From owner-freebsd-ipfw@FreeBSD.ORG Sun May 29 10:50:10 2011 Return-Path: Delivered-To: freebsd-ipfw@hub.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id A38641065670 for ; Sun, 29 May 2011 10:50:10 +0000 (UTC) (envelope-from gnats@FreeBSD.org) Received: from freefall.freebsd.org (freefall.freebsd.org [IPv6:2001:4f8:fff6::28]) by mx1.freebsd.org (Postfix) with ESMTP id 8DA7B8FC0C for ; Sun, 29 May 2011 10:50:10 +0000 (UTC) Received: from freefall.freebsd.org (localhost [127.0.0.1]) by freefall.freebsd.org (8.14.4/8.14.4) with ESMTP id p4TAoAvj077033 for ; Sun, 29 May 2011 10:50:10 GMT (envelope-from gnats@freefall.freebsd.org) Received: (from gnats@localhost) by freefall.freebsd.org (8.14.4/8.14.4/Submit) id p4TAoAY2077032; Sun, 29 May 2011 10:50:10 GMT (envelope-from gnats) Date: Sun, 29 May 2011 10:50:10 GMT Message-Id: <201105291050.p4TAoAY2077032@freefall.freebsd.org> To: freebsd-ipfw@FreeBSD.org From: "Andrey V. Elsukov" Cc: Subject: Re: kern/147720: [ipfw] ipfw dynamic rules and fwd X-BeenThere: freebsd-ipfw@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list Reply-To: "Andrey V. Elsukov" List-Id: IPFW Technical Discussions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sun, 29 May 2011 10:50:10 -0000 The following reply was made to PR kern/147720; it has been noted by GNATS. From: "Andrey V. Elsukov" To: bug-followup@FreeBSD.org, dima_bsd@inbox.lv Cc: Subject: Re: kern/147720: [ipfw] ipfw dynamic rules and fwd Date: Sun, 29 May 2011 14:41:03 +0400 This is an OpenPGP/MIME signed message (RFC 2440 and 3156) --------------enig6179B1AC85A77AA253EA07DD Content-Type: text/plain; charset=KOI8-R Content-Transfer-Encoding: quoted-printable Hi, are you sure that this patch works? Do you have working configuration? --=20 WBR, Andrey V. Elsukov --------------enig6179B1AC85A77AA253EA07DD Content-Type: application/pgp-signature; name="signature.asc" Content-Description: OpenPGP digital signature Content-Disposition: attachment; filename="signature.asc" -----BEGIN PGP SIGNATURE----- Version: GnuPG v2.0.17 (FreeBSD) iQEcBAEBAgAGBQJN4iK/AAoJEAHF6gQQyKF62RwH/iuvANPzSdAvCSTKeNtC5jv3 eBPgjbubEhv3/MMppzyd0FNM1/uRq9Rzk5XflozChhVOn00MXLc43TJ0Ow2wBUYJ K85rUnbeFnjmoEipXnqwtF+z8wj6YMKFM26k83MTm01IIZpN7N813AH3RC0OKyVk ktgXHNcf0Kx+E/GTngIIr+HHRXpmPgFd30unz6QaoE0UNDwvgA/eJT2x4sJw9GoW ivCTFkTgPxEpUJ2YMhh6d4rK3tx3/cLUTOOPshcDoqhY+kwm9EyiVBmZm2xui9Eu pV5BgIQfi+JM8pxVso5cuuT42ri8OWrSMPyuB2q5EnTcqF4UriucFz+UnfGQFfA= =+F6w -----END PGP SIGNATURE----- --------------enig6179B1AC85A77AA253EA07DD-- From owner-freebsd-ipfw@FreeBSD.ORG Sun May 29 23:40:25 2011 Return-Path: Delivered-To: freebsd-ipfw@hub.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 43E0B1065686; Sun, 29 May 2011 23:40:25 +0000 (UTC) (envelope-from linimon@FreeBSD.org) Received: from freefall.freebsd.org (freefall.freebsd.org [IPv6:2001:4f8:fff6::28]) by mx1.freebsd.org (Postfix) with ESMTP id 1C99C8FC14; Sun, 29 May 2011 23:40:25 +0000 (UTC) Received: from freefall.freebsd.org (localhost [127.0.0.1]) by freefall.freebsd.org (8.14.4/8.14.4) with ESMTP id p4TNeOkx085032; Sun, 29 May 2011 23:40:24 GMT (envelope-from linimon@freefall.freebsd.org) Received: (from linimon@localhost) by freefall.freebsd.org (8.14.4/8.14.4/Submit) id p4TNeON6085028; Sun, 29 May 2011 23:40:24 GMT (envelope-from linimon) Date: Sun, 29 May 2011 23:40:24 GMT Message-Id: <201105292340.p4TNeON6085028@freefall.freebsd.org> To: linimon@FreeBSD.org, freebsd-i386@FreeBSD.org, freebsd-ipfw@FreeBSD.org From: linimon@FreeBSD.org Cc: Subject: Re: kern/157379: [ipfw] mtr does not work if I use ipfw nat X-BeenThere: freebsd-ipfw@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: IPFW Technical Discussions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sun, 29 May 2011 23:40:25 -0000 Old Synopsis: mtr does not work if I use ipfw nat New Synopsis: [ipfw] mtr does not work if I use ipfw nat Responsible-Changed-From-To: freebsd-i386->freebsd-ipfw Responsible-Changed-By: linimon Responsible-Changed-When: Sun May 29 23:40:09 UTC 2011 Responsible-Changed-Why: reclassify. http://www.freebsd.org/cgi/query-pr.cgi?pr=157379 From owner-freebsd-ipfw@FreeBSD.ORG Mon May 30 05:40:00 2011 Return-Path: Delivered-To: freebsd-ipfw@hub.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id A88EA1065673; Mon, 30 May 2011 05:40:00 +0000 (UTC) (envelope-from ae@FreeBSD.org) Received: from freefall.freebsd.org (freefall.freebsd.org [IPv6:2001:4f8:fff6::28]) by mx1.freebsd.org (Postfix) with ESMTP id 80C878FC17; Mon, 30 May 2011 05:40:00 +0000 (UTC) Received: from freefall.freebsd.org (localhost [127.0.0.1]) by freefall.freebsd.org (8.14.4/8.14.4) with ESMTP id p4U5e0E9019317; Mon, 30 May 2011 05:40:00 GMT (envelope-from ae@freefall.freebsd.org) Received: (from ae@localhost) by freefall.freebsd.org (8.14.4/8.14.4/Submit) id p4U5e0Vu019313; Mon, 30 May 2011 05:40:00 GMT (envelope-from ae) Date: Mon, 30 May 2011 05:40:00 GMT Message-Id: <201105300540.p4U5e0Vu019313@freefall.freebsd.org> To: melifaro@ipfw.ru, ae@FreeBSD.org, freebsd-ipfw@FreeBSD.org From: ae@FreeBSD.org Cc: Subject: Re: kern/156410: [patch][ipfw] tablearg option for ipfw setfib X-BeenThere: freebsd-ipfw@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: IPFW Technical Discussions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 30 May 2011 05:40:00 -0000 Synopsis: [patch][ipfw] tablearg option for ipfw setfib State-Changed-From-To: open->patched State-Changed-By: ae State-Changed-When: Mon May 30 05:39:27 UTC 2011 State-Changed-Why: Commited to head/. Thanks! http://www.freebsd.org/cgi/query-pr.cgi?pr=156410 From owner-freebsd-ipfw@FreeBSD.ORG Mon May 30 05:40:11 2011 Return-Path: Delivered-To: freebsd-ipfw@hub.