From nobody Fri Feb 9 20:22:45 2024 X-Original-To: ipfw@mlmmj.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mlmmj.nyi.freebsd.org (Postfix) with ESMTP id 4TWldx5z5Zz5BGqr for ; Fri, 9 Feb 2024 20:22:45 +0000 (UTC) (envelope-from bugzilla-noreply@freebsd.org) Received: from mxrelay.nyi.freebsd.org (mxrelay.nyi.freebsd.org [IPv6:2610:1c1:1:606c::19:3]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256 client-signature RSA-PSS (4096 bits) client-digest SHA256) (Client CN "mxrelay.nyi.freebsd.org", Issuer "R3" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 4TWldx4x32z40j7 for ; Fri, 9 Feb 2024 20:22:45 +0000 (UTC) (envelope-from bugzilla-noreply@freebsd.org) ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim; t=1707510165; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references; bh=0UjqkKwPjnX1SX//bzBA3E8uijiQkqEQtIFxxMrattk=; b=FBHhi9QVaajz4CrjiY5RGV4w0Xeg8cNZ+VV3OuLjPqeYweQppSEVgRrL+JG3T5y6uiCb9E H9qu6nFEGuMk2QwMveBJA+RWH+AHG+JwSHyEdcMd1UHBsijSNf8VuTZ7A4xXI/P0iVI45G 6HdxJOFaSRE0N0Me9MT5aXWuCYq3os7FyjmK7lj2f+Pw/N6rPdy//BaCKw+YCOoX8qCzBM B1ahtvq6Oz3SXqtnnPVak01nnqk2pvGaFvk0ccOF/8DabO7R2hx9Ou4FtsMLvhKIKEjdVz W3uzQODT0shIaDf75+Txksuhb33edQifd9vy9i7VgKI5cEg2CXSBw1I8qI6Fcg== ARC-Authentication-Results: i=1; mx1.freebsd.org; none ARC-Seal: i=1; s=dkim; d=freebsd.org; t=1707510165; a=rsa-sha256; cv=none; b=mGacD1sacZOqOosPnmp9ELWOKVXQ6lpIoUde6yLQ2guHLlIkhzfNS2frmE8s7moM7RC738 WJLS+l8uKAYujwgG/QtJJKl31px2VwHw9iCdeR2RfoIlNAXe1pev7l1n5Z/v1oKp6TknSY FXE4QJ6/tsjPQXzSI8S9d73NLl3YUdot9j2TFJF1fUdgDfGOHPj86sEECsFWrzLc+/GiTs 1QatgK0PcJjHVzfeKkglb5cUoTp8P/L61ybvib0ErXap4lmkTOqq2qUUmBrkAfDHQeFdlE cR9fR/WZndu0S/DVxg9FWypKCxti0qrZUoUL+XZnc3SZjUivNtcg7Uoivc70kQ== Received: from kenobi.freebsd.org (kenobi.freebsd.org [IPv6:2610:1c1:1:606c::50:1d]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256) (Client did not present a certificate) by mxrelay.nyi.freebsd.org (Postfix) with ESMTPS id 4TWldx3sWFzmyC for ; Fri, 9 Feb 2024 20:22:45 +0000 (UTC) (envelope-from bugzilla-noreply@freebsd.org) Received: from kenobi.freebsd.org ([127.0.1.5]) by kenobi.freebsd.org (8.15.2/8.15.2) with ESMTP id 419KMjcr016287 for ; Fri, 9 Feb 2024 20:22:45 GMT (envelope-from bugzilla-noreply@freebsd.org) Received: (from www@localhost) by kenobi.freebsd.org (8.15.2/8.15.2/Submit) id 419KMj0e016286 for ipfw@FreeBSD.org; Fri, 9 Feb 2024 20:22:45 GMT (envelope-from bugzilla-noreply@freebsd.org) X-Authentication-Warning: kenobi.freebsd.org: www set sender to bugzilla-noreply@freebsd.org using -f From: bugzilla-noreply@freebsd.org To: ipfw@FreeBSD.org Subject: [Bug 276732] IPFW keep-state rules with untag do not go through parent rule cmd Date: Fri, 09 Feb 2024 20:22:45 +0000 X-Bugzilla-Reason: AssignedTo X-Bugzilla-Type: changed X-Bugzilla-Watch-Reason: None X-Bugzilla-Product: Base System X-Bugzilla-Component: kern X-Bugzilla-Version: CURRENT X-Bugzilla-Keywords: X-Bugzilla-Severity: Affects Some People X-Bugzilla-Who: jhb@FreeBSD.org X-Bugzilla-Status: New X-Bugzilla-Resolution: X-Bugzilla-Priority: --- X-Bugzilla-Assigned-To: ipfw@FreeBSD.org X-Bugzilla-Flags: X-Bugzilla-Changed-Fields: cc Message-ID: In-Reply-To: References: Content-Type: text/plain; charset="UTF-8" Content-Transfer-Encoding: quoted-printable X-Bugzilla-URL: https://bugs.freebsd.org/bugzilla/ Auto-Submitted: auto-generated List-Id: IPFW Technical Discussions List-Archive: https://lists.freebsd.org/archives/freebsd-ipfw List-Help: List-Post: List-Subscribe: List-Unsubscribe: Sender: owner-freebsd-ipfw@freebsd.org MIME-Version: 1.0 https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=3D276732 John Baldwin changed: What |Removed |Added ---------------------------------------------------------------------------- CC| |ae@FreeBSD.org, | |jhb@FreeBSD.org --- Comment #1 from John Baldwin --- I agree with the diagnosis. I suspect though that the bug is a bit bigger = as currently we always skip over the first bug --=20 You are receiving this mail because: You are the assignee for the bug.= From nobody Fri Feb 9 20:28:06 2024 X-Original-To: ipfw@mlmmj.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mlmmj.nyi.freebsd.org (Postfix) with ESMTP id 4TWlm62z41z5BHhV for ; Fri, 9 Feb 2024 20:28:06 +0000 (UTC) (envelope-from bugzilla-noreply@freebsd.org) Received: from mxrelay.nyi.freebsd.org (mxrelay.nyi.freebsd.org [IPv6:2610:1c1:1:606c::19:3]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256 client-signature RSA-PSS (4096 bits) client-digest SHA256) (Client CN "mxrelay.nyi.freebsd.org", Issuer "R3" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 4TWlm619Ytz41PV for ; Fri, 9 Feb 2024 20:28:06 +0000 (UTC) (envelope-from bugzilla-noreply@freebsd.org) ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim; t=1707510486; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references; bh=28fb9SLT4AbUk9y8+Jso06ZPBVz0t4cidsmiXumrzQg=; b=FyMzUnQbBibiNqpG+w+jZmDISAxXIOj9slJuB/N8EZiPtT9uf4eQkvLHD3eOghyHzuWPYe JRVV9ZTIHwSQn6gldPD7zXEnQUhHW6Q7F4wwoBfjNgKuMed178gpu7X/LE13Wcy4fEeEfc 0LBxQ6giOrW+QeCT1yeeDShPb4kmRQjOTE0vhmBZRetDbQxy2TxouL6ZS5aE63MoLIu0ko Z7Mnunia1OVj1tZsYmJsF4cIpDPseFd/4TJNANuCoj2pHGS9Z8olPHJdM4l0eDnCgsiQiJ w73W0bE8Wym7HlTTQkF9HZoSW8dCBw1vJ48ApZk06Gwibs1GV1pAM4GnpdRGBw== ARC-Authentication-Results: i=1; mx1.freebsd.org; none ARC-Seal: i=1; s=dkim; d=freebsd.org; t=1707510486; a=rsa-sha256; cv=none; b=eYReCAWz7TF2DSa08dft7WtzZcXSUimiLmGjrcL2PkYte8dZmOBe8bpBJugS2mQZbhh8RD FxnrLVcP5vRHHPMH0kWB8/umEaEAbNSWbJbKb9S9fbgps5yDwKZXCVIag0LiFPjrSXSGXt YPThJp/u6qJl0Yya5qf4PWpvqwUCePMDMMpObyaDrgzPUlZCPyJWR7qmIS4fGk5gSuzuG4 nI/RWlWbSSF5Beq1u7oDy54pXp17XQRFHvtgY6eGznq/tRzErt6JdLmC3PbQR+qBL6fjOe 6xc9cBNdJouTAvCzJsFAnxNIKYFed1h84Zy0NYfDXMVi9Jte4EpQd9O4soadpw== Received: from kenobi.freebsd.org (kenobi.freebsd.org [IPv6:2610:1c1:1:606c::50:1d]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256) (Client did not present a certificate) by mxrelay.nyi.freebsd.org (Postfix) with ESMTPS id 4TWlm60GMxznT8 for ; Fri, 9 Feb 2024 20:28:06 +0000 (UTC) (envelope-from bugzilla-noreply@freebsd.org) Received: from kenobi.freebsd.org ([127.0.1.5]) by kenobi.freebsd.org (8.15.2/8.15.2) with ESMTP id 419KS5rY033326 for ; Fri, 9 Feb 2024 20:28:05 GMT (envelope-from bugzilla-noreply@freebsd.org) Received: (from www@localhost) by kenobi.freebsd.org (8.15.2/8.15.2/Submit) id 419KS57d033323 for ipfw@FreeBSD.org; Fri, 9 Feb 2024 20:28:05 GMT (envelope-from bugzilla-noreply@freebsd.org) X-Authentication-Warning: kenobi.freebsd.org: www set sender to bugzilla-noreply@freebsd.org using -f