From owner-freebsd-ipfw@FreeBSD.ORG Mon Mar 28 06:14:20 2011 Return-Path: Delivered-To: freebsd-ipfw@hub.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 6A045106566C; Mon, 28 Mar 2011 06:14:20 +0000 (UTC) (envelope-from linimon@FreeBSD.org) Received: from freefall.freebsd.org (freefall.freebsd.org [IPv6:2001:4f8:fff6::28]) by mx1.freebsd.org (Postfix) with ESMTP id 408CC8FC13; Mon, 28 Mar 2011 06:14:20 +0000 (UTC) Received: from freefall.freebsd.org (localhost [127.0.0.1]) by freefall.freebsd.org (8.14.4/8.14.4) with ESMTP id p2S6EKI6032329; Mon, 28 Mar 2011 06:14:20 GMT (envelope-from linimon@freefall.freebsd.org) Received: (from linimon@localhost) by freefall.freebsd.org (8.14.4/8.14.4/Submit) id p2S6EKUC032325; Mon, 28 Mar 2011 06:14:20 GMT (envelope-from linimon) Date: Mon, 28 Mar 2011 06:14:20 GMT Message-Id: <201103280614.p2S6EKUC032325@freefall.freebsd.org> To: linimon@FreeBSD.org, freebsd-standards@FreeBSD.org, freebsd-ipfw@FreeBSD.org From: linimon@FreeBSD.org Cc: Subject: Re: kern/155927: [ipfw] ipfw stops to check bags for compliance with the rules, letting everything Rules X-BeenThere: freebsd-ipfw@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: IPFW Technical Discussions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 28 Mar 2011 06:14:20 -0000 Old Synopsis: Ipfw stops to check bags for compliance with the rules, letting everything Rules New Synopsis: [ipfw] ipfw stops to check bags for compliance with the rules, letting everything Rules Responsible-Changed-From-To: freebsd-standards->freebsd-ipfw Responsible-Changed-By: linimon Responsible-Changed-When: Mon Mar 28 06:13:10 UTC 2011 Responsible-Changed-Why: reclassify, although I do not think there is enough information here to proceed. http://www.freebsd.org/cgi/query-pr.cgi?pr=155927 From owner-freebsd-ipfw@FreeBSD.ORG Mon Mar 28 06:30:33 2011 Return-Path: Delivered-To: freebsd-ipfw@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id C1091106564A for ; Mon, 28 Mar 2011 06:30:33 +0000 (UTC) (envelope-from luigi@onelab2.iet.unipi.it) Received: from onelab2.iet.unipi.it (onelab2.iet.unipi.it [131.114.59.238]) by mx1.freebsd.org (Postfix) with ESMTP id 84CEF8FC15 for ; Mon, 28 Mar 2011 06:30:33 +0000 (UTC) Received: by onelab2.iet.unipi.it (Postfix, from userid 275) id B2A717300A; Mon, 28 Mar 2011 08:44:54 +0200 (CEST) Date: Mon, 28 Mar 2011 08:44:54 +0200 From: Luigi Rizzo To: linimon@freebsd.org Message-ID: <20110328064454.GA63583@onelab2.iet.unipi.it> References: <201103280614.p2S6EKUC032325@freefall.freebsd.org> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <201103280614.p2S6EKUC032325@freefall.freebsd.org> User-Agent: Mutt/1.4.2.3i Cc: freebsd-ipfw@freebsd.org, freebsd-standards@freebsd.org Subject: Re: kern/155927: [ipfw] ipfw stops to check bags for compliance with the rules, letting everything Rules X-BeenThere: freebsd-ipfw@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: IPFW Technical Discussions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 28 Mar 2011 06:30:33 -0000 On Mon, Mar 28, 2011 at 06:14:20AM +0000, linimon@freebsd.org wrote: > Old Synopsis: Ipfw stops to check bags for compliance with the rules, letting everything Rules > New Synopsis: [ipfw] ipfw stops to check bags for compliance with the rules, letting everything Rules > > Responsible-Changed-From-To: freebsd-standards->freebsd-ipfw > Responsible-Changed-By: linimon > Responsible-Changed-When: Mon Mar 28 06:13:10 UTC 2011 > Responsible-Changed-Why: > reclassify, although I do not think there is enough information here > to proceed. interesting use of the term 'bag' for 