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id A4F281065676 for ; Mon, 30 May 2011 05:40:11 +0000 (UTC) (envelope-from gnats@FreeBSD.org) Received: from freefall.freebsd.org (freefall.freebsd.org [IPv6:2001:4f8:fff6::28]) by mx1.freebsd.org (Postfix) with ESMTP id 8B3C08FC0C for ; Mon, 30 May 2011 05:40:11 +0000 (UTC) Received: from freefall.freebsd.org (localhost [127.0.0.1]) by freefall.freebsd.org (8.14.4/8.14.4) with ESMTP id p4U5eBm8019403 for ; Mon, 30 May 2011 05:40:11 GMT (envelope-from gnats@freefall.freebsd.org) Received: (from gnats@localhost) by freefall.freebsd.org (8.14.4/8.14.4/Submit) id p4U5eB5n019402; Mon, 30 May 2011 05:40:11 GMT (envelope-from gnats) Date: Mon, 30 May 2011 05:40:11 GMT Message-Id: <201105300540.p4U5eB5n019402@freefall.freebsd.org> To: freebsd-ipfw@FreeBSD.org From: dfilter@FreeBSD.ORG (dfilter service) Cc: Subject: Re: kern/156410: commit references a PR X-BeenThere: freebsd-ipfw@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list Reply-To: dfilter service List-Id: IPFW Technical Discussions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 30 May 2011 05:40:11 -0000 The following reply was made to PR kern/156410; it has been noted by GNATS. From: dfilter@FreeBSD.ORG (dfilter service) To: bug-followup@FreeBSD.org Cc: Subject: Re: kern/156410: commit references a PR Date: Mon, 30 May 2011 05:37:40 +0000 (UTC) Author: ae Date: Mon May 30 05:37:26 2011 New Revision: 222473 URL: http://svn.freebsd.org/changeset/base/222473 Log: Add tablearg support for ipfw setfib. PR: kern/156410 MFC after: 2 weeks Modified: head/sbin/ipfw/ipfw.8 head/sbin/ipfw/ipfw2.c head/sys/netinet/ipfw/ip_fw2.c head/sys/netinet/ipfw/ip_fw_sockopt.c Modified: head/sbin/ipfw/ipfw.8 ============================================================================== --- head/sbin/ipfw/ipfw.8 Mon May 30 04:23:33 2011 (r222472) +++ head/sbin/ipfw/ipfw.8 Mon May 30 05:37:26 2011 (r222473) @@ -1,7 +1,7 @@ .\" .\" $FreeBSD$ .\" -.Dd July 27, 2010 +.Dd May 30, 2011 .Dt IPFW 8 .Os .Sh NAME @@ -871,13 +871,16 @@ for more information on and .Cm ngtee actions. -.It Cm setfib Ar fibnum +.It Cm setfib Ar fibnum | tablearg The packet is tagged so as to use the FIB (routing table) .Ar fibnum in any subsequent forwarding decisions. Initially this is limited to the values 0 through 15, see .Xr setfib 1 . Processing continues at the next rule. +It is possible to use the +.Cm tablearg +keyword with a setfib. If tablearg value is not within compiled FIB range packet fib is set to 0. .It Cm reass Queue and reassemble ip fragments. If the packet is not fragmented, counters are updated and processing continues with the next rule. @@ -1711,7 +1714,7 @@ is used. The .Cm tablearg argument can be used with the following actions: -.Cm nat, pipe , queue, divert, tee, netgraph, ngtee, fwd, skipto +.Cm nat, pipe , queue, divert, tee, netgraph, ngtee, fwd, skipto, setfib, action parameters: .Cm tag, untag, rule options: Modified: head/sbin/ipfw/ipfw2.c ============================================================================== --- head/sbin/ipfw/ipfw2.c Mon May 30 04:23:33 2011 (r222472) +++ head/sbin/ipfw/ipfw2.c Mon May 30 05:37:26 2011 (r222473) @@ -2835,14 +2835,19 @@ chkarg: size_t intsize = sizeof(int); action->opcode = O_SETFIB; - NEED1("missing fib number"); - action->arg1 = strtoul(*av, NULL, 10); - if (sysctlbyname("net.fibs", &numfibs, &intsize, NULL, 0) == -1) - errx(EX_DATAERR, "fibs not suported.\n"); - if (action->arg1 >= numfibs) /* Temporary */ - errx(EX_DATAERR, "fib too large.\n"); - av++; - break; + NEED1("missing fib number"); + if (_substrcmp(*av, "tablearg") == 0) { + action->arg1 = IP_FW_TABLEARG; + } else { + action->arg1 = strtoul(*av, NULL, 10); + if (sysctlbyname("net.fibs", &numfibs, &intsize, + NULL, 0) == -1) + errx(EX_DATAERR, "fibs not suported.\n"); + if (action->arg1 >= numfibs) /* Temporary */ + errx(EX_DATAERR, "fib too large.