From: bugzilla-noreply@freebsd.org To: ipfw@FreeBSD.org Subject: [Bug 276732] IPFW keep-state rules with untag do not go through parent rule cmd Date: Fri, 09 Feb 2024 20:28:06 +0000 X-Bugzilla-Reason: AssignedTo X-Bugzilla-Type: changed X-Bugzilla-Watch-Reason: None X-Bugzilla-Product: Base System X-Bugzilla-Component: kern X-Bugzilla-Version: CURRENT X-Bugzilla-Keywords: X-Bugzilla-Severity: Affects Some People X-Bugzilla-Who: jhb@FreeBSD.org X-Bugzilla-Status: Open X-Bugzilla-Resolution: X-Bugzilla-Priority: --- X-Bugzilla-Assigned-To: ipfw@FreeBSD.org X-Bugzilla-Flags: X-Bugzilla-Changed-Fields: bug_status Message-ID: In-Reply-To: References: Content-Type: text/plain; charset="UTF-8" Content-Transfer-Encoding: quoted-printable X-Bugzilla-URL: https://bugs.freebsd.org/bugzilla/ Auto-Submitted: auto-generated List-Id: IPFW Technical Discussions List-Archive: https://lists.freebsd.org/archives/freebsd-ipfw List-Help: List-Post: List-Subscribe: List-Unsubscribe: Sender: owner-freebsd-ipfw@freebsd.org MIME-Version: 1.0 https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=3D276732 John Baldwin changed: What |Removed |Added ---------------------------------------------------------------------------- Status|New |Open --- Comment #2 from John Baldwin --- (Hit Enter too soon, ignore previous comment) I agree with the diagnosis. I suspect though that the bug is a bit bigger = as currently we always skip over the first action opcode. The fact that 'matc= h' is set to 1 allows this to "work" if the first action is "accept" which is usually the action for keep-state rules. However, I suspect that if you ha= ve a 'log' action on a keep-state rule we don't actually log packets that match = an existing dynamic rule since we skip over the "log" opcode due to this bug. A bit more background: in this set of loops in the kernel, you can think of 'cmd' as being a program counter (PC) for an ISA and 'cmdlen' is the implic= it PC increment to perform after handling the current opcode. Since this acti= on is triggering the equivalent of a branch, it resets 'cmd' and 'l' as is don= e at the start of the inner for loop and sets 'cmdlen' to 0 to avoid turn the implicit PC increment at the end of the for loop into a nop. I think though that the patch should drop the 'match =3D 1' as that is now = just noise. Also, there is no need to keep the dead 'break' statement. I've cc= 'd ae@ to see if he has any thoughts, but if there's no other feedback in the = next week or so I'll commit the tweaked fix. --=20 You are receiving this mail because: You are the assignee for the bug.= From nobody Fri Feb 9 21:28:13 2024 X-Original-To: ipfw@mlmmj.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mlmmj.nyi.freebsd.org (Postfix) with ESMTP id 4TWn5V14cRz5BMtr for ; Fri, 9 Feb 2024 21:28:14 +0000 (UTC) (envelope-from bugzilla-noreply@freebsd.org) Received: from mxrelay.nyi.freebsd.org (mxrelay.nyi.freebsd.org [IPv6:2610:1c1:1:606c::19:3]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256 client-signature RSA-PSS (4096 bits) client-digest SHA256) (Client CN "mxrelay.nyi.freebsd.org", Issuer "R3" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 4TWn5V03GKz489P for ; Fri, 9 Feb 2024 21:28:14 +0000 (UTC) (envelope-from