'packet'! From owner-freebsd-ipfw@FreeBSD.ORG Mon Mar 28 06:51:11 2011 Return-Path: Delivered-To: freebsd-ipfw@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 038F5106566B for ; Mon, 28 Mar 2011 06:51:11 +0000 (UTC) (envelope-from smithi@nimnet.asn.au) Received: from sola.nimnet.asn.au (paqi.nimnet.asn.au [115.70.110.159]) by mx1.freebsd.org (Postfix) with ESMTP id 6A6D38FC14 for ; Mon, 28 Mar 2011 06:51:09 +0000 (UTC) Received: from localhost (localhost [127.0.0.1]) by sola.nimnet.asn.au (8.14.2/8.14.2) with ESMTP id p2S6p7ta072939; Mon, 28 Mar 2011 17:51:08 +1100 (EST) (envelope-from smithi@nimnet.asn.au) Date: Mon, 28 Mar 2011 17:51:06 +1100 (EST) From: Ian Smith To: Luigi Rizzo In-Reply-To: <20110328064454.GA63583@onelab2.iet.unipi.it> Message-ID: <20110328173822.J33521@sola.nimnet.asn.au> References: <201103280614.p2S6EKUC032325@freefall.freebsd.org> <20110328064454.GA63583@onelab2.iet.unipi.it> MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Cc: freebsd-ipfw@freebsd.org Subject: Re: kern/155927: [ipfw] ipfw stops to check bags for compliance with the rules, letting everything Rules X-BeenThere: freebsd-ipfw@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: IPFW Technical Discussions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 28 Mar 2011 06:51:11 -0000 On Mon, 28 Mar 2011, Luigi Rizzo wrote: > On Mon, Mar 28, 2011 at 06:14:20AM +0000, linimon@freebsd.org wrote: > > Old Synopsis: Ipfw stops to check bags for compliance with the rules, letting everything Rules > > New Synopsis: [ipfw] ipfw stops to check bags for compliance with the rules, letting everything Rules > > > > Responsible-Changed-From-To: freebsd-standards->freebsd-ipfw > > Responsible-Changed-By: linimon > > Responsible-Changed-When: Mon Mar 28 06:13:10 UTC 2011 > > Responsible-Changed-Why: > > reclassify, although I do not think there is enough information here > > to proceed. > > interesting use of the term 'bag' for 'packet'! Even with that cleared up, I can't make out what it may have to do with syslogging .. perhaps one of our Russian speakers could intermediate? cheers, Ian From owner-freebsd-ipfw@FreeBSD.ORG Mon Mar 28 11:06:58 2011 Return-Path: Delivered-To: freebsd-ipfw@FreeBSD.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 934AE1065674 for ; Mon, 28 Mar 2011 11:06:58 +0000 (UTC) (envelope-from owner-bugmaster@FreeBSD.org) Received: from freefall.freebsd.org (freefall.freebsd.org [IPv6:2001:4f8:fff6::28]) by mx1.freebsd.org (Postfix) with ESMTP id 755D08FC27 for ; Mon, 28 Mar 2011 11:06:58 +0000 (UTC) Received: from freefall.freebsd.org (localhost [127.0.0.1]) by freefall.freebsd.org (8.14.4/8.14.4) with ESMTP id p2SB6w95026671 for ; Mon, 28 Mar 2011 11:06:58 GMT (envelope-from owner-bugmaster@FreeBSD.org) Received: (from gnats@localhost) by freefall.freebsd.org (8.14.4/8.14.4/Submit) id p2SB6vQi026667 for freebsd-ipfw@FreeBSD.org; Mon, 28 Mar 2011 11:06:57 GMT (envelope-from owner-bugmaster@FreeBSD.org) Date: Mon, 28 Mar 2011 11:06:57 GMT Message-Id: <201103281106.p2SB6vQi026667@freefall.freebsd.org> X-Authentication-Warning: freefall.freebsd.org: gnats set sender to owner-bugmaster@FreeBSD.org using -f From: FreeBSD bugmaster To: freebsd-ipfw@FreeBSD.org Cc: Subject: Current problem reports assigned to freebsd-ipfw@FreeBSD.org X-BeenThere: freebsd-ipfw@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: IPFW Technical Discussions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 28 Mar 2011 11:06:58 -0000 Note: to view an individual PR, use: http://www.freebsd.org/cgi/query-pr.cgi?pr=(number). The following is a listing of current problems