\n"); + } + av++; + break; } case TOK_REASS: Modified: head/sys/netinet/ipfw/ip_fw2.c ============================================================================== --- head/sys/netinet/ipfw/ip_fw2.c Mon May 30 04:23:33 2011 (r222472) +++ head/sys/netinet/ipfw/ip_fw2.c Mon May 30 05:37:26 2011 (r222473) @@ -2137,14 +2137,21 @@ do { \ done = 1; /* exit outer loop */ break; - case O_SETFIB: + case O_SETFIB: { + uint32_t fib; + f->pcnt++; /* update stats */ f->bcnt += pktlen; f->timestamp = time_uptime; - M_SETFIB(m, cmd->arg1); - args->f_id.fib = cmd->arg1; + fib = (cmd->arg1 == IP_FW_TABLEARG) ? tablearg: + cmd->arg1; + if (fib >= rt_numfibs) + fib = 0; + M_SETFIB(m, fib); + args->f_id.fib = fib; l = 0; /* exit inner loop */ break; + } case O_NAT: if (!IPFW_NAT_LOADED) { Modified: head/sys/netinet/ipfw/ip_fw_sockopt.c ============================================================================== --- head/sys/netinet/ipfw/ip_fw_sockopt.c Mon May 30 04:23:33 2011 (r222472) +++ head/sys/netinet/ipfw/ip_fw_sockopt.c Mon May 30 05:37:26 2011 (r222473) @@ -606,7 +606,7 @@ check_ipfw_struct(struct ip_fw *rule, in case O_SETFIB: if (cmdlen != F_INSN_SIZE(ipfw_insn)) goto bad_size; - if (cmd->arg1 >= rt_numfibs) { + if ((cmd->arg1 != IP_FW_TABLEARG) && (cmd->arg1 >= rt_numfibs)) { printf("ipfw: invalid fib number %d\n", cmd->arg1); return EINVAL; _______________________________________________ svn-src-all@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/svn-src-all To unsubscribe, send any mail to "svn-src-all-unsubscribe@freebsd.org" From owner-freebsd-ipfw@FreeBSD.ORG Mon May 30 11:07:01 2011 Return-Path: Delivered-To: freebsd-ipfw@FreeBSD.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 891BC106566C for ; Mon, 30 May 2011 11:07:01 +0000 (UTC) (envelope-from owner-bugmaster@FreeBSD.org) Received: from freefall.freebsd.org (freefall.freebsd.org [IPv6:2001:4f8:fff6::28]) by mx1.freebsd.org (Postfix) with ESMTP id 785BE8FC15 for ; Mon, 30 May 2011 11:07:01 +0000 (UTC) Received: from freefall.freebsd.org (localhost [127.0.0.1]) by freefall.freebsd.org (8.14.4/8.14.4) with ESMTP id p4UB71Na050412 for ; Mon, 30 May 2011 11:07:01 GMT (envelope-from owner-bugmaster@FreeBSD.org) Received: (from gnats@localhost) by freefall.freebsd.org (8.14.4/8.14.4/Submit) id p4UB700X050410 for freebsd-ipfw@FreeBSD.org; Mon, 30 May 2011 11:07:00 GMT (envelope-from owner-bugmaster@FreeBSD.org) Date: Mon, 30 May 2011 11:07:00 GMT Message-Id: <201105301107.p4UB700X050410@freefall.freebsd.org> X-Authentication-Warning: freefall.freebsd.org: gnats set sender to owner-bugmaster@FreeBSD.org using -f From: FreeBSD bugmaster To: freebsd-ipfw@FreeBSD.org Cc: Subject: Current problem reports assigned to freebsd-ipfw@FreeBSD.org X-BeenThere: freebsd-ipfw@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: IPFW Technical Discussions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 30 May 2011 11:07:01 -0000 Note: to view an individual PR, use: http://www.freebsd.org/cgi/query-pr.cgi?pr=(number). The following is a listing of current problems submitted by FreeBSD users. These represent problem reports covering all versions including experimental development code and obsolete releases. S Tracker Resp. Description -------------------------------------------------------------------------------- o kern/157379 ipfw [ipfw] mtr does not work if I use ipfw nat o kern/157239 ipfw [ipfw] [dummynet] ipfw + dummynet corrupts ipv6 packet o kern/156770 ipfw [ipfw] [dummynet] [patch]: performance improvement and o bin/156653 ipfw ipfw(8) reports missing file as parameter problem p kern/156410 ipfw [patch][ipfw] tablearg option for ipfw setfib o kern/155927 ipfw [ipfw] ipfw stops to check packets for compliance with o bin/153252 ipfw [ipfw][patch] ipfw lockdown system in subsequent call o kern/153161 ipfw IPFIREWALL does not allow specify rules with ICMP code o kern/152113 ipfw [ipfw] page fault on 8.1-RELEASE caused by certain amo o kern/150798 ipfw [ipfw] ipfw2 fwd rule matches packets but does not do o kern/148827 ipfw [ipfw] divert broken with in-kernel ipfw o kern/148689 ipfw [ipfw] antispoof wrongly triggers on link local IPv6 a o kern/148430 ipfw [ipfw] IPFW schedule delete broken. o kern/148157 ipfw [ipfw] IPFW in kernel nat BUG found in FreeBSD 8.1-PRE o kern/148091 ipfw [ipfw] ipfw ipv6 handling broken. o kern/147720 ipfw [ipfw] ipfw dynamic rules and fwd o kern/145305 ipfw [ipfw] ipfw problems, panics, data corruption, ipv6 so o kern/144269 ipfw [ipfw] problem with ipfw tables o kern/144187 ipfw [ipfw] deadlock using multiple ipfw nat and multiple l o kern/143973 ipfw [ipfw] [panic] ipfw forward option causes kernel reboo o kern/143621 ipfw [ipfw] [dummynet] [patch] dummynet and vnet use result o kern/143474 ipfw [ipfw] ipfw table contains the same address f kern/142951 ipfw [dummynet] using pipes&queues gives OUCH! pipe should o kern/139581 ipfw [ipfw] "ipfw pipe" not limiting bandwidth o kern/139226 ipfw [ipfw] install_state: entry already present, done o kern/137346 ipfw [ipfw] ipfw nat redirect_proto is broken o kern/137232 ipfw [ipfw] parser troubles o kern/136695 ipfw [ipfw] [patch] fwd reached after skipto in dynamic rul o kern/135476 ipfw [ipfw] IPFW table breaks after adding a large number o o bin/134975 ipfw [patch] ipfw(8) can't work with set in rule file. o kern/131817 ipfw [ipfw] blocks layer2 packets that should not be blocke o kern/131601 ipfw [ipfw] [panic] 7-STABLE panic in nat_finalise (tcp=0) o kern/131558 ipfw [ipfw] Inconsistent "via" ipfw