add only the IPFIREWALL_FORWARD.

I guess the manpage implies that 'options IPFIREWALL' is already 
there, or the module is loaded, can be done with:
   kldload ipfw

So you do not need to rebuild the kernel.


bye
Fabian

From owner-freebsd-ipfw@FreeBSD.ORG  Tue Jul  5 19:04:26 2011
Return-Path: <owner-freebsd-ipfw@FreeBSD.ORG>
Delivered-To: freebsd-ipfw@freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34])
	by hub.freebsd.org (Postfix) with ESMTP id 8730E106566C
	for <freebsd-ipfw@freebsd.org>; Tue,  5 Jul 2011 19:04:26 +0000 (UTC)
	(envelope-from bu7cher@yandex.ru)
Received: from forward8.mail.yandex.net (forward8.mail.yandex.net
	[77.88.61.38]) by mx1.freebsd.org (Postfix) with ESMTP id 2E4C98FC14
	for <freebsd-ipfw@freebsd.org>; Tue,  5 Jul 2011 19:04:25 +0000 (UTC)
Received: from smtp7.mail.yandex.net (smtp7.mail.yandex.net [77.88.61.55])
	by forward8.mail.yandex.net (Yandex) with ESMTP id 2B8D9F62003;
	Tue,  5 Jul 2011 23:04:24 +0400 (MSD)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=yandex.ru; s=mail;
	t=1309892664; bh=qk/iz1hdIqiHY6kJ94ibTZ/gq5bSROd7vbM+vHXKoUI=;
	h=Message-ID:Date:From:MIME-Version:To:CC:Subject:References:
	In-Reply-To:Content-Type;
	b=t3p3Lmahi1QAWafJPddrUGWL2SuBLt6iACXCfBGB5BfVJraucXhBHyCjzWPGNofWv
	ovB/FylrITjphdx4DjiyedMx6UAju+KB+C3r8Ma0r+CpsGj+ti1Feo02vehodKbjAp
	W8SzBOpc4/PpZ1NDhmJiY/rhiBzSO5IFGISEDThw=
Received: from [10.9.8.2] (dynamic-178-141-127-207.kirov.comstar-r.ru
	[178.141.127.207])
	by smtp7.mail.yandex.net (Yandex) with ESMTPSA id C14BB48C8057;
	Tue,  5 Jul 2011 23:04:23 +0400 (MSD)
Message-ID: <4E136020.5000206@yandex.ru>
Date: Tue, 05 Jul 2011 23:04:00 +0400
From: "Andrey V. Elsukov" <bu7cher@yandex.ru>
User-Agent: Mozilla/5.0 (X11; U; FreeBSD amd64; en-US;
	rv:1.9.2.17) Gecko/20110429 Thunderbird/3.1.10
MIME-Version: 1.0
To: freebsd-ipfw@freebsd.org
References: <1309890156.56237.YahooMailClassic@web160113.mail.bf1.yahoo.com>
	<4E135BEC.80708@wenks.ch>
In-Reply-To: <4E135BEC.80708@wenks.ch>
X-Enigmail-Version: 1.1.2
Content-Type: multipart/signed; micalg=pgp-sha1;
	protocol="application/pgp-signature";
	boundary="------------enigD413F34BC2CD44EF9F3385F7"
X-Yandex-Spam: 1
Cc: Fabian Wenk <fabian@wenks.ch>
Subject: Re: ipfw fwd on FreeBSD 8.1, does it work?
X-BeenThere: freebsd-ipfw@freebsd.org
X-Mailman-Version: 2.1.5
Precedence: list
List-Id: IPFW Technical Discussions <freebsd-ipfw.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-ipfw>,
	<mailto:freebsd-ipfw-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-ipfw>
List-Post: <mailto:freebsd-ipfw@freebsd.org>
List-Help: <mailto:freebsd-ipfw-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-ipfw>,
	<mailto:freebsd-ipfw-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Tue, 05 Jul 2011 19:04:26 -0000

This is an OpenPGP/MIME signed message (RFC 2440 and 3156)
--------------enigD413F34BC2CD44EF9F3385F7
Content-Type: text/plain; charset=KOI8-R
Content-Transfer-Encoding: quoted-printable

On 05.07.2011 22:46, Fabian Wenk wrote:
>> ipfw(8) man page for 'fwd' shows to add only the IPFIREWALL_FORWARD.
>=20
> I guess the manpage implies that 'options IPFIREWALL' is already there,=

> or the module is loaded, can be done with:
>   kldload ipfw
>=20
> So you do not need to rebuild the kernel.

fwd does not work when ipfw loaded as module.

--=20
WBR, Andrey V. Elsukov


--------------enigD413F34BC2CD44EF9F3385F7
Content-Type: application/pgp-signature; name="signature.asc"
Content-Description: OpenPGP digital signature
Content-Disposition: attachment; filename="signature.asc"

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2.0.17 (FreeBSD)

iQEcBAEBAgAGBQJOE2AmAAoJEAHF6gQQyKF6y3wIAIhiOm8dx4LF/WzLigz29aL3
47hM9eJCtgryiMzQIKJLqu69uoCK1WNDIQ9S0Txsv6LG6ofpQjwcfgrbhIsraDxy
lIE6Ivhf6R1CxF2K7J6k+b1J0Nekcjg6Gg+v+W+wDae+nK/c03GagHSAK3hnEMFJ
lTv5S6SiAiIiiF5uf3nNNU+41Td9PkCQgBC1ajM1tL9hrzU4fLrDU+rjZEEcYi4+
VvPQYfKridEsFqvymJBzFT44QRU615L8pL/U9ZOormeHfy0LBvquVbwCJibRl4La
TEbSLNwO/IAZbppKEtFnMqgvwxnA12mTVIzDxo5ugJipO2F6UTRE/t27T3a1ons=
=RW+O
-----END PGP SIGNATURE-----

--------------enigD413F34BC2CD44EF9F3385F7--

From owner-freebsd-ipfw@FreeBSD.ORG  Tue Jul  5 19:26:07 2011
Return-Path: <owner-freebsd-ipfw@FreeBSD.ORG>
Delivered-To: freebsd-ipfw@freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34])
	by hub.freebsd.org (Postfix) with ESMTP id F3A03106564A
	for <freebsd-ipfw@freebsd.org>; Tue,  5 Jul 2011 19:26:06 +0000 (UTC)
	(envelope-from fabian@wenks.ch)
Received: from batman.home4u.ch (batman.home4u.ch [IPv6:2001:8a8:1005:1::2])
	by mx1.freebsd.org (Postfix) with ESMTP id 90A538FC0A
	for <freebsd-ipfw@freebsd.org>; Tue,  5 Jul 2011 19:26:06 +0000 (UTC)
X-Virus-Scanned: amavisd-new at home4u.ch
Received: from flashback.wenks.ch (fabian@flashback.wenks.ch [62.12.173.4])
	(authenticated bits=0)
	by batman.home4u.ch (8.14.4/8.14.4) with ESMTP id p65JQ4fb050711
	(version=TLSv1/SSLv3 cipher=DHE-RSA-CAMELLIA256-SHA bits=256 verify=NO)
	for <freebsd-ipfw@freebsd.org>; Tue, 5 Jul 2011 21:26:04 +0200 (CEST)
	(envelope-from fabian@wenks.ch)
Message-ID: <4E13654B.4060006@wenks.ch>
Date: Tue, 05 Jul 2011 21:26:03 +0200
From: Fabian Wenk <fabian@wenks.ch>
User-Agent: Mozilla/5.0 (Macintosh; U; Intel Mac OS X 10.6; en-US;
	rv:1.9.2.18) Gecko/20110616 Thunderbird/3.1.11
MIME-Version: 1.0
To: freebsd-ipfw@freebsd.org
References: <1309890156.56237.YahooMailClassic@web160113.mail.bf1.yahoo.com>	<4E135BEC.80708@wenks.ch>
	<4E136020.5000206@yandex.ru>
In-Reply-To: <4E136020.5000206@yandex.ru>
Content-Type: text/plain; charset=KOI8-R; format=flowed
Content-Transfer-Encoding: 7bit
Subject: Re: ipfw fwd on FreeBSD 8.1, does it work?
X-BeenThere: freebsd-ipfw@freebsd.org
X-Mailman-Version: 2.1.5
Precedence: list
List-Id: IPFW Technical Discussions <freebsd-ipfw.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-ipfw>,
	<mailto:freebsd-ipfw-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-ipfw>
List-Post: <mailto:freebsd-ipfw@freebsd.org>
List-Help: <mailto:freebsd-ipfw-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-ipfw>,
	<mailto:freebsd-ipfw-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Tue, 05 Jul 2011 19:26:07 -0000

Hello Andrey

On 05.07.2011 21:04, Andrey V. Elsukov wrote:

> fwd does not work when ipfw loaded as module.

Ups, did not know this exactly, thanks for clarify. But it really 
makes sense that both options are in the kernel.
After sending out my mail, it somehow crossed my mind that this 
eventually would not work. As I usually have almost all things 
needed in my custom built kernel anyway (including 
IPFIREWALL_FORWARD), I never had that problem.

Sorry Unga, you need to build a new kernel with both options.


bye
Fabian

From owner-freebsd-ipfw@FreeBSD.ORG  Wed Jul  6 05:49:36 2011
Return-Path: <owner-freebsd-ipfw@FreeBSD.ORG>
Delivered-To: freebsd-ipfw@hub.freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34])
	by hub.freebsd.org (Postfix) with ESMTP id 374721065670;
	Wed,  6 Jul 2011 05:49:36 +0000 (UTC) (envelope-from ae@FreeBSD.org)
Received: from freefall.freebsd.org (freefall.freebsd.org
	[IPv6:2001:4f8:fff6::28])
	by mx1.freebsd.org (Postfix) with ESMTP id 0F3D48FC12;
	Wed,  6 Jul 2011 05:49:36 +0000 (UTC)
Received: from freefall.freebsd.org (localhost [127.0.0.1])
	by freefall.freebsd.org (8.14.4/8.14.4) with ESMTP id p665nZFT037636;
	Wed, 6 Jul 2011 05:49:35 GMT (envelope-from ae@freefall.freebsd.org)
Received: (from ae@localhost)
	by freefall.freebsd.org (8.14.4/8.14.4/Submit) id p665nZlc037631;
	Wed, 6 Jul 2011 05:49:35 GMT (envelope-from ae)
Date: Wed, 6 Jul 2011 05:49:35 GMT
Message-Id: <201107060549.p665nZlc037631@freefall.freebsd.org>
To: crest@tzi.de, ae@FreeBSD.org, freebsd-ipfw@FreeBSD.org
From: ae@FreeBSD.org
Cc: 
Subject: Re: kern/157239: [ipfw] [dummynet] ipfw + dummynet corrupts ipv6
	packets
X-BeenThere: freebsd-ipfw@freebsd.org
X-Mailman-Version: 2.1.5
Precedence: list
List-Id: IPFW Technical Discussions <freebsd-ipfw.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-ipfw>,
	<mailto:freebsd-ipfw-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-ipfw>
List-Post: <mailto:freebsd-ipfw@freebsd.org>
List-Help: <mailto:freebsd-ipfw-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-ipfw>,
	<mailto:freebsd-ipfw-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Wed, 06 Jul 2011 05:49:36 -0000

Synopsis: [ipfw] [dummynet] ipfw + dummynet corrupts ipv6 packets

State-Changed-From-To: patched->closed
State-Changed-By: ae
State-Changed-When: Wed Jul 6 05:49:09 UTC 2011
State-Changed-Why: 
Merged to stable/8. Thanks!

http://www.freebsd.org/cgi/query-pr.cgi?pr=157239

From owner-freebsd-ipfw@FreeBSD.ORG  Wed Jul  6 05:50:09 2011
Return-Path: <owner-freebsd-ipfw@FreeBSD.ORG>
Delivered-To: freebsd-ipfw@hub.freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34])
	by hub.freebsd.org (Postfix) with ESMTP id E707B1065677
	for <freebsd-ipfw@hub.freebsd.org>;
	Wed,  6 Jul 2011 05:50:09 +0000 (UTC)
	(envelope-from gnats@FreeBSD.org)
Received: from freefall.freebsd.org (freefall.freebsd.org
	[IPv6:2001:4f8:fff6::28])
	by mx1.freebsd.org (Postfix) with ESMTP id BDAC38FC13
	for <freebsd-ipfw@hub.freebsd.org>;
	Wed,  6 Jul 2011 05:50:09 +0000 (UTC)
Received: from freefall.freebsd.org (localhost [127.0.0.1])
	by freefall.freebsd.org (8.14.4/8.14.4) with ESMTP id p665o9cr037754
	for <freebsd-ipfw@freefall.freebsd.org>; Wed, 6 Jul 2011 05:50:09 GMT
	(envelope-from gnats@freefall.freebsd.org)
Received: (from gnats@localhost)
	by freefall.freebsd.org (8.14.4/8.14.4/Submit) id p665o9ZA037753;
	Wed, 6 Jul 2011 05:50:09 GMT (envelope-from gnats)
Date: Wed, 6 Jul 2011 05:50:09 GMT
Message-Id: <201107060550.p665o9ZA037753@freefall.freebsd.org>
To: freebsd-ipfw@FreeBSD.org
From: dfilter@FreeBSD.ORG (dfilter service)
Cc: 
Subject: Re: kern/157239: commit references a PR
X-BeenThere: freebsd-ipfw@freebsd.org
X-Mailman-Version: 2.1.5
Precedence: list
Reply-To: dfilter service <dfilter@FreeBSD.ORG>
List-Id: IPFW Technical Discussions <freebsd-ipfw.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-ipfw>,
	<mailto:freebsd-ipfw-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-ipfw>
List-Post: <mailto:freebsd-ipfw@freebsd.org>
List-Help: <mailto:freebsd-ipfw-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-ipfw>,
	<mailto:freebsd-ipfw-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Wed, 06 Jul 2011 05:50:10 -0000

The following reply was made to PR kern/157239; it has been noted by GNATS.