submitted by FreeBSD users. These represent problem reports covering all versions including experimental development code and obsolete releases. S Tracker Resp. Description -------------------------------------------------------------------------------- o kern/155927 ipfw [ipfw] ipfw stops to check bags for compliance with th o kern/153415 ipfw [ipfw] [patch] Port numbers always zero in dynamic IPF o bin/153252 ipfw [ipfw][patch] ipfw lockdown system in subsequent call o kern/153161 ipfw IPFIREWALL does not allow specify rules with ICMP code o kern/152887 ipfw [ipfw] Can not set more then 1024 buckets with buckets o kern/152113 ipfw [ipfw] page fault on 8.1-RELEASE caused by certain amo o kern/150798 ipfw [ipfw] ipfw2 fwd rule matches packets but does not do o kern/148827 ipfw [ipfw] divert broken with in-kernel ipfw o kern/148689 ipfw [ipfw] antispoof wrongly triggers on link local IPv6 a o kern/148430 ipfw [ipfw] IPFW schedule delete broken. o kern/148157 ipfw [ipfw] IPFW in kernel nat BUG found in FreeBSD 8.1-PRE o kern/148091 ipfw [ipfw] ipfw ipv6 handling broken. o kern/147720 ipfw [ipfw] ipfw dynamic rules and fwd o kern/145305 ipfw [ipfw] ipfw problems, panics, data corruption, ipv6 so o kern/144269 ipfw [ipfw] problem with ipfw tables o kern/144187 ipfw [ipfw] deadlock using multiple ipfw nat and multiple l o kern/143973 ipfw [ipfw] [panic] ipfw forward option causes kernel reboo o kern/143653 ipfw [ipfw] [patch] ipfw nat redirect_port "buf is too smal o kern/143621 ipfw [ipfw] [dummynet] [patch] dummynet and vnet use result o kern/143474 ipfw [ipfw] ipfw table contains the same address f kern/142951 ipfw [dummynet] using pipes&queues gives OUCH! pipe should o kern/139581 ipfw [ipfw] "ipfw pipe" not limiting bandwidth o kern/139226 ipfw [ipfw] install_state: entry already present, done o kern/137346 ipfw [ipfw] ipfw nat redirect_proto is broken o kern/137232 ipfw [ipfw] parser troubles o kern/136695 ipfw [ipfw] [patch] fwd reached after skipto in dynamic rul o kern/135476 ipfw [ipfw] IPFW table breaks after adding a large number o o bin/134975 ipfw [patch] ipfw(8) can't work with set in rule file. o kern/131817 ipfw [ipfw] blocks layer2 packets that should not be blocke o kern/131601 ipfw [ipfw] [panic] 7-STABLE panic in nat_finalise (tcp=0) o kern/131558 ipfw [ipfw] Inconsistent "via" ipfw behavior o bin/130132 ipfw [patch] ipfw(8): no way to get mask from ipfw pipe sho o kern/129103 ipfw [ipfw] IPFW check state does not work =( o kern/129093 ipfw [ipfw] ipfw nat must not drop packets o kern/129036 ipfw [ipfw] 'ipfw fwd' does not change outgoing interface n o kern/128260 ipfw [ipfw] [patch] ipfw_divert damages IPv6 packets o kern/127230 ipfw [ipfw] [patch] Feature request to add UID and/or GID l o kern/127209 ipfw [ipfw] IPFW table become corrupted after many changes o bin/125370 ipfw [ipfw] [patch] increase a line buffer limit o conf/123119 ipfw [patch] rc script for ipfw does not handle IPv6 o kern/122963 ipfw [ipfw] tcpdump does not show packets redirected by 'ip o kern/122109 ipfw [ipfw] ipfw nat traceroute problem s kern/121807 ipfw [request] TCP and UDP port_table in ipfw o kern/121382 ipfw [dummynet] 6.3-RELEASE-p1 page fault in dummynet (corr o kern/121122 ipfw [ipfw] [patch] add support to ToS IP PRECEDENCE fields o kern/118993 ipfw [ipfw] page fault - probably it's a locking problem o bin/117214 ipfw ipfw(8) fwd with IPv6 treats input as IPv4 o kern/116009 ipfw [ipfw] [patch] Ignore errors when loading ruleset from o docs/113803 ipfw [patch] ipfw(8) - don't get bitten by the fwd rule o kern/112561 ipfw [ipfw] ipfw fwd does not work