bugzilla-noreply@freebsd.org) ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim; t=1707514094; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references; bh=1BgqSH2B8a5k04Kt7hYOgVvj4DAvls021sbK6qdaenY=; b=UU7IyAoDjumwxSu/OTjABFsQHblXgz+L/J0on0b0ZflwWolH+feC/zjiH+60+3qKU30b8B 6z24Mq7Y3RlqPODcJ1DjwllLFD2hBs9lLcU7OqhH0DoB0OEqjDySUg3vd3+wYE3IDWbxis Atm0033T1jHnoz3D8HvAClBQ4J5b0PsEbWfN8RO9vgVaZJ1UB/IfadUlwntYd3olKIxVm9 +jcFoXTRZAaVEKN3dnr30sVK1jFjrXoU5mZpHDW9QZVdrIzqOIf6JoVHGFoO1T5yCwYWWc xS9G79Hmj7lOHbvr1rNjgjFJCwjLXzh3xMIUdfTx2SOHUQmfpSj9hGpL21hdBw== ARC-Authentication-Results: i=1; mx1.freebsd.org; none ARC-Seal: i=1; s=dkim; d=freebsd.org; t=1707514094; a=rsa-sha256; cv=none; b=E9Fcm4RcxzjlYLRwjCtnB1C6zkygYzLOxV4jSq/KjVQJpIvhXKUbY0x8qVqxFCwiyvl/XM 2sjWFX8idUm91dB+QFHHM5LAhKoJNzDMkrXWh2BT0TBCiaJ74upLx6JdSzTlfep63+bM99 5EBeV+8HeX2mZC/7Unkk7iYNnD7DDtg1WSwYmoUP1GQ4EEByTXXJVyQTtGVzWqX5NYl72N Lpw6tONhFqlUm1qpPB2vJxT4BogiWerBjsENmYD5o2adFzbH9NegRDp+rvDANk/vatAmKM yX+/WVMi3o3GgVNPJcWmkCdkgBn/JtXHtSRONFWd/lNQRntASpjvyTLAo84x0A== Received: from kenobi.freebsd.org (kenobi.freebsd.org [IPv6:2610:1c1:1:606c::50:1d]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256) (Client did not present a certificate) by mxrelay.nyi.freebsd.org (Postfix) with ESMTPS id 4TWn5T66D5zpmF for ; Fri, 9 Feb 2024 21:28:13 +0000 (UTC) (envelope-from bugzilla-noreply@freebsd.org) Received: from kenobi.freebsd.org ([127.0.1.5]) by kenobi.freebsd.org (8.15.2/8.15.2) with ESMTP id 419LSD6h039239 for ; Fri, 9 Feb 2024 21:28:13 GMT (envelope-from bugzilla-noreply@freebsd.org) Received: (from www@localhost) by kenobi.freebsd.org (8.15.2/8.15.2/Submit) id 419LSDQc039235 for ipfw@FreeBSD.org; Fri, 9 Feb 2024 21:28:13 GMT (envelope-from bugzilla-noreply@freebsd.org) X-Authentication-Warning: kenobi.freebsd.org: www set sender to bugzilla-noreply@freebsd.org using -f From: bugzilla-noreply@freebsd.org To: ipfw@FreeBSD.org Subject: [Bug 276732] IPFW keep-state rules with untag do not go through parent rule cmd Date: Fri, 09 Feb 2024 21:28:13 +0000 X-Bugzilla-Reason: AssignedTo X-Bugzilla-Type: changed X-Bugzilla-Watch-Reason: None X-Bugzilla-Product: Base System X-Bugzilla-Component: kern X-Bugzilla-Version: CURRENT X-Bugzilla-Keywords: X-Bugzilla-Severity: Affects Some People X-Bugzilla-Who: fodillemlinkarim@gmail.com X-Bugzilla-Status: Open X-Bugzilla-Resolution: X-Bugzilla-Priority: --- X-Bugzilla-Assigned-To: ipfw@FreeBSD.org X-Bugzilla-Flags: X-Bugzilla-Changed-Fields: Message-ID: In-Reply-To: References: Content-Type: text/plain; charset="UTF-8" Content-Transfer-Encoding: quoted-printable X-Bugzilla-URL: https://bugs.freebsd.org/bugzilla/ Auto-Submitted: auto-generated List-Id: IPFW Technical Discussions List-Archive: https://lists.freebsd.org/archives/freebsd-ipfw List-Help: List-Post: List-Subscribe: List-Unsubscribe: Sender: owner-freebsd-ipfw@freebsd.org MIME-Version: 1.0 https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=3D276732 --- Comment #3 from fodillemlinkarim@gmail.com --- Fine by me, the break and match were left there to stay consistent with oth= er parts of the that file that behave in a similar fashion, for example the O_COUNT and O_SKIPTO cases. --=20 You are receiving this mail because: You are the assignee for the bug.=