From: dfilter@FreeBSD.ORG (dfilter service)
To: bug-followup@FreeBSD.org
Cc:  
Subject: Re: kern/157239: commit references a PR
Date: Wed,  6 Jul 2011 05:43:13 +0000 (UTC)

 Author: ae
 Date: Wed Jul  6 05:42:52 2011
 New Revision: 223817
 URL: http://svn.freebsd.org/changeset/base/223817
 
 Log:
   MFC r223358:
     Do not use SET_HOST_IPLEN() macro for IPv6 packets.
   
     PR:		kern/157239
 
 Modified:
   stable/8/sys/netinet/ipfw/ip_dn_io.c
   stable/8/sys/netinet/ipfw/ip_fw_pfil.c
 Directory Properties:
   stable/8/sys/   (props changed)
   stable/8/sys/amd64/include/xen/   (props changed)
   stable/8/sys/cddl/contrib/opensolaris/   (props changed)
   stable/8/sys/contrib/dev/acpica/   (props changed)
   stable/8/sys/contrib/pf/   (props changed)
 
 Modified: stable/8/sys/netinet/ipfw/ip_dn_io.c
 ==============================================================================
 --- stable/8/sys/netinet/ipfw/ip_dn_io.c	Wed Jul  6 05:40:22 2011	(r223816)
 +++ stable/8/sys/netinet/ipfw/ip_dn_io.c	Wed Jul  6 05:42:52 2011	(r223817)
 @@ -664,7 +664,6 @@ dummynet_send(struct mbuf *m)
  			break;
  
  		case DIR_OUT | PROTO_IPV6:
 -			SET_HOST_IPLEN(mtod(m, struct ip *));
  			ip6_output(m, NULL, NULL, IPV6_FORWARDING, NULL, NULL, NULL);
  			break;
  #endif
 
 Modified: stable/8/sys/netinet/ipfw/ip_fw_pfil.c
 ==============================================================================
 --- stable/8/sys/netinet/ipfw/ip_fw_pfil.c	Wed Jul  6 05:40:22 2011	(r223816)
 +++ stable/8/sys/netinet/ipfw/ip_fw_pfil.c	Wed Jul  6 05:42:52 2011	(r223817)
 @@ -127,8 +127,9 @@ again:
  		args.rule = *((struct ipfw_rule_ref *)(tag+1));
  		m_tag_delete(*m0, tag);
  		if (args.rule.info & IPFW_ONEPASS) {
 -			SET_HOST_IPLEN(mtod(*m0, struct ip *));
 -			return 0;
 +			if (mtod(*m0, struct ip *)->ip_v == 4)
 +				SET_HOST_IPLEN(mtod(*m0, struct ip *));
 +			return (0);
  		}
  	}
  
 _______________________________________________
 svn-src-all@freebsd.org mailing list
 http://lists.freebsd.org/mailman/listinfo/svn-src-all
 To unsubscribe, send any mail to "svn-src-all-unsubscribe@freebsd.org"
 

From owner-freebsd-ipfw@FreeBSD.ORG  Wed Jul  6 06:58:48 2011
Return-Path: <owner-freebsd-ipfw@FreeBSD.ORG>
Delivered-To: freebsd-ipfw@hub.freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34])
	by hub.freebsd.org (Postfix) with ESMTP id 366C51065670;
	Wed,  6 Jul 2011 06:58:48 +0000 (UTC) (envelope-from ae@FreeBSD.org)
Received: from freefall.freebsd.org (freefall.freebsd.org
	[IPv6:2001:4f8:fff6::28])
	by mx1.freebsd.org (Postfix) with ESMTP id 0DF1A8FC08;
	Wed,  6 Jul 2011 06:58:48 +0000 (UTC)
Received: from freefall.freebsd.org (localhost [127.0.0.1])
	by freefall.freebsd.org (8.14.4/8.14.4) with ESMTP id p666wlYI003738;
	Wed, 6 Jul 2011 06:58:47 GMT (envelope-from ae@freefall.freebsd.org)
Received: (from ae@localhost)
	by freefall.freebsd.org (8.14.4/8.14.4/Submit) id p666wlmT003734;
	Wed, 6 Jul 2011 06:58:47 GMT (envelope-from ae)
Date: Wed, 6 Jul 2011 06:58:47 GMT
Message-Id: <201107060658.p666wlmT003734@freefall.freebsd.org>
To: nicolas-2009@rachinsky.de, ae@FreeBSD.org, freebsd-ipfw@FreeBSD.org
From: ae@FreeBSD.org
Cc: 
Subject: Re: kern/136695: [ipfw] [patch] fwd reached after skipto in dynamic
	rules does not work in every case
X-BeenThere: freebsd-ipfw@freebsd.org
X-Mailman-Version: 2.1.5
Precedence: list
List-Id: IPFW Technical Discussions <freebsd-ipfw.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-ipfw>,
	<mailto:freebsd-ipfw-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-ipfw>
List-Post: <mailto:freebsd-ipfw@freebsd.org>
List-Help: <mailto:freebsd-ipfw-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-ipfw>,
	<mailto:freebsd-ipfw-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Wed, 06 Jul 2011 06:58:48 -0000

Synopsis: [ipfw] [patch] fwd reached after skipto in dynamic rules does not work in every case

State-Changed-From-To: patched->closed
State-Changed-By: ae
State-Changed-When: Wed Jul 6 06:58:11 UTC 2011
State-Changed-Why: 
Merged to stable/7 and stable/8. Thanks!

http://www.freebsd.org/cgi/query-pr.cgi?pr=136695

From owner-freebsd-ipfw@FreeBSD.ORG  Wed Jul  6 06:59:08 2011
Return-Path: <owner-freebsd-ipfw@FreeBSD.ORG>
Delivered-To: freebsd-ipfw@hub.freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34])
	by hub.freebsd.org (Postfix) with ESMTP id 94B821065674;
	Wed,  6 Jul 2011 06:59:08 +0000 (UTC) (envelope-from ae@FreeBSD.org)
Received: from freefall.freebsd.org (freefall.freebsd.org
	[IPv6:2001:4f8:fff6::28])
	by mx1.freebsd.org (Postfix) with ESMTP id 6B6EE8FC1D;
	Wed,  6 Jul 2011 06:59:08 +0000 (UTC)
Received: from freefall.freebsd.org (localhost [127.0.0.1])
	by freefall.freebsd.org (8.14.4/8.14.4) with ESMTP id p666x8jq003790;
	Wed, 6 Jul 2011 06:59:08 GMT (envelope-from ae@freefall.freebsd.org)
Received: (from ae@localhost)
	by freefall.freebsd.org (8.14.4/8.14.4/Submit) id p666x7E4003786;
	Wed, 6 Jul 2011 06:59:07 GMT (envelope-from ae)
Date: Wed, 6 Jul 2011 06:59:07 GMT
Message-Id: <201107060659.p666x7E4003786@freefall.freebsd.org>
To: dima_bsd@inbox.lv, ae@FreeBSD.org, freebsd-ipfw@FreeBSD.org
From: ae@FreeBSD.org
Cc: 
Subject: Re: kern/147720: [ipfw] ipfw dynamic rules and fwd
X-BeenThere: freebsd-ipfw@freebsd.org
X-Mailman-Version: 2.1.5
Precedence: list
List-Id: IPFW Technical Discussions <freebsd-ipfw.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-ipfw>,
	<mailto:freebsd-ipfw-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-ipfw>
List-Post: <mailto:freebsd-ipfw@freebsd.org>
List-Help: <mailto:freebsd-ipfw-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-ipfw>,
	<mailto:freebsd-ipfw-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Wed, 06 Jul 2011 06:59:08 -0000

Synopsis: [ipfw] ipfw dynamic rules and fwd

State-Changed-From-To: patched->closed
State-Changed-By: ae
State-Changed-When: Wed Jul 6 06:58:55 UTC 2011
State-Changed-Why: 
Merged to stable/7 and stable/8. Thanks!

http://www.freebsd.org/cgi/query-pr.cgi?pr=147720

From owner-freebsd-ipfw@FreeBSD.ORG  Wed Jul  6 06:59:37 2011
Return-Path: <owner-freebsd-ipfw@FreeBSD.ORG>
Delivered-To: freebsd-ipfw@hub.freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34])
	by hub.freebsd.org (Postfix) with ESMTP id 290CF1065670;
	Wed,  6 Jul 2011 06:59:37 +0000 (UTC) (envelope-from ae@FreeBSD.org)
Received: from freefall.freebsd.org (freefall.freebsd.org
	[IPv6:2001:4f8:fff6::28])
	by mx1.freebsd.org (Postfix) with ESMTP id 0106E8FC0A;
	Wed,  6 Jul 2011 06:59:37 +0000 (UTC)
Received: from freefall.freebsd.org (localhost [127.0.0.1])
	by freefall.freebsd.org (8.14.4/8.14.4) with ESMTP id p666xaxb003842;
	Wed, 6 Jul 2011 06:59:36 GMT (envelope-from ae@freefall.freebsd.org)
Received: (from ae@localhost)
	by freefall.freebsd.org (8.14.4/8.14.4/Submit) id p666xat1003838;
	Wed, 6 Jul 2011 06:59:36 GMT (envelope-from ae)
Date: Wed, 6 Jul 2011 06:59:36 GMT
Message-Id: <201107060659.p666xat1003838@freefall.freebsd.org>
To: av@holymail.biz, ae@FreeBSD.org, freebsd-ipfw@FreeBSD.org
From: ae@FreeBSD.org
Cc: 
Subject: Re: kern/150798: [ipfw] ipfw2 fwd rule matches packets but does not
	do the job in fact.
X-BeenThere: freebsd-ipfw@freebsd.org
X-Mailman-Version: 2.1.5
Precedence: list
List-Id: IPFW Technical Discussions <freebsd-ipfw.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-ipfw>,
	<mailto:freebsd-ipfw-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-ipfw>
List-Post: <mailto:freebsd-ipfw@freebsd.org>
List-Help: <mailto:freebsd-ipfw-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-ipfw>,
	<mailto:freebsd-ipfw-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Wed, 06 Jul 2011 06:59:37 -0000

Synopsis: [ipfw] ipfw2 fwd rule matches packets but does not do the job in fact.

State-Changed-From-To: patched->closed
State-Changed-By: ae
State-Changed-When: Wed Jul 6 06:59:20 UTC 2011
State-Changed-Why: 
Merged to stable/7 and stable/8. Thanks!

http://www.freebsd.org/cgi/query-pr.cgi?pr=150798

From owner-freebsd-ipfw@FreeBSD.ORG  Wed Jul  6 07:00:23 2011
Return-Path: <owner-freebsd-ipfw@FreeBSD.ORG>
Delivered-To: freebsd-ipfw@hub.freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34])
	by hub.freebsd.org (Postfix) with ESMTP id 649F31065689
	for <freebsd-ipfw@hub.freebsd.org>;
	Wed,  6 Jul 2011 07:00:23 +0000 (UTC)
	(envelope-from gnats@FreeBSD.org)
Received: from freefall.freebsd.org (freefall.freebsd.org
	[IPv6:2001:4f8:fff6::28])
	by mx1.freebsd.org (Postfix) with ESMTP id 3AA418FC08
	for <freebsd-ipfw@hub.freebsd.org>;
	Wed,  6 Jul 2011 07:00:23 +0000 (UTC)
Received: from freefall.freebsd.org (localhost [127.0.0.1])
	by freefall.freebsd.org (8.14.4/8.14.4) with ESMTP id p6670NZO003975
	for <freebsd-ipfw@freefall.freebsd.org>; Wed, 6 Jul 2011 07:00:23 GMT
	(envelope-from gnats@freefall.freebsd.org)
Received: (from gnats@localhost)
	by freefall.freebsd.org (8.14.4/8.14.4/Submit) id p6670NaH003972;
	Wed, 6 Jul 2011 07:00:23 GMT (envelope-from gnats)
Date: Wed, 6 Jul 2011 07:00:23 GMT
Message-Id: <201107060700.p6670NaH003972@freefall.freebsd.org>
To: freebsd-ipfw@FreeBSD.org
From: dfilter@FreeBSD.ORG (dfilter service)
Cc: 
Subject: Re: kern/136695: commit references a PR
X-BeenThere: freebsd-ipfw@freebsd.org
X-Mailman-Version: 2.1.5
Precedence: list
Reply-To: dfilter service <dfilter@FreeBSD.ORG>
List-Id: IPFW Technical Discussions <freebsd-ipfw.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-ipfw>,
	<mailto:freebsd-ipfw-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-ipfw>
List-Post: <mailto:freebsd-ipfw@freebsd.org>
List-Help: <mailto:freebsd-ipfw-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-ipfw>,
	<mailto:freebsd-ipfw-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Wed, 06 Jul 2011 07:00:23 -0000

The following reply was made to PR kern/136695; it has been noted by GNATS.

From: dfilter@FreeBSD.ORG (dfilter service)
To: bug-followup@FreeBSD.org
Cc:  
Subject: Re: kern/136695: commit references a PR
Date: Wed,  6 Jul 2011 06:56:40 +0000 (UTC)

 Author: ae
 Date: Wed Jul  6 06:56:31 2011
 New Revision: 223819
 URL: http://svn.freebsd.org/changeset/base/223819
 
 Log:
   MFC r222582:
     O_FORWARD_IP is only action which depends from the result of lookup of
     dynamic rules. We are doing forwarding in the following cases:
      o For the simple ipfw fwd rule, e.g.
   
     	fwd 10.0.0.1 ip from any to any out xmit em0
     	fwd 127.0.0.1,3128 tcp from any to any 80 in recv em1
   
      o For the dynamic fwd rule, e.g.
   
      	fwd 192.168.0.1 tcp from any to 10.0.0.3 3333 setup keep-state
   
             When this rule triggers it creates a dynamic rule, but this
     	dynamic rule should forward packets only in forward direction.
   
      o And the last case that does not work before - simple fwd rule which
      triggers when some dynamic rule is already executed.
   