with some TCP packets o kern/105330 ipfw [ipfw] [patch] ipfw (dummynet) does not allow to set q o bin/104921 ipfw [patch] ipfw(8) sometimes treats ipv6 input as ipv4 (a o kern/104682 ipfw [ipfw] [patch] Some minor language consistency fixes a o kern/103454 ipfw [ipfw] [patch] [request] add a facility to modify DF b o kern/103328 ipfw [ipfw] [request] sugestions about ipfw table o kern/102471 ipfw [ipfw] [patch] add tos and dscp support o kern/98831 ipfw [ipfw] ipfw has UDP hickups o kern/97951 ipfw [ipfw] [patch] ipfw does not tie interface details to o kern/95084 ipfw [ipfw] [regression] [patch] IPFW2 ignores "recv/xmit/v o kern/93300 ipfw [ipfw] ipfw pipe lost packets o kern/91847 ipfw [ipfw] ipfw with vlanX as the device o kern/88659 ipfw [modules] ipfw and ip6fw do not work properly as modul o kern/87032 ipfw [ipfw] [patch] ipfw ioctl interface implementation o kern/86957 ipfw [ipfw] [patch] ipfw mac logging o bin/83046 ipfw [ipfw] ipfw2 error: "setup" is allowed for icmp, but s o kern/82724 ipfw [ipfw] [patch] [request] Add setnexthop and defaultrou o bin/78785 ipfw [patch] ipfw(8) verbosity locks machine if /etc/rc.fir o kern/74104 ipfw [ipfw] ipfw2/1 conflict not detected or reported, manp o kern/73910 ipfw [ipfw] serious bug on forwarding of packets after NAT o kern/72987 ipfw [ipfw] ipfw/dummynet pipe/queue 'queue [BYTES]KBytes ( o kern/71366 ipfw [ipfw] "ipfw fwd" sometimes rewrites destination mac a o kern/69963 ipfw [ipfw] install_state warning about already existing en o kern/60719 ipfw [ipfw] Headerless fragments generate cryptic error mes o kern/55984 ipfw [ipfw] [patch] time based firewalling support for ipfw o kern/51274 ipfw [ipfw] [patch] ipfw2 create dynamic rules with parent o kern/48172 ipfw [ipfw] [patch] ipfw does not log size and flags o kern/46159 ipfw [ipfw] [patch] [request] ipfw dynamic rules lifetime f a kern/26534 ipfw [ipfw] Add an option to ipfw to log gid/uid of who cau 78 problems total. From owner-freebsd-ipfw@FreeBSD.ORG Mon Mar 28 19:26:07 2011 Return-Path: Delivered-To: freebsd-ipfw@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id DCE87106566B for ; Mon, 28 Mar 2011 19:26:07 +0000 (UTC) (envelope-from freebsd-ipfw@m.gmane.org) Received: from lo.gmane.org (lo.gmane.org [80.91.229.12]) by mx1.freebsd.org (Postfix) with ESMTP id 9438C8FC15 for ; Mon, 28 Mar 2011 19:26:07 +0000 (UTC) Received: from list by lo.gmane.org with local (Exim 4.69) (envelope-from ) id 1Q4Hq7-0008Eo-NH for freebsd-ipfw@freebsd.org; Mon, 28 Mar 2011 21:10:59 +0200 Received: from static-78-8-147-77.ssp.dialog.net.pl ([78.8.147.77]) by main.gmane.org with esmtp (Gmexim 0.1 (Debian)) id 1AlnuQ-0007hv-00 for ; Mon, 28 Mar 2011 21:10:59 +0200 Received: from mwisnicki+freebsd by static-78-8-147-77.ssp.dialog.net.pl with local (Gmexim 0.1 (Debian)) id 1AlnuQ-0007hv-00 for ; Mon, 28 Mar 2011 21:10:59 +0200 X-Injected-Via-Gmane: http://gmane.org/ To: freebsd-ipfw@freebsd.org From: Marcin Wisnicki Date: Mon, 28 Mar 2011 19:10:45 +0000 (UTC) Lines: 26 Message-ID: References: <201103280614.p2S6EKUC032325@freefall.freebsd.org> <20110328064454.GA63583@onelab2.iet.unipi.it> <20110328173822.J33521@sola.nimnet.asn.au> Mime-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit X-Complaints-To: usenet@dough.gmane.org X-Gmane-NNTP-Posting-Host: static-78-8-147-77.ssp.dialog.net.pl User-Agent: Pan/0.134 (Wait for Me; Unknown) Subject: Re: kern/155927: [ipfw] ipfw stops to check bags for compliance with the rules, letting everything Rules X-BeenThere: freebsd-ipfw@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: IPFW Technical