From owner-freebsd-ipfw@freebsd.org Sun Sep 11 14:14:27 2016 Return-Path: Delivered-To: freebsd-ipfw@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id F3D4BBD6824 for ; Sun, 11 Sep 2016 14:14:26 +0000 (UTC) (envelope-from bugzilla-noreply@freebsd.org) Received: from kenobi.freebsd.org (kenobi.freebsd.org [IPv6:2001:1900:2254:206a::16:76]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client did not present a certificate) by mx1.freebsd.org (Postfix) with ESMTPS id E3BADA58 for ; Sun, 11 Sep 2016 14:14:26 +0000 (UTC) (envelope-from bugzilla-noreply@freebsd.org) Received: from bugs.freebsd.org ([127.0.1.118]) by kenobi.freebsd.org (8.15.2/8.15.2) with ESMTP id u8BEEPYj028517 for ; Sun, 11 Sep 2016 14:14:26 GMT (envelope-from bugzilla-noreply@freebsd.org) From: bugzilla-noreply@freebsd.org To: freebsd-ipfw@FreeBSD.org Subject: [Bug 212105] ipfw dumps core after adding rule with table Date: Sun, 11 Sep 2016 14:14:26 +0000 X-Bugzilla-Reason: AssignedTo X-Bugzilla-Type: changed X-Bugzilla-Watch-Reason: None X-Bugzilla-Product: Base System X-Bugzilla-Component: bin X-Bugzilla-Version: CURRENT X-Bugzilla-Keywords: X-Bugzilla-Severity: Affects Some People X-Bugzilla-Who: ae@FreeBSD.org X-Bugzilla-Status: New X-Bugzilla-Resolution: X-Bugzilla-Priority: --- X-Bugzilla-Assigned-To: freebsd-ipfw@FreeBSD.org X-Bugzilla-Flags: X-Bugzilla-Changed-Fields: see_also Message-ID: In-Reply-To: References: Content-Type: text/plain; charset="UTF-8" Content-Transfer-Encoding: quoted-printable X-Bugzilla-URL: https://bugs.freebsd.org/bugzilla/ Auto-Submitted: auto-generated MIME-Version: 1.0 X-BeenThere: freebsd-ipfw@freebsd.org X-Mailman-Version: 2.1.23 Precedence: list List-Id: IPFW Technical Discussions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sun, 11 Sep 2016 14:14:27 -0000 https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=3D212105 Andrey V. Elsukov changed: What |Removed |Added ---------------------------------------------------------------------------- See Also| |https://bugs.freebsd.org/bu | |gzilla/show_bug.cgi?id=3D2= 125 | |76 --=20 You are receiving this mail because: You are the assignee for the bug.= From owner-freebsd-ipfw@freebsd.org Sun Sep 11 14:15:33 2016 Return-Path: Delivered-To: freebsd-ipfw@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id EC913BD691B for ; Sun, 11 Sep 2016 14:15:33 +0000 (UTC) (envelope-from bugzilla-noreply@freebsd.org) Received: from kenobi.freebsd.org (kenobi.freebsd.org [IPv6:2001:1900:2254:206a::16:76]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client did not present a certificate) by mx1.freebsd.org (Postfix) with ESMTPS id DC34ECAB for ; Sun, 11 Sep 2016 14:15:33 +0000 (UTC) (envelope-from bugzilla-noreply@freebsd.org) Received: from bugs.freebsd.org ([127.0.1.118]) by kenobi.freebsd.org (8.15.2/8.15.2) with ESMTP id u8BEFV8G030530 for ; Sun, 11 Sep 2016 14:15:33 GMT (envelope-from bugzilla-noreply@freebsd.org) From: bugzilla-noreply@freebsd.org To: freebsd-ipfw@FreeBSD.org Subject: [Bug 212077] [11.0-RC1][jail][ipfw] adding table causes kernel panic Date: Sun, 11 Sep 2016 14:15:32 +0000 X-Bugzilla-Reason: AssignedTo X-Bugzilla-Type: changed X-Bugzilla-Watch-Reason: None X-Bugzilla-Product: Base System X-Bugzilla-Component: kern X-Bugzilla-Version: 11.0-RC1 X-Bugzilla-Keywords: vimage X-Bugzilla-Severity: Affects Some People X-Bugzilla-Who: ae@FreeBSD.org X-Bugzilla-Status: Open X-Bugzilla-Resolution: X-Bugzilla-Priority: --- X-Bugzilla-Assigned-To: freebsd-ipfw@FreeBSD.org X-Bugzilla-Flags: X-Bugzilla-Changed-Fields: see_also Message-ID: In-Reply-To: References: Content-Type: text/plain; charset="UTF-8" Content-Transfer-Encoding: quoted-printable X-Bugzilla-URL: https://bugs.freebsd.org/bugzilla/ Auto-Submitted: auto-generated MIME-Version: 1.0 X-BeenThere: freebsd-ipfw@freebsd.org X-Mailman-Version: 2.1.23 Precedence: list List-Id: IPFW Technical Discussions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sun, 11 Sep 2016 14:15:34 -0000 https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=3D212077 Andrey V. Elsukov changed: What |Removed |Added ---------------------------------------------------------------------------- See Also| |https://bugs.freebsd.org/bu | |gzilla/show_bug.cgi?id=3D2= 125 | |76 --=20 You are receiving this mail because: You are the assignee for the bug.= From owner-freebsd-ipfw@freebsd.org Mon Sep 12 03:04:40 2016 Return-Path: Delivered-To: freebsd-ipfw@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id 18E5EBD7705 for ; Mon, 12 Sep 2016 03:04:40 +0000 (UTC) (envelope-from julian@elischer.org) Received: from vps1.elischer.org (vps1.elischer.org [204.109.63.16]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client CN "vps1.elischer.org", Issuer "CA Cert Signing Authority" (not verified)) by mx1.freebsd.org (Postfix) with ESMTPS id ED4B1D61 for ; Mon, 12 Sep 2016 03:04:36 +0000 (UTC) (envelope-from julian@elischer.org) Received: from Julian-MBP3.local (ppp121-45-239-154.lns20.per1.internode.on.net [121.45.239.154]) (authenticated bits=0) by vps1.elischer.org (8.15.2/8.15.2) with ESMTPSA id u8C34Vq8031038 (version=TLSv1.2 cipher=DHE-RSA-AES128-SHA bits=128 verify=NO) for ; Sun, 11 Sep 2016 20:04:35 -0700 (PDT) (envelope-from julian@elischer.org) To: "freebsd-ipfw@freebsd.org" From: Julian Elischer Subject: ipfw table expiry.. how to do it..? Message-ID: <0f1acc7f-2c85-dc4d-a272-5631c1e749cd@elischer.org> Date: Mon, 12 Sep 2016 11:04:26 +0800 User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.11; rv:45.0) Gecko/20100101 Thunderbird/45.3.0 MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8; format=flowed Content-Transfer-Encoding: 7bit X-BeenThere: freebsd-ipfw@freebsd.org X-Mailman-Version: 2.1.23 Precedence: list List-Id: IPFW Technical Discussions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 12 Sep 2016 03:04:40 -0000 Unfortunately we don't have any timers on table entries, so it's not possible to see how long an entry has been in use, or idle. If I were to ha ve a captive portal, which placed the address of 'allowed' hosts into a table, we would have no way to time them out when they go idle. The omly thing you can do is throw away all the entries at some time, and force them to all log in again. Does anyone have any patches to add "access time" to table entries? I'm guessing the way it would need to be done now would be to use dynamic rules and having the syn packet of every tcp session sent to the portal for approval, before being passed back to create the dynamic rule. From owner-freebsd-ipfw@freebsd.org Mon Sep 12 04:13:01 2016 Return-Path: Delivered-To: freebsd-ipfw@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id F074DBD550A for ; Mon, 12 Sep 2016 04:13:01 +0000 (UTC) (envelope-from smithi@nimnet.asn.au) Received: from sola.nimnet.asn.au (paqi.nimnet.asn.au [115.70.110.159]) (using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits)) (Client did not present a certificate) by mx1.freebsd.org (Postfix) with ESMTPS id 4F35BC76 for ; Mon, 12 Sep 2016 04:13:00 +0000 (UTC) (envelope-from smithi@nimnet.asn.au) Received: from localhost (localhost [127.0.0.1]) by sola.nimnet.asn.au (8.14.2/8.14.2) with ESMTP id u8C4CZ89006444; Mon, 12 Sep 2016 14:12:36 +1000 (EST) (envelope-from smithi@nimnet.asn.au) Date: Mon, 12 Sep 2016 14:12:35 +1000 (EST) From: Ian Smith To: Julian Elischer cc: "freebsd-ipfw@freebsd.org" Subject: Re: ipfw table expiry.. how to do it..? In-Reply-To: <0f1acc7f-2c85-dc4d-a272-5631c1e749cd@elischer.org> Message-ID: <20160912135241.J91459@sola.nimnet.asn.au> References: <0f1acc7f-2c85-dc4d-a272-5631c1e749cd@elischer.org> MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII X-BeenThere: freebsd-ipfw@freebsd.org X-Mailman-Version: 2.1.23 Precedence: list List-Id: IPFW Technical Discussions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 12 Sep 2016 04:13:02 -0000 On Mon, 12 Sep 2016 11:04:26 +0800, Julian Elischer wrote: > Unfortunately we don't have any timers on table entries, so it's not possible > to see how long an entry has been in use, or idle. > > > If I were to ha ve a captive portal, which placed the address of 'allowed' > hosts into a table, we would have no way to time them out when they go idle. > The omly thing you can do is throw away all the entries at some time, and > force them to all log in again. > > Does anyone have any patches to add "access time" to table entries? > > > I'm guessing the way it would need to be done now would be to use dynamic > rules and having the syn packet of every tcp session sent to the portal for > approval, before being passed back to create the dynamic rule. Well nothing like patches, and surely not what you want, but I've been using the below since '08 to add timestamps to entries, and a couple of related scripts to list entries for particular tables in date order etc. I never finished adding the 'purge before somedate' script .. Nowadays with multiple table values you could maybe have useful tablearg values like skipto targets as well. cheers, Ian #!/bin/sh # addr_to_table 24/11/8 smithi # add ipaddr[/masklen|32] and value (seconds from epoch) to table N # 31/12/9 CIDR matching for updates, (ab)using table 0 for calc # 4/4/11 prefer direct ipaddr/masklen format, add numeric check usage() { [ "$1" ] && echo $1 echo "usage: `basename $0` table address[/masklen | [ masklen]]" exit 1 } validint() { # value min max [ "`echo $1 | tr -d 0-9`" ] && return 1 # not all numeric [ $1 -ge $2 -a $1 -le $3 ] && return 0 || return 1 } [ "$2" ] || usage table=$1 ; addr=$2 `validint $table 1 127` || usage "table '$table' not 1..127" [ "$3" ] && mlen=$3 || mlen=32 # allow old but prefer CIDR format [ "${addr%/*}" != "$addr" ] && mlen=${addr#*/} && addr=${addr%/*} `validint $mlen 8 32` || usage "masklen '$mlen' not 8..32" addr=$addr/$mlen if [ $mlen -lt 32 ]; then # calc CIDR netblock addr using table 0 ipfw -q table 0 flush ; ipfw -q table 0 add $addr addr=`ipfw table 0 list | awk '{print $1}'` fi # only needed if looking up addr/mask ipfw -q table $table add $addr `date "+%s"` 2>/dev/null [ $? -eq 0 ] || echo "table $table add $addr `date +%s` failed: dupe?" exit 0 From owner-freebsd-ipfw@freebsd.org Mon Sep 12 05:41:16 2016 Return-Path: Delivered-To: freebsd-ipfw@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id 833C9BD6F10 for ; Mon, 12 Sep 2016 05:41:16 +0000 (UTC) (envelope-from bugzilla-noreply@freebsd.org) Received: from kenobi.freebsd.org (kenobi.freebsd.org [IPv6:2001:1900:2254:206a::16:76]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client did not present a certificate) by mx1.freebsd.org (Postfix) with ESMTPS id 73036ED5 for ; Mon, 12 Sep 2016 05:41:16 +0000 (UTC) (envelope-from bugzilla-noreply@freebsd.org) Received: from bugs.freebsd.org ([127.0.1.118]) by kenobi.freebsd.org (8.15.2/8.15.2) with ESMTP id u8C5fGT7021826 for ; Mon, 12 Sep 2016 05:41:16 GMT (envelope-from bugzilla-noreply@freebsd.org) From: bugzilla-noreply@freebsd.org To: freebsd-ipfw@FreeBSD.org Subject: [Bug 212595] ipfw can't enable or disable sets 5 to 30 Date: Mon, 12 Sep 2016 05:41:16 +0000 X-Bugzilla-Reason: AssignedTo X-Bugzilla-Type: changed X-Bugzilla-Watch-Reason: None X-Bugzilla-Product: Base System X-Bugzilla-Component: kern X-Bugzilla-Version: 11.0-RC1 X-Bugzilla-Keywords: X-Bugzilla-Severity: Affects Some People X-Bugzilla-Who: linimon@FreeBSD.org X-Bugzilla-Status: New X-Bugzilla-Resolution: X-Bugzilla-Priority: --- X-Bugzilla-Assigned-To: freebsd-ipfw@FreeBSD.org X-Bugzilla-Flags: X-Bugzilla-Changed-Fields: assigned_to Message-ID: In-Reply-To: References: Content-Type: text/plain; charset="UTF-8" Content-Transfer-Encoding: quoted-printable X-Bugzilla-URL: https://bugs.freebsd.org/bugzilla/ Auto-Submitted: auto-generated MIME-Version: 1.0 X-BeenThere: freebsd-ipfw@freebsd.org X-Mailman-Version: 2.1.23 Precedence: list List-Id: IPFW Technical Discussions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 12 Sep 2016 05:41:16 -0000 https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=3D212595 Mark Linimon changed: What |Removed |Added ---------------------------------------------------------------------------- Assignee|freebsd-bugs@FreeBSD.org |freebsd-ipfw@FreeBSD.org --=20 You are receiving this mail because: You are the assignee for the bug.= From owner-freebsd-ipfw@freebsd.org Mon Sep 12 10:09:23 2016 Return-Path: Delivered-To: freebsd-ipfw@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id 83B46BD6B9E for ; Mon, 12 Sep 2016 10:09:23 +0000 (UTC) (envelope-from bugzilla-noreply@freebsd.org) Received: from kenobi.freebsd.org (kenobi.freebsd.org [IPv6:2001:1900:2254:206a::16:76]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client did not present a certificate) by mx1.freebsd.org (Postfix) with ESMTPS id 73714CAC for ; Mon, 12 Sep 2016 10:09:23 +0000 (UTC) (envelope-from bugzilla-noreply@freebsd.org) Received: from bugs.freebsd.org ([127.0.1.118]) by kenobi.freebsd.org (8.15.2/8.15.2) with ESMTP id u8CA9NPW020788 for ; Mon, 12 Sep 2016 10:09:23 GMT (envelope-from bugzilla-noreply@freebsd.org) From: bugzilla-noreply@freebsd.org To: freebsd-ipfw@FreeBSD.org Subject: [Bug 212595] ipfw can't enable or disable sets 5 to 30 Date: Mon, 12 Sep 2016 10:09:23 +0000 X-Bugzilla-Reason: AssignedTo X-Bugzilla-Type: changed X-Bugzilla-Watch-Reason: None X-Bugzilla-Product: Base System X-Bugzilla-Component: kern X-Bugzilla-Version: 11.0-RC1 X-Bugzilla-Keywords: X-Bugzilla-Severity: Affects Some People X-Bugzilla-Who: ae@FreeBSD.org X-Bugzilla-Status: New X-Bugzilla-Resolution: X-Bugzilla-Priority: --- X-Bugzilla-Assigned-To: freebsd-ipfw@FreeBSD.org X-Bugzilla-Flags: X-Bugzilla-Changed-Fields: cc Message-ID: In-Reply-To: References: Content-Type: text/plain; charset="UTF-8" Content-Transfer-Encoding: quoted-printable X-Bugzilla-URL: https://bugs.freebsd.org/bugzilla/ Auto-Submitted: auto-generated MIME-Version: 1.0 X-BeenThere: freebsd-ipfw@freebsd.org X-Mailman-Version: 2.1.23 Precedence: list List-Id: IPFW Technical Discussions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 12 Sep 2016 10:09:23 -0000 https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=3D212595 Andrey V. Elsukov changed: What |Removed |Added ---------------------------------------------------------------------------- CC| |ae@FreeBSD.org, | |oleg@FreeBSD.org --- Comment #1 from Andrey V. Elsukov --- This is already fixed in head/ and stable/11, but it seems it wont be fixed= in releng/11. --=20 You are receiving this mail because: You are the assignee for the bug.