     PR:		kern/136695, kern/147720, kern/150798
 
 Modified:
   stable/8/sys/netinet/ipfw/ip_fw2.c
 Directory Properties:
   stable/8/sys/   (props changed)
   stable/8/sys/amd64/include/xen/   (props changed)
   stable/8/sys/cddl/contrib/opensolaris/   (props changed)
   stable/8/sys/contrib/dev/acpica/   (props changed)
   stable/8/sys/contrib/pf/   (props changed)
 
 Modified: stable/8/sys/netinet/ipfw/ip_fw2.c
 ==============================================================================
 --- stable/8/sys/netinet/ipfw/ip_fw2.c	Wed Jul  6 06:34:08 2011	(r223818)
 +++ stable/8/sys/netinet/ipfw/ip_fw2.c	Wed Jul  6 06:56:31 2011	(r223819)
 @@ -2070,7 +2070,8 @@ do {								\
  			case O_FORWARD_IP:
  				if (args->eh)	/* not valid on layer2 pkts */
  					break;
 -				if (!q || dyn_dir == MATCH_FORWARD) {
 +				if (q == NULL || q->rule != f ||
 +				    dyn_dir == MATCH_FORWARD) {
  				    struct sockaddr_in *sa;
  				    sa = &(((ipfw_insn_sa *)cmd)->sa);
  				    if (sa->sin_addr.s_addr == INADDR_ANY) {
 _______________________________________________
 svn-src-all@freebsd.org mailing list
 http://lists.freebsd.org/mailman/listinfo/svn-src-all
 To unsubscribe, send any mail to "svn-src-all-unsubscribe@freebsd.org"
 

From owner-freebsd-ipfw@FreeBSD.ORG  Wed Jul  6 07:00:26 2011
Return-Path: <owner-freebsd-ipfw@FreeBSD.ORG>
Delivered-To: freebsd-ipfw@hub.freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34])
	by hub.freebsd.org (Postfix) with ESMTP id 441161065686
	for <freebsd-ipfw@hub.freebsd.org>;
	Wed,  6 Jul 2011 07:00:26 +0000 (UTC)
	(envelope-from gnats@FreeBSD.org)
Received: from freefall.freebsd.org (freefall.freebsd.org
	[IPv6:2001:4f8:fff6::28])
	by mx1.freebsd.org (Postfix) with ESMTP id 1A3F88FC15
	for <freebsd-ipfw@hub.freebsd.org>;
	Wed,  6 Jul 2011 07:00:26 +0000 (UTC)
Received: from freefall.freebsd.org (localhost [127.0.0.1])
	by freefall.freebsd.org (8.14.4/8.14.4) with ESMTP id p6670PaX003992
	for <freebsd-ipfw@freefall.freebsd.org>; Wed, 6 Jul 2011 07:00:25 GMT
	(envelope-from gnats@freefall.freebsd.org)
Received: (from gnats@localhost)
	by freefall.freebsd.org (8.14.4/8.14.4/Submit) id p6670Pp1003991;
	Wed, 6 Jul 2011 07:00:25 GMT (envelope-from gnats)
Date: Wed, 6 Jul 2011 07:00:25 GMT
Message-Id: <201107060700.p6670Pp1003991@freefall.freebsd.org>
To: freebsd-ipfw@FreeBSD.org
From: dfilter@FreeBSD.ORG (dfilter service)
Cc: 
Subject: Re: kern/147720: commit references a PR
X-BeenThere: freebsd-ipfw@freebsd.org
X-Mailman-Version: 2.1.5
Precedence: list
Reply-To: dfilter service <dfilter@FreeBSD.ORG>
List-Id: IPFW Technical Discussions <freebsd-ipfw.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-ipfw>,
	<mailto:freebsd-ipfw-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-ipfw>
List-Post: <mailto:freebsd-ipfw@freebsd.org>
List-Help: <mailto:freebsd-ipfw-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-ipfw>,
	<mailto:freebsd-ipfw-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Wed, 06 Jul 2011 07:00:26 -0000

The following reply was made to PR kern/147720; it has been noted by GNATS.

From: dfilter@FreeBSD.ORG (dfilter service)
To: bug-followup@FreeBSD.org
Cc:  
Subject: Re: kern/147720: commit references a PR
Date: Wed,  6 Jul 2011 06:56:41 +0000 (UTC)

 Author: ae
 Date: Wed Jul  6 06:56:31 2011
 New Revision: 223819
 URL: http://svn.freebsd.org/changeset/base/223819
 
 Log:
   MFC r222582:
     O_FORWARD_IP is only action which depends from the result of lookup of
     dynamic rules. We are doing forwarding in the following cases:
      o For the simple ipfw fwd rule, e.g.
   
     	fwd 10.0.0.1 ip from any to any out xmit em0
     	fwd 127.0.0.1,3128 tcp from any to any 80 in recv em1
   
      o For the dynamic fwd rule, e.g.
   
      	fwd 192.168.0.1 tcp from any to 10.0.0.3 3333 setup keep-state
   
             When this rule triggers it creates a dynamic rule, but this
     	dynamic rule should forward packets only in forward direction.
   
      o And the last case that does not work before - simple fwd rule which
      triggers when some dynamic rule is already executed.
   
     PR:		kern/136695, kern/147720, kern/150798
 
 Modified:
   stable/8/sys/netinet/ipfw/ip_fw2.c
 Directory Properties:
   stable/8/sys/   (props changed)
   stable/8/sys/amd64/include/xen/   (props changed)
   stable/8/sys/cddl/contrib/opensolaris/   (props changed)
   stable/8/sys/contrib/dev/acpica/   (props changed)
   stable/8/sys/contrib/pf/   (props changed)
 
 Modified: stable/8/sys/netinet/ipfw/ip_fw2.c
 ==============================================================================
 --- stable/8/sys/netinet/ipfw/ip_fw2.c	Wed Jul  6 06:34:08 2011	(r223818)
 +++ stable/8/sys/netinet/ipfw/ip_fw2.c	Wed Jul  6 06:56:31 2011	(r223819)
 @@ -2070,7 +2070,8 @@ do {								\
  			case O_FORWARD_IP:
  				if (args->eh)	/* not valid on layer2 pkts */
  					break;
 -				if (!q || dyn_dir == MATCH_FORWARD) {
 +				if (q == NULL || q->rule != f ||
 +				    dyn_dir == MATCH_FORWARD) {
  				    struct sockaddr_in *sa;
  				    sa = &(((ipfw_insn_sa *)cmd)->sa);
  				    if (sa->sin_addr.s_addr == INADDR_ANY) {
 _______________________________________________
 svn-src-all@freebsd.org mailing list
 http://lists.freebsd.org/mailman/listinfo/svn-src-all
 To unsubscribe, send any mail to "svn-src-all-unsubscribe@freebsd.org"
 

From owner-freebsd-ipfw@FreeBSD.ORG  Wed Jul  6 07:00:28 2011
Return-Path: <owner-freebsd-ipfw@FreeBSD.ORG>
Delivered-To: freebsd-ipfw@hub.freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34])
	by hub.freebsd.org (Postfix) with ESMTP id DC68E106570A
	for <freebsd-ipfw@hub.freebsd.org>;
	Wed,  6 Jul 2011 07:00:28 +0000 (UTC)
	(envelope-from gnats@FreeBSD.org)
Received: from freefall.freebsd.org (freefall.freebsd.org
	[IPv6:2001:4f8:fff6::28])
	by mx1.freebsd.org (Postfix) with ESMTP id B20318FC1A
	for <freebsd-ipfw@hub.freebsd.org>;
	Wed,  6 Jul 2011 07:00:28 +0000 (UTC)
Received: from freefall.freebsd.org (localhost [127.0.0.1])
	by freefall.freebsd.org (8.14.4/8.14.4) with ESMTP id p6670S1S004029
	for <freebsd-ipfw@freefall.freebsd.org>; Wed, 6 Jul 2011 07:00:28 GMT
	(envelope-from gnats@freefall.freebsd.org)
Received: (from gnats@localhost)
	by freefall.freebsd.org (8.14.4/8.14.4/Submit) id p6670Sw4004028;
	Wed, 6 Jul 2011 07:00:28 GMT (envelope-from gnats)
Date: Wed, 6 Jul 2011 07:00:28 GMT
Message-Id: <201107060700.p6670Sw4004028@freefall.freebsd.org>
To: freebsd-ipfw@FreeBSD.org
From: dfilter@FreeBSD.ORG (dfilter service)
Cc: 
Subject: Re: kern/150798: commit references a PR
X-BeenThere: freebsd-ipfw@freebsd.org
X-Mailman-Version: 2.1.5
Precedence: list
Reply-To: dfilter service <dfilter@FreeBSD.ORG>
List-Id: IPFW Technical Discussions <freebsd-ipfw.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-ipfw>,
	<mailto:freebsd-ipfw-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-ipfw>
List-Post: <mailto:freebsd-ipfw@freebsd.org>
List-Help: <mailto:freebsd-ipfw-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-ipfw>,
	<mailto:freebsd-ipfw-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Wed, 06 Jul 2011 07:00:29 -0000

The following reply was made to PR kern/150798; it has been noted by GNATS.

From: dfilter@FreeBSD.ORG (dfilter service)
To: bug-followup@FreeBSD.org
Cc:  
Subject: Re: kern/150798: commit references a PR
Date: Wed,  6 Jul 2011 06:56:41 +0000 (UTC)

 Author: ae
 Date: Wed Jul  6 06:56:31 2011
 New Revision: 223819
 URL: http://svn.freebsd.org/changeset/base/223819
 
 Log:
   MFC r222582:
     O_FORWARD_IP is only action which depends from the result of lookup of
     dynamic rules. We are doing forwarding in the following cases:
      o For the simple ipfw fwd rule, e.g.
   
     	fwd 10.0.0.1 ip from any to any out xmit em0
     	fwd 127.0.0.1,3128 tcp from any to any 80 in recv em1
   
      o For the dynamic fwd rule, e.g.
   
      	fwd 192.168.0.1 tcp from any to 10.0.0.3 3333 setup keep-state
   
             When this rule triggers it creates a dynamic rule, but this
     	dynamic rule should forward packets only in forward direction.
   
      o And the last case that does not work before - simple fwd rule which
      triggers when some dynamic rule is already executed.
   
     PR:		kern/136695, kern/147720, kern/150798
 
 Modified:
   stable/8/sys/netinet/ipfw/ip_fw2.c
 Directory Properties:
   stable/8/sys/   (props changed)
   stable/8/sys/amd64/include/xen/   (props changed)
   stable/8/sys/cddl/contrib/opensolaris/   (props changed)
   stable/8/sys/contrib/dev/acpica/   (props changed)
   stable/8/sys/contrib/pf/   (props changed)
 
 Modified: stable/8/sys/netinet/ipfw/ip_fw2.c
 ==============================================================================
 --- stable/8/sys/netinet/ipfw/ip_fw2.c	Wed Jul  6 06:34:08 2011	(r223818)
 +++ stable/8/sys/netinet/ipfw/ip_fw2.c	Wed Jul  6 06:56:31 2011	(r223819)
 @@ -2070,7 +2070,8 @@ do {								\
  			case O_FORWARD_IP:
  				if (args->eh)	/* not valid on layer2 pkts */
  					break;
 -				if (!q || dyn_dir == MATCH_FORWARD) {
 +				if (q == NULL || q->rule != f ||
 +				    dyn_dir == MATCH_FORWARD) {
  				    struct sockaddr_in *sa;
  				    sa = &(((ipfw_insn_sa *)cmd)->sa);
  				    if (sa->sin_addr.s_addr == INADDR_ANY) {
 _______________________________________________
 svn-src-all@freebsd.org mailing list
 http://lists.freebsd.org/mailman/listinfo/svn-src-all
 To unsubscribe, send any mail to "svn-src-all-unsubscribe@freebsd.org"
 

From owner-freebsd-ipfw@FreeBSD.ORG  Wed Jul  6 07:00:31 2011
Return-Path: <owner-freebsd-ipfw@FreeBSD.ORG>
Delivered-To: freebsd-ipfw@hub.freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34])
	by hub.freebsd.org (Postfix) with ESMTP id AC74210656B4
	for <freebsd-ipfw@hub.freebsd.org>;
	Wed,  6 Jul 2011 07:00:31 +0000 (UTC)
	(envelope-from gnats@FreeBSD.org)
Received: from freefall.freebsd.org (freefall.freebsd.org
	[IPv6:2001:4f8:fff6::28])
	by mx1.freebsd.org (Postfix) with ESMTP id 82D268FC22
	for <freebsd-ipfw@hub.freebsd.org>;
	Wed,  6 Jul 2011 07:00:31 +0000 (UTC)
Received: from freefall.freebsd.org (localhost [127.0.0.1])
	by freefall.freebsd.org (8.14.4/8.14.4) with ESMTP id p6670VII004050
	for <freebsd-ipfw@freefall.freebsd.org>; Wed, 6 Jul 2011 07:00:31 GMT
	(envelope-from gnats@freefall.freebsd.org)
Received: (from gnats@localhost)
	by freefall.freebsd.org (8.14.4/8.14.4/Submit) id p6670V6A004047;
	Wed, 6 Jul 2011 07:00:31 GMT (envelope-from gnats)
Date: Wed, 6 Jul 2011 07:00:31 GMT
Message-Id: <201107060700.p6670V6A004047@freefall.freebsd.org>
To: freebsd-ipfw@FreeBSD.org
From: dfilter@FreeBSD.ORG (dfilter service)
Cc: 
Subject: Re: kern/136695: commit references a PR
X-BeenThere: freebsd-ipfw@freebsd.org
X-Mailman-Version: 2.1.5
Precedence: list
Reply-To: dfilter service <dfilter@FreeBSD.ORG>
List-Id: IPFW Technical Discussions <freebsd-ipfw.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-ipfw>,
	<mailto:freebsd-ipfw-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-ipfw>
List-Post: <mailto:freebsd-ipfw@freebsd.org>
List-Help: <mailto:freebsd-ipfw-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-ipfw>,
	<mailto:freebsd-ipfw-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Wed, 06 Jul 2011 07:00:31 -0000

The following reply was made to PR kern/136695; it has been noted by GNATS.