behavior o bin/130132 ipfw [patch] ipfw(8): no way to get mask from ipfw pipe sho o kern/129103 ipfw [ipfw] IPFW check state does not work =( o kern/129093 ipfw [ipfw] ipfw nat must not drop packets o kern/129036 ipfw [ipfw] 'ipfw fwd' does not change outgoing interface n o kern/128260 ipfw [ipfw] [patch] ipfw_divert damages IPv6 packets o kern/127230 ipfw [ipfw] [patch] Feature request to add UID and/or GID l o kern/127209 ipfw [ipfw] IPFW table become corrupted after many changes o bin/125370 ipfw [ipfw] [patch] increase a line buffer limit o conf/123119 ipfw [patch] rc script for ipfw does not handle IPv6 o kern/122963 ipfw [ipfw] tcpdump does not show packets redirected by 'ip o kern/122109 ipfw [ipfw] ipfw nat traceroute problem s kern/121807 ipfw [request] TCP and UDP port_table in ipfw o kern/121382 ipfw [dummynet] 6.3-RELEASE-p1 page fault in dummynet (corr o kern/121122 ipfw [ipfw] [patch] add support to ToS IP PRECEDENCE fields o kern/118993 ipfw [ipfw] page fault - probably it's a locking problem o bin/117214 ipfw ipfw(8) fwd with IPv6 treats input as IPv4 o kern/116009 ipfw [ipfw] [patch] Ignore errors when loading ruleset from o docs/113803 ipfw [patch] ipfw(8) - don't get bitten by the fwd rule o kern/112561 ipfw [ipfw] ipfw fwd does not work with some TCP packets o kern/105330 ipfw [ipfw] [patch] ipfw (dummynet) does not allow to set q o bin/104921 ipfw [patch] ipfw(8) sometimes treats ipv6 input as ipv4 (a o kern/104682 ipfw [ipfw] [patch] Some minor language consistency fixes a o kern/103454 ipfw [ipfw] [patch] [request] add a facility to modify DF b o kern/103328 ipfw [ipfw] [request] sugestions about ipfw table o kern/102471 ipfw [ipfw] [patch] add tos and dscp support o kern/98831 ipfw [ipfw] ipfw has UDP hickups o kern/97951 ipfw [ipfw] [patch] ipfw does not tie interface details to o kern/95084 ipfw [ipfw] [regression] [patch] IPFW2 ignores "recv/xmit/v o kern/93300 ipfw [ipfw] ipfw pipe lost packets o kern/91847 ipfw [ipfw] ipfw with vlanX as the device o kern/88659 ipfw [modules] ipfw and ip6fw do not work properly as modul o kern/87032 ipfw [ipfw] [patch] ipfw ioctl interface implementation o kern/86957 ipfw [ipfw] [patch] ipfw mac logging o bin/83046 ipfw [ipfw] ipfw2 error: "setup" is allowed for icmp, but s o kern/82724 ipfw [ipfw] [patch] [request] Add setnexthop and defaultrou o bin/78785 ipfw [patch] ipfw(8) verbosity locks machine if /etc/rc.fir o kern/74104 ipfw [ipfw] ipfw2/1 conflict not detected or reported, manp o kern/73910 ipfw [ipfw] serious bug on forwarding of packets after NAT o kern/72987 ipfw [ipfw] ipfw/dummynet pipe/queue 'queue [BYTES]KBytes ( o kern/71366 ipfw [ipfw] "ipfw fwd" sometimes rewrites destination mac a o kern/69963 ipfw [ipfw] install_state warning about already existing en o kern/60719 ipfw [ipfw] Headerless fragments generate cryptic error mes o kern/55984 ipfw [ipfw] [patch] time based firewalling support for ipfw o kern/51274 ipfw [ipfw] [patch] ipfw2 create dynamic rules with parent o kern/48172 ipfw [ipfw] [patch] ipfw does not log size and flags o kern/46159 ipfw [ipfw] [patch] [request] ipfw dynamic rules lifetime f a kern/26534 ipfw [ipfw] Add an option to ipfw to log gid/uid of who cau 80 problems total. From owner-freebsd-ipfw@FreeBSD.ORG Mon May 30 11:30:15 2011 Return-Path: Delivered-To: freebsd-ipfw@hub.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 6A69B106564A for ; Mon, 30 May 2011 11:30:15 +0000 (UTC) (envelope-from gnats@FreeBSD.org) Received: from freefall.freebsd.org (freefall.freebsd.org [IPv6:2001:4f8:fff6::28]) by mx1.freebsd.org (Postfix) with ESMTP id 418F78FC18 for ; Mon, 30 May 2011 11:30:15 +0000 (UTC) Received: from freefall.freebsd.org (localhost [127.0.0.1]) by freefall.freebsd.org (8.14.4/8.14.4) with ESMTP id p4UBUE7x071293 for ; Mon, 30 May 2011 11:30:14 GMT (envelope-from gnats@freefall.freebsd.org) Received: (from gnats@localhost) by freefall.freebsd.org (8.14.4/8.14.4/Submit) id p4UBUE0h071288; Mon, 30 May 2011 11:30:14 GMT (envelope-from gnats) Date: Mon, 30 May 2011 11:30:14 GMT Message-Id: <201105301130.p4UBUE0h071288@freefall.freebsd.org> To: freebsd-ipfw@FreeBSD.org From: "Alexander V. Chernikov" Cc: Subject: Re: kern/157379: [ipfw] mtr does not work if I use ipfw nat X-BeenThere: freebsd-ipfw@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list Reply-To: "Alexander V. Chernikov" List-Id: IPFW Technical Discussions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 30 May 2011 11:30:15 -0000 The following reply was made to PR kern/157379; it has been noted by GNATS. From: "Alexander V. Chernikov" To: bug-followup@FreeBSD.org, kes-kes@yandex.ru Cc: Subject: Re: kern/157379: [ipfw] mtr does not work if I use ipfw nat Date: Mon, 30 May 2011 15:23:34 +0400 This seems to be a duplicate of kern/122109 From owner-freebsd-ipfw@FreeBSD.ORG Mon May 30 12:10:13 2011 Return-Path: Delivered-To: freebsd-ipfw@hub.