From nobody Tue Jul 20 07:15:02 2021 X-Original-To: ipfw@mlmmj.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mlmmj.nyi.freebsd.org (Postfix) with ESMTP id 1F6021273B01 for ; Tue, 20 Jul 2021 07:15:05 +0000 (UTC) (envelope-from kp@FreeBSD.org) Received: from smtp.freebsd.org (smtp.freebsd.org [IPv6:2610:1c1:1:606c::24b:4]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256 client-signature RSA-PSS (4096 bits) client-digest SHA256) (Client CN "smtp.freebsd.org", Issuer "R3" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 4GTVN90NYZz3v7C for ; Tue, 20 Jul 2021 07:15:05 +0000 (UTC) (envelope-from kp@FreeBSD.org) Received: from venus.codepro.be (venus.codepro.be [5.9.86.228]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client CN "mx1.codepro.be", Issuer "R3" (verified OK)) (Authenticated sender: kp) by smtp.freebsd.org (Postfix) with ESMTPSA id BD01D9EA7 for ; Tue, 20 Jul 2021 07:15:04 +0000 (UTC) (envelope-from kp@FreeBSD.org) Received: by venus.codepro.be (Postfix, authenticated sender kp) id 2317E359D2; Tue, 20 Jul 2021 09:15:03 +0200 (CEST) From: "Kristof Provost" To: ipfw@FreeBSD.org Subject: dummynet configuration for automated tests Date: Tue, 20 Jul 2021 09:15:02 +0200 X-Mailer: MailMate (1.13.2r5673) Message-ID: <4403D1A2-5162-4639-B6BB-5369EAA3E645@FreeBSD.org> List-Id: IPFW Technical Discussions List-Archive: https://lists.freebsd.org/archives/freebsd-ipfw List-Help: List-Post: List-Subscribe: List-Unsubscribe: Sender: owner-freebsd-ipfw@freebsd.org MIME-Version: 1.0 Content-Type: multipart/alternative; boundary="=_MailMate_CDAAED01-3A58-4EC4-BE2B-F145590BF07E_=" Content-Transfer-Encoding: 8bit X-ThisMailContainsUnwantedMimeParts: Y --=_MailMate_CDAAED01-3A58-4EC4-BE2B-F145590BF07E_= Content-Type: text/plain; charset="UTF-8"; format=flowed; markup=markdown Content-Transfer-Encoding: 8bit Hi, I’ve been trying (and failing) to write a few basic test cases for dummynet (with ipfw for now). The full test script can be found here: https://people.freebsd.org/~kp/dummynet.sh but the relevant bit is this: queue_v6_body() { fw=$1 firewall_init $fw dummynet_init $fw epair=$(vnet_mkepair) epair_link=$(vnet_mkepair) vnet_mkjail alcatraz ${epair}b ${epair_link}a vnet_mkjail srv ${epair_link}b set -x ifconfig ${epair}a inet6 2001:db8:42::1/64 no_dad up route add -6 2001:db8:43::/64 2001:db8:42::2 jexec alcatraz ifconfig ${epair}b inet6 2001:db8:42::2 no_dad up jexec alcatraz ifconfig ${epair_link}a inet6 2001:db8:43::2 no_dad up jexec alcatraz sysctl net.inet6.ip6.forwarding=1 jexec srv ifconfig ${epair_link}b inet6 2001:db8:43::1 no_dad up jexec srv route add -6 default 2001:db8:43::2 jexec srv /usr/sbin/inetd -p inetd-alcatraz.pid \ $(atf_get_srcdir)/../pf/echo_inetd.conf # Sanity check atf_check -s exit:0 -o ignore ping6 -i .1 -c 3 -s 1200 2001:db8:42::2 atf_check -s exit:0 -o ignore ping6 -i .1 -c 3 -s 1200 2001:db8:43::2 atf_check -s exit:0 -o ignore ping6 -i .1 -c 3 -s 1200 2001:db8:43::1 reply=$(echo "foo" | nc -w 5 -N 2001:db8:43::1 7) if [ "$reply" != "foo" ]; then atf_fail "Echo sanity check failed" fi jexec alcatraz dnctl pipe 1 config bw 300Byte/s queue 5 mask proto 0xff jexec alcatraz dnctl sched 1 config pipe 1 type wf2q+ mask proto 0xff jexec alcatraz dnctl queue 1 config sched 1 weight 99 queue 5 mask proto 0xff jexec alcatraz dnctl queue 