From: dfilter@FreeBSD.ORG (dfilter service)
To: bug-followup@FreeBSD.org
Cc:  
Subject: Re: kern/136695: commit references a PR
Date: Wed,  6 Jul 2011 06:57:16 +0000 (UTC)

 Author: ae
 Date: Wed Jul  6 06:57:07 2011
 New Revision: 223820
 URL: http://svn.freebsd.org/changeset/base/223820
 
 Log:
   MFC r222582:
     O_FORWARD_IP is only action which depends from the result of lookup of
     dynamic rules. We are doing forwarding in the following cases:
      o For the simple ipfw fwd rule, e.g.
   
           fwd 10.0.0.1 ip from any to any out xmit em0
           fwd 127.0.0.1,3128 tcp from any to any 80 in recv em1
   
      o For the dynamic fwd rule, e.g.
   
           fwd 192.168.0.1 tcp from any to 10.0.0.3 3333 setup keep-state
   
             When this rule triggers it creates a dynamic rule, but this
           dynamic rule should forward packets only in forward direction.
   
      o And the last case that does not work before - simple fwd rule which
      triggers when some dynamic rule is already executed.
   
     PR:           kern/136695, kern/147720, kern/150798
 
 Modified:
   stable/7/sys/netinet/ip_fw2.c
 Directory Properties:
   stable/7/sys/   (props changed)
   stable/7/sys/cddl/contrib/opensolaris/   (props changed)
   stable/7/sys/contrib/dev/acpica/   (props changed)
   stable/7/sys/contrib/pf/   (props changed)
 
 Modified: stable/7/sys/netinet/ip_fw2.c
 ==============================================================================
 --- stable/7/sys/netinet/ip_fw2.c	Wed Jul  6 06:56:31 2011	(r223819)
 +++ stable/7/sys/netinet/ip_fw2.c	Wed Jul  6 06:57:07 2011	(r223820)
 @@ -3284,7 +3284,8 @@ check_body:
  				sa = &(((ipfw_insn_sa *)cmd)->sa);
  				if (args->eh)	/* not valid on layer2 pkts */
  					break;
 -				if (!q || dyn_dir == MATCH_FORWARD) {
 +				if (q == NULL || q->rule != f ||
 +				    dyn_dir == MATCH_FORWARD) {
  					if (sa->sin_addr.s_addr == INADDR_ANY) {
  						bcopy(sa, &args->hopstore,
  							sizeof(*sa));
 _______________________________________________
 svn-src-all@freebsd.org mailing list
 http://lists.freebsd.org/mailman/listinfo/svn-src-all
 To unsubscribe, send any mail to "svn-src-all-unsubscribe@freebsd.org"
 

From owner-freebsd-ipfw@FreeBSD.ORG  Wed Jul  6 07:00:34 2011
Return-Path: <owner-freebsd-ipfw@FreeBSD.ORG>
Delivered-To: freebsd-ipfw@hub.freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34])
	by hub.freebsd.org (Postfix) with ESMTP id B63051065686
	for <freebsd-ipfw@hub.freebsd.org>;
	Wed,  6 Jul 2011 07:00:34 +0000 (UTC)
	(envelope-from gnats@FreeBSD.org)
Received: from freefall.freebsd.org (freefall.freebsd.org
	[IPv6:2001:4f8:fff6::28])
	by mx1.freebsd.org (Postfix) with ESMTP id 8CAB98FC29
	for <freebsd-ipfw@hub.freebsd.org>;
	Wed,  6 Jul 2011 07:00:34 +0000 (UTC)
Received: from freefall.freebsd.org (localhost [127.0.0.1])
	by freefall.freebsd.org (8.14.4/8.14.4) with ESMTP id p6670Y0N004221
	for <freebsd-ipfw@freefall.freebsd.org>; Wed, 6 Jul 2011 07:00:34 GMT
	(envelope-from gnats@freefall.freebsd.org)
Received: (from gnats@localhost)
	by freefall.freebsd.org (8.14.4/8.14.4/Submit) id p6670YWI004215;
	Wed, 6 Jul 2011 07:00:34 GMT (envelope-from gnats)
Date: Wed, 6 Jul 2011 07:00:34 GMT
Message-Id: <201107060700.p6670YWI004215@freefall.freebsd.org>
To: freebsd-ipfw@FreeBSD.org
From: dfilter@FreeBSD.ORG (dfilter service)
Cc: 
Subject: Re: kern/147720: commit references a PR
X-BeenThere: freebsd-ipfw@freebsd.org
X-Mailman-Version: 2.1.5
Precedence: list
Reply-To: dfilter service <dfilter@FreeBSD.ORG>
List-Id: IPFW Technical Discussions <freebsd-ipfw.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-ipfw>,
	<mailto:freebsd-ipfw-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-ipfw>
List-Post: <mailto:freebsd-ipfw@freebsd.org>
List-Help: <mailto:freebsd-ipfw-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-ipfw>,
	<mailto:freebsd-ipfw-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Wed, 06 Jul 2011 07:00:34 -0000

The following reply was made to PR kern/147720; it has been noted by GNATS.

From: dfilter@FreeBSD.ORG (dfilter service)
To: bug-followup@FreeBSD.org
Cc:  
Subject: Re: kern/147720: commit references a PR
Date: Wed,  6 Jul 2011 06:57:17 +0000 (UTC)

 Author: ae
 Date: Wed Jul  6 06:57:07 2011
 New Revision: 223820
 URL: http://svn.freebsd.org/changeset/base/223820
 
 Log:
   MFC r222582:
     O_FORWARD_IP is only action which depends from the result of lookup of
     dynamic rules. We are doing forwarding in the following cases:
      o For the simple ipfw fwd rule, e.g.
   
           fwd 10.0.0.1 ip from any to any out xmit em0
           fwd 127.0.0.1,3128 tcp from any to any 80 in recv em1
   
      o For the dynamic fwd rule, e.g.
   
           fwd 192.168.0.1 tcp from any to 10.0.0.3 3333 setup keep-state
   
             When this rule triggers it creates a dynamic rule, but this
           dynamic rule should forward packets only in forward direction.
   
      o And the last case that does not work before - simple fwd rule which
      triggers when some dynamic rule is already executed.
   
     PR:           kern/136695, kern/147720, kern/150798
 
 Modified:
   stable/7/sys/netinet/ip_fw2.c
 Directory Properties:
   stable/7/sys/   (props changed)
   stable/7/sys/cddl/contrib/opensolaris/   (props changed)
   stable/7/sys/contrib/dev/acpica/   (props changed)
   stable/7/sys/contrib/pf/   (props changed)
 
 Modified: stable/7/sys/netinet/ip_fw2.c
 ==============================================================================
 --- stable/7/sys/netinet/ip_fw2.c	Wed Jul  6 06:56:31 2011	(r223819)
 +++ stable/7/sys/netinet/ip_fw2.c	Wed Jul  6 06:57:07 2011	(r223820)
 @@ -3284,7 +3284,8 @@ check_body:
  				sa = &(((ipfw_insn_sa *)cmd)->sa);
  				if (args->eh)	/* not valid on layer2 pkts */
  					break;
 -				if (!q || dyn_dir == MATCH_FORWARD) {
 +				if (q == NULL || q->rule != f ||
 +				    dyn_dir == MATCH_FORWARD) {
  					if (sa->sin_addr.s_addr == INADDR_ANY) {
  						bcopy(sa, &args->hopstore,
  							sizeof(*sa));
 _______________________________________________
 svn-src-all@freebsd.org mailing list
 http://lists.freebsd.org/mailman/listinfo/svn-src-all
 To unsubscribe, send any mail to "svn-src-all-unsubscribe@freebsd.org"
 

From owner-freebsd-ipfw@FreeBSD.ORG  Wed Jul  6 07:00:37 2011
Return-Path: <owner-freebsd-ipfw@FreeBSD.ORG>
Delivered-To: freebsd-ipfw@hub.freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34])
	by hub.freebsd.org (Postfix) with ESMTP id AD1971065677
	for <freebsd-ipfw@hub.freebsd.org>;
	Wed,  6 Jul 2011 07:00:37 +0000 (UTC)
	(envelope-from gnats@FreeBSD.org)
Received: from freefall.freebsd.org (freefall.freebsd.org
	[IPv6:2001:4f8:fff6::28])
	by mx1.freebsd.org (Postfix) with ESMTP id 837888FC23
	for <freebsd-ipfw@hub.freebsd.org>;
	Wed,  6 Jul 2011 07:00:37 +0000 (UTC)
Received: from freefall.freebsd.org (localhost [127.0.0.1])
	by freefall.freebsd.org (8.14.4/8.14.4) with ESMTP id p6670bDb004413
	for <freebsd-ipfw@freefall.freebsd.org>; Wed, 6 Jul 2011 07:00:37 GMT
	(envelope-from gnats@freefall.freebsd.org)
Received: (from gnats@localhost)
	by freefall.freebsd.org (8.14.4/8.14.4/Submit) id p6670bkY004407;
	Wed, 6 Jul 2011 07:00:37 GMT (envelope-from gnats)
Date: Wed, 6 Jul 2011 07:00:37 GMT
Message-Id: <201107060700.p6670bkY004407@freefall.freebsd.org>
To: freebsd-ipfw@FreeBSD.org
From: dfilter@FreeBSD.ORG (dfilter service)
Cc: 
Subject: Re: kern/150798: commit references a PR
X-BeenThere: freebsd-ipfw@freebsd.org
X-Mailman-Version: 2.1.5
Precedence: list
Reply-To: dfilter service <dfilter@FreeBSD.ORG>
List-Id: IPFW Technical Discussions <freebsd-ipfw.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-ipfw>,
	<mailto:freebsd-ipfw-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-ipfw>
List-Post: <mailto:freebsd-ipfw@freebsd.org>
List-Help: <mailto:freebsd-ipfw-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-ipfw>,
	<mailto:freebsd-ipfw-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Wed, 06 Jul 2011 07:00:37 -0000

The following reply was made to PR kern/150798; it has been noted by GNATS.

From: dfilter@FreeBSD.ORG (dfilter service)
To: bug-followup@FreeBSD.org
Cc:  
Subject: Re: kern/150798: commit references a PR
Date: Wed,  6 Jul 2011 06:57:17 +0000 (UTC)

 Author: ae
 Date: Wed Jul  6 06:57:07 2011
 New Revision: 223820
 URL: http://svn.freebsd.org/changeset/base/223820
 
 Log:
   MFC r222582:
     O_FORWARD_IP is only action which depends from the result of lookup of
     dynamic rules. We are doing forwarding in the following cases:
      o For the simple ipfw fwd rule, e.g.
   
           fwd 10.0.0.1 ip from any to any out xmit em0
           fwd 127.0.0.1,3128 tcp from any to any 80 in recv em1
   
      o For the dynamic fwd rule, e.g.
   
           fwd 192.168.0.1 tcp from any to 10.0.0.3 3333 setup keep-state
   
             When this rule triggers it creates a dynamic rule, but this
           dynamic rule should forward packets only in forward direction.
   
      o And the last case that does not work before - simple fwd rule which
      triggers when some dynamic rule is already executed.
   