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 1071A1065679 for ; Mon, 30 May 2011 12:10:13 +0000 (UTC) (envelope-from gnats@FreeBSD.org) Received: from freefall.freebsd.org (freefall.freebsd.org [IPv6:2001:4f8:fff6::28]) by mx1.freebsd.org (Postfix) with ESMTP id 21F888FC14 for ; Mon, 30 May 2011 12:10:12 +0000 (UTC) Received: from freefall.freebsd.org (localhost [127.0.0.1]) by freefall.freebsd.org (8.14.4/8.14.4) with ESMTP id p4UCACtk010193 for ; Mon, 30 May 2011 12:10:12 GMT (envelope-from gnats@freefall.freebsd.org) Received: (from gnats@localhost) by freefall.freebsd.org (8.14.4/8.14.4/Submit) id p4UCABiD010192; Mon, 30 May 2011 12:10:11 GMT (envelope-from gnats) Date: Mon, 30 May 2011 12:10:11 GMT Message-Id: <201105301210.p4UCABiD010192@freefall.freebsd.org> To: freebsd-ipfw@FreeBSD.org From: "Andrey V. Elsukov" Cc: Subject: Re: kern/150798: [ipfw] ipfw2 fwd rule matches packets but does not do the job in fact. X-BeenThere: freebsd-ipfw@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list Reply-To: "Andrey V. Elsukov" List-Id: IPFW Technical Discussions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 30 May 2011 12:10:13 -0000 The following reply was made to PR kern/150798; it has been noted by GNATS. From: "Andrey V. Elsukov" To: bug-followup@FreeBSD.org, av@holymail.biz Cc: Subject: Re: kern/150798: [ipfw] ipfw2 fwd rule matches packets but does not do the job in fact. Date: Mon, 30 May 2011 15:37:16 +0400 Hi, It seems your problem is the same as described in kern/147720. Can you test the following patch? http://people.freebsd.org/~ae/ipfw_fwd.diff -- WBR, Andrey V. Elsukov From owner-freebsd-ipfw@FreeBSD.ORG Mon May 30 12:10:14 2011 Return-Path: Delivered-To: freebsd-ipfw@hub.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 233241065673 for ; Mon, 30 May 2011 12:10:14 +0000 (UTC) (envelope-from gnats@FreeBSD.org) Received: from freefall.freebsd.org (freefall.freebsd.org [IPv6:2001:4f8:fff6::28]) by mx1.freebsd.org (Postfix) with ESMTP id EEE8E8FC08 for ; Mon, 30 May 2011 12:10:13 +0000 (UTC) Received: from freefall.freebsd.org (localhost [127.0.0.1]) by freefall.freebsd.org (8.14.4/8.14.4) with ESMTP id p4UCADkO010201 for ; Mon, 30 May 2011 12:10:13 GMT (envelope-from gnats@freefall.freebsd.org) Received: (from gnats@localhost) by freefall.freebsd.org (8.14.4/8.14.4/Submit) id p4UCAD0M010200; Mon, 30 May 2011 12:10:13 GMT (envelope-from gnats) Date: Mon, 30 May 2011 12:10:13 GMT Message-Id: <201105301210.p4UCAD0M010200@freefall.freebsd.org> To: freebsd-ipfw@FreeBSD.org From: "Andrey V. Elsukov" Cc: Subject: Re: kern/147720: [ipfw] ipfw dynamic rules and fwd X-BeenThere: freebsd-ipfw@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list Reply-To: "Andrey V. Elsukov" List-Id: IPFW Technical Discussions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 30 May 2011 12:10:14 -0000 The following reply was made to PR kern/147720; it has been noted by GNATS. From: "Andrey V. Elsukov" To: bug-followup@FreeBSD.org, dima_bsd@inbox.lv Cc: Subject: Re: kern/147720: [ipfw] ipfw dynamic rules and fwd Date: Mon, 30 May 2011 15:37:52 +0400 Hi, Can you test the following patch? http://people.freebsd.org/~ae/ipfw_fwd.diff -- WBR, Andrey V. Elsukov From owner-freebsd-ipfw@FreeBSD.ORG Tue May 31 09:40:10 2011 Return-Path: Delivered-To: freebsd-ipfw@hub.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id CAFAB106566B for ; Tue, 31 May 2011 09:40:10 +0000 (UTC) (envelope-from gnats@FreeBSD.org) Received: from freefall.freebsd.org (freefall.freebsd.org [IPv6:2001:4f8:fff6::28]) by mx1.freebsd.org (Postfix) with ESMTP id BBE258FC1F for ; Tue, 31 May 2011 09:40:10 +0000 (UTC) Received: from freefall.freebsd.org (localhost [127.0.0.1]) by freefall.freebsd.org (8.14.4/8.14.4) with ESMTP id p4V9eARt028023 for ; Tue, 31 May 2011 09:40:10 GMT (envelope-from gnats@freefall.freebsd.org) Received: (from gnats@localhost) by freefall.freebsd.org (8.14.4/8.14.4/Submit) id p4V9eA15028022; Tue, 31 May 2011 09:40:10 GMT (envelope-from gnats) Date: Tue, 31 May 2011 09:40:10 GMT Message-Id: <201105310940.p4V9eA15028022@freefall.freebsd.org> To: freebsd-ipfw@FreeBSD.org From: "skeletor@lissyara.su" Cc: Subject: Re: kern/147720: [ipfw] ipfw dynamic rules and fwd X-BeenThere: freebsd-ipfw@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list Reply-To: "skeletor@lissyara.su" List-Id: IPFW Technical Discussions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 31 May 2011 09:40:10 -0000 The following reply was made to PR kern/147720; it has been noted by GNATS. From: "skeletor@lissyara.su" To: bug-followup@FreeBSD.org, dima_bsd@inbox.lv Cc: Subject: Re: kern/147720: [ipfw] ipfw dynamic rules and fwd Date: Tue, 31 May 2011 12:03:53 +0300 Hello! I have tested the NEW following code on FreeBSD 8.2 Release i386 and it works! New CODE (patched) ... case O_FORWARD_IP: { + struct sockaddr_in *sa; + sa = &(((ipfw_insn_sa *)cmd)->sa); if (args->eh)<->/* not valid on layer2 pkts */ break; + if (!q || dyn_dir == MATCH_FORWARD || sa->sin_port == 0) { - if (!q || dyn_dir == MATCH_FORWARD) { - struct sockaddr_in *sa; - sa = &(((ipfw_insn_sa *)cmd)->sa); ... This code was patched by Vadim Goncharov and tested by me (skeletor). From owner-freebsd-ipfw@FreeBSD.ORG Tue May 31 11:10:12 2011 Return-Path: Delivered-To: freebsd-ipfw@hub.