Discussions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 28 Mar 2011 19:26:07 -0000 On Mon, 28 Mar 2011 17:51:06 +1100, Ian Smith wrote: > On Mon, 28 Mar 2011, Luigi Rizzo wrote: > > On Mon, Mar 28, 2011 at 06:14:20AM +0000, linimon@freebsd.org wrote: > > > Old Synopsis: Ipfw stops to check bags for compliance with the > > > rules, letting everything Rules New Synopsis: [ipfw] ipfw stops to > > > check bags for compliance with the rules, letting everything Rules > > > > > > Responsible-Changed-From-To: freebsd-standards->freebsd-ipfw > > > Responsible-Changed-By: linimon > > > Responsible-Changed-When: Mon Mar 28 06:13:10 UTC 2011 > > > Responsible-Changed-Why: > > > reclassify, although I do not think there is enough information > > > here to proceed. > > > > interesting use of the term 'bag' for 'packet'! > > Even with that cleared up, I can't make out what it may have to do with > syslogging .. perhaps one of our Russian speakers could intermediate? > I think it means that if newsyslog rotates /var/log/security then ipfw warnings are not logged anymore ;) I haven't seen such behaviour myself and that file is handled by syslog just like many others. From owner-freebsd-ipfw@FreeBSD.ORG Tue Mar 29 16:01:19 2011 Return-Path: Delivered-To: freebsd-ipfw@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 886B8106564A; Tue, 29 Mar 2011 16:01:19 +0000 (UTC) (envelope-from julian@freebsd.org) Received: from vps1.elischer.org (vps1.elischer.org [204.109.63.16]) by mx1.freebsd.org (Postfix) with ESMTP id 33E618FC12; Tue, 29 Mar 2011 16:01:18 +0000 (UTC) Received: from julian-mac.elischer.org (home-nat.elischer.org [67.100.89.137]) (authenticated bits=0) by vps1.elischer.org (8.14.4/8.14.4) with ESMTP id p2TFjdRL021813 (version=TLSv1/SSLv3 cipher=DHE-RSA-CAMELLIA256-SHA bits=256 verify=NO); Tue, 29 Mar 2011 08:45:41 -0700 (PDT) (envelope-from julian@freebsd.org) Message-ID: <4D91FEB9.6030607@freebsd.org> Date: Tue, 29 Mar 2011 08:46:01 -0700 From: Julian Elischer User-Agent: Mozilla/5.0 (Macintosh; U; PPC Mac OS X 10.4; en-US; rv:1.9.2.15) Gecko/20110303 Thunderbird/3.1.9 MIME-Version: 1.0 To: Luigi Rizzo References: <201103280614.p2S6EKUC032325@freefall.freebsd.org> <20110328064454.GA63583@onelab2.iet.unipi.it> In-Reply-To: <20110328064454.GA63583@onelab2.iet.unipi.it> Content-Type: text/plain; charset=ISO-8859-1; format=flowed Content-Transfer-Encoding: 7bit Cc: freebsd-ipfw@freebsd.org, freebsd-standards@freebsd.org, linimon@freebsd.org Subject: Re: kern/155927: [ipfw] ipfw stops to check bags for compliance with the rules, letting everything Rules X-BeenThere: freebsd-ipfw@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: IPFW Technical Discussions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 29 Mar 2011 16:01:19 -0000 On 3/27/11 11:44 PM, Luigi Rizzo wrote: > On Mon, Mar 28, 2011 at 06:14:20AM +0000, linimon@freebsd.org wrote: >> Old Synopsis: Ipfw stops to check bags for compliance with the rules, letting everything Rules >> New Synopsis: [ipfw] ipfw stops to check bags for compliance with the rules, letting everything Rules >> >> Responsible-Changed-From-To: freebsd-standards->freebsd-ipfw >> Responsible-Changed-By: linimon >> Responsible-Changed-When: Mon Mar 28 06:13:10 UTC 2011 >> Responsible-Changed-Why: >> reclassify, although I do not think there is enough information here >> to proceed. > interesting use of the term 'bag' for 'packet'! google translate for someone who doesn't speak english.. > _______________________________________________ > freebsd-ipfw@freebsd.org mailing list > http://lists.freebsd.org/mailman/listinfo/freebsd-ipfw > To