     PR:           kern/136695, kern/147720, kern/150798
 
 Modified:
   stable/7/sys/netinet/ip_fw2.c
 Directory Properties:
   stable/7/sys/   (props changed)
   stable/7/sys/cddl/contrib/opensolaris/   (props changed)
   stable/7/sys/contrib/dev/acpica/   (props changed)
   stable/7/sys/contrib/pf/   (props changed)
 
 Modified: stable/7/sys/netinet/ip_fw2.c
 ==============================================================================
 --- stable/7/sys/netinet/ip_fw2.c	Wed Jul  6 06:56:31 2011	(r223819)
 +++ stable/7/sys/netinet/ip_fw2.c	Wed Jul  6 06:57:07 2011	(r223820)
 @@ -3284,7 +3284,8 @@ check_body:
  				sa = &(((ipfw_insn_sa *)cmd)->sa);
  				if (args->eh)	/* not valid on layer2 pkts */
  					break;
 -				if (!q || dyn_dir == MATCH_FORWARD) {
 +				if (q == NULL || q->rule != f ||
 +				    dyn_dir == MATCH_FORWARD) {
  					if (sa->sin_addr.s_addr == INADDR_ANY) {
  						bcopy(sa, &args->hopstore,
  							sizeof(*sa));
 _______________________________________________
 svn-src-all@freebsd.org mailing list
 http://lists.freebsd.org/mailman/listinfo/svn-src-all
 To unsubscribe, send any mail to "svn-src-all-unsubscribe@freebsd.org"
 

From owner-freebsd-ipfw@FreeBSD.ORG  Wed Jul  6 14:09:48 2011
Return-Path: <owner-freebsd-ipfw@FreeBSD.ORG>
Delivered-To: freebsd-ipfw@freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34])
	by hub.freebsd.org (Postfix) with ESMTP id AE1681065673
	for <freebsd-ipfw@freebsd.org>; Wed,  6 Jul 2011 14:09:48 +0000 (UTC)
	(envelope-from unga888@yahoo.com)
Received: from nm8-vm0.bullet.mail.bf1.yahoo.com
	(nm8-vm0.bullet.mail.bf1.yahoo.com [98.139.213.95])
	by mx1.freebsd.org (Postfix) with SMTP id 44BD38FC0A
	for <freebsd-ipfw@freebsd.org>; Wed,  6 Jul 2011 14:09:47 +0000 (UTC)
Received: from [98.139.212.150] by nm8.bullet.mail.bf1.yahoo.com with NNFMP;
	06 Jul 2011 14:09:47 -0000
Received: from [98.139.212.251] by tm7.bullet.mail.bf1.yahoo.com with NNFMP;
	06 Jul 2011 14:09:47 -0000
Received: from [127.0.0.1] by omp1060.mail.bf1.yahoo.com with NNFMP;
	06 Jul 2011 14:09:47 -0000
X-Yahoo-Newman-Property: ymail-3
X-Yahoo-Newman-Id: 544677.9248.bm@omp1060.mail.bf1.yahoo.com
Received: (qmail 89987 invoked by uid 60001); 6 Jul 2011 14:09:47 -0000
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=yahoo.com; s=s1024;
	t=1309961387; bh=W1EnWM7ibMMGo3fWugQaj85YXPxMv10+vGwylNA2oHg=;
	h=X-YMail-OSG:Received:X-Mailer:Message-ID:Date:From:Subject:To:Cc:In-Reply-To:MIME-Version:Content-Type;
	b=Oh3xwBHeEmMM6u3rV8qLkQR2X3oYePfQopKIo5kOQdb0oFY6Zxe9sw4WaP3Sko5qSkQOt5Q1B1Yy7FVUHpPNSl0OspVkmWua52p1UsBZJcicxMe73gWsZJm24oi37vc7zpXkvQMldSNBg+PhfiiSuf0WOMHgdUhjGb5BgdrpcSU=
DomainKey-Signature: a=rsa-sha1; q=dns; c=nofws; s=s1024; d=yahoo.com;
	h=X-YMail-OSG:Received:X-Mailer:Message-ID:Date:From:Subject:To:Cc:In-Reply-To:MIME-Version:Content-Type;
	b=D3o6c21mQcNHsb9frJpo/pqcmgzK2blkI3vf0dFA70bOnNxRpXBMBodRQ2StQmwYhc/OXgsTwKXCGo2r3jylsJqQ0uus7FrINwyszeuKExFYlX0WTjsfGwSt3zjaO4yFtDTlSi/3gB7vvY4Yhc0uWcqrDXnSdtiiO4eGhkVNVfc=;
X-YMail-OSG: OF7G714VM1kjbXzLf51BEkt.8IwejhxgsrCY9X.obJtrR3M
	XQVsMDF3e0cQFuiJvWkYIteHHIjy60.FxnQwn.9maUA41hXxDrHB0i8WYgKW
	5Jjrxven.vEUlHwQeLobTiQOU2EzCGMBSBSF0FFXxLx7I6vst9nIOMGzMH_b
	Edm7BsiMno0wkMzA0kpbGzm6RGE5871c_51G6iLWMkDuVdHSL8.URLOkPVLu
	zA0ZPE3OR0D9yyUG3pfgQzG6aJrwn3dzP6t4CDSjkIkLYX..cqkaD4DgWkjf
	jO0mBU_H_Rjcz_LJT8iLsmWPDFaQ8f__D1ePETaXSQjD8aTjU3fem4l8sXZw
	_rdBCU9F91Kt0jQwG7S_Uag0LtR4.P37GGoFIKs.1kf1qE.Ub8mY5Aayfbej
	A_3c5fLOvNMwZSHb3iw--
Received: from [112.134.100.26] by web160115.mail.bf1.yahoo.com via HTTP;
	Wed, 06 Jul 2011 07:09:47 PDT
X-Mailer: YahooMailClassic/14.0.3 YahooMailWebService/0.8.112.307740
Message-ID: <1309961387.83307.YahooMailClassic@web160115.mail.bf1.yahoo.com>
Date: Wed, 6 Jul 2011 07:09:47 -0700 (PDT)
From: Unga <unga888@yahoo.com>
To: "Andrey V. Elsukov" <bu7cher@yandex.ru>
In-Reply-To: <4E134F07.8080302@yandex.ru>
MIME-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Cc: freebsd-ipfw@freebsd.org, Fabian Wenk <fabian@wenks.ch>
Subject: Re: ipfw fwd on FreeBSD 8.1, does it work? [SOLVED]
X-BeenThere: freebsd-ipfw@freebsd.org
X-Mailman-Version: 2.1.5
Precedence: list
List-Id: IPFW Technical Discussions <freebsd-ipfw.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-ipfw>,
	<mailto:freebsd-ipfw-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-ipfw>
List-Post: <mailto:freebsd-ipfw@freebsd.org>
List-Help: <mailto:freebsd-ipfw-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-ipfw>,
	<mailto:freebsd-ipfw-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Wed, 06 Jul 2011 14:09:48 -0000

--- On Wed, 7/6/11, Andrey V. Elsukov <bu7cher@yandex.ru> wrote:

> From: Andrey V. Elsukov <bu7cher@yandex.ru>
> Subject: Re: ipfw fwd on FreeBSD 8.1, does it work?
> To: "Unga" <unga888@yahoo.com>
> Cc: freebsd-ipfw@freebsd.org, "Fabian Wenk" <fabian@wenks.ch>
> Date: Wednesday, July 6, 2011, 1:51 AM
> On 05.07.2011 21:20, Unga wrote:
> > Thanks for the reply.
> > 
> > The 'options IPFIREWALL_FORWARD' is already built in
> the custom kernel.
> > 
> > Both rules you suggested develop the same error:
> > ipfw: getsockopt(IP_FW_ADD): Invalid argument
> 
> Hi,
> 
> You should add 'options IPFIREWALL' in the your kernel
> config too.
> 
> -- 
> WBR, Andrey V. Elsukov
> 

Hi Andrey

I have added 'options IPFIREWALL' and rebuilt all, now 'ipfw fwd' works well.

So the 'options IPFIREWALL_FORWARD' alone is insufficient, the 'options IPFIREWALL' is also required.

Thank you and all others who helped me in this regard.

Cheers
Unga





From owner-freebsd-ipfw@FreeBSD.ORG  Thu Jul  7 08:53:33 2011
Return-Path: <owner-freebsd-ipfw@FreeBSD.ORG>
Delivered-To: freebsd-ipfw@hub.freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34])
	by hub.freebsd.org (Postfix) with ESMTP id BC181106566B;
	Thu,  7 Jul 2011 08:53:33 +0000 (UTC) (envelope-from ae@FreeBSD.org)
Received: from freefall.freebsd.org (freefall.freebsd.org
	[IPv6:2001:4f8:fff6::28])
	by mx1.freebsd.org (Postfix) with ESMTP id 95BAC8FC19;
	Thu,  7 Jul 2011 08:53:33 +0000 (UTC)
Received: from freefall.freebsd.org (localhost [127.0.0.1])
	by freefall.freebsd.org (8.14.4/8.14.4) with ESMTP id p678rXTa006368;
	Thu, 7 Jul 2011 08:53:33 GMT (envelope-from ae@freefall.freebsd.org)
Received: (from ae@localhost)
	by freefall.freebsd.org (8.14.4/8.14.4/Submit) id p678rWje006364;
	Thu, 7 Jul 2011 08:53:32 GMT (envelope-from ae)
Date: Thu, 7 Jul 2011 08:53:32 GMT
Message-Id: <201107070853.p678rWje006364@freefall.freebsd.org>
To: pawel@szember.net, ae@FreeBSD.org, freebsd-ipfw@FreeBSD.org
From: ae@FreeBSD.org
Cc: 
Subject: Re: kern/127209: [ipfw] IPFW table become corrupted after many
	changes
X-BeenThere: freebsd-ipfw@freebsd.org
X-Mailman-Version: 2.1.5
Precedence: list
List-Id: IPFW Technical Discussions <freebsd-ipfw.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-ipfw>,
	<mailto:freebsd-ipfw-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-ipfw>
List-Post: <mailto:freebsd-ipfw@freebsd.org>
List-Help: <mailto:freebsd-ipfw-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-ipfw>,
	<mailto:freebsd-ipfw-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Thu, 07 Jul 2011 08:53:33 -0000

Synopsis: [ipfw] IPFW table become corrupted after many changes

State-Changed-From-To: open->feedback
State-Changed-By: ae
State-Changed-When: Thu Jul 7 08:52:47 UTC 2011
State-Changed-Why: 
Can you reproduce this on 8.x+ releases?

http://www.freebsd.org/cgi/query-pr.cgi?pr=127209

From owner-freebsd-ipfw@FreeBSD.ORG  Thu Jul  7 08:54:06 2011
Return-Path: <owner-freebsd-ipfw@FreeBSD.ORG>
Delivered-To: freebsd-ipfw@hub.freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34])
	by hub.freebsd.org (Postfix) with ESMTP id 7274E1065672;
	Thu,  7 Jul 2011 08:54:06 +0000 (UTC) (envelope-from ae@FreeBSD.org)
Received: from freefall.freebsd.org (freefall.freebsd.org
	[IPv6:2001:4f8:fff6::28])
	by mx1.freebsd.org (Postfix) with ESMTP id 4BC1F8FC1E;
	Thu,  7 Jul 2011 08:54:06 +0000 (UTC)
Received: from freefall.freebsd.org (localhost [127.0.0.1])
	by freefall.freebsd.org (8.14.4/8.14.4) with ESMTP id p678s5Y6006431;
	Thu, 7 Jul 2011 08:54:05 GMT (envelope-from ae@freefall.freebsd.org)
Received: (from ae@localhost)
	by freefall.freebsd.org (8.14.4/8.14.4/Submit) id p678s5LV006427;
	Thu, 7 Jul 2011 08:54:05 GMT (envelope-from ae)
Date: Thu, 7 Jul 2011 08:54:05 GMT
Message-Id: <201107070854.p678s5LV006427@freefall.freebsd.org>
To: alexey@kouznetsov.com, ae@FreeBSD.org, freebsd-ipfw@FreeBSD.org
From: ae@FreeBSD.org
Cc: 
Subject: Re: kern/144269: [ipfw] problem with ipfw tables
X-BeenThere: freebsd-ipfw@freebsd.org
X-Mailman-Version: 2.1.5
Precedence: list
List-Id: IPFW Technical Discussions <freebsd-ipfw.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-ipfw>,
	<mailto:freebsd-ipfw-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-ipfw>
List-Post: <mailto:freebsd-ipfw@freebsd.org>
List-Help: <mailto:freebsd-ipfw-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-ipfw>,
	<mailto:freebsd-ipfw-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Thu, 07 Jul 2011 08:54:06 -0000

Synopsis: [ipfw] problem with ipfw tables

State-Changed-From-To: open->feedback
State-Changed-By: ae
State-Changed-When: Thu Jul 7 08:53:52 UTC 2011
State-Changed-Why: 
Can you reproduce this on 8.x+ releases?

http://www.freebsd.org/cgi/query-pr.cgi?pr=144269

From owner-freebsd-ipfw@FreeBSD.ORG  Thu Jul  7 08:54:34 2011
Return-Path: <owner-freebsd-ipfw@FreeBSD.ORG>
Delivered-To: freebsd-ipfw@hub.freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34])
	by hub.freebsd.org (Postfix) with ESMTP id BB0D41065679;
	Thu,  7 Jul 2011 08:54:34 +0000 (UTC) (envelope-from ae@FreeBSD.org)
Received: from freefall.freebsd.org (freefall.freebsd.org
	[IPv6:2001:4f8:fff6::28])
	by mx1.freebsd.org (Postfix) with ESMTP id 5BB288FC12;
	Thu,  7 Jul 2011 08:54:34 +0000 (UTC)
Received: from freefall.freebsd.org (localhost [127.0.0.1])
	by freefall.freebsd.org (8.14.4/8.14.4) with ESMTP id p678sYUi006482;
	Thu, 7 Jul 2011 08:54:34 GMT (envelope-from ae@freefall.freebsd.org)
Received: (from ae@localhost)
	by freefall.freebsd.org (8.14.4/8.14.4/Submit) id p678sXmv006478;
	Thu, 7 Jul 2011 08:54:33 GMT (envelope-from ae)
Date: Thu, 7 Jul 2011 08:54:33 GMT
Message-Id: <201107070854.p678sXmv006478@freefall.freebsd.org>
To: versen@list.ru, ae@FreeBSD.org, freebsd-ipfw@FreeBSD.org
From: ae@FreeBSD.org
Cc: 
Subject: Re: kern/143474: [ipfw] ipfw table contains the same address
X-BeenThere: freebsd-ipfw@freebsd.org
X-Mailman-Version: 2.1.5
Precedence: list
List-Id: IPFW Technical Discussions <freebsd-ipfw.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-ipfw>,
	<mailto:freebsd-ipfw-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-ipfw>
List-Post: <mailto:freebsd-ipfw@freebsd.org>
List-Help: <mailto:freebsd-ipfw-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-ipfw>,
	<mailto:freebsd-ipfw-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Thu, 07 Jul 2011 08:54:34 -0000

Synopsis: [ipfw] ipfw table contains the same address

State-Changed-From-To: open->feedback
State-Changed-By: ae
State-Changed-When: Thu Jul 7 08:54:21 UTC 2011
State-Changed-Why: 
Can you reproduce this on 8.x+ releases?