= From owner-freebsd-ipfw@freebsd.org Mon Sep 12 15:57:57 2016 Return-Path: Delivered-To: freebsd-ipfw@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id 1DEFFBD8B34 for ; Mon, 12 Sep 2016 15:57:57 +0000 (UTC) (envelope-from bugzilla-noreply@freebsd.org) Received: from kenobi.freebsd.org (kenobi.freebsd.org [IPv6:2001:1900:2254:206a::16:76]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client did not present a certificate) by mx1.freebsd.org (Postfix) with ESMTPS id 0DB83DD8 for ; Mon, 12 Sep 2016 15:57:57 +0000 (UTC) (envelope-from bugzilla-noreply@freebsd.org) Received: from bugs.freebsd.org ([127.0.1.118]) by kenobi.freebsd.org (8.15.2/8.15.2) with ESMTP id u8CFvuCL059032 for ; Mon, 12 Sep 2016 15:57:56 GMT (envelope-from bugzilla-noreply@freebsd.org) From: bugzilla-noreply@freebsd.org To: freebsd-ipfw@FreeBSD.org Subject: [Bug 212595] ipfw can't enable or disable sets 5 to 30 Date: Mon, 12 Sep 2016 15:57:56 +0000 X-Bugzilla-Reason: AssignedTo X-Bugzilla-Type: changed X-Bugzilla-Watch-Reason: None X-Bugzilla-Product: Base System X-Bugzilla-Component: kern X-Bugzilla-Version: 11.0-RC1 X-Bugzilla-Keywords: X-Bugzilla-Severity: Affects Some People X-Bugzilla-Who: commit-hook@freebsd.org X-Bugzilla-Status: New X-Bugzilla-Resolution: X-Bugzilla-Priority: --- X-Bugzilla-Assigned-To: freebsd-ipfw@FreeBSD.org X-Bugzilla-Flags: X-Bugzilla-Changed-Fields: Message-ID: In-Reply-To: References: Content-Type: text/plain; charset="UTF-8" Content-Transfer-Encoding: quoted-printable X-Bugzilla-URL: https://bugs.freebsd.org/bugzilla/ Auto-Submitted: auto-generated MIME-Version: 1.0 X-BeenThere: freebsd-ipfw@freebsd.org X-Mailman-Version: 2.1.23 Precedence: list List-Id: IPFW Technical Discussions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 12 Sep 2016 15:57:57 -0000 https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=3D212595 --- Comment #2 from commit-hook@freebsd.org --- A commit references this bug: Author: ae Date: Mon Sep 12 15:57:35 UTC 2016 New revision: 305738 URL: https://svnweb.freebsd.org/changeset/base/305738 Log: Merge from stable/11 r304415,304419 (by oleg): Fix command: ipfw set (enable|disable) N (where N > 4). PR: 212595 Approved by: re (kib) Changes: _U releng/11.0/ releng/11.0/sys/netpfil/ipfw/ip_fw_sockopt.c --=20 You are receiving this mail because: You are the assignee for the bug.= From owner-freebsd-ipfw@freebsd.org Mon Sep 12 15:58:40 2016 Return-Path: Delivered-To: freebsd-ipfw@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id B6669BD8BA8 for ; Mon, 12 Sep 2016 15:58:40 +0000 (UTC) (envelope-from bugzilla-noreply@freebsd.org) Received: from kenobi.freebsd.org (kenobi.freebsd.org [IPv6:2001:1900:2254:206a::16:76]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client did not present a certificate) by mx1.freebsd.org (Postfix) with ESMTPS id A5F8DE38 for ; Mon, 12 Sep 2016 15:58:40 +0000 (UTC) (envelope-from bugzilla-noreply@freebsd.org) Received: from bugs.freebsd.org ([127.0.1.118]) by kenobi.freebsd.org (8.15.2/8.15.2) with ESMTP id u8CFweEB060155 for ; Mon, 12 Sep 2016 15:58:40 GMT (envelope-from bugzilla-noreply@freebsd.org) From: bugzilla-noreply@freebsd.org To: freebsd-ipfw@FreeBSD.org Subject: [Bug 212595] ipfw can't enable or disable sets 5 to 30 Date: Mon, 12 Sep 2016 15:58:40 +0000 X-Bugzilla-Reason: AssignedTo X-Bugzilla-Type: changed X-Bugzilla-Watch-Reason: None X-Bugzilla-Product: Base System X-Bugzilla-Component: kern X-Bugzilla-Version: 11.0-RC1 X-Bugzilla-Keywords: X-Bugzilla-Severity: Affects Some People X-Bugzilla-Who: ae@FreeBSD.org X-Bugzilla-Status: Closed X-Bugzilla-Resolution: FIXED X-Bugzilla-Priority: --- X-Bugzilla-Assigned-To: freebsd-ipfw@FreeBSD.org X-Bugzilla-Flags: X-Bugzilla-Changed-Fields: resolution bug_status Message-ID: In-Reply-To: References: Content-Type: text/plain; charset="UTF-8" Content-Transfer-Encoding: quoted-printable X-Bugzilla-URL: https://bugs.freebsd.org/bugzilla/ Auto-Submitted: auto-generated MIME-Version: 1.0 X-BeenThere: freebsd-ipfw@freebsd.org X-Mailman-Version: 2.1.23 Precedence: list List-Id: IPFW Technical Discussions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 12 Sep 2016 15:58:40 -0000 https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=3D212595 Andrey V. Elsukov changed: What |Removed |Added ---------------------------------------------------------------------------- Resolution|--- |FIXED Status|New |Closed --- Comment #3 from Andrey V. Elsukov --- Fixed in releng/11.0. Thanks! --=20 You are receiving this mail because: You are the assignee for the bug.= From owner-freebsd-ipfw@freebsd.org Tue Sep 13 04:32:38 2016 Return-Path: Delivered-To: freebsd-ipfw@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id 0794ABD78C2 for ; Tue, 13 Sep 2016 04:32:38 +0000 (UTC) (envelope-from bugzilla-noreply@freebsd.org) Received: from kenobi.freebsd.org (kenobi.freebsd.org [IPv6:2001:1900:2254:206a::16:76]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client did not present a certificate) by mx1.freebsd.org (Postfix) with ESMTPS id EB6CF7F3 for ; Tue, 13 Sep 2016 04:32:37 +0000 (UTC) (envelope-from bugzilla-noreply@freebsd.org) Received: from bugs.freebsd.org ([127.0.1.118]) by kenobi.freebsd.org (8.15.2/8.15.2) with ESMTP id u8D4WbKu091760 for ; Tue, 13 Sep 2016 04:32:37 GMT (envelope-from bugzilla-noreply@freebsd.org) From: bugzilla-noreply@freebsd.org To: freebsd-ipfw@FreeBSD.org Subject: [Bug 212630] ipfw swap does not swap tables between sets Date: Tue, 13 Sep 2016 04:32:38 +0000 X-Bugzilla-Reason: AssignedTo X-Bugzilla-Type: changed X-Bugzilla-Watch-Reason: None X-Bugzilla-Product: Base System X-Bugzilla-Component: kern X-Bugzilla-Version: 11.0-RC1 X-Bugzilla-Keywords: X-Bugzilla-Severity: Affects Only Me X-Bugzilla-Who: linimon@FreeBSD.org X-Bugzilla-Status: New X-Bugzilla-Resolution: X-Bugzilla-Priority: --- X-Bugzilla-Assigned-To: freebsd-ipfw@FreeBSD.org X-Bugzilla-Flags: X-Bugzilla-Changed-Fields: assigned_to Message-ID: In-Reply-To: References: Content-Type: text/plain; charset="UTF-8" Content-Transfer-Encoding: quoted-printable X-Bugzilla-URL: https://bugs.freebsd.org/bugzilla/ Auto-Submitted: auto-generated MIME-Version: 1.0 X-BeenThere: freebsd-ipfw@freebsd.org X-Mailman-Version: 2.1.23 Precedence: list List-Id: IPFW Technical Discussions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 13 Sep 2016 04:32:38 -0000 https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=3D212630 Mark Linimon changed: What |Removed |Added ---------------------------------------------------------------------------- Assignee|freebsd-bugs@FreeBSD.org |freebsd-ipfw@FreeBSD.org --=20 You are receiving this mail because: You are the assignee for the bug.= From owner-freebsd-ipfw@freebsd.org Tue Sep 13 13:58:09 2016 Return-Path: Delivered-To: freebsd-ipfw@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id C13E5BD9875 for ; Tue, 13 Sep 2016 13:58:09 +0000 (UTC) (envelope-from bugzilla-noreply@freebsd.org) Received: from kenobi.freebsd.org (kenobi.freebsd.org [IPv6:2001:1900:2254:206a::16:76]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client did not present a certificate) by mx1.freebsd.org (Postfix) with ESMTPS id B104AC1E for ; Tue, 13 Sep 2016 13:58:09 +0000 (UTC) (envelope-from bugzilla-noreply@freebsd.org) Received: from bugs.freebsd.org ([127.0.1.118]) by kenobi.freebsd.org (8.15.2/8.15.2) with ESMTP id u8DDw9h0099912 for ; Tue, 13 Sep 2016 13:58:09 GMT (envelope-from bugzilla-noreply@freebsd.org) From: bugzilla-noreply@freebsd.org To: freebsd-ipfw@FreeBSD.org Subject: [Bug 212630] ipfw swap does not swap tables between sets Date: Tue, 13 Sep 2016 13:58:09 +0000 X-Bugzilla-Reason: AssignedTo X-Bugzilla-Type: changed X-Bugzilla-Watch-Reason: None X-Bugzilla-Product: Base System X-Bugzilla-Component: kern X-Bugzilla-Version: 11.0-RC1 X-Bugzilla-Keywords: X-Bugzilla-Severity: Affects Only Me X-Bugzilla-Who: ae@FreeBSD.org X-Bugzilla-Status: New X-Bugzilla-Resolution: X-Bugzilla-Priority: --- X-Bugzilla-Assigned-To: ae@FreeBSD.org X-Bugzilla-Flags: X-Bugzilla-Changed-Fields: assigned_to cc Message-ID: In-Reply-To: References: Content-Type: text/plain; charset="UTF-8" Content-Transfer-Encoding: quoted-printable X-Bugzilla-URL: https://bugs.freebsd.org/bugzilla/ Auto-Submitted: auto-generated MIME-Version: 1.0 X-BeenThere: freebsd-ipfw@freebsd.org X-Mailman-Version: 2.1.23 Precedence: list List-Id: IPFW Technical Discussions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 13 Sep 2016 13:58:09 -0000 https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=3D212630 Andrey V. Elsukov changed: What |Removed |Added ---------------------------------------------------------------------------- Assignee|freebsd-ipfw@FreeBSD.org |ae@FreeBSD.org CC| |ae@FreeBSD.org --=20 You are receiving this mail because: You are the assignee for the bug.