2 config sched 1 weight 1 queue 5 mask proto 0xff firewall_config alcatraz ${fw} \ "ipfw" \ "ipfw add queue 2 ipv6-icmp from any to any icmp6types 128,129" \ "ipfw add queue 1 tcp from any to any" # Single ping succeeds atf_check -s exit:0 -o ignore ping6 -c 3 2001:db8:43::1 # Unsaturated TCP succeeds reply=$(echo "foo" | nc -w 5 -N 2001:db8:43::1 7) if [ "$reply" != "foo" ]; then atf_fail "Unsaturated echo failed" fi # Saturate the link ping6 -i .01 -s 1200 2001:db8:43::1 & # Give that a chance to fill the queue & pipe sleep 1 jexec alcatraz ipfw show # We should now be hitting the limits and get this packet dropped. atf_check -s exit:2 -o ignore ping6 -c 1 -W 1 -s 1200 2001:db8:43::1 # TCP should still just pass for i in `seq 0 4` do reply=$(echo "foo $i" | nc -w 10 -N 2001:db8:43::1 7) if [ "$reply" != "foo $i" ]; then atf_fail "Failed to prioritise traffic on interation $i" fi sleep 1 done jexec alcatraz ipfw flush # This will fail if we don't differentiate the traffic firewall_config alcatraz ${fw} \ "ipfw" \ "ipfw add queue 1 ipv6-icmp from any to any icmp6types 128,129" \ "ipfw add queue 2 tcp from any to any" # Carry over state? killall ping6 ping6 -i .01 -s 1200 2001:db8:43::1 & sleep 1 reply=$(echo "baz" | nc -w 10 -N 2001:db8:43::1 7) if [ "$reply" == "baz" ]; then jexec alcatraz ipfw show atf_fail "TCP still made it through, even when not prioritised" fi } The idea is to set up a very slow link (using a pipe), and then to send both ICMP echo and TCP traffic through it. There’s vastly more ICMP traffic than TCP, and the expectation is that without prioritisation the ICMP traffic will drown out TCP and cause the connection to fail. We then try to use dummynet to give TCP priority over ICMP, so that the TCP connections do succeed. However, I simply cannot get it to behave in any sort of predictable or consistent way. Sometimes the TCP connection succeeds, despite attempts to prioritise ICMP, or vice versa. Clearly I’m misconfiguring something, but at this point I do not understand what. Does anyone see my mistake, or have any relevant configuration examples to share? Thanks, Kristof --=_MailMate_CDAAED01-3A58-4EC4-BE2B-F145590BF07E_=-- From nobody Sun Jul 25 15:57:59 2021 X-Original-To: ipfw@mlmmj.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mlmmj.nyi.freebsd.org (Postfix) with ESMTP id 88FD512B042D for ; Sun, 25 Jul 2021 15:58:03 +0000 (UTC) (envelope-from kp@FreeBSD.org) Received: from smtp.freebsd.org (smtp.freebsd.org [96.47.72.83]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256 client-signature RSA-PSS (4096 bits) client-digest SHA256) (Client CN "smtp.freebsd.org", Issuer "R3" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 4GXnlH2lDTz4sQX for ; Sun, 25 Jul 2021 15:58:03 +0000 (UTC) (envelope-from kp@FreeBSD.org) Received: from venus.codepro.be (venus.codepro.be [5.9.86.228]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client CN "mx1.codepro.be", Issuer "R3" (verified OK)) (Authenticated sender: kp) by smtp.freebsd.org (Postfix) with ESMTPSA id 078018DC for ; Sun, 25 Jul 2021 15:58:03 +0000 (UTC) (envelope-from kp@FreeBSD.org) Received: by venus.codepro.be (Postfix, authenticated sender kp) id 6091844FC3; Sun, 25 Jul 2021 17:58:00 +0200 (CEST) From: "Kristof Provost" To: ipfw@FreeBSD.org Subject: Re: dummynet configuration for