http://www.freebsd.org/cgi/query-pr.cgi?pr=143474

From owner-freebsd-ipfw@FreeBSD.ORG  Thu Jul  7 09:30:15 2011
Return-Path: <owner-freebsd-ipfw@FreeBSD.ORG>
Delivered-To: freebsd-ipfw@hub.freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34])
	by hub.freebsd.org (Postfix) with ESMTP id 8C47E106564A
	for <freebsd-ipfw@hub.freebsd.org>;
	Thu,  7 Jul 2011 09:30:15 +0000 (UTC)
	(envelope-from gnats@FreeBSD.org)
Received: from freefall.freebsd.org (freefall.freebsd.org
	[IPv6:2001:4f8:fff6::28])
	by mx1.freebsd.org (Postfix) with ESMTP id 63DBA8FC13
	for <freebsd-ipfw@hub.freebsd.org>;
	Thu,  7 Jul 2011 09:30:15 +0000 (UTC)
Received: from freefall.freebsd.org (localhost [127.0.0.1])
	by freefall.freebsd.org (8.14.4/8.14.4) with ESMTP id p679UFFG033696
	for <freebsd-ipfw@freefall.freebsd.org>; Thu, 7 Jul 2011 09:30:15 GMT
	(envelope-from gnats@freefall.freebsd.org)
Received: (from gnats@localhost)
	by freefall.freebsd.org (8.14.4/8.14.4/Submit) id p679UFfS033692;
	Thu, 7 Jul 2011 09:30:15 GMT (envelope-from gnats)
Date: Thu, 7 Jul 2011 09:30:15 GMT
Message-Id: <201107070930.p679UFfS033692@freefall.freebsd.org>
To: freebsd-ipfw@FreeBSD.org
From: dfilter@FreeBSD.ORG (dfilter service)
Cc: 
Subject: Re: kern/122109: commit references a PR
X-BeenThere: freebsd-ipfw@freebsd.org
X-Mailman-Version: 2.1.5
Precedence: list
Reply-To: dfilter service <dfilter@FreeBSD.ORG>
List-Id: IPFW Technical Discussions <freebsd-ipfw.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-ipfw>,
	<mailto:freebsd-ipfw-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-ipfw>
List-Post: <mailto:freebsd-ipfw@freebsd.org>
List-Help: <mailto:freebsd-ipfw-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-ipfw>,
	<mailto:freebsd-ipfw-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Thu, 07 Jul 2011 09:30:15 -0000

The following reply was made to PR kern/122109; it has been noted by GNATS.

From: dfilter@FreeBSD.ORG (dfilter service)
To: bug-followup@FreeBSD.org
Cc:  
Subject: Re: kern/122109: commit references a PR
Date: Thu,  7 Jul 2011 09:29:25 +0000 (UTC)

 Author: ae
 Date: Thu Jul  7 09:29:11 2011
 New Revision: 223835
 URL: http://svn.freebsd.org/changeset/base/223835
 
 Log:
   MFC r222806:
     Make a behaviour of the libalias based in-kernel NAT a bit closer to
     how natd(8) does work. natd(8) drops packets only when libalias returns
     PKT_ALIAS_IGNORED and "deny_incoming" option is set, but ipfw_nat
     always did drop packets that were not aliased, even if they should
     not be aliased and just are going through.
   
     PR:		kern/122109, kern/129093, kern/157379
     Submitted by:	Alexander V. Chernikov (previous version)
 
 Modified:
   stable/8/sys/netinet/ipfw/ip_fw_nat.c
 Directory Properties:
   stable/8/sys/   (props changed)
   stable/8/sys/amd64/include/xen/   (props changed)
   stable/8/sys/cddl/contrib/opensolaris/   (props changed)
   stable/8/sys/contrib/dev/acpica/   (props changed)
   stable/8/sys/contrib/pf/   (props changed)
 
 Modified: stable/8/sys/netinet/ipfw/ip_fw_nat.c
 ==============================================================================
 --- stable/8/sys/netinet/ipfw/ip_fw_nat.c	Thu Jul  7 08:33:58 2011	(r223834)
 +++ stable/8/sys/netinet/ipfw/ip_fw_nat.c	Thu Jul  7 09:29:11 2011	(r223835)
 @@ -263,17 +263,27 @@ ipfw_nat(struct ip_fw_args *args, struct
  	else
  		retval = LibAliasOut(t->lib, c,
  			mcl->m_len + M_TRAILINGSPACE(mcl));
 -	if (retval == PKT_ALIAS_RESPOND) {
 -		m->m_flags |= M_SKIP_FIREWALL;
 -		retval = PKT_ALIAS_OK;
 -	}
 -	if (retval != PKT_ALIAS_OK &&
 -	    retval != PKT_ALIAS_FOUND_HEADER_FRAGMENT) {
 +
 +	/*
 +	 * We drop packet when:
 +	 * 1. libalias returns PKT_ALIAS_ERROR;
 +	 * 2. For incoming packets:
 +	 *	a) for unresolved fragments;
 +	 *	b) libalias returns PKT_ALIAS_IGNORED and
 +	 *		PKT_ALIAS_DENY_INCOMING flag is set.
 +	 */
 +	if (retval == PKT_ALIAS_ERROR ||
 +	    (args->oif == NULL && (retval == PKT_ALIAS_UNRESOLVED_FRAGMENT ||
 +	    (retval == PKT_ALIAS_IGNORED &&
 +	    (t->lib->packetAliasMode & PKT_ALIAS_DENY_INCOMING) != 0)))) {
  		/* XXX - should i add some logging? */
  		m_free(mcl);
  		args->m = NULL;
  		return (IP_FW_DENY);
  	}
 +
 +	if (retval == PKT_ALIAS_RESPOND)
 +		m->m_flags |= M_SKIP_FIREWALL;
  	mcl->m_pkthdr.len = mcl->m_len = ntohs(ip->ip_len);
  
  	/*
 _______________________________________________
 svn-src-all@freebsd.org mailing list
 http://lists.freebsd.org/mailman/listinfo/svn-src-all
 To unsubscribe, send any mail to "svn-src-all-unsubscribe@freebsd.org"
 

From owner-freebsd-ipfw@FreeBSD.ORG  Thu Jul  7 09:30:18 2011
Return-Path: <owner-freebsd-ipfw@FreeBSD.ORG>
Delivered-To: freebsd-ipfw@hub.freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34])
	by hub.freebsd.org (Postfix) with ESMTP id CFE9F1065673
	for <freebsd-ipfw@hub.freebsd.org>;
	Thu,  7 Jul 2011 09:30:18 +0000 (UTC)
	(envelope-from gnats@FreeBSD.org)
Received: from freefall.freebsd.org (freefall.freebsd.org
	[IPv6:2001:4f8:fff6::28])
	by mx1.freebsd.org (Postfix) with ESMTP id A6D5F8FC15
	for <freebsd-ipfw@hub.freebsd.org>;
	Thu,  7 Jul 2011 09:30:18 +0000 (UTC)
Received: from freefall.freebsd.org (localhost [127.0.0.1])
	by freefall.freebsd.org (8.14.4/8.14.4) with ESMTP id p679UI69033844
	for <freebsd-ipfw@freefall.freebsd.org>; Thu, 7 Jul 2011 09:30:18 GMT
	(envelope-from gnats@freefall.freebsd.org)
Received: (from gnats@localhost)
	by freefall.freebsd.org (8.14.4/8.14.4/Submit) id p679UIMX033841;
	Thu, 7 Jul 2011 09:30:18 GMT (envelope-from gnats)
Date: Thu, 7 Jul 2011 09:30:18 GMT
Message-Id: <201107070930.p679UIMX033841@freefall.freebsd.org>
To: freebsd-ipfw@FreeBSD.org
From: dfilter@FreeBSD.ORG (dfilter service)
Cc: 
Subject: Re: kern/129093: commit references a PR
X-BeenThere: freebsd-ipfw@freebsd.org
X-Mailman-Version: 2.1.5
Precedence: list
Reply-To: dfilter service <dfilter@FreeBSD.ORG>
List-Id: IPFW Technical Discussions <freebsd-ipfw.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-ipfw>,
	<mailto:freebsd-ipfw-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-ipfw>
List-Post: <mailto:freebsd-ipfw@freebsd.org>
List-Help: <mailto:freebsd-ipfw-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-ipfw>,
	<mailto:freebsd-ipfw-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Thu, 07 Jul 2011 09:30:18 -0000

The following reply was made to PR kern/129093; it has been noted by GNATS.

From: dfilter@FreeBSD.ORG (dfilter service)
To: bug-followup@FreeBSD.org
Cc:  
Subject: Re: kern/129093: commit references a PR
Date: Thu,  7 Jul 2011 09:29:25 +0000 (UTC)

 Author: ae
 Date: Thu Jul  7 09:29:11 2011
 New Revision: 223835
 URL: http://svn.freebsd.org/changeset/base/223835
 
 Log:
   MFC r222806:
     Make a behaviour of the libalias based in-kernel NAT a bit closer to
     how natd(8) does work. natd(8) drops packets only when libalias returns
     PKT_ALIAS_IGNORED and "deny_incoming" option is set, but ipfw_nat
     always did drop packets that were not aliased, even if they should
     not be aliased and just are going through.
   
     PR:		kern/122109, kern/129093, kern/157379
     Submitted by:	Alexander V. Chernikov (previous version)
 
 Modified:
   stable/8/sys/netinet/ipfw/ip_fw_nat.c
 Directory Properties:
   stable/8/sys/   (props changed)
   stable/8/sys/amd64/include/xen/   (props changed)
   stable/8/sys/cddl/contrib/opensolaris/   (props changed)
   stable/8/sys/contrib/dev/acpica/   (props changed)
   stable/8/sys/contrib/pf/   (props changed)
 
 Modified: stable/8/sys/netinet/ipfw/ip_fw_nat.c
 ==============================================================================
 --- stable/8/sys/netinet/ipfw/ip_fw_nat.c	Thu Jul  7 08:33:58 2011	(r223834)
 +++ stable/8/sys/netinet/ipfw/ip_fw_nat.c	Thu Jul  7 09:29:11 2011	(r223835)
 @@ -263,17 +263,27 @@ ipfw_nat(struct ip_fw_args *args, struct
  	else
  		retval = LibAliasOut(t->lib, c,
  			mcl->m_len + M_TRAILINGSPACE(mcl));
 -	if (retval == PKT_ALIAS_RESPOND) {
 -		m->m_flags |= M_SKIP_FIREWALL;
 -		retval = PKT_ALIAS_OK;
 -	}
 -	if (retval != PKT_ALIAS_OK &&
 -	    retval != PKT_ALIAS_FOUND_HEADER_FRAGMENT) {
 +
 +	/*
 +	 * We drop packet when:
 +	 * 1. libalias returns PKT_ALIAS_ERROR;
 +	 * 2. For incoming packets:
 +	 *	a) for unresolved fragments;
 +	 *	b) libalias returns PKT_ALIAS_IGNORED and
 +	 *		PKT_ALIAS_DENY_INCOMING flag is set.
 +	 */
 +	if (retval == PKT_ALIAS_ERROR ||
 +	    (args->oif == NULL && (retval == PKT_ALIAS_UNRESOLVED_FRAGMENT ||
 +	    (retval == PKT_ALIAS_IGNORED &&
 +	    (t->lib->packetAliasMode & PKT_ALIAS_DENY_INCOMING) != 0)))) {
  		/* XXX - should i add some logging? */
  		m_free(mcl);
  		args->m = NULL;
  		return (IP_FW_DENY);
  	}
 +
 +	if (retval == PKT_ALIAS_RESPOND)
 +		m->m_flags |= M_SKIP_FIREWALL;
  	mcl->m_pkthdr.len = mcl->m_len = ntohs(ip->ip_len);
  
  	/*
 _______________________________________________
 svn-src-all@freebsd.org mailing list
 http://lists.freebsd.org/mailman/listinfo/svn-src-all
 To unsubscribe, send any mail to "svn-src-all-unsubscribe@freebsd.org"
 

From owner-freebsd-ipfw@FreeBSD.ORG  Thu Jul  7 09:30:22 2011
Return-Path: <owner-freebsd-ipfw@FreeBSD.ORG>
Delivered-To: freebsd-ipfw@hub.freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34])
	by hub.freebsd.org (Postfix) with ESMTP id 5E8AC1065679
	for <freebsd-ipfw@hub.freebsd.org>;
	Thu,  7 Jul 2011 09:30:22 +0000 (UTC)
	(envelope-from gnats@FreeBSD.org)
Received: from freefall.freebsd.org (freefall.freebsd.org
	[IPv6:2001:4f8:fff6::28])
	by mx1.freebsd.org (Postfix) with ESMTP id 35E5A8FC19
	for <freebsd-ipfw@hub.freebsd.org>;
	Thu,  7 Jul 2011 09:30:22 +0000 (UTC)
Received: from freefall.freebsd.org (localhost [127.0.0.1])
	by freefall.freebsd.org (8.14.4/8.14.4) with ESMTP id p679UMhe034040
	for <freebsd-ipfw@freefall.freebsd.org>; Thu, 7 Jul 2011 09:30:22 GMT
	(envelope-from gnats@freefall.freebsd.org)
Received: (from gnats@localhost)
	by freefall.freebsd.org (8.14.4/8.14.4/Submit) id p679ULGb034031;
	Thu, 7 Jul 2011 09:30:22 GMT (envelope-from gnats)
Date: Thu, 7 Jul 2011 09:30:22 GMT
Message-Id: <201107070930.p679ULGb034031@freefall.freebsd.org>
To: freebsd-ipfw@FreeBSD.org
From: dfilter@FreeBSD.ORG (dfilter service)
Cc: 
Subject: Re: kern/157379: commit references a PR
X-BeenThere: freebsd-ipfw@freebsd.org
X-Mailman-Version: 2.1.5
Precedence: list
Reply-To: dfilter service <dfilter@FreeBSD.ORG>
List-Id: IPFW Technical Discussions <freebsd-ipfw.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-ipfw>,
	<mailto:freebsd-ipfw-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-ipfw>
List-Post: <mailto:freebsd-ipfw@freebsd.org>
List-Help: <mailto:freebsd-ipfw-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-ipfw>,
	<mailto:freebsd-ipfw-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Thu, 07 Jul 2011 09:30:22 -0000

The following reply was made to PR kern/157379; it has been noted by GNATS.

