From owner-freebsd-ipfw@freebsd.org Wed Jul 6 17:07:38 2016 Return-Path: Delivered-To: freebsd-ipfw@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id 5FADAB758EF for ; Wed, 6 Jul 2016 17:07:38 +0000 (UTC) (envelope-from bugzilla-noreply@freebsd.org) Received: from kenobi.freebsd.org (kenobi.freebsd.org [IPv6:2001:1900:2254:206a::16:76]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client did not present a certificate) by mx1.freebsd.org (Postfix) with ESMTPS id 4F1C81950 for ; Wed, 6 Jul 2016 17:07:38 +0000 (UTC) (envelope-from bugzilla-noreply@freebsd.org) Received: from bugs.freebsd.org ([127.0.1.118]) by kenobi.freebsd.org (8.15.2/8.15.2) with ESMTP id u66H7ZtW056349 for ; Wed, 6 Jul 2016 17:07:38 GMT (envelope-from bugzilla-noreply@freebsd.org) From: bugzilla-noreply@freebsd.org To: freebsd-ipfw@FreeBSD.org Subject: [Bug 210408] Problem with outgoing traffic using ipfw and kernel nat originated from local address Date: Wed, 06 Jul 2016 17:07:36 +0000 X-Bugzilla-Reason: AssignedTo X-Bugzilla-Type: changed X-Bugzilla-Watch-Reason: None X-Bugzilla-Product: Base System X-Bugzilla-Component: kern X-Bugzilla-Version: 10.2-RELEASE X-Bugzilla-Keywords: X-Bugzilla-Severity: Affects Some People X-Bugzilla-Who: feld@FreeBSD.org X-Bugzilla-Status: New X-Bugzilla-Resolution: X-Bugzilla-Priority: --- X-Bugzilla-Assigned-To: freebsd-ipfw@FreeBSD.org X-Bugzilla-Flags: X-Bugzilla-Changed-Fields: cc Message-ID: In-Reply-To: References: Content-Type: text/plain; charset="UTF-8" Content-Transfer-Encoding: quoted-printable X-Bugzilla-URL: https://bugs.freebsd.org/bugzilla/ Auto-Submitted: auto-generated MIME-Version: 1.0 X-BeenThere: freebsd-ipfw@freebsd.org X-Mailman-Version: 2.1.22 Precedence: list List-Id: IPFW Technical Discussions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 06 Jul 2016 17:07:38 -0000 https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=3D210408 Mark Felder changed: What |Removed |Added ---------------------------------------------------------------------------- CC| |feld@FreeBSD.org --- Comment #2 from Mark Felder --- (In reply to smithi from comment #1) I'm surprised we don't just handle this automatically. I don't see a good reason why the user should have to discover this and need to manually turn = off TSO4. I also know that libalias is being overhauled/rewritten by Bill Yuan of Dflybsd. He might be able to address this deficiency. I'm going to link him= to this PR. --=20 You are receiving this mail because: You are the assignee for the bug.= From owner-freebsd-ipfw@freebsd.org Wed Jul 6 22:44:21 2016 Return-Path: Delivered-To: freebsd-ipfw@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id 39BA2B75407 for ; Wed, 6 Jul 2016 22:44:21 +0000 (UTC) (envelope-from sosaxxsandratdp@outlook.com) Received: from COL004-OMC2S18.hotmail.com (col004-omc2s18.hotmail.com [65.55.34.92]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-SHA384 (256/256 bits)) (Client CN "*.outlook.com", Issuer "Microsoft IT SSL SHA2" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 080441643 for ; Wed, 6 Jul 2016 22:44:20 +0000 (UTC) (envelope-from sosaxxsandratdp@outlook.com) Received: from NAM02-CY1-obe.outbound.protection.outlook.com ([65.55.34.71]) by COL004-OMC2S18.hotmail.com over TLS secured channel with Microsoft SMTPSVC(7.5.7601.23008); Wed, 6 Jul 2016 15:44:14 -0700 