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 500AF106566B for ; Tue, 31 May 2011 11:10:12 +0000 (UTC) (envelope-from gnats@FreeBSD.org) Received: from freefall.freebsd.org (freefall.freebsd.org [IPv6:2001:4f8:fff6::28]) by mx1.freebsd.org (Postfix) with ESMTP id 266C08FC12 for ; Tue, 31 May 2011 11:10:12 +0000 (UTC) Received: from freefall.freebsd.org (localhost [127.0.0.1]) by freefall.freebsd.org (8.14.4/8.14.4) with ESMTP id p4VBABuA010012 for ; Tue, 31 May 2011 11:10:11 GMT (envelope-from gnats@freefall.freebsd.org) Received: (from gnats@localhost) by freefall.freebsd.org (8.14.4/8.14.4/Submit) id p4VBABUZ010011; Tue, 31 May 2011 11:10:11 GMT (envelope-from gnats) Date: Tue, 31 May 2011 11:10:11 GMT Message-Id: <201105311110.p4VBABUZ010011@freefall.freebsd.org> To: freebsd-ipfw@FreeBSD.org From: "skeletor@lissyara.su" Cc: Subject: Re: kern/147720: [ipfw] ipfw dynamic rules and fwd X-BeenThere: freebsd-ipfw@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list Reply-To: "skeletor@lissyara.su" List-Id: IPFW Technical Discussions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 31 May 2011 11:10:12 -0000 The following reply was made to PR kern/147720; it has been noted by GNATS. From: "skeletor@lissyara.su" To: bug-followup@FreeBSD.org Cc: Subject: Re: kern/147720: [ipfw] ipfw dynamic rules and fwd Date: Tue, 31 May 2011 14:01:17 +0300 Hello! I have tested patch by Andrey V. Elsukov (http://people.freebsd.org/~ae/ipfw_fwd.diff) and it works under FreeBSD 8.2 i386, kernel GENERIC. From owner-freebsd-ipfw@FreeBSD.ORG Wed Jun 1 05:38:32 2011 Return-Path: Delivered-To: freebsd-ipfw@hub.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 7F6FD1065670; Wed, 1 Jun 2011 05:38:32 +0000 (UTC) (envelope-from ae@FreeBSD.org) Received: from freefall.freebsd.org (freefall.freebsd.org [IPv6:2001:4f8:fff6::28]) by mx1.freebsd.org (Postfix) with ESMTP id 58CB68FC13; Wed, 1 Jun 2011 05:38:32 +0000 (UTC) Received: from freefall.freebsd.org (localhost [127.0.0.1]) by freefall.freebsd.org (8.14.4/8.14.4) with ESMTP id p515cWHF031728; Wed, 1 Jun 2011 05:38:32 GMT (envelope-from ae@freefall.freebsd.org) Received: (from ae@localhost) by freefall.freebsd.org (8.14.4/8.14.4/Submit) id p515cWUJ031724; Wed, 1 Jun 2011 05:38:32 GMT (envelope-from ae) Date: Wed, 1 Jun 2011 05:38:32 GMT Message-Id: <201106010538.p515cWUJ031724@freefall.freebsd.org> To: pookme@hotmail.com, ae@FreeBSD.org, freebsd-ipfw@FreeBSD.org From: ae@FreeBSD.org Cc: Subject: Re: kern/148157: [ipfw] IPFW in kernel nat BUG found in FreeBSD 8.1-PRERELEASE X-BeenThere: freebsd-ipfw@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: IPFW Technical Discussions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 01 Jun 2011 05:38:32 -0000 Synopsis: [ipfw] IPFW in kernel nat BUG found in FreeBSD 8.1-PRERELEASE State-Changed-From-To: open->feedback State-Changed-By: ae State-Changed-When: Wed Jun 1 05:37:24 UTC 2011 State-Changed-Why: Feedback requested. http://www.freebsd.org/cgi/query-pr.cgi?pr=148157 From owner-freebsd-ipfw@FreeBSD.ORG Wed Jun 1 05:40:09 2011 Return-Path: Delivered-To: freebsd-ipfw@hub.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id AB2F81065670 for ; Wed, 1 Jun 2011 05:40:09 +0000 (UTC) (envelope-from gnats@FreeBSD.org) Received: from freefall.freebsd.org (freefall.freebsd.org [IPv6:2001:4f8:fff6::28]) by mx1.freebsd.org (Postfix) with ESMTP id 825568FC12 for ; Wed, 1 Jun 2011 05:40:09 +0000 (UTC) Received: from freefall.freebsd.org (localhost [127.0.0.1]) by freefall.freebsd.org (8.14.4/8.14.4) with ESMTP id p515e931031843 for ; Wed, 1 Jun 2011 05:40:09 GMT (envelope-from gnats@freefall.freebsd.org) Received: (from gnats@localhost) by freefall.freebsd.org (8.14.4/8.14.4/Submit) id p515e9I3031842; Wed, 1 Jun 2011 05:40:09 GMT (envelope-from gnats) Date: Wed, 1 Jun 2011 05:40:09 GMT Message-Id: <201106010540.p515e9I3031842@freefall.freebsd.org> To: freebsd-ipfw@FreeBSD.org From: "Andrey V. Elsukov" Cc: Subject: Re: kern/148157: [ipfw] IPFW in kernel nat BUG found in FreeBSD 8.1-PRERELEASE X-BeenThere: freebsd-ipfw@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list Reply-To: "Andrey V. Elsukov" List-Id: IPFW Technical Discussions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 01 Jun 2011 05:40:09 -0000 The following reply was made to PR kern/148157; it has been noted by GNATS. From: "Andrey V. Elsukov" To: bug-followup@FreeBSD.org, pookme@hotmail.com, "Vladislav Yershov" Cc: Subject: Re: kern/148157: [ipfw] IPFW in kernel nat BUG found in FreeBSD 8.1-PRERELEASE Date: Wed, 01 Jun 2011 09:36:42 +0400 Hi, do you still able reproduce this panic? As i remember there were some issues with em(4) driver and they were fixed. -- WBR, Andrey V. Elsukov From owner-freebsd-ipfw@FreeBSD.ORG Wed Jun 1 06:01:34 2011 Return-Path: Delivered-To: freebsd-ipfw@hub.