From: dfilter@FreeBSD.ORG (dfilter service)
To: bug-followup@FreeBSD.org
Cc:  
Subject: Re: kern/157379: commit references a PR
Date: Thu,  7 Jul 2011 09:29:26 +0000 (UTC)

 Author: ae
 Date: Thu Jul  7 09:29:11 2011
 New Revision: 223835
 URL: http://svn.freebsd.org/changeset/base/223835
 
 Log:
   MFC r222806:
     Make a behaviour of the libalias based in-kernel NAT a bit closer to
     how natd(8) does work. natd(8) drops packets only when libalias returns
     PKT_ALIAS_IGNORED and "deny_incoming" option is set, but ipfw_nat
     always did drop packets that were not aliased, even if they should
     not be aliased and just are going through.
   
     PR:		kern/122109, kern/129093, kern/157379
     Submitted by:	Alexander V. Chernikov (previous version)
 
 Modified:
   stable/8/sys/netinet/ipfw/ip_fw_nat.c
 Directory Properties:
   stable/8/sys/   (props changed)
   stable/8/sys/amd64/include/xen/   (props changed)
   stable/8/sys/cddl/contrib/opensolaris/   (props changed)
   stable/8/sys/contrib/dev/acpica/   (props changed)
   stable/8/sys/contrib/pf/   (props changed)
 
 Modified: stable/8/sys/netinet/ipfw/ip_fw_nat.c
 ==============================================================================
 --- stable/8/sys/netinet/ipfw/ip_fw_nat.c	Thu Jul  7 08:33:58 2011	(r223834)
 +++ stable/8/sys/netinet/ipfw/ip_fw_nat.c	Thu Jul  7 09:29:11 2011	(r223835)
 @@ -263,17 +263,27 @@ ipfw_nat(struct ip_fw_args *args, struct
  	else
  		retval = LibAliasOut(t->lib, c,
  			mcl->m_len + M_TRAILINGSPACE(mcl));
 -	if (retval == PKT_ALIAS_RESPOND) {
 -		m->m_flags |= M_SKIP_FIREWALL;
 -		retval = PKT_ALIAS_OK;
 -	}
 -	if (retval != PKT_ALIAS_OK &&
 -	    retval != PKT_ALIAS_FOUND_HEADER_FRAGMENT) {
 +
 +	/*
 +	 * We drop packet when:
 +	 * 1. libalias returns PKT_ALIAS_ERROR;
 +	 * 2. For incoming packets:
 +	 *	a) for unresolved fragments;
 +	 *	b) libalias returns PKT_ALIAS_IGNORED and
 +	 *		PKT_ALIAS_DENY_INCOMING flag is set.
 +	 */
 +	if (retval == PKT_ALIAS_ERROR ||
 +	    (args->oif == NULL && (retval == PKT_ALIAS_UNRESOLVED_FRAGMENT ||
 +	    (retval == PKT_ALIAS_IGNORED &&
 +	    (t->lib->packetAliasMode & PKT_ALIAS_DENY_INCOMING) != 0)))) {
  		/* XXX - should i add some logging? */
  		m_free(mcl);
  		args->m = NULL;
  		return (IP_FW_DENY);
  	}
 +
 +	if (retval == PKT_ALIAS_RESPOND)
 +		m->m_flags |= M_SKIP_FIREWALL;
  	mcl->m_pkthdr.len = mcl->m_len = ntohs(ip->ip_len);
  
  	/*
 _______________________________________________
 svn-src-all@freebsd.org mailing list
 http://lists.freebsd.org/mailman/listinfo/svn-src-all
 To unsubscribe, send any mail to "svn-src-all-unsubscribe@freebsd.org"
 

From owner-freebsd-ipfw@FreeBSD.ORG  Thu Jul  7 09:43:16 2011
Return-Path: <owner-freebsd-ipfw@FreeBSD.ORG>
Delivered-To: freebsd-ipfw@hub.freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34])
	by hub.freebsd.org (Postfix) with ESMTP id 64B471065673;
	Thu,  7 Jul 2011 09:43:16 +0000 (UTC) (envelope-from ae@FreeBSD.org)
Received: from freefall.freebsd.org (freefall.freebsd.org
	[IPv6:2001:4f8:fff6::28])
	by mx1.freebsd.org (Postfix) with ESMTP id 3EA6C8FC19;
	Thu,  7 Jul 2011 09:43:16 +0000 (UTC)
Received: from freefall.freebsd.org (localhost [127.0.0.1])
	by freefall.freebsd.org (8.14.4/8.14.4) with ESMTP id p679hGZG052354;
	Thu, 7 Jul 2011 09:43:16 GMT (envelope-from ae@freefall.freebsd.org)
Received: (from ae@localhost)
	by freefall.freebsd.org (8.14.4/8.14.4/Submit) id p679hFGd052350;
	Thu, 7 Jul 2011 09:43:15 GMT (envelope-from ae)
Date: Thu, 7 Jul 2011 09:43:15 GMT
Message-Id: <201107070943.p679hFGd052350@freefall.freebsd.org>
To: m.dyadchenko@211.ru, ae@FreeBSD.org, freebsd-ipfw@FreeBSD.org
From: ae@FreeBSD.org
Cc: 
Subject: Re: kern/122109: [ipfw] ipfw nat traceroute problem
X-BeenThere: freebsd-ipfw@freebsd.org
X-Mailman-Version: 2.1.5
Precedence: list
List-Id: IPFW Technical Discussions <freebsd-ipfw.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-ipfw>,
	<mailto:freebsd-ipfw-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-ipfw>
List-Post: <mailto:freebsd-ipfw@freebsd.org>
List-Help: <mailto:freebsd-ipfw-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-ipfw>,
	<mailto:freebsd-ipfw-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Thu, 07 Jul 2011 09:43:16 -0000

Synopsis: [ipfw] ipfw nat traceroute problem

State-Changed-From-To: patched->closed
State-Changed-By: ae
State-Changed-When: Thu Jul 7 09:42:47 UTC 2011
State-Changed-Why: 
Merged to stable/7 and stable/8. Thanks!

http://www.freebsd.org/cgi/query-pr.cgi?pr=122109

From owner-freebsd-ipfw@FreeBSD.ORG  Thu Jul  7 09:43:51 2011
Return-Path: <owner-freebsd-ipfw@FreeBSD.ORG>
Delivered-To: freebsd-ipfw@hub.freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34])
	by hub.freebsd.org (Postfix) with ESMTP id 305651065676;
	Thu,  7 Jul 2011 09:43:51 +0000 (UTC) (envelope-from ae@FreeBSD.org)
Received: from freefall.freebsd.org (freefall.freebsd.org
	[IPv6:2001:4f8:fff6::28])
	by mx1.freebsd.org (Postfix) with ESMTP id 0A1568FC19;
	Thu,  7 Jul 2011 09:43:51 +0000 (UTC)
Received: from freefall.freebsd.org (localhost [127.0.0.1])
	by freefall.freebsd.org (8.14.4/8.14.4) with ESMTP id p679hogH052422;
	Thu, 7 Jul 2011 09:43:50 GMT (envelope-from ae@freefall.freebsd.org)
Received: (from ae@localhost)
	by freefall.freebsd.org (8.14.4/8.14.4/Submit) id p679ho68052418;
	Thu, 7 Jul 2011 09:43:50 GMT (envelope-from ae)
Date: Thu, 7 Jul 2011 09:43:50 GMT
Message-Id: <201107070943.p679ho68052418@freefall.freebsd.org>
To: kes-kes@yandex.ru, ae@FreeBSD.org, freebsd-ipfw@FreeBSD.org
From: ae@FreeBSD.org
Cc: 
Subject: Re: kern/129093: [ipfw] ipfw nat must not drop packets
X-BeenThere: freebsd-ipfw@freebsd.org
X-Mailman-Version: 2.1.5
Precedence: list
List-Id: IPFW Technical Discussions <freebsd-ipfw.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-ipfw>,
	<mailto:freebsd-ipfw-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-ipfw>
List-Post: <mailto:freebsd-ipfw@freebsd.org>
List-Help: <mailto:freebsd-ipfw-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-ipfw>,
	<mailto:freebsd-ipfw-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Thu, 07 Jul 2011 09:43:51 -0000

Synopsis: [ipfw] ipfw nat must not drop packets

State-Changed-From-To: patched->closed
State-Changed-By: ae
State-Changed-When: Thu Jul 7 09:43:23 UTC 2011
State-Changed-Why: 
Merged to stable/7 and stable/8. Thanks!

http://www.freebsd.org/cgi/query-pr.cgi?pr=129093

From owner-freebsd-ipfw@FreeBSD.ORG  Thu Jul  7 09:44:29 2011
Return-Path: <owner-freebsd-ipfw@FreeBSD.ORG>
Delivered-To: freebsd-ipfw@hub.freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34])
	by hub.freebsd.org (Postfix) with ESMTP id D8B791065673;
	Thu,  7 Jul 2011 09:44:29 +0000 (UTC) (envelope-from ae@FreeBSD.org)
Received: from freefall.freebsd.org (freefall.freebsd.org
	[IPv6:2001:4f8:fff6::28])
	by mx1.freebsd.org (Postfix) with ESMTP id B247E8FC0C;
	Thu,  7 Jul 2011 09:44:29 +0000 (UTC)
Received: from freefall.freebsd.org (localhost [127.0.0.1])
	by freefall.freebsd.org (8.14.4/8.14.4) with ESMTP id p679iTsG052499;
	Thu, 7 Jul 2011 09:44:29 GMT (envelope-from ae@freefall.freebsd.org)
Received: (from ae@localhost)
	by freefall.freebsd.org (8.14.4/8.14.4/Submit) id p679iTPD052495;
	Thu, 7 Jul 2011 09:44:29 GMT (envelope-from ae)
Date: Thu, 7 Jul 2011 09:44:29 GMT
Message-Id: <201107070944.p679iTPD052495@freefall.freebsd.org>
To: kes-kes@yandex.ru, ae@FreeBSD.org, freebsd-ipfw@FreeBSD.org
From: ae@FreeBSD.org
Cc: 
Subject: Re: kern/157379: [ipfw] mtr does not work if I use ipfw nat
X-BeenThere: freebsd-ipfw@freebsd.org
X-Mailman-Version: 2.1.5
Precedence: list
List-Id: IPFW Technical Discussions <freebsd-ipfw.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-ipfw>,
	<mailto:freebsd-ipfw-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-ipfw>
List-Post: <mailto:freebsd-ipfw@freebsd.org>
List-Help: <mailto:freebsd-ipfw-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-ipfw>,
	<mailto:freebsd-ipfw-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Thu, 07 Jul 2011 09:44:29 -0000

Synopsis: [ipfw] mtr does not work if I use ipfw nat

State-Changed-From-To: patched->closed
State-Changed-By: ae
State-Changed-When: Thu Jul 7 09:43:57 UTC 2011
State-Changed-Why: 
Merged to stable/7 and stable/8. Thanks!

http://www.freebsd.org/cgi/query-pr.cgi?pr=157379

From owner-freebsd-ipfw@FreeBSD.ORG  Thu Jul  7 09:50:12 2011
Return-Path: <owner-freebsd-ipfw@FreeBSD.ORG>
Delivered-To: freebsd-ipfw@hub.freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34])
	by hub.freebsd.org (Postfix) with ESMTP id 283A5106564A
	for <freebsd-ipfw@hub.freebsd.org>;
	Thu,  7 Jul 2011 09:50:12 +0000 (UTC)
	(envelope-from gnats@FreeBSD.org)
Received: from freefall.freebsd.org (freefall.freebsd.org
	[IPv6:2001:4f8:fff6::28])
	by mx1.freebsd.org (Postfix) with ESMTP id F3FC88FC0A
	for <freebsd-ipfw@hub.freebsd.org>;
	Thu,  7 Jul 2011 09:50:11 +0000 (UTC)
Received: from freefall.freebsd.org (localhost [127.0.0.1])
	by freefall.freebsd.org (8.14.4/8.14.4) with ESMTP id p679oBq5053263
	for <freebsd-ipfw@freefall.freebsd.org>; Thu, 7 Jul 2011 09:50:11 GMT
	(envelope-from gnats@freefall.freebsd.org)
Received: (from gnats@localhost)
	by freefall.freebsd.org (8.14.4/8.14.4/Submit) id p679oBNN053262;
	Thu, 7 Jul 2011 09:50:11 GMT (envelope-from gnats)
Date: Thu, 7 Jul 2011 09:50:11 GMT
Message-Id: <201107070950.p679oBNN053262@freefall.freebsd.org>
To: freebsd-ipfw@FreeBSD.org
From: dfilter@FreeBSD.ORG (dfilter service)
Cc: 
Subject: Re: kern/122109: commit references a PR
X-BeenThere: freebsd-ipfw@freebsd.org
X-Mailman-Version: 2.1.5
Precedence: list
Reply-To: dfilter service <dfilter@FreeBSD.ORG>
List-Id: IPFW Technical Discussions <freebsd-ipfw.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-ipfw>,
	<mailto:freebsd-ipfw-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-ipfw>
List-Post: <mailto:freebsd-ipfw@freebsd.org>
List-Help: <mailto:freebsd-ipfw-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-ipfw>,
	<mailto:freebsd-ipfw-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Thu, 07 Jul 2011 09:50:12 -0000

The following reply was made to PR kern/122109; it has been noted by GNATS.