= From owner-freebsd-ipfw@freebsd.org Wed Sep 14 12:38:19 2016 Return-Path: Delivered-To: freebsd-ipfw@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id 85A06BD9A6F for ; Wed, 14 Sep 2016 12:38:19 +0000 (UTC) (envelope-from bugzilla-noreply@freebsd.org) Received: from kenobi.freebsd.org (kenobi.freebsd.org [IPv6:2001:1900:2254:206a::16:76]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client did not present a certificate) by mx1.freebsd.org (Postfix) with ESMTPS id 7510A130D for ; Wed, 14 Sep 2016 12:38:19 +0000 (UTC) (envelope-from bugzilla-noreply@freebsd.org) Received: from bugs.freebsd.org ([127.0.1.118]) by kenobi.freebsd.org (8.15.2/8.15.2) with ESMTP id u8ECcJ82014339 for ; Wed, 14 Sep 2016 12:38:19 GMT (envelope-from bugzilla-noreply@freebsd.org) From: bugzilla-noreply@freebsd.org To: freebsd-ipfw@FreeBSD.org Subject: [Bug 212669] change ipfw to all table all destroy Date: Wed, 14 Sep 2016 12:38:19 +0000 X-Bugzilla-Reason: AssignedTo X-Bugzilla-Type: changed X-Bugzilla-Watch-Reason: None X-Bugzilla-Product: Base System X-Bugzilla-Component: bin X-Bugzilla-Version: 11.0-RC1 X-Bugzilla-Keywords: patch X-Bugzilla-Severity: Affects Only Me X-Bugzilla-Who: linimon@FreeBSD.org X-Bugzilla-Status: New X-Bugzilla-Resolution: X-Bugzilla-Priority: --- X-Bugzilla-Assigned-To: freebsd-ipfw@FreeBSD.org X-Bugzilla-Flags: X-Bugzilla-Changed-Fields: assigned_to keywords Message-ID: In-Reply-To: References: Content-Type: text/plain; charset="UTF-8" Content-Transfer-Encoding: quoted-printable X-Bugzilla-URL: https://bugs.freebsd.org/bugzilla/ Auto-Submitted: auto-generated MIME-Version: 1.0 X-BeenThere: freebsd-ipfw@freebsd.org X-Mailman-Version: 2.1.23 Precedence: list List-Id: IPFW Technical Discussions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 14 Sep 2016 12:38:19 -0000 https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=3D212669 Mark Linimon changed: What |Removed |Added ---------------------------------------------------------------------------- Assignee|freebsd-bugs@FreeBSD.org |freebsd-ipfw@FreeBSD.org Keywords| |patch --=20 You are receiving this mail because: You are the assignee for the bug.= From owner-freebsd-ipfw@freebsd.org Wed Sep 14 12:38:34 2016 Return-Path: Delivered-To: freebsd-ipfw@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id 65970BD9AAE for ; Wed, 14 Sep 2016 12:38:34 +0000 (UTC) (envelope-from bugzilla-noreply@freebsd.org) Received: from kenobi.freebsd.org (kenobi.freebsd.org [IPv6:2001:1900:2254:206a::16:76]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client did not present a certificate) by mx1.freebsd.org (Postfix) with ESMTPS id 517D8139A for ; Wed, 14 Sep 2016 12:38:34 +0000 (UTC) (envelope-from bugzilla-noreply@freebsd.org) Received: from bugs.freebsd.org ([127.0.1.118]) by kenobi.freebsd.org (8.15.2/8.15.2) with ESMTP id u8ECcYvi019520 for ; Wed, 14 Sep 2016 12:38:34 GMT (envelope-from bugzilla-noreply@freebsd.org) From: bugzilla-noreply@freebsd.org To: freebsd-ipfw@FreeBSD.org Subject: [Bug 212668] ipfw table all ignores set parameter Date: Wed, 14 Sep 2016 12:38:34 +0000 X-Bugzilla-Reason: AssignedTo X-Bugzilla-Type: changed X-Bugzilla-Watch-Reason: None X-Bugzilla-Product: Base System X-Bugzilla-Component: bin X-Bugzilla-Version: 11.0-RC1 X-Bugzilla-Keywords: patch X-Bugzilla-Severity: Affects Only Me X-Bugzilla-Who: linimon@FreeBSD.org X-Bugzilla-Status: New X-Bugzilla-Resolution: X-Bugzilla-Priority: --- X-Bugzilla-Assigned-To: freebsd-ipfw@FreeBSD.org X-Bugzilla-Flags: X-Bugzilla-Changed-Fields: keywords assigned_to Message-ID: In-Reply-To: References: Content-Type: text/plain; charset="UTF-8" Content-Transfer-Encoding: quoted-printable X-Bugzilla-URL: https://bugs.freebsd.org/bugzilla/ Auto-Submitted: auto-generated MIME-Version: 1.0 X-BeenThere: freebsd-ipfw@freebsd.org X-Mailman-Version: 2.1.23 Precedence: list List-Id: IPFW Technical Discussions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 14 Sep 2016 12:38:34 -0000 https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=3D212668 Mark Linimon changed: What |Removed |Added ---------------------------------------------------------------------------- Keywords| |patch Assignee|freebsd-bugs@FreeBSD.org |freebsd-ipfw@FreeBSD.org --=20 You are receiving this mail because: You are the assignee for the bug.= From owner-freebsd-ipfw@freebsd.org Wed Sep 14 12:38:55 2016 Return-Path: Delivered-To: freebsd-ipfw@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id 78987BD9B83 for ; Wed, 14 Sep 2016 12:38:55 +0000 (UTC) (envelope-from bugzilla-noreply@freebsd.org) Received: from kenobi.freebsd.org (kenobi.freebsd.org [IPv6:2001:1900:2254:206a::16:76]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client did not present a certificate) by mx1.freebsd.org (Postfix) with ESMTPS id 67CC014A0 for ; Wed, 14 Sep 2016 12:38:55 +0000 (UTC) (envelope-from bugzilla-noreply@freebsd.org) Received: from bugs.freebsd.org ([127.0.1.118]) by kenobi.freebsd.org (8.15.2/8.15.2) with ESMTP id u8ECcs2c026916 for ; Wed, 14 Sep 2016 12:38:55 GMT (envelope-from bugzilla-noreply@freebsd.org) From: bugzilla-noreply@freebsd.org To: freebsd-ipfw@FreeBSD.org Subject: [Bug 212649] ipfw(8): Referencing a table in the ruleset causes ipfw list/show to crash with SIGSEGV. Date: Wed, 14 Sep 2016 12:38:54 +0000 X-Bugzilla-Reason: AssignedTo X-Bugzilla-Type: changed X-Bugzilla-Watch-Reason: None X-Bugzilla-Product: Base System X-Bugzilla-Component: kern X-Bugzilla-Version: 11.0-RC1 X-Bugzilla-Keywords: X-Bugzilla-Severity: Affects Many People X-Bugzilla-Who: linimon@FreeBSD.org X-Bugzilla-Status: New X-Bugzilla-Resolution: X-Bugzilla-Priority: --- X-Bugzilla-Assigned-To: freebsd-ipfw@FreeBSD.org X-Bugzilla-Flags: X-Bugzilla-Changed-Fields: assigned_to Message-ID: In-Reply-To: References: Content-Type: text/plain; charset="UTF-8" Content-Transfer-Encoding: quoted-printable X-Bugzilla-URL: https://bugs.freebsd.org/bugzilla/ Auto-Submitted: auto-generated MIME-Version: 1.0 X-BeenThere: freebsd-ipfw@freebsd.org X-Mailman-Version: 2.1.23 Precedence: list List-Id: IPFW Technical Discussions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 14 Sep 2016 12:38:55 -0000 https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=3D212649 Mark Linimon changed: What |Removed |Added ---------------------------------------------------------------------------- Assignee|freebsd-bugs@FreeBSD.org |freebsd-ipfw@FreeBSD.org --=20 You are receiving this mail because: You are the assignee for the bug.