unsubscribe, send any mail to "freebsd-ipfw-unsubscribe@freebsd.org" > From owner-freebsd-ipfw@FreeBSD.ORG Wed Mar 30 09:35:20 2011 Return-Path: Delivered-To: freebsd-ipfw@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id B141C106567B for ; Wed, 30 Mar 2011 09:35:20 +0000 (UTC) (envelope-from smithi@nimnet.asn.au) Received: from sola.nimnet.asn.au (paqi.nimnet.asn.au [115.70.110.159]) by mx1.freebsd.org (Postfix) with ESMTP id 2D90F8FC12 for ; Wed, 30 Mar 2011 09:35:19 +0000 (UTC) Received: from localhost (localhost [127.0.0.1]) by sola.nimnet.asn.au (8.14.2/8.14.2) with ESMTP id p2U9ZIp4034521; Wed, 30 Mar 2011 20:35:18 +1100 (EST) (envelope-from smithi@nimnet.asn.au) Date: Wed, 30 Mar 2011 20:35:18 +1100 (EST) From: Ian Smith To: Marcin Wisnicki In-Reply-To: Message-ID: <20110330195614.P33521@sola.nimnet.asn.au> References: <201103280614.p2S6EKUC032325@freefall.freebsd.org> <20110328064454.GA63583@onelab2.iet.unipi.it> <20110328173822.J33521@sola.nimnet.asn.au> MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Cc: freebsd-ipfw@freebsd.org Subject: Re: kern/155927: [ipfw] ipfw stops to check bags for compliance with the rules, letting everything Rules X-BeenThere: freebsd-ipfw@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: IPFW Technical Discussions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 30 Mar 2011 09:35:20 -0000 On Mon, 28 Mar 2011, Marcin Wisnicki wrote: > On Mon, 28 Mar 2011 17:51:06 +1100, Ian Smith wrote: > > > On Mon, 28 Mar 2011, Luigi Rizzo wrote: > > > On Mon, Mar 28, 2011 at 06:14:20AM +0000, linimon@freebsd.org wrote: > > > > Old Synopsis: Ipfw stops to check bags for compliance with the > > > > rules, letting everything Rules New Synopsis: [ipfw] ipfw stops to > > > > check bags for compliance with the rules, letting everything Rules > > > > > > > > Responsible-Changed-From-To: freebsd-standards->freebsd-ipfw > > > > Responsible-Changed-By: linimon > > > > Responsible-Changed-When: Mon Mar 28 06:13:10 UTC 2011 > > > > Responsible-Changed-Why: > > > > reclassify, although I do not think there is enough information > > > > here to proceed. > > > > > > interesting use of the term 'bag' for 'packet'! > > > > Even with that cleared up, I can't make out what it may have to do with > > syslogging .. perhaps one of our Russian speakers could intermediate? > > > > I think it means that if newsyslog rotates /var/log/security then ipfw > warnings are not logged anymore ;) I've tried imagining how that could happen, without success - unless /var/log/security somehow wasn't truncated by newsyslog on rotation? % grep security /etc/*syslog.conf /etc/syslog.conf:security.* /var/log/security /etc/newsyslog.conf:/var/log/security 640 21 500 * J > I haven't seen such behaviour myself and that file is handled by syslog > just like many others. +1. Smells a bit like permissions .. from thousands of miles away :) cheers, Ian From owner-freebsd-ipfw@FreeBSD.ORG Thu Mar 31 16:40:11 2011 Return-Path: Delivered-To: freebsd-ipfw@hub.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 51F26106566B for ; Thu, 31 Mar 2011 16:40:11 +0000 (UTC) (envelope-from gnats@FreeBSD.org) Received: from freefall.freebsd.org (freefall.freebsd.org [IPv6:2001:4f8:fff6::28]) by mx1.freebsd.org (Postfix) with ESMTP id 2822E8FC14 for ; Thu, 31 Mar 2011 16:40:11 +0000 (UTC) Received: from freefall.freebsd.org (localhost [127.0.0.1]) by freefall.freebsd.org (8.14.4/8.14.4) with ESMTP id p2VGeBx2066540 for ; Thu, 31 Mar 2011 16:40:11 GMT (envelope-from gnats@freefall.freebsd.org) Received: (from gnats@localhost) by freefall.freebsd.org (8.14.4/8.14.4/Submit) id