From: dfilter@FreeBSD.ORG (dfilter service)
To: bug-followup@FreeBSD.org
Cc:  
Subject: Re: kern/122109: commit references a PR
Date: Thu,  7 Jul 2011 09:42:49 +0000 (UTC)

 Author: ae
 Date: Thu Jul  7 09:42:32 2011
 New Revision: 223837
 URL: http://svn.freebsd.org/changeset/base/223837
 
 Log:
   MFC r222806:
     Make a behaviour of the libalias based in-kernel NAT a bit closer to
     how natd(8) does work. natd(8) drops packets only when libalias returns
     PKT_ALIAS_IGNORED and "deny_incoming" option is set, but ipfw_nat
     always did drop packets that were not aliased, even if they should
     not be aliased and just are going through.
   
     PR:		kern/122109, kern/129093, kern/157379
     Submitted by:	Alexander V. Chernikov (previous version)
 
 Modified:
   stable/7/sys/netinet/ip_fw_nat.c
 Directory Properties:
   stable/7/sys/   (props changed)
   stable/7/sys/cddl/contrib/opensolaris/   (props changed)
   stable/7/sys/contrib/dev/acpica/   (props changed)
   stable/7/sys/contrib/pf/   (props changed)
 
 Modified: stable/7/sys/netinet/ip_fw_nat.c
 ==============================================================================
 --- stable/7/sys/netinet/ip_fw_nat.c	Thu Jul  7 09:32:43 2011	(r223836)
 +++ stable/7/sys/netinet/ip_fw_nat.c	Thu Jul  7 09:42:32 2011	(r223837)
 @@ -322,8 +322,18 @@ ipfw_nat(struct ip_fw_args *args, struct
  	else
  		retval = LibAliasOut(t->lib, c, 
  			mcl->m_len + M_TRAILINGSPACE(mcl));
 -	if (retval != PKT_ALIAS_OK &&
 -	    retval != PKT_ALIAS_FOUND_HEADER_FRAGMENT) {
 +	/*
 +	 * We drop packet when:
 +	 * 1. libalias returns PKT_ALIAS_ERROR;
 +	 * 2. For incoming packets:
 +	 *	a) for unresolved fragments;
 +	 *	b) libalias returns PKT_ALIAS_IGNORED and
 +	 *		PKT_ALIAS_DENY_INCOMING flag is set.
 +	 */
 +	if (retval == PKT_ALIAS_ERROR ||
 +	    (args->oif == NULL && (retval == PKT_ALIAS_UNRESOLVED_FRAGMENT ||
 +	    (retval == PKT_ALIAS_IGNORED &&
 +	    (t->lib->packetAliasMode & PKT_ALIAS_DENY_INCOMING) != 0)))) {
  		/* XXX - should i add some logging? */
  		m_free(mcl);
  	badnat:
 _______________________________________________
 svn-src-all@freebsd.org mailing list
 http://lists.freebsd.org/mailman/listinfo/svn-src-all
 To unsubscribe, send any mail to "svn-src-all-unsubscribe@freebsd.org"
 

From owner-freebsd-ipfw@FreeBSD.ORG  Thu Jul  7 09:50:13 2011
Return-Path: <owner-freebsd-ipfw@FreeBSD.ORG>
Delivered-To: freebsd-ipfw@hub.freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34])
	by hub.freebsd.org (Postfix) with ESMTP id EDEC51065670
	for <freebsd-ipfw@hub.freebsd.org>;
	Thu,  7 Jul 2011 09:50:13 +0000 (UTC)
	(envelope-from gnats@FreeBSD.org)
Received: from freefall.freebsd.org (freefall.freebsd.org
	[IPv6:2001:4f8:fff6::28])
	by mx1.freebsd.org (Postfix) with ESMTP id C5C838FC16
	for <freebsd-ipfw@hub.freebsd.org>;
	Thu,  7 Jul 2011 09:50:13 +0000 (UTC)
Received: from freefall.freebsd.org (localhost [127.0.0.1])
	by freefall.freebsd.org (8.14.4/8.14.4) with ESMTP id p679oDwQ053274
	for <freebsd-ipfw@freefall.freebsd.org>; Thu, 7 Jul 2011 09:50:13 GMT
	(envelope-from gnats@freefall.freebsd.org)
Received: (from gnats@localhost)
	by freefall.freebsd.org (8.14.4/8.14.4/Submit) id p679oDsE053273;
	Thu, 7 Jul 2011 09:50:13 GMT (envelope-from gnats)
Date: Thu, 7 Jul 2011 09:50:13 GMT
Message-Id: <201107070950.p679oDsE053273@freefall.freebsd.org>
To: freebsd-ipfw@FreeBSD.org
From: dfilter@FreeBSD.ORG (dfilter service)
Cc: 
Subject: Re: kern/129093: commit references a PR
X-BeenThere: freebsd-ipfw@freebsd.org
X-Mailman-Version: 2.1.5
Precedence: list
Reply-To: dfilter service <dfilter@FreeBSD.ORG>
List-Id: IPFW Technical Discussions <freebsd-ipfw.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-ipfw>,
	<mailto:freebsd-ipfw-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-ipfw>
List-Post: <mailto:freebsd-ipfw@freebsd.org>
List-Help: <mailto:freebsd-ipfw-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-ipfw>,
	<mailto:freebsd-ipfw-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Thu, 07 Jul 2011 09:50:14 -0000

The following reply was made to PR kern/129093; it has been noted by GNATS.

From: dfilter@FreeBSD.ORG (dfilter service)
To: bug-followup@FreeBSD.org
Cc:  
Subject: Re: kern/129093: commit references a PR
Date: Thu,  7 Jul 2011 09:42:50 +0000 (UTC)

 Author: ae
 Date: Thu Jul  7 09:42:32 2011
 New Revision: 223837
 URL: http://svn.freebsd.org/changeset/base/223837
 
 Log:
   MFC r222806:
     Make a behaviour of the libalias based in-kernel NAT a bit closer to
     how natd(8) does work. natd(8) drops packets only when libalias returns
     PKT_ALIAS_IGNORED and "deny_incoming" option is set, but ipfw_nat
     always did drop packets that were not aliased, even if they should
     not be aliased and just are going through.
   
     PR:		kern/122109, kern/129093, kern/157379
     Submitted by:	Alexander V. Chernikov (previous version)
 
 Modified:
   stable/7/sys/netinet/ip_fw_nat.c
 Directory Properties:
   stable/7/sys/   (props changed)
   stable/7/sys/cddl/contrib/opensolaris/   (props changed)
   stable/7/sys/contrib/dev/acpica/   (props changed)
   stable/7/sys/contrib/pf/   (props changed)
 
 Modified: stable/7/sys/netinet/ip_fw_nat.c
 ==============================================================================
 --- stable/7/sys/netinet/ip_fw_nat.c	Thu Jul  7 09:32:43 2011	(r223836)
 +++ stable/7/sys/netinet/ip_fw_nat.c	Thu Jul  7 09:42:32 2011	(r223837)
 @@ -322,8 +322,18 @@ ipfw_nat(struct ip_fw_args *args, struct
  	else
  		retval = LibAliasOut(t->lib, c, 
  			mcl->m_len + M_TRAILINGSPACE(mcl));
 -	if (retval != PKT_ALIAS_OK &&
 -	    retval != PKT_ALIAS_FOUND_HEADER_FRAGMENT) {
 +	/*
 +	 * We drop packet when:
 +	 * 1. libalias returns PKT_ALIAS_ERROR;
 +	 * 2. For incoming packets:
 +	 *	a) for unresolved fragments;
 +	 *	b) libalias returns PKT_ALIAS_IGNORED and
 +	 *		PKT_ALIAS_DENY_INCOMING flag is set.
 +	 */
 +	if (retval == PKT_ALIAS_ERROR ||
 +	    (args->oif == NULL && (retval == PKT_ALIAS_UNRESOLVED_FRAGMENT ||
 +	    (retval == PKT_ALIAS_IGNORED &&
 +	    (t->lib->packetAliasMode & PKT_ALIAS_DENY_INCOMING) != 0)))) {
  		/* XXX - should i add some logging? */
  		m_free(mcl);
  	badnat:
 _______________________________________________
 svn-src-all@freebsd.org mailing list
 http://lists.freebsd.org/mailman/listinfo/svn-src-all
 To unsubscribe, send any mail to "svn-src-all-unsubscribe@freebsd.org"
 

From owner-freebsd-ipfw@FreeBSD.ORG  Thu Jul  7 09:50:15 2011
Return-Path: <owner-freebsd-ipfw@FreeBSD.ORG>
Delivered-To: freebsd-ipfw@hub.freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34])
	by hub.freebsd.org (Postfix) with ESMTP id AF712106564A
	for <freebsd-ipfw@hub.freebsd.org>;
	Thu,  7 Jul 2011 09:50:15 +0000 (UTC)
	(envelope-from gnats@FreeBSD.org)
Received: from freefall.freebsd.org (freefall.freebsd.org
	[IPv6:2001:4f8:fff6::28])
	by mx1.freebsd.org (Postfix) with ESMTP id 875F18FC0A
	for <freebsd-ipfw@hub.freebsd.org>;
	Thu,  7 Jul 2011 09:50:15 +0000 (UTC)
Received: from freefall.freebsd.org (localhost [127.0.0.1])
	by freefall.freebsd.org (8.14.4/8.14.4) with ESMTP id p679oFuu053279
	for <freebsd-ipfw@freefall.freebsd.org>; Thu, 7 Jul 2011 09:50:15 GMT
	(envelope-from gnats@freefall.freebsd.org)
Received: (from gnats@localhost)
	by freefall.freebsd.org (8.14.4/8.14.4/Submit) id p679oFOp053278;
	Thu, 7 Jul 2011 09:50:15 GMT (envelope-from gnats)
Date: Thu, 7 Jul 2011 09:50:15 GMT
Message-Id: <201107070950.p679oFOp053278@freefall.freebsd.org>
To: freebsd-ipfw@FreeBSD.org
From: dfilter@FreeBSD.ORG (dfilter service)
Cc: 
Subject: Re: kern/157379: commit references a PR
X-BeenThere: freebsd-ipfw@freebsd.org
X-Mailman-Version: 2.1.5
Precedence: list
Reply-To: dfilter service <dfilter@FreeBSD.ORG>
List-Id: IPFW Technical Discussions <freebsd-ipfw.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-ipfw>,
	<mailto:freebsd-ipfw-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-ipfw>
List-Post: <mailto:freebsd-ipfw@freebsd.org>
List-Help: <mailto:freebsd-ipfw-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-ipfw>,
	<mailto:freebsd-ipfw-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Thu, 07 Jul 2011 09:50:15 -0000

The following reply was made to PR kern/157379; it has been noted by GNATS.

From: dfilter@FreeBSD.ORG (dfilter service)
To: bug-followup@FreeBSD.org
Cc:  
Subject: Re: kern/157379: commit references a PR
Date: Thu,  7 Jul 2011 09:42:50 +0000 (UTC)

 Author: ae
 Date: Thu Jul  7 09:42:32 2011
 New Revision: 223837
 URL: http://svn.freebsd.org/changeset/base/223837
 
 Log:
   MFC r222806:
     Make a behaviour of the libalias based in-kernel NAT a bit closer to
     how natd(8) does work. natd(8) drops packets only when libalias returns
     PKT_ALIAS_IGNORED and "deny_incoming" option is set, but ipfw_nat
     always did drop packets that were not aliased, even if they should
     not be aliased and just are going through.
   
     PR:		kern/122109, kern/129093, kern/157379
     Submitted by:	Alexander V. Chernikov (previous version)
 
 Modified:
   stable/7/sys/netinet/ip_fw_nat.c
 Directory Properties:
   stable/7/sys/   (props changed)
   stable/7/sys/cddl/contrib/opensolaris/   (props changed)
   stable/7/sys/contrib/dev/acpica/   (props changed)
   stable/7/sys/contrib/pf/   (props changed)
 
 Modified: stable/7/sys/netinet/ip_fw_nat.c
 ==============================================================================
 --- stable/7/sys/netinet/ip_fw_nat.c	Thu Jul  7 09:32:43 2011	(r223836)
 +++ stable/7/sys/netinet/ip_fw_nat.c	Thu Jul  7 09:42:32 2011	(r223837)
 @@ -322,8 +322,18 @@ ipfw_nat(struct ip_fw_args *args, struct
  	else
  		retval = LibAliasOut(t->lib, c, 
  			mcl->m_len + M_TRAILINGSPACE(mcl));
 -	if (retval != PKT_ALIAS_OK &&
 -	    retval != PKT_ALIAS_FOUND_HEADER_FRAGMENT) {
 +	/*
 +	 * We drop packet when:
 +	 * 1. libalias returns PKT_ALIAS_ERROR;
 +	 * 2. For incoming packets:
 +	 *	a) for unresolved fragments;
 +	 *	b) libalias returns PKT_ALIAS_IGNORED and
 +	 *		PKT_ALIAS_DENY_INCOMING flag is set.
 +	 */
 +	if (retval == PKT_ALIAS_ERROR ||
 +	    (args->oif == NULL && (retval == PKT_ALIAS_UNRESOLVED_FRAGMENT ||
 +	    (retval == PKT_ALIAS_IGNORED &&
 +	    (t->lib->packetAliasMode & PKT_ALIAS_DENY_INCOMING) != 0)))) {
  		/* XXX - should i add some logging? */
  		m_free(mcl);
  	badnat:
 _______________________________________________
 svn-src-all@freebsd.org mailing list
 http://lists.freebsd.org/mailman/listinfo/svn-src-all
 To unsubscribe, send any mail to "svn-src-all-unsubscribe@freebsd.org"