= From owner-freebsd-ipfw@freebsd.org Wed Sep 14 15:25:45 2016 Return-Path: Delivered-To: freebsd-ipfw@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id B8A60BDAF6F for ; Wed, 14 Sep 2016 15:25:45 +0000 (UTC) (envelope-from jeanbaptiste.coupiac@nfrance.com) Received: from mail-yw0-x234.google.com (mail-yw0-x234.google.com [IPv6:2607:f8b0:4002:c05::234]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (Client CN "smtp.gmail.com", Issuer "Google Internet Authority G2" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 805971147 for ; Wed, 14 Sep 2016 15:25:45 +0000 (UTC) (envelope-from jeanbaptiste.coupiac@nfrance.com) Received: by mail-yw0-x234.google.com with SMTP id g192so25984982ywh.1 for ; Wed, 14 Sep 2016 08:25:45 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=nfrance-com.20150623.gappssmtp.com; s=20150623; h=mime-version:from:date:message-id:subject:to:cc; bh=+Qb951/ZRvy3oVPjl6UEBUt3pdefXrcpYTC+T7suwzA=; b=S72cJ0C5OzApOYE/xAJSJ66+ZqYiIpdJeZIlOFCGC/v8gbAVu811LEq1lCxXGJlBc4 vVQCcP2kaoh1Relx0rBmB47mwgs2hzfNouDLPz/uJiMtzxDuVl5WjhvmgXsAwRzy73F3 UEuZm/wFb08JG480tLDHr/B1E4o3Ty+rQPd+MuqNp+Q2e+xtkxv7NUEfF/1mdtrlX022 nE89Wwju71UNbgLypV3pr9akm87+9CcBjxUx36A3mMWfbgVB/s2pZxsh1hns80ncr7FM SKhzsc7Qlv3vLbIgrJ9MMGM9RPJqwMeKUrr/EPtBhlEx4q86JviBjNu2BiLfJB/XNrg2 oieg== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20130820; h=x-gm-message-state:mime-version:from:date:message-id:subject:to:cc; bh=+Qb951/ZRvy3oVPjl6UEBUt3pdefXrcpYTC+T7suwzA=; b=UAkHUE4KIbWG08tsltl+DiAg7Tedjw/FUPRBVpcPUjS00n6yyV3XaEozGlRERvW3PL DwwiNSc6C4/Aze8BPsihbXsQ+4DhQzd2IAwWAjrqSibxvqunDMqgp8y1ASCTv8qISS7x lCVT23eUTRlrcwJ3/0hoPVls6tug5+522WAs7QBdBOQcUqxX7RsjjapmOrPWuxkCn/wu PB7+/MyD2s1ozlWUfYXLgOIPGQ6JA3MYgPuPfhc3P5+257LMOvQ9mTntZCnByhv5QTCk 6oJjmh5n642wo644wtuzan3R/41Fwo4Jl8UGrnx6wvCmed7QM+y7i6LPAmI7SxEkjjFK nVyA== X-Gm-Message-State: AE9vXwPWGHJrDiCIFAAFp3NXP7nroVtvpGFuTDqpnATZfvD/zbGARDW/qzA9VyIPUW8tLWBSQz4HwAkZGPFiSk+U X-Received: by 10.129.147.130 with SMTP id k124mr3157838ywg.116.1473866744194; Wed, 14 Sep 2016 08:25:44 -0700 (PDT) MIME-Version: 1.0 Received: by 10.159.33.180 with HTTP; Wed, 14 Sep 2016 08:25:03 -0700 (PDT) From: Jean-Baptiste COUPIAC Date: Wed, 14 Sep 2016 17:25:03 +0200 Message-ID: Subject: Ipfw + Natd + multiple instance To: freebsd-ipfw@freebsd.org Cc: network Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: quoted-printable X-Content-Filtered-By: Mailman/MimeDel 2.1.23 X-BeenThere: freebsd-ipfw@freebsd.org X-Mailman-Version: 2.1.23 Precedence: list List-Id: IPFW Technical Discussions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 14 Sep 2016 15:25:45 -0000 Hello IPFWers, I'm trying to use IPfw, with several natd instances =3D=3D=3D=3D igb0 (192.31.3.253/22) tun1 (10.69.0.0/24) =3D=3D=3D=3D FreeBSD router =3D=3D=3D=3D em0 (192.168.1.2/24) Above, my pretty simple configuration. (but I've re-write in this mail some networks/interfaces for sec reason ) My trafic comes by tun1 (an openvpn tunnel), and depending the destination, I need to NAT it via igb0 or em0. Below my natd.conf _________________ *instance default* *interface em0* *port 8668* *use_sockets yes* *same_ports yes* *instance mgmt* *interface igb0* *port 8669* *use_sockets yes* *same_ports yes* _________________ Below my rc.firewall _________________ *cmd=3D"ipfw add"* *lans=3D"10.0.0.0/8 "* *vpn_lans=3D"10.69.0.0/24,10.70.0.0/24 "* *mgmt=3D"192.31.0.0/21 "* *ipfw -q -f flush* *$cmd 00010 divert 8668 log ip from $lans to any in via em0* *$cmd 00011 divert 8669 log ip from $mgmt to any in via igb0* *$cmd 00100 check-state* *$cmd 00110 skipto 2000 log ip from $vpn_lans to $lans out via em0 keep-state* *$cmd 00111 skipto 2200 log ip from $vpn_lans to $mgmt out via igb0 keep-state* *$cmd 01010 deny all from 'table(1)' to any dst-port 22 in* *$cmd 01011 allow log ip from any to any* *$cmd 02000 divert 8668 log ip from any to any out via em0* *$cmd 02001 allow log ip from any to $lans* *$cmd 02200 divert 8669 log ip from any to any out via igb0* *$cmd 02201 allow log ip from any to $mgmt* *$cmd 03000 deny log logamount 500 ip from any to any* *s* *same_ports yes* _________________ I use default instance to nat to LANS I use mgmt instance to nat to MGMT NAT for LANS is working good (icmp from *10.69.0.10* to *10.54.255.254*) , but NAT for MGMT does not work (icmp from* 10.69.0.10* to *192.31.0.99*): *Sep 13 17:55:18 > kimberley kernel: ipfw: 2201 Accept ICMP:8.0 10.69.0.10 192.31.0.99 in via tun1* *Sep 13 17:55:18 > kimberley kernel: ipfw: 2200 Divert 8669 ICMP:8.0 10.69.0.10 192.31.0.99 out via igb0* *Sep 13 17:55:18 > kimberley kernel: ipfw: 2201 Accept ICMP:8.0 192.31.3.253 192.31.0.99 out via igb0* *Sep 13 17:55:18 kimberley kernel: ipfw: limit 5 reached on entry 2201* *Sep 13 17:55:18 > kimberley kernel: ipfw: 11 Divert 8669 ICMP:0.0 192.31.0.99 192.31.3.253 in via igb0* *Sep 13 17:55:18 > kimberley kernel: ipfw: 3000 Deny ICMP:0.0 192.31.0.99 10.69.0.10 in via igb0* NAT for LAN working show: *Sep 13 17:45:01 > kimberley kernel: ipfw: 110 SkipTo 2000 ICMP:8.0 10.69.0.10 10.54.255.254 in via tun1* *Sep 13 17:45:01 > kimberley kernel: ipfw: 2001 Accept ICMP:8.0 10.69.0.10 10.54.255.254 in via tun1* *Sep 13 17:45:01 > kimberley kernel: ipfw: 110 SkipTo 2000 ICMP:8.0 10.69.0.10 10.54.255.254 out via em0* *Sep 13 17:45:01 kimberley kernel: ipfw: limit 5 reached on entry 110* *Sep 13 17:45:01 > kimberley kernel: ipfw: 2000 Divert 8668 ICMP:8.0 10.69.0.10 10.54.255.254 out via em0* *Sep 13 17:45:01 > kimberley kernel: ipfw: 2001 Accept ICMP:8.0 192.168.1.2 10.54.255.254 out via em0* I'm pretty stuck, can you help me please ? __ [image: NFrance Conseil] *Jean-Baptiste COUPIAC* T=C3=A9l. : +33 5 34 45 55 00 <%20+33534455500> 4 rue Kennedy 31000 Toulouse - France | www.nfrance.com From owner-freebsd-ipfw@freebsd.org Thu Sep 15 22:18:32 2016 Return-Path: Delivered-To: freebsd-ipfw@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id BE74FBDCC9A for ; Thu, 15 Sep 2016 22:18:32 +0000 (UTC) (envelope-from bugzilla-noreply@freebsd.org) Received: from kenobi.freebsd.org (kenobi.freebsd.org [IPv6:2001:1900:2254:206a::16:76]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client did not present a certificate) by mx1.freebsd.org (Postfix) with ESMTPS id ADD01DEE for ; Thu, 15 Sep 2016 22:18:32 +0000 (UTC) (envelope-from bugzilla-noreply@freebsd.org) Received: from bugs.freebsd.org ([127.0.1.118]) by kenobi.freebsd.org (8.15.2/8.15.2) with ESMTP id u8FMIWDS026789 for ; Thu, 15 Sep 2016 22:18:32 GMT (envelope-from bugzilla-noreply@freebsd.org) From: bugzilla-noreply@freebsd.org To: freebsd-ipfw@FreeBSD.org Subject: [Bug 212649] ipfw(8): Referencing a table in the ruleset causes ipfw list/show to crash with SIGSEGV. Date: Thu, 15 Sep 2016 22:18:32 +0000 X-Bugzilla-Reason: AssignedTo X-Bugzilla-Type: changed X-Bugzilla-Watch-Reason: None X-Bugzilla-Product: Base System X-Bugzilla-Component: kern X-Bugzilla-Version: 11.0-RC1 X-Bugzilla-Keywords: X-Bugzilla-Severity: Affects Many People X-Bugzilla-Who: ae@FreeBSD.org X-Bugzilla-Status: New X-Bugzilla-Resolution: X-Bugzilla-Priority: --- X-Bugzilla-Assigned-To: freebsd-ipfw@FreeBSD.org X-Bugzilla-Flags: X-Bugzilla-Changed-Fields: cc Message-ID: In-Reply-To: References: Content-Type: text/plain; charset="UTF-8" Content-Transfer-Encoding: quoted-printable X-Bugzilla-URL: https://bugs.freebsd.org/bugzilla/ Auto-Submitted: auto-generated MIME-Version: 1.0 X-BeenThere: freebsd-ipfw@freebsd.org X-Mailman-Version: 2.1.23 Precedence: list List-Id: IPFW Technical Discussions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 15 Sep 2016 22:18:32 -0000 https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=3D212649 Andrey V. Elsukov changed: What |Removed |Added ---------------------------------------------------------------------------- CC| |ae@FreeBSD.org --- Comment #1 from Andrey V. Elsukov --- Do you have VIMAGE in your kernel? --=20 You are receiving this mail because: You are the assignee for the bug.