p2VGeBkP066539; Thu, 31 Mar 2011 16:40:11 GMT (envelope-from gnats) Date: Thu, 31 Mar 2011 16:40:11 GMT Message-Id: <201103311640.p2VGeBkP066539@freefall.freebsd.org> To: freebsd-ipfw@FreeBSD.org From: dfilter@FreeBSD.ORG (dfilter service) Cc: Subject: Re: kern/153415: commit references a PR X-BeenThere: freebsd-ipfw@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list Reply-To: dfilter service List-Id: IPFW Technical Discussions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 31 Mar 2011 16:40:11 -0000 The following reply was made to PR kern/153415; it has been noted by GNATS. From: dfilter@FreeBSD.ORG (dfilter service) To: bug-followup@FreeBSD.org Cc: Subject: Re: kern/153415: commit references a PR Date: Thu, 31 Mar 2011 16:30:24 +0000 (UTC) Author: ae Date: Thu Mar 31 16:30:14 2011 New Revision: 220211 URL: http://svn.freebsd.org/changeset/base/220211 Log: Fill up src_port and dst_port variables for SCTP over IPv4. PR: kern/153415 MFC after: 1 week Modified: head/sys/netinet/ipfw/ip_fw2.c Modified: head/sys/netinet/ipfw/ip_fw2.c ============================================================================== --- head/sys/netinet/ipfw/ip_fw2.c Thu Mar 31 16:19:53 2011 (r220210) +++ head/sys/netinet/ipfw/ip_fw2.c Thu Mar 31 16:30:14 2011 (r220211) @@ -1123,6 +1123,12 @@ do { \ args->f_id._flags = TCP(ulp)->th_flags; break; + case IPPROTO_SCTP: + PULLUP_TO(hlen, ulp, struct sctphdr); + src_port = SCTP(ulp)->src_port; + dst_port = SCTP(ulp)->dest_port; + break; + case IPPROTO_UDP: PULLUP_TO(hlen, ulp, struct udphdr); dst_port = UDP(ulp)->uh_dport; _______________________________________________ svn-src-all@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/svn-src-all To unsubscribe, send any mail to "svn-src-all-unsubscribe@freebsd.org" From owner-freebsd-ipfw@FreeBSD.ORG Thu Mar 31 17:11:19 2011 Return-Path: Delivered-To: freebsd-ipfw@hub.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id ECE00106566B; Thu, 31 Mar 2011 17:11:19 +0000 (UTC) (envelope-from ae@FreeBSD.org) Received: from freefall.freebsd.org (freefall.freebsd.org [IPv6:2001:4f8:fff6::28]) by mx1.freebsd.org (Postfix) with ESMTP id C56E58FC08; Thu, 31 Mar 2011 17:11:19 +0000 (UTC) Received: from freefall.freebsd.org (localhost [127.0.0.1]) by freefall.freebsd.org (8.14.4/8.14.4) with ESMTP id p2VHBJEi000304; Thu, 31 Mar 2011 17:11:19 GMT (envelope-from ae@freefall.freebsd.org) Received: (from ae@localhost) by freefall.freebsd.org (8.14.4/8.14.4/Submit) id p2VHBJ8n000300; Thu, 31 Mar 2011 17:11:19 GMT (envelope-from ae) Date: Thu, 31 Mar 2011 17:11:19 GMT Message-Id: <201103311711.p2VHBJ8n000300@freefall.freebsd.org> To: boris@tagnet.ru, ae@FreeBSD.org, freebsd-ipfw@FreeBSD.org From: ae@FreeBSD.org Cc: Subject: Re: kern/152887: [ipfw] Can not set more then 1024 buckets with buckets flag X-BeenThere: freebsd-ipfw@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: IPFW Technical Discussions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 31 Mar 2011 17:11:20 -0000 Synopsis: [ipfw] Can not set more then 1024 buckets with buckets flag State-Changed-From-To: open->analyzed State-Changed-By: ae State-Changed-When: Thu Mar 31 16:51:11 UTC 2011 State-Changed-Why: There is a bug in ipdn_bound_var() function. It is designed to bound variables between minimum and maximum values. But it does not work as expected and user can set value bigger than maximum allowed. So, i can fix this function and you will not be able to set 8k value for buckets. The hardcoded maximum for buckets is 1024. Are you agree with this change? http://www.freebsd.org/cgi/query-pr.cgi?pr=152887