automated tests Date: Sun, 25 Jul 2021 17:57:59 +0200 X-Mailer: MailMate (1.13.2r5673) Message-ID: <441AA0FF-9693-4FDD-A4DB-BA443773C630@FreeBSD.org> In-Reply-To: <4403D1A2-5162-4639-B6BB-5369EAA3E645@FreeBSD.org> References: <4403D1A2-5162-4639-B6BB-5369EAA3E645@FreeBSD.org> List-Id: IPFW Technical Discussions List-Archive: https://lists.freebsd.org/archives/freebsd-ipfw List-Help: List-Post: List-Subscribe: List-Unsubscribe: Sender: owner-freebsd-ipfw@freebsd.org MIME-Version: 1.0 Content-Type: multipart/alternative; boundary="=_MailMate_C8B5B53A-0B9D-4242-B2B4-5D095E02337F_=" Content-Transfer-Encoding: 8bit X-ThisMailContainsUnwantedMimeParts: Y --=_MailMate_C8B5B53A-0B9D-4242-B2B4-5D095E02337F_= Content-Type: text/plain; charset="UTF-8"; format=flowed; markup=markdown Content-Transfer-Encoding: 8bit Perhaps a different question would also be helpful: Can anyone share a functional example configuration using dummynet to prioritise traffic? Thanks, Kristof On 20 Jul 2021, at 9:15, Kristof Provost wrote: > Hi, > > I’ve been trying (and failing) to write a few basic test cases for > dummynet (with ipfw for now). > > The full test script can be found here: > https://people.freebsd.org/~kp/dummynet.sh but the relevant bit is > this: > > queue_v6_body() > { > fw=$1 > firewall_init $fw > dummynet_init $fw > > epair=$(vnet_mkepair) > epair_link=$(vnet_mkepair) > vnet_mkjail alcatraz ${epair}b ${epair_link}a > vnet_mkjail srv ${epair_link}b > > set -x > > ifconfig ${epair}a inet6 2001:db8:42::1/64 no_dad up > route add -6 2001:db8:43::/64 2001:db8:42::2 > > jexec alcatraz ifconfig ${epair}b inet6 2001:db8:42::2 no_dad > up > jexec alcatraz ifconfig ${epair_link}a inet6 2001:db8:43::2 > no_dad up > jexec alcatraz sysctl net.inet6.ip6.forwarding=1 > > jexec srv ifconfig ${epair_link}b inet6 2001:db8:43::1 no_dad > up > jexec srv route add -6 default 2001:db8:43::2 > jexec srv /usr/sbin/inetd -p inetd-alcatraz.pid \ > $(atf_get_srcdir)/../pf/echo_inetd.conf > > # Sanity check > atf_check -s exit:0 -o ignore ping6 -i .1 -c 3 -s 1200 > 2001:db8:42::2 > atf_check -s exit:0 -o ignore ping6 -i .1 -c 3 -s 1200 > 2001:db8:43::2 > atf_check -s exit:0 -o ignore ping6 -i .1 -c 3 -s 1200 > 2001:db8:43::1 > > reply=$(echo "foo" | nc -w 5 -N 2001:db8:43::1 7) > if [ "$reply" != "foo" ]; > then > atf_fail "Echo sanity check failed" > fi > > jexec alcatraz dnctl pipe 1 config bw 300Byte/s queue 5 mask > proto 0xff > jexec alcatraz dnctl sched 1 config pipe 1 type wf2q+ mask > proto 0xff > jexec alcatraz dnctl queue 1 config sched 1 weight 99 queue 5 > mask proto 0xff > jexec alcatraz dnctl queue 2 config sched 1 weight 1 queue 5 > mask proto 0xff > > firewall_config alcatraz ${fw} \ > "ipfw" \ > "ipfw add queue 2 ipv6-icmp from any to any > icmp6types 128,129" \ > "ipfw add queue 1 tcp from any to any" > > # Single ping succeeds > atf_check -s exit:0 -o ignore ping6 -c 3 2001:db8:43::1 > # Unsaturated TCP succeeds > reply=$(echo "foo" | nc -w 5 -N 2001:db8:43::1 7) > if [ "$reply" != "foo" ]; > then > atf_fail "Unsaturated echo failed" > fi > > # Saturate the link > ping6 -i .01 -s 1200 2001:db8:43::1 & > > # Give that a chance to fill the queue & pipe > sleep 1 > > jexec alcatraz ipfw show > > # We should now be hitting the limits and get this packet > dropped. > atf_check -s exit:2 -o ignore