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id AFF10106566C; Wed, 1 Jun 2011 06:01:34 +0000 (UTC) (envelope-from ae@FreeBSD.org) Received: from freefall.freebsd.org (freefall.freebsd.org [IPv6:2001:4f8:fff6::28]) by mx1.freebsd.org (Postfix) with ESMTP id 88D918FC0C; Wed, 1 Jun 2011 06:01:34 +0000 (UTC) Received: from freefall.freebsd.org (localhost [127.0.0.1]) by freefall.freebsd.org (8.14.4/8.14.4) with ESMTP id p5161YfC055801; Wed, 1 Jun 2011 06:01:34 GMT (envelope-from ae@freefall.freebsd.org) Received: (from ae@localhost) by freefall.freebsd.org (8.14.4/8.14.4/Submit) id p5161YMM055750; Wed, 1 Jun 2011 06:01:34 GMT (envelope-from ae) Date: Wed, 1 Jun 2011 06:01:34 GMT Message-Id: <201106010601.p5161YMM055750@freefall.freebsd.org> To: pomoc@robod.pl, ae@FreeBSD.org, freebsd-ipfw@FreeBSD.org From: ae@FreeBSD.org Cc: Subject: Re: kern/142951: [dummynet] using pipes&queues gives OUCH! pipe should be idle, system crash after a while X-BeenThere: freebsd-ipfw@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: IPFW Technical Discussions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 01 Jun 2011 06:01:34 -0000 Synopsis: [dummynet] using pipes&queues gives OUCH! pipe should be idle, system crash after a while State-Changed-From-To: feedback->closed State-Changed-By: ae State-Changed-When: Wed Jun 1 05:59:27 UTC 2011 State-Changed-Why: Feedback timeout. Probably, the problem is already fixed. http://www.freebsd.org/cgi/query-pr.cgi?pr=142951 From owner-freebsd-ipfw@FreeBSD.ORG Wed Jun 1 11:45:53 2011 Return-Path: Delivered-To: freebsd-ipfw@hub.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id C3591106566B; Wed, 1 Jun 2011 11:45:53 +0000 (UTC) (envelope-from ae@FreeBSD.org) Received: from freefall.freebsd.org (freefall.freebsd.org [IPv6:2001:4f8:fff6::28]) by mx1.freebsd.org (Postfix) with ESMTP id 9B3618FC18; Wed, 1 Jun 2011 11:45:53 +0000 (UTC) Received: from freefall.freebsd.org (localhost [127.0.0.1]) by freefall.freebsd.org (8.14.4/8.14.4) with ESMTP id p51BjrKS003295; Wed, 1 Jun 2011 11:45:53 GMT (envelope-from ae@freefall.freebsd.org) Received: (from ae@localhost) by freefall.freebsd.org (8.14.4/8.14.4/Submit) id p51BjqnA003290; Wed, 1 Jun 2011 11:45:52 GMT (envelope-from ae) Date: Wed, 1 Jun 2011 11:45:52 GMT Message-Id: <201106011145.p51BjqnA003290@freefall.freebsd.org> To: maxes@peterlink.ru, ae@FreeBSD.org, freebsd-ipfw@FreeBSD.org From: ae@FreeBSD.org Cc: Subject: Re: kern/51274: [ipfw] [patch] ipfw2 create dynamic rules with parent number 65535 X-BeenThere: freebsd-ipfw@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: IPFW Technical Discussions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 01 Jun 2011 11:45:53 -0000 Synopsis: [ipfw] [patch] ipfw2 create dynamic rules with parent number 65535 State-Changed-From-To: open->closed State-Changed-By: ae State-Changed-When: Wed Jun 1 11:44:16 UTC 2011 State-Changed-Why: This problem was fixed 7 years ago with rev 1.40. http://www.freebsd.org/cgi/query-pr.cgi?pr=51274 From owner-freebsd-ipfw@FreeBSD.ORG Wed Jun 1 11:51:19 2011 Return-Path: Delivered-To: freebsd-ipfw@FreeBSD.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 75DE3106564A; Wed, 1 Jun 2011 11:51:19 +0000 (UTC) (envelope-from wojtek@tensor.gdynia.pl) Received: from tensor.gdynia.pl (tensor.gdynia.pl [89.206.35.72]) by mx1.freebsd.org (Postfix) with ESMTP id D7DF58FC17; Wed, 1 Jun 2011 11:51:18 +0000 (UTC) Received: Received: from 127.0.0.1 (localhost [127.0.0.1]) by tensor.gdynia.pl (8.14.4/8.14.4) with ESMTP id p51BRc3s083869; Wed, 1 Jun 2011 13:27:38 +0200 (CEST) (envelope-from wojtek@tensor.gdynia.pl) Received: from wojtek.tensor.gdynia.pl (localhost [127.0.0.1]) by wojtek.tensor.gdynia.pl (8.14.4/8.14.4) with ESMTP id p51BRbfZ002362; Wed, 1 Jun 2011 13:27:37 +0200 (CEST) (envelope-from wojtek@tensor.gdynia.pl) Received: from localhost (wojtek@localhost) by wojtek.tensor.gdynia.pl (8.14.4/8.14.4/Submit) with ESMTP id p51BRbNn002359; Wed, 1 Jun 2011 13:27:37 +0200 (CEST) (envelope-from wojtek@tensor.gdynia.pl) X-Authentication-Warning: wojtek.tensor.gdynia.pl: wojtek owned process doing -bs Date: Wed, 1 Jun 2011 13:27:37 +0200 (CEST) From: Wojciech Puchar To: ae@FreeBSD.org In-Reply-To: <201106010601.p5161YMM055750@freefall.freebsd.org> Message-ID: References: <201106010601.p5161YMM055750@freefall.freebsd.org> User-Agent: Alpine 2.00 (BSF 1167 2008-08-23) MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII; format=flowed X-Greylist: Sender IP whitelisted, not delayed by milter-greylist-4.2.6 (tensor.gdynia.pl [89.206.35.72]); Wed, 01 Jun 2011 13:27:38 +0200 (CEST) Cc: freebsd-ipfw@FreeBSD.org, pomoc@robod.pl Subject: Re: kern/142951: [dummynet] using pipes&queues gives OUCH! pipe should be idle, system crash after a while X-BeenThere: freebsd-ipfw@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: IPFW Technical Discussions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 01 Jun 2011 11:51:19 -0000 yes it is. On Wed, 1 Jun 2011, ae@FreeBSD.org wrote: > Synopsis: [dummynet] using pipes&queues gives OUCH! pipe should be idle, system crash after a while > > State-Changed-From-To: feedback->closed > State-Changed-By: ae > State-Changed-When: Wed Jun 1 05:59:27 UTC 2011 > State-Changed-Why: > Feedback timeout. Probably, the problem is already fixed. > > http://www.freebsd.org/cgi/query-pr.cgi?pr=142951 > > From owner-freebsd-ipfw@FreeBSD.ORG Wed Jun 1 12:09:00 2011 Return-Path: Delivered-To: freebsd-ipfw@hub.