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=outlook.com; s=selector1; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version; bh=9Hcm5psTPHRO1PeEA9buypQJJ1Vb0wxSXsGbX+Uf1hg=; b=JWlqzvRXfWlhaikJnqTTBNDNITJ64etyMV6rQKsiUh8eqLtGrhKjv6fxJPdV5L32c3sRZgiVEb6jyQhg4tGi0abf7vN3QnSheSQ0ZozwcNEEN9Hjdkcjmu66viSyKAPyUfA1YO2gjtP3Cff8zqQm/DIB0u2uQDon1s0Wy3Kty7Y41vyzCFEvbcPOOpRjhXbWca93rDAN6gIZwhpolYK+KVZtu25dZfsNOY11lxSmovFjeQKlbMtkV5vubazqq8IvBqtzIqF5xVI3VD8f3rEL/N+VO2urKr48FZjPUwDmBJAYiQkI+4H0bzwC0QYTU/iz6XAU2GJx+lQxZfCc7+2J9A== Received: from CY1NAM02FT060.eop-nam02.prod.protection.outlook.com (10.152.74.55) by CY1NAM02HT088.eop-nam02.prod.protection.outlook.com (10.152.74.74) with Microsoft SMTP Server (TLS) id 15.1.523.9; Wed, 6 Jul 2016 22:44:13 +0000 Received: from CY1PR0701MB1195.namprd07.prod.outlook.com (10.152.74.55) by CY1NAM02FT060.mail.protection.outlook.com (10.152.74.252) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384_P384) id 15.1.534.7 via Frontend Transport; Wed, 6 Jul 2016 22:44:13 +0000 Received: from CY1PR0701MB1195.namprd07.prod.outlook.com ([10.160.146.148]) by CY1PR0701MB1195.namprd07.prod.outlook.com ([10.160.146.148]) with mapi id 15.01.0528.022; Wed, 6 Jul 2016 22:44:13 +0000 From: BRENDA LUCAS To: "freebsd-ipfw@freebsd.org" Subject: Ipfw , Hey hottie let's have some fun Thread-Topic: Ipfw , Hey hottie let's have some fun Thread-Index: AQHR19elIpiZfi19o0O05Xb34Nj4CQ== Date: Wed, 6 Jul 2016 22:42:16 +0000 Message-ID: Accept-Language: en-US Content-Language: en-US X-MS-Has-Attach: X-MS-TNEF-Correlator: authentication-results: spf=softfail (sender IP is 10.152.74.55) smtp.mailfrom=outlook.com; freebsd.org; dkim=none (message not signed) header.d=none;freebsd.org; dmarc=fail action=none header.from=outlook.com; received-spf: SoftFail (protection.outlook.com: domain of transitioning outlook.com discourages use of 10.152.74.55 as permitted sender) x-tmn: [RmJD0dUUS5CckLWDyUssRaTVbZXAbjfW] x-eopattributedmessage: 0 x-forefront-antispam-report: CIP:10.152.74.55; IPV:NLI; CTRY:; EFV:NLI; SFV:NSPM; SFS:(10019020)(98900003); DIR:OUT; SFP:1102; SCL:1; SRVR:CY1NAM02HT088; H:CY1PR0701MB1195.namprd07.prod.outlook.com; FPR:; SPF:None; CAT:NONE; LANG:en; CAT:NONE; x-ms-office365-filtering-correlation-id: f7ac80dd-2c4b-40ea-a6fd-08d3a5ef0d9d x-microsoft-antispam: UriScan:; BCL:0; PCL:0; RULEID:(5061506196)(5061507196); SRVR:CY1NAM02HT088; x-exchange-antispam-report-cfa-test: BCL:0; PCL:0; RULEID:(432015012)(82015046); SRVR:CY1NAM02HT088; BCL:0; PCL:0; RULEID:; SRVR:CY1NAM02HT088; x-forefront-prvs: 0995196AA2 MIME-Version: 1.0 X-OriginatorOrg: outlook.com X-MS-Exchange-CrossTenant-originalarrivaltime: 06 Jul 2016 22:42:16.9396 (UTC) X-MS-Exchange-CrossTenant-fromentityheader: Internet X-MS-Exchange-CrossTenant-id: 84df9e7f-e9f6-40af-b435-aaaaaaaaaaaa X-MS-Exchange-Transport-CrossTenantHeadersStamped: CY1NAM02HT088 X-OriginalArrivalTime: 06 Jul 2016 22:44:14.0496 (UTC) FILETIME=[EBD46200:01D1D7D7] Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: quoted-printable X-Content-Filtered-By: Mailman/MimeDel 2.1.22 X-BeenThere: freebsd-ipfw@freebsd.org X-Mailman-Version: 2.1.22 Precedence: list List-Id: IPFW Technical Discussions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 06 Jul 2016 22:44:21 -0000 I'm so randy right now baby. I need you to contact me so we can hook up. I = want you to make me cum. From owner-freebsd-ipfw@freebsd.org Thu Jul 7 08:43:10 2016 Return-Path: Delivered-To: freebsd-ipfw@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id 8EA74B76B4B for ; Thu, 7 Jul 2016 08:43:10 +0000 (UTC) (envelope-from bugzilla-noreply@freebsd.org) Received: from kenobi.freebsd.org (kenobi.freebsd.org [IPv6:2001:1900:2254:206a::16:76]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client did not present a certificate) by mx1.freebsd.org (Postfix) with ESMTPS id 642E61F04 for ; Thu, 7 Jul 2016 08:43:10 +0000 (UTC) (envelope-from bugzilla-noreply@freebsd.org) Received: from bugs.freebsd.org ([127.0.1.118]) by kenobi.freebsd.org (8.15.2/8.15.2) with ESMTP id u678h5Fi040656 for ; Thu, 7 Jul 2016 08:43:10 GMT (envelope-from bugzilla-noreply@freebsd.org) From: bugzilla-noreply@freebsd.org To: freebsd-ipfw@FreeBSD.org Subject: [Bug 210408] Problem with outgoing traffic using ipfw and kernel nat originated from local address Date: Thu, 07 Jul 2016 08:43:06 +0000 X-Bugzilla-Reason: AssignedTo X-Bugzilla-Type: changed X-Bugzilla-Watch-Reason: None X-Bugzilla-Product: Base System X-Bugzilla-Component: kern X-Bugzilla-Version: 10.2-RELEASE X-Bugzilla-Keywords: X-Bugzilla-Severity: Affects Some People X-Bugzilla-Who: smithi@nimnet.asn.au X-Bugzilla-Status: New X-Bugzilla-Resolution: X-Bugzilla-Priority: --- X-Bugzilla-Assigned-To: freebsd-ipfw@FreeBSD.org X-Bugzilla-Flags: X-Bugzilla-Changed-Fields: Message-ID: In-Reply-To: References: Content-Type: text/plain; charset="UTF-8" Content-Transfer-Encoding: quoted-printable X-Bugzilla-URL: https://bugs.freebsd.org/bugzilla/ Auto-Submitted: auto-generated MIME-Version: 1.0 X-BeenThere: freebsd-ipfw@freebsd.org X-Mailman-Version: 2.1.22 Precedence: list List-Id: IPFW Technical Discussions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 07 Jul 2016 08:43:10 -0000 https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=3D210408 --- Comment #3 from smithi@nimnet.asn.au --- (In reply to Mark Felder from comment #2) Offhand I can think of three places that could be done: 1) /sbin/ipfw (userland) a) when NAT is configured, eg ipfw nat 123 config [ip address | if iface] .= .. b) when NAT would be first invoked, eg ipfw add [ruleno] nat 123 [condition= /s] 2) /sys/netpfil/ipfw/ip_fw2.c (kernel) when NAT is first actually invoked on a packet on the NAT interface. 3) /sys/netinet/libalias (kernel) (or from userland for natd(8)) on first use of an interface, ie (only) on the first packet processed. (1a) seems unlikely, as 'ip address' may not map to an iface on rule creati= on,=20 and a particular nat config may not even be used, or its rule not encounter= ed. (1b) perhaps, though its config needs consulting, and unless 'if iface' is= =20 specified it may not be straightforward to determine which interface - and= =20 we would only want TSO4 disabled on the NAT interface, not on any others. (1) is userland, so it might be more appropriate to 'call' /sbin/ifconfig f= rom=20 there, though again the address to interface mapping - from routing table/s= I=20 assume - may not already be in place upon ruleset creation. (2) and (3) are in-kernel. Perhaps the new libifconfig (ono) can be used fr= om=20 there, but I've only seen that go by in freebsd-net in passing. This would= =20 require testing for TSO4 being on, then setting it off (-tso or -tso4). Separately, /sbin/ipfw should probably insist on (or change to) 'ipv4' rath= er=20 than 'ip' or 'all' on nat rules, to guard against passing libalias(3) any= =20 ipv6 packets, another potential foot-shot. Just a few thought-bubbles, FWIW .. Ian --=20 You are receiving this mail because: You are the assignee for the bug.=