ping6 -c 1 -W 1 -s 1200 > 2001:db8:43::1 > > # TCP should still just pass > for i in `seq 0 4` > do > reply=$(echo "foo $i" | nc -w 10 -N 2001:db8:43::1 7) > if [ "$reply" != "foo $i" ]; > then > atf_fail "Failed to prioritise traffic on > interation $i" > fi > sleep 1 > done > > jexec alcatraz ipfw flush > # This will fail if we don't differentiate the traffic > firewall_config alcatraz ${fw} \ > "ipfw" \ > "ipfw add queue 1 ipv6-icmp from any to any > icmp6types 128,129" \ > "ipfw add queue 2 tcp from any to any" > > # Carry over state? > killall ping6 > ping6 -i .01 -s 1200 2001:db8:43::1 & > sleep 1 > > reply=$(echo "baz" | nc -w 10 -N 2001:db8:43::1 7) > if [ "$reply" == "baz" ]; > then > jexec alcatraz ipfw show > atf_fail "TCP still made it through, even when not > prioritised" > fi > } > > The idea is to set up a very slow link (using a pipe), and then to > send both ICMP echo and TCP traffic through it. There’s vastly more > ICMP traffic than TCP, and the expectation is that without > prioritisation the ICMP traffic will drown out TCP and cause the > connection to fail. > We then try to use dummynet to give TCP priority over ICMP, so that > the TCP connections do succeed. > > However, I simply cannot get it to behave in any sort of predictable > or consistent way. Sometimes the TCP connection succeeds, despite > attempts to prioritise ICMP, or vice versa. > > Clearly I’m misconfiguring something, but at this point I do not > understand what. Does anyone see my mistake, or have any relevant > configuration examples to share? > > Thanks, > Kristof --=_MailMate_C8B5B53A-0B9D-4242-B2B4-5D095E02337F_=-- From nobody Sun Jul 25 16:00:20 2021 X-Original-To: freebsd-ipfw@mlmmj.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mlmmj.nyi.freebsd.org (Postfix) with ESMTP id 0C11F12B1A46 for ; Sun, 25 Jul 2021 16:00:23 +0000 (UTC) (envelope-from kp@FreeBSD.org) Received: from smtp.freebsd.org (smtp.freebsd.org [96.47.72.83]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256 client-signature RSA-PSS (4096 bits) client-digest SHA256) (Client CN "smtp.freebsd.org", Issuer "R3" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 4GXnny6J2hz4tkZ; Sun, 25 Jul 2021 16:00:22 +0000 (UTC) (envelope-from kp@FreeBSD.org) Received: from venus.codepro.be (venus.codepro.be [5.9.86.228]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client CN "mx1.codepro.be", Issuer "R3" (verified OK)) (Authenticated sender: kp) by smtp.freebsd.org (Postfix) with ESMTPSA id 9C63CBF0; Sun, 25 Jul 2021 16:00:22 +0000 (UTC) (envelope-from kp@FreeBSD.org) Received: by venus.codepro.be (Postfix, authenticated sender kp) id 25CED45137; Sun, 25 Jul 2021 18:00:21 +0200 (CEST) From: "Kristof Provost" To: "Michael Sierchio" Cc: freebsd-ipfw@freebsd.org Subject: Re: Dummynet in monolithic kernel broken on stable/12-n233319-c419c8231fb arm64 Date: Sun, 25 Jul 2021 18:00:20 +0200 X-Mailer: MailMate (1.13.2r5673) Message-ID: <71386648-8824-404A-87CB-D75A8B7E7F92@FreeBSD.org> In-Reply-To: References: List-Id: IPFW Technical Discussions List-Archive: https://lists.freebsd.org/archives/freebsd-ipfw List-Help: List-Post: List-Subscribe: List-Unsubscribe: Sender: owner-freebsd-ipfw@freebsd.org MIME-Version: 1.0 Content-Type: text/plain; charset="UTF-8"; format=flowed Content-Transfer-Encoding: 8bit