= From owner-freebsd-ipfw@freebsd.org Fri Sep 16 04:48:01 2016 Return-Path: Delivered-To: freebsd-ipfw@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id CA37CBDCECA for ; Fri, 16 Sep 2016 04:48:01 +0000 (UTC) (envelope-from bycn82@gmail.com) Received: from mail-vk0-x233.google.com (mail-vk0-x233.google.com [IPv6:2607:f8b0:400c:c05::233]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (Client CN "smtp.gmail.com", Issuer "Google Internet Authority G2" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 820EB2F0 for ; Fri, 16 Sep 2016 04:48:01 +0000 (UTC) (envelope-from bycn82@gmail.com) Received: by mail-vk0-x233.google.com with SMTP id m62so10267304vkd.3 for ; Thu, 15 Sep 2016 21:48:01 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=mime-version:reply-to:in-reply-to:references:from:date:message-id :subject:to:cc; bh=jWXrBg7CbaquVf5bpo4odByjJfBYy5Edo8dG3CuekyM=; b=CQ89s8JACPtCBB6kFWZNUrUw6DSM2Y2vTyYhtWtBdcuv2EoWwXNYtKGgWQtHPVe1+2 CXAuFl/LuWo/vxVgDyCYqSVX4vVhxeho+OVu07pipK2R8YBty8Hr4vMNPpWjEew47iyt cbYgsUzy+6bQ0M90iiGPnqGXVYFWCIjMr+arsHEbZLGSNGaUgeYv9K/xFpFYvqe3V/jv chUqNZAOBxExwr0LGXFiTc0mBaXKzxe94ZJBI3eNuPE9C8nrn+mVeSbr+MF7XPcA2Rb8 zWnAJ2qWy3fT3HPWKFsovzhTH5xORYh4ob3JNw7dlr5Z/KZ8pmqDZ7sFAPprPQbbzvmc ihXg== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20130820; h=x-gm-message-state:mime-version:reply-to:in-reply-to:references :from:date:message-id:subject:to:cc; bh=jWXrBg7CbaquVf5bpo4odByjJfBYy5Edo8dG3CuekyM=; b=TRqArcdQYClkKu+auq2vXiU0+Zc548wjjAfL6RJwK3OJWwiOCflMPLR3ptUX9Pka9u jST0HC77jf69+IU5AR1UHP0kNS3hI2TcV33b2csZZubzgJ1Tj01ZEfj6S50Jo/rYeRWm KY0cQwYr7f5fZOZI+/DjoiAZaiznmshdJmrUPDXOQPobqNKezK+6LV69vcq7Fu/jwfEN leNm3kXedbgOlH8TdyvSmpcTN1x6Bzi25r4+efWNWbLh22nG85mE4BZMUIVOX4A8/uyq CaDBOgw1TeYcGSJbo4OKIB9IgW0OMboQgepy8V31rDwrzQr2tn+L54NFjQ5Jmrzp2IrN RacA== X-Gm-Message-State: AE9vXwP1Ea3sYVLNIwPBmOC78cYL3FFncI8lmoedFtlDJT7CBtNNS6PDA1an3rJVMBlU2pN2wGOkR+3CrH9zcQ== X-Received: by 10.31.64.6 with SMTP id n6mr1339956vka.160.1474001280672; Thu, 15 Sep 2016 21:48:00 -0700 (PDT) MIME-Version: 1.0 Received: by 10.103.142.9 with HTTP; Thu, 15 Sep 2016 21:48:00 -0700 (PDT) Reply-To: bycn82@dragonflybsd.org In-Reply-To: <20160912135241.J91459@sola.nimnet.asn.au> References: <0f1acc7f-2c85-dc4d-a272-5631c1e749cd@elischer.org> <20160912135241.J91459@sola.nimnet.asn.au> From: Bill Yuan Date: Fri, 16 Sep 2016 12:48:00 +0800 Message-ID: Subject: Re: ipfw table expiry.. how to do it..? To: Ian Smith Cc: Julian Elischer , "freebsd-ipfw@freebsd.org" Content-Type: text/plain; charset=UTF-8 X-Content-Filtered-By: Mailman/MimeDel 2.1.23 X-BeenThere: freebsd-ipfw@freebsd.org X-Mailman-Version: 2.1.23 Precedence: list List-Id: IPFW Technical Discussions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 16 Sep 2016 04:48:01 -0000 In Ipfw3, each table entry has its own counter and last hit timestamp for both directions. On 12 September 2016 at 12:12, Ian Smith wrote: > On Mon, 12 Sep 2016 11:04:26 +0800, Julian Elischer wrote: > > > Unfortunately we don't have any timers on table entries, so it's not > possible > > to see how long an entry has been in use, or idle. > > > > > > If I were to ha ve a captive portal, which placed the address of > 'allowed' > > hosts into a table, we would have no way to time them out when they go > idle. > > The omly thing you can do is throw away all the entries at some time, > and > > force them to all log in again. > > > > Does anyone have any patches to add "access time" to table entries? > > > > > > I'm guessing the way it would need to be done now would be to use > dynamic > > rules and having the syn packet of every tcp session sent to the portal > for > > approval, before being passed back to create the dynamic rule. > > Well nothing like patches, and surely not what you want, but I've been > using the below since '08 to add timestamps to entries, and a couple of > related scripts to list entries for particular tables in date order etc. > I never finished adding the 'purge before somedate' script .. > > Nowadays with multiple table values you could maybe have useful tablearg > values like skipto targets as well. > > cheers, Ian > > #!/bin/sh > # addr_to_table 24/11/8 smithi > # add ipaddr[/masklen|32] and value (seconds from epoch) to table N > # 31/12/9 CIDR matching for updates, (ab)using table 0 for calc > # 4/4/11 prefer direct ipaddr/masklen format, add numeric check > usage() { > [ "$1" ] && echo $1 > echo "usage: `basename $0` table address[/masklen | [ masklen]]" > exit 1 > } > validint() { # value min max > [ "`echo $1 | tr -d 0-9`" ] && return 1 # not all numeric > [ $1 -ge $2 -a $1 -le $3 ] && return 0 || return 1 > } > [ "$2" ] || usage > table=$1 ; addr=$2 > `validint $table 1 127` || usage "table '$table' not 1..127" > [ "$3" ] && mlen=$3 || mlen=32 # allow old but prefer CIDR format > [ "${addr%/*}" != "$addr" ] && mlen=${addr#*/} && addr=${addr%/*} > `validint $mlen 8 32` || usage "masklen '$mlen' not 8..32" > > addr=$addr/$mlen > if [ $mlen -lt 32 ]; then # calc CIDR netblock addr using table 0 > ipfw -q table 0 flush ; ipfw -q table 0 add $addr > addr=`ipfw table 0 list | awk '{print $1}'` > fi # only needed if looking up addr/mask > > ipfw -q table $table add $addr `date "+%s"` 2>/dev/null > [ $? -eq 0 ] || echo "table $table add $addr `date +%s` failed: dupe?" > exit 0 > _______________________________________________ > freebsd-ipfw@freebsd.org mailing list > https://lists.freebsd.org/mailman/listinfo/freebsd-ipfw > To unsubscribe, send any mail to "freebsd-ipfw-unsubscribe@freebsd.org" > From owner-freebsd-ipfw@freebsd.org Fri Sep 16 09:52:28 2016 Return-Path: Delivered-To: freebsd-ipfw@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id 0954EBDCD88 for ; Fri, 16 Sep 2016 09:52:28 +0000 (UTC) (envelope-from bugzilla-noreply@freebsd.org) Received: from kenobi.freebsd.org (kenobi.freebsd.org [IPv6:2001:1900:2254:206a::16:76]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client did not present a certificate) by mx1.freebsd.org (Postfix) with ESMTPS id ED028C54 for ; Fri, 16 Sep 2016 09:52:27 +0000 (UTC) (envelope-from bugzilla-noreply@freebsd.org) Received: from bugs.freebsd.org ([127.0.1.118]) by kenobi.freebsd.org (8.15.2/8.15.2) with ESMTP id u8G9qRUg072509 for ; Fri, 16 Sep 2016 09:52:27 GMT (envelope-from bugzilla-noreply@freebsd.org) From: bugzilla-noreply@freebsd.org To: freebsd-ipfw@FreeBSD.org Subject: [Bug 212649] ipfw(8): Referencing a table in the ruleset causes ipfw list/show to crash with SIGSEGV. Date: Fri, 16 Sep 2016 09:52:28 +0000 X-Bugzilla-Reason: AssignedTo X-Bugzilla-Type: changed X-Bugzilla-Watch-Reason: None X-Bugzilla-Product: Base System X-Bugzilla-Component: kern X-Bugzilla-Version: 11.0-RC1 X-Bugzilla-Keywords: X-Bugzilla-Severity: Affects Many People X-Bugzilla-Who: crest@bultmann.eu X-Bugzilla-Status: New X-Bugzilla-Resolution: X-Bugzilla-Priority: --- X-Bugzilla-Assigned-To: freebsd-ipfw@FreeBSD.org X-Bugzilla-Flags: X-Bugzilla-Changed-Fields: Message-ID: In-Reply-To: References: Content-Type: text/plain; charset="UTF-8" Content-Transfer-Encoding: quoted-printable X-Bugzilla-URL: https://bugs.freebsd.org/bugzilla/ Auto-Submitted: auto-generated MIME-Version: 1.0 X-BeenThere: freebsd-ipfw@freebsd.org X-Mailman-Version: 2.1.23 Precedence: list List-Id: IPFW Technical Discussions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 16 Sep 2016 09:52:28 -0000 https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=3D212649 --- Comment #2 from Jan Bramkamp --- Yes but there are no vnet enabled jails running. --=20 You are receiving this mail because: You are the assignee for the bug.