X-ThisMailContainsUnwantedMimeParts: N Make sure you have 8f76eebce424de064f65fec5cdd105446a2de3bd (aae1a783dd444060f9a9ed9cf0fbb0c3ba7c6800 on stable/12). That’s almost certainly the fix you’re missing. Br, Kristof On 25 Jun 2021, at 3:05, Michael Sierchio wrote: > Addendum: > > This was working with > > stable/12-n233296-71efecb7eb1 arm64 > > > I don't know exactly when it broke, but it's broken with > > > stable/12-n233319-c419c8231fb arm64 > > > On Thu, Jun 24, 2021 at 5:55 PM Michael Sierchio > wrote: > >> >> For numerous reasons, I've been building security appliances with a >> monolithic kernel for a long time. A recent git pull on the >> stable/12 >> branch from github has borked dummynet. >> >> *root@graviton-1:/etc/ipfw 242#* ipfw pipe 1 config gred >> 0.01/12/36/0.75 >> noerror >> >> ipfw: net.inet.ip.dummynet.red_lookup_depth must be greater than zero >> >> *root@graviton-1:/etc/ipfw 243#* sysctl >> net.inet.ip.dummynet.red_lookup_depth=256 >> >> sysctl: oid 'net.inet.ip.dummynet.red_lookup_depth' is read only >> >> >> Interesting, but inconvenient. Just happened upon reboot. >> Attempting to >> set in /boot/loader.conf doesn't work. Any advice? >> >> >> Many (if not all) of the dummynet sysctls are borked >> >> >> *root@graviton-1:~ 201#* sysctl >> net.inet.ip.dummynet.red_max_pkt_size=1500 >> >> sysctl: oid 'net.inet.ip.dummynet.red_max_pkt_size' is read only >> >> >> >> *michael.sierchio@graviton-1:~ 201>* sysctl net.inet.ip.dummynet >> >> net.inet.ip.dummynet.io_pkt_drop: 0 >> >> net.inet.ip.dummynet.io_pkt_fast: 0 >> >> net.inet.ip.dummynet.io_pkt: 0 >> >> net.inet.ip.dummynet.queue_count: 0 >> >> net.inet.ip.dummynet.fsk_count: 0 >> >> net.inet.ip.dummynet.si_count: 0 >> >> net.inet.ip.dummynet.schk_count: 0 >> >> net.inet.ip.dummynet.expire_cycle: 0 >> >> net.inet.ip.dummynet.expire: 0 >> >> net.inet.ip.dummynet.tick_lost: 0 >> >> net.inet.ip.dummynet.tick_diff: 0 >> >> net.inet.ip.dummynet.tick_adjustment: 0 >> >> net.inet.ip.dummynet.tick_delta_sum: 0 >> >> net.inet.ip.dummynet.tick_delta: 0 >> >> net.inet.ip.dummynet.red_max_pkt_size: 0 >> >> net.inet.ip.dummynet.red_avg_pkt_size: 0 >> >> net.inet.ip.dummynet.red_lookup_depth: 0 >> >> net.inet.ip.dummynet.debug: 0 >> >> net.inet.ip.dummynet.io_fast: 0 >> >> net.inet.ip.dummynet.pipe_byte_limit: 1048576 >> >> net.inet.ip.dummynet.pipe_slot_limit: 100 >> >> net.inet.ip.dummynet.hash_size: 64 >> >> net.inet.ip.dummynet.fqpie.limit: 10240 >> >> net.inet.ip.dummynet.fqpie.flows: 1024 >> >> net.inet.ip.dummynet.fqpie.quantum: 1514 >> >> net.inet.ip.dummynet.fqpie.beta: 1250 >> >> net.inet.ip.dummynet.fqpie.alpha: 125 >> >> net.inet.ip.dummynet.fqpie.max_ecnth: 99 >> >> net.inet.ip.dummynet.fqpie.max_burst: 150000 >> >> net.inet.ip.dummynet.fqpie.tupdate: 15000 >> >> net.inet.ip.dummynet.fqpie.target: 15000 >> >> net.inet.ip.dummynet.fqcodel.limit: 10240 >> >> net.inet.ip.dummynet.fqcodel.flows: 1024 >> >> net.inet.ip.dummynet.fqcodel.quantum: 1514 >> >> net.inet.ip.dummynet.fqcodel.interval: 100000 >> >> net.inet.ip.dummynet.fqcodel.target: 5000 >> >> net.inet.ip.dummynet.pie.beta: 1250 >> >> net.inet.ip.dummynet.pie.alpha: 125 >> >> net.inet.ip.dummynet.pie.max_ecnth: 99 >> >> net.inet.ip.dummynet.pie.max_burst: 150000 >> >> net.inet.ip.dummynet.pie.tupdate: 15000 >> >> net.inet.ip.dummynet.pie.target: 15000 >> >> net.inet.ip.dummynet.codel.interval: 100000 >> >> net.inet.ip.dummynet.codel.target: 5000 >> -- >> >> "Well," Brahmā said, "even after ten thousand explanations, a fool >> is no >> wiser, but an intelligent person requires only two thousand five >> hundred." >> >> - The Mahābhārata >> > > > -- > > "Well," Brahmā said, "even after ten thousand explanations, a fool is > no > wiser, but an intelligent person requires only two thousand five > hundred." > > - The Mahābhārata From nobody Sun Jul 25 21:00:26 2021 X-Original-To: ipfw@mlmmj.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mlmmj.nyi.freebsd.org (Postfix) with ESMTP id 8793A12D2C21 for ; Sun, 25 Jul 2021 21:00:26 +0000 (UTC) (envelope-from bugzilla-noreply@FreeBSD.org) Received: from mxrelay.nyi.freebsd.org (mxrelay.nyi.freebsd.org [IPv6:2610:1c1:1:606c::19:3]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256 client-signature RSA-PSS (4096 bits) client-digest SHA256) (Client CN "mxrelay.nyi.freebsd.org", Issuer "R3" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 4GXwSB27dnz3N1N for ; Sun, 25 Jul 2021 21:00:26 +0000 (UTC) (envelope-from bugzilla-noreply@FreeBSD.org) Received: from kenobi.freebsd.org (kenobi.freebsd.org [IPv6:2610:1c1:1:606c::50:1d]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256) (Client did not present a certificate) by mxrelay.nyi.freebsd.org (Postfix) with ESMTPS id 294602786 for ; Sun, 25 Jul 2021 21:00:26 +0000 (UTC) (envelope-from bugzilla-noreply@FreeBSD.org) Received: from kenobi.freebsd.org ([127.0.1.5]) by kenobi.freebsd.org (8.15.2/8.15.2) with ESMTP id 16PL0QaH011212 for ; Sun, 25 Jul 2021 21:00:26 GMT (envelope-from bugzilla-noreply@FreeBSD.org) Received: (from bugzilla@localhost) by kenobi.freebsd.org (8.15.2/8.15.2/Submit) id 16PL0QN5011211 for ipfw@FreeBSD.org; Sun, 25 Jul 2021 21:00:26 GMT (envelope-from bugzilla-noreply@FreeBSD.org) Message-Id: <202107252100.16PL0QN5011211@kenobi.freebsd.org> X-Authentication-Warning: kenobi.freebsd.org: bugzilla set sender to bugzilla-noreply@FreeBSD.org using -f From: bugzilla-noreply@FreeBSD.org To: ipfw@FreeBSD.org Subject: Problem reports for ipfw@FreeBSD.org that need special attention Date: Sun, 25 Jul 2021 21:00:26 +0000 List-Id: IPFW Technical Discussions List-Archive: https://lists.freebsd.org/archives/freebsd-ipfw List-Help: List-Post: List-Subscribe: List-Unsubscribe: Sender: owner-freebsd-ipfw@freebsd.org MIME-Version: 1.0 Content-Type: multipart/alternative; boundary="16272468260.8f6bbF.10666" Content-Transfer-Encoding: 7bit X-ThisMailContainsUnwantedMimeParts: Y --16272468260.8f6bbF.10666 Date: Sun, 25 Jul 2021 21:00:26 +0000 MIME-Version: 1.0 Content-Type: text/plain; charset="UTF-8" To view an individual PR, use: https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=(Bug Id). The following is a listing of current problems submitted by FreeBSD users, which need special attention. These represent problem reports covering all versions including experimental development code and obsolete releases. Status | Bug Id | Description ------------+-----------+--------------------------------------------------- New | 215875 | [ipfw] ipfw lookup tables do not support mbuf_tag New | 232764 | [ipfw] share/examples/ipfw/change_rules.sh: Suppo 2 problems total for which you should take action. --16272468260.8f6bbF.10666--