= From owner-freebsd-ipfw@freebsd.org Fri Sep 16 11:54:30 2016 Return-Path: Delivered-To: freebsd-ipfw@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id 1C0E9BDDDB6 for ; Fri, 16 Sep 2016 11:54:30 +0000 (UTC) (envelope-from bugzilla-noreply@freebsd.org) Received: from kenobi.freebsd.org (kenobi.freebsd.org [IPv6:2001:1900:2254:206a::16:76]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client did not present a certificate) by mx1.freebsd.org (Postfix) with ESMTPS id 0C113EA for ; Fri, 16 Sep 2016 11:54:30 +0000 (UTC) (envelope-from bugzilla-noreply@freebsd.org) Received: from bugs.freebsd.org ([127.0.1.118]) by kenobi.freebsd.org (8.15.2/8.15.2) with ESMTP id u8GBsT2k053999 for ; Fri, 16 Sep 2016 11:54:29 GMT (envelope-from bugzilla-noreply@freebsd.org) From: bugzilla-noreply@freebsd.org To: freebsd-ipfw@FreeBSD.org Subject: [Bug 212669] change ipfw to all table all destroy Date: Fri, 16 Sep 2016 11:54:30 +0000 X-Bugzilla-Reason: AssignedTo X-Bugzilla-Type: changed X-Bugzilla-Watch-Reason: None X-Bugzilla-Product: Base System X-Bugzilla-Component: bin X-Bugzilla-Version: 11.0-RC1 X-Bugzilla-Keywords: patch X-Bugzilla-Severity: Affects Only Me X-Bugzilla-Who: ae@FreeBSD.org X-Bugzilla-Status: New X-Bugzilla-Resolution: X-Bugzilla-Priority: --- X-Bugzilla-Assigned-To: freebsd-ipfw@FreeBSD.org X-Bugzilla-Flags: X-Bugzilla-Changed-Fields: cc Message-ID: In-Reply-To: References: Content-Type: text/plain; charset="UTF-8" Content-Transfer-Encoding: quoted-printable X-Bugzilla-URL: https://bugs.freebsd.org/bugzilla/ Auto-Submitted: auto-generated MIME-Version: 1.0 X-BeenThere: freebsd-ipfw@freebsd.org X-Mailman-Version: 2.1.23 Precedence: list List-Id: IPFW Technical Discussions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 16 Sep 2016 11:54:30 -0000 https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=3D212669 Andrey V. Elsukov changed: What |Removed |Added ---------------------------------------------------------------------------- CC| |ae@FreeBSD.org --- Comment #1 from Andrey V. Elsukov --- We also has similar patch locally, but didn't moved to per-set tables yet. = And you already found several bugs here :) We have thought make destroying of per-set tables via `ipfw set N delete` together with rules in a set. --=20 You are receiving this mail because: You are the assignee for the bug.= From owner-freebsd-ipfw@freebsd.org Fri Sep 16 11:56:14 2016 Return-Path: Delivered-To: freebsd-ipfw@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id 00E94BDDE76 for ; Fri, 16 Sep 2016 11:56:14 +0000 (UTC) (envelope-from bugzilla-noreply@freebsd.org) Received: from kenobi.freebsd.org (kenobi.freebsd.org [IPv6:2001:1900:2254:206a::16:76]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client did not present a certificate) by mx1.freebsd.org (Postfix) with ESMTPS id E44D22EA for ; Fri, 16 Sep 2016 11:56:13 +0000 (UTC) (envelope-from bugzilla-noreply@freebsd.org) Received: from bugs.freebsd.org ([127.0.1.118]) by kenobi.freebsd.org (8.15.2/8.15.2) with ESMTP id u8GBuDtt057318 for ; Fri, 16 Sep 2016 11:56:13 GMT (envelope-from bugzilla-noreply@freebsd.org) From: bugzilla-noreply@freebsd.org To: freebsd-ipfw@FreeBSD.org Subject: [Bug 212649] ipfw(8): Referencing a table in the ruleset causes ipfw list/show to crash with SIGSEGV. Date: Fri, 16 Sep 2016 11:56:14 +0000 X-Bugzilla-Reason: AssignedTo X-Bugzilla-Type: changed X-Bugzilla-Watch-Reason: None X-Bugzilla-Product: Base System X-Bugzilla-Component: kern X-Bugzilla-Version: 11.0-RC1 X-Bugzilla-Keywords: X-Bugzilla-Severity: Affects Many People X-Bugzilla-Who: ae@FreeBSD.org X-Bugzilla-Status: New X-Bugzilla-Resolution: X-Bugzilla-Priority: --- X-Bugzilla-Assigned-To: freebsd-ipfw@FreeBSD.org X-Bugzilla-Flags: X-Bugzilla-Changed-Fields: bug_file_loc Message-ID: In-Reply-To: References: Content-Type: text/plain; charset="UTF-8" Content-Transfer-Encoding: quoted-printable X-Bugzilla-URL: https://bugs.freebsd.org/bugzilla/ Auto-Submitted: auto-generated MIME-Version: 1.0 X-BeenThere: freebsd-ipfw@freebsd.org X-Mailman-Version: 2.1.23 Precedence: list List-Id: IPFW Technical Discussions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 16 Sep 2016 11:56:14 -0000 https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=3D212649 Andrey V. Elsukov changed: What |Removed |Added ---------------------------------------------------------------------------- URL| |https://bugs.freebsd.org/bu | |gzilla/show_bug.cgi?id=3D2= 125 | |76 --=20 You are receiving this mail because: You are the assignee for the bug.= From owner-freebsd-ipfw@freebsd.org Fri Sep 16 11:56:34 2016 Return-Path: Delivered-To: freebsd-ipfw@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id 49E30BDDEAB for ; Fri, 16 Sep 2016 11:56:34 +0000 (UTC) (envelope-from bugzilla-noreply@freebsd.org) Received: from kenobi.freebsd.org (kenobi.freebsd.org [IPv6:2001:1900:2254:206a::16:76]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client did not present a certificate) by mx1.freebsd.org (Postfix) with ESMTPS id 3919633B for ; Fri, 16 Sep 2016 11:56:34 +0000 (UTC) (envelope-from bugzilla-noreply@freebsd.org) Received: from bugs.freebsd.org ([127.0.1.118]) by kenobi.freebsd.org (8.15.2/8.15.2) with ESMTP id u8GBuXCZ057827 for ; Fri, 16 Sep 2016 11:56:34 GMT (envelope-from bugzilla-noreply@freebsd.org) From: bugzilla-noreply@freebsd.org To: freebsd-ipfw@FreeBSD.org Subject: [Bug 212649] ipfw(8): Referencing a table in the ruleset causes ipfw list/show to crash with SIGSEGV. Date: Fri, 16 Sep 2016 11:56:34 +0000 X-Bugzilla-Reason: AssignedTo X-Bugzilla-Type: changed X-Bugzilla-Watch-Reason: None X-Bugzilla-Product: Base System X-Bugzilla-Component: kern X-Bugzilla-Version: 11.0-RC1 X-Bugzilla-Keywords: X-Bugzilla-Severity: Affects Many People X-Bugzilla-Who: ae@FreeBSD.org X-Bugzilla-Status: New X-Bugzilla-Resolution: X-Bugzilla-Priority: --- X-Bugzilla-Assigned-To: freebsd-ipfw@FreeBSD.org X-Bugzilla-Flags: X-Bugzilla-Changed-Fields: see_also bug_file_loc Message-ID: In-Reply-To: References: Content-Type: text/plain; charset="UTF-8" Content-Transfer-Encoding: quoted-printable X-Bugzilla-URL: https://bugs.freebsd.org/bugzilla/ Auto-Submitted: auto-generated MIME-Version: 1.0 X-BeenThere: freebsd-ipfw@freebsd.org X-Mailman-Version: 2.1.23 Precedence: list List-Id: IPFW Technical Discussions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 16 Sep 2016 11:56:34 -0000 https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=3D212649 Andrey V. Elsukov changed: What |Removed |Added ---------------------------------------------------------------------------- See Also| |https://bugs.freebsd.org/bu | |gzilla/show_bug.cgi?id=3D2= 125 | |76 URL|https://bugs.freebsd.org/bu | |gzilla/show_bug.cgi?id=3D2125 | |76 | --=20 You are receiving this mail because: You are the assignee for the bug.= From owner-freebsd-ipfw@freebsd.org Fri Sep 16 15:56:16 2016 Return-Path: Delivered-To: freebsd-ipfw@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id 3A580BDC17C for ; Fri, 16 Sep 2016 15:56:16 +0000 (UTC) (envelope-from bugzilla-noreply@freebsd.org) Received: from kenobi.freebsd.org (kenobi.freebsd.org [IPv6:2001:1900:2254:206a::16:76]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client did not present a certificate) by mx1.freebsd.org (Postfix) with ESMTPS id 2A2CAC34 for ; Fri, 16 Sep 2016 15:56:16 +0000 (UTC) (envelope-from bugzilla-noreply@freebsd.org) Received: from bugs.freebsd.org ([127.0.1.118]) by kenobi.freebsd.org (8.15.2/8.15.2) with ESMTP id u8GFuGSd071652 for ; Fri, 16 Sep 2016 15:56:16 GMT (envelope-from bugzilla-noreply@freebsd.org) From: bugzilla-noreply@freebsd.org To: freebsd-ipfw@FreeBSD.org Subject: [Bug 212669] change ipfw to all table all destroy Date: Fri, 16 Sep 2016 15:56:16 +0000 X-Bugzilla-Reason: AssignedTo X-Bugzilla-Type: changed X-Bugzilla-Watch-Reason: None X-Bugzilla-Product: Base System X-Bugzilla-Component: bin X-Bugzilla-Version: 11.0-RC1 X-Bugzilla-Keywords: patch X-Bugzilla-Severity: Affects Only Me X-Bugzilla-Who: avernar@gmail.com X-Bugzilla-Status: New X-Bugzilla-Resolution: X-Bugzilla-Priority: --- X-Bugzilla-Assigned-To: freebsd-ipfw@FreeBSD.org X-Bugzilla-Flags: X-Bugzilla-Changed-Fields: Message-ID: In-Reply-To: References: Content-Type: text/plain; charset="UTF-8" Content-Transfer-Encoding: quoted-printable X-Bugzilla-URL: https://bugs.freebsd.org/bugzilla/ Auto-Submitted: auto-generated MIME-Version: 1.0 X-BeenThere: freebsd-ipfw@freebsd.org X-Mailman-Version: 2.1.23 Precedence: list List-Id: IPFW Technical Discussions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 16 Sep 2016 15:56:16 -0000 https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=3D212669 --- Comment #2 from John Zielinski --- A 'ipfw set N delete' would work for me as well as right now I'm using two commands to flush the rules in a set and then another to destroy all tables. --=20 You are receiving this mail because: You are the assignee for the bug.= From owner-freebsd-ipfw@freebsd.org Fri Sep 16 16:04:33 2016 Return-Path: Delivered-To: freebsd-ipfw@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id 19D52BDC84A for ; Fri, 16 Sep 2016 16:04:33 +0000 (UTC) (envelope-from bugzilla-noreply@freebsd.org) Received: from kenobi.freebsd.org (kenobi.freebsd.org [IPv6:2001:1900:2254:206a::16:76]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client did not present a certificate) by mx1.freebsd.org (Postfix) with ESMTPS id 0954E32B for ; Fri, 16 Sep 2016 16:04:33 +0000 (UTC) (envelope-from bugzilla-noreply@freebsd.org) Received: from bugs.freebsd.org ([127.0.1.118]) by kenobi.freebsd.org (8.15.2/8.15.2) with ESMTP id u8GG4WX4035390 for ; Fri, 16 Sep 2016 16:04:32 GMT (envelope-from bugzilla-noreply@freebsd.org) From: bugzilla-noreply@freebsd.org To: freebsd-ipfw@FreeBSD.org Subject: [Bug 212649] ipfw(8): Referencing a table in the ruleset causes ipfw list/show to crash with SIGSEGV. Date: Fri, 16 Sep 2016 16:04:32 +0000 X-Bugzilla-Reason: AssignedTo X-Bugzilla-Type: changed X-Bugzilla-Watch-Reason: None X-Bugzilla-Product: Base System X-Bugzilla-Component: kern X-Bugzilla-Version: 11.0-RC1 X-Bugzilla-Keywords: X-Bugzilla-Severity: Affects Many People X-Bugzilla-Who: avernar@gmail.com X-Bugzilla-Status: New X-Bugzilla-Resolution: X-Bugzilla-Priority: --- X-Bugzilla-Assigned-To: freebsd-ipfw@FreeBSD.org X-Bugzilla-Flags: X-Bugzilla-Changed-Fields: cc Message-ID: In-Reply-To: References: Content-Type: text/plain; charset="UTF-8" Content-Transfer-Encoding: quoted-printable X-Bugzilla-URL: https://bugs.freebsd.org/bugzilla/ Auto-Submitted: auto-generated MIME-Version: 1.0 X-BeenThere: freebsd-ipfw@freebsd.org X-Mailman-Version: 2.1.23 Precedence: list List-Id: IPFW Technical Discussions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 16 Sep 2016 16:04:33 -0000 https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=3D212649 John Zielinski changed: What |Removed |Added ---------------------------------------------------------------------------- CC| |avernar@gmail.com --- Comment #3 from John Zielinski --- I bet you started a vnet jail at least once since booting up. That's what triggers it. If you reboot and try your commands before any vnet jails start up it should work. Start a jail and it will be back to crashing. --=20 You are receiving this mail because: You are the assignee for the bug.= From owner-freebsd-ipfw@freebsd.org Fri Sep 16 16:34:01 2016 Return-Path: Delivered-To: freebsd-ipfw@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id 20EADBDD39F for ; Fri, 16 Sep 2016 16:34:01 +0000 (UTC) (envelope-from bugzilla-noreply@freebsd.org) Received: from kenobi.freebsd.org (kenobi.freebsd.org [IPv6:2001:1900:2254:206a::16:76]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client did not present a certificate) by mx1.freebsd.org (Postfix) with ESMTPS id 1048A86B for ; Fri, 16 Sep 2016 16:34:01 +0000 (UTC) (envelope-from bugzilla-noreply@freebsd.org) Received: from bugs.freebsd.org ([127.0.1.118]) by kenobi.freebsd.org (8.15.2/8.15.2) with ESMTP id u8GGY0rc007513 for ; Fri, 16 Sep 2016 16:34:00 GMT (envelope-from bugzilla-noreply@freebsd.org) From: bugzilla-noreply@freebsd.org To: freebsd-ipfw@FreeBSD.org Subject: [Bug 212649] ipfw(8): Referencing a table in the ruleset causes ipfw list/show to crash with SIGSEGV. Date: Fri, 16 Sep 2016 16:34:01 +0000 X-Bugzilla-Reason: AssignedTo X-Bugzilla-Type: changed X-Bugzilla-Watch-Reason: None X-Bugzilla-Product: Base System X-Bugzilla-Component: kern X-Bugzilla-Version: 11.0-RC1 X-Bugzilla-Keywords: X-Bugzilla-Severity: Affects Many People X-Bugzilla-Who: crest@bultmann.eu X-Bugzilla-Status: New X-Bugzilla-Resolution: X-Bugzilla-Priority: --- X-Bugzilla-Assigned-To: freebsd-ipfw@FreeBSD.org X-Bugzilla-Flags: X-Bugzilla-Changed-Fields: Message-ID: In-Reply-To: References: Content-Type: text/plain; charset="UTF-8" Content-Transfer-Encoding: quoted-printable X-Bugzilla-URL: https://bugs.freebsd.org/bugzilla/ Auto-Submitted: auto-generated MIME-Version: 1.0 X-BeenThere: freebsd-ipfw@freebsd.org X-Mailman-Version: 2.1.23 Precedence: list List-Id: IPFW Technical Discussions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 16 Sep 2016 16:34:01 -0000 https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=3D212649 --- Comment #4 from Jan Bramkamp --- I did hit the bug in a VNET enabled jail first and suspected it to be VNET related. I was surprised to reproduce it on the host. So I stopped the VNET jail and reduced the test case as far as possible. I didn't reboot the syst= em as I didn't expect an in-kernel data corruption. Are there regression tests= for this sort of thing in FreeBSD? --=20 You are receiving this mail because: You are the assignee for the bug.= From owner-freebsd-ipfw@freebsd.org Fri Sep 16 18:12:36 2016 Return-Path: Delivered-To: freebsd-ipfw@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id 2532DBDDB34 for ; Fri, 16 Sep 2016 18:12:36 +0000 (UTC) (envelope-from bugzilla-noreply@freebsd.org) Received: from kenobi.freebsd.org (kenobi.freebsd.org [IPv6:2001:1900:2254:206a::16:76]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client did not present a certificate) by mx1.freebsd.org (Postfix) with ESMTPS id 14110D10 for ; Fri, 16 Sep 2016 18:12:36 +0000 (UTC) (envelope-from bugzilla-noreply@freebsd.org) Received: from bugs.freebsd.org ([127.0.1.118]) by kenobi.freebsd.org (8.15.2/8.15.2) with ESMTP id u8GICZ0a012133 for ; Fri, 16 Sep 2016 18:12:35 GMT (envelope-from bugzilla-noreply@freebsd.org) From: bugzilla-noreply@freebsd.org To: freebsd-ipfw@FreeBSD.org Subject: [Bug 212649] ipfw(8): Referencing a table in the ruleset causes ipfw list/show to crash with SIGSEGV. Date: Fri, 16 Sep 2016 18:12:36 +0000 X-Bugzilla-Reason: AssignedTo X-Bugzilla-Type: changed X-Bugzilla-Watch-Reason: None X-Bugzilla-Product: Base System X-Bugzilla-Component: kern X-Bugzilla-Version: 11.0-RC1 X-Bugzilla-Keywords: X-Bugzilla-Severity: Affects Many People X-Bugzilla-Who: avernar@gmail.com X-Bugzilla-Status: New X-Bugzilla-Resolution: X-Bugzilla-Priority: --- X-Bugzilla-Assigned-To: freebsd-ipfw@FreeBSD.org X-Bugzilla-Flags: X-Bugzilla-Changed-Fields: Message-ID: In-Reply-To: References: Content-Type: text/plain; charset="UTF-8" Content-Transfer-Encoding: quoted-printable X-Bugzilla-URL: https://bugs.freebsd.org/bugzilla/ Auto-Submitted: auto-generated MIME-Version: 1.0 X-BeenThere: freebsd-ipfw@freebsd.org X-Mailman-Version: 2.1.23 Precedence: list List-Id: IPFW Technical Discussions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 16 Sep 2016 18:12:36 -0000 https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=3D212649 --- Comment #5 from John Zielinski --- I'm an end user as well and hit the bug the exact same way. First in a vnet jail and then found it in the host as well. But I started digging through = the ipfw code and then the kernel code to find out why so I could fix it and ke= ep going with my firewall setup. Did ipfw tables work with vnet enabled before? If not it's not a regressio= n.=20 I don't know if it worked before with vnet as I just started using vnet a f= ew weeks ago. --=20 You are receiving this mail because: You are the assignee for the bug.=