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 6FECC1065679; Wed, 1 Jun 2011 12:09:00 +0000 (UTC) (envelope-from ae@FreeBSD.org) Received: from freefall.freebsd.org (freefall.freebsd.org [IPv6:2001:4f8:fff6::28]) by mx1.freebsd.org (Postfix) with ESMTP id 484818FC0C; Wed, 1 Jun 2011 12:09:00 +0000 (UTC) Received: from freefall.freebsd.org (localhost [127.0.0.1]) by freefall.freebsd.org (8.14.4/8.14.4) with ESMTP id p51C90NN020896; Wed, 1 Jun 2011 12:09:00 GMT (envelope-from ae@freefall.freebsd.org) Received: (from ae@localhost) by freefall.freebsd.org (8.14.4/8.14.4/Submit) id p51C8xmX020892; Wed, 1 Jun 2011 12:08:59 GMT (envelope-from ae) Date: Wed, 1 Jun 2011 12:08:59 GMT Message-Id: <201106011208.p51C8xmX020892@freefall.freebsd.org> To: root@asarian-host.net, ae@FreeBSD.org, freebsd-ipfw@FreeBSD.org From: ae@FreeBSD.org Cc: Subject: Re: kern/69963: [ipfw] install_state warning about already existing entry X-BeenThere: freebsd-ipfw@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: IPFW Technical Discussions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 01 Jun 2011 12:09:00 -0000 Synopsis: [ipfw] install_state warning about already existing entry State-Changed-From-To: open->patched State-Changed-By: ae State-Changed-When: Wed Jun 1 12:08:40 UTC 2011 State-Changed-Why: Patched in head/. Thanks! http://www.freebsd.org/cgi/query-pr.cgi?pr=69963 From owner-freebsd-ipfw@FreeBSD.ORG Wed Jun 1 12:10:10 2011 Return-Path: Delivered-To: freebsd-ipfw@hub.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 5DEDF106564A for ; Wed, 1 Jun 2011 12:10:10 +0000 (UTC) (envelope-from gnats@FreeBSD.org) Received: from freefall.freebsd.org (freefall.freebsd.org [IPv6:2001:4f8:fff6::28]) by mx1.freebsd.org (Postfix) with ESMTP id 4E1078FC0C for ; Wed, 1 Jun 2011 12:10:10 +0000 (UTC) Received: from freefall.freebsd.org (localhost [127.0.0.1]) by freefall.freebsd.org (8.14.4/8.14.4) with ESMTP id p51CAAwV020998 for ; Wed, 1 Jun 2011 12:10:10 GMT (envelope-from gnats@freefall.freebsd.org) Received: (from gnats@localhost) by freefall.freebsd.org (8.14.4/8.14.4/Submit) id p51CAAFK020997; Wed, 1 Jun 2011 12:10:10 GMT (envelope-from gnats) Date: Wed, 1 Jun 2011 12:10:10 GMT Message-Id: <201106011210.p51CAAFK020997@freefall.freebsd.org> To: freebsd-ipfw@FreeBSD.org From: dfilter@FreeBSD.ORG (dfilter service) Cc: Subject: Re: kern/69963: commit references a PR X-BeenThere: freebsd-ipfw@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list Reply-To: dfilter service List-Id: IPFW Technical Discussions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 01 Jun 2011 12:10:10 -0000 The following reply was made to PR kern/69963; it has been noted by GNATS. From: dfilter@FreeBSD.ORG (dfilter service) To: bug-followup@FreeBSD.org Cc: Subject: Re: kern/69963: commit references a PR Date: Wed, 1 Jun 2011 12:05:49 +0000 (UTC) Author: ae Date: Wed Jun 1 12:05:35 2011 New Revision: 222559 URL: http://svn.freebsd.org/changeset/base/222559 Log: Hide useless warning under debug macro. PR: kern/69963 MFC after: 1 week Modified: head/sys/netinet/ipfw/ip_fw_dynamic.c Modified: head/sys/netinet/ipfw/ip_fw_dynamic.c ============================================================================== --- head/sys/netinet/ipfw/ip_fw_dynamic.c Wed Jun 1 10:23:03 2011 (r222558) +++ head/sys/netinet/ipfw/ip_fw_dynamic.c Wed Jun 1 12:05:35 2011 (r222559) @@ -753,11 +753,12 @@ ipfw_install_state(struct ip_fw *rule, i q = lookup_dyn_rule_locked(&args->f_id, NULL, NULL); if (q != NULL) { /* should never occur */ + DEB( if (last_log != time_uptime) { last_log = time_uptime; printf("ipfw: %s: entry already present, done\n", __func__); - } + }) IPFW_DYN_UNLOCK(); return (0); } _______________________________________________ svn-src-all@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/svn-src-all To unsubscribe, send any mail to "svn-src-all-unsubscribe@freebsd.org" From owner-freebsd-ipfw@FreeBSD.ORG Wed Jun 1 12:13:31 2011 Return-Path: Delivered-To: freebsd-ipfw@hub.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 2EA8F1065676; Wed, 1 Jun 2011 12:13:31 +0000 (UTC) (envelope-from ae@FreeBSD.org) Received: from freefall.freebsd.org (freefall.freebsd.org [IPv6:2001:4f8:fff6::28]) by mx1.freebsd.org (Postfix) with ESMTP id 062F88FC0C; Wed, 1 Jun 2011 12:13:31 +0000 (UTC) Received: from freefall.freebsd.org (localhost [127.0.0.1]) by freefall.freebsd.org (8.14.4/8.14.4) with ESMTP id p51CDUWA029683; Wed, 1 Jun 2011 12:13:30 GMT (envelope-from ae@freefall.freebsd.org) Received: (from ae@localhost) by freefall.freebsd.org (8.14.4/8.14.4/Submit) id p51CDUvI029638; Wed, 1 Jun 2011 12:13:30 GMT (envelope-from ae) Date: Wed, 1 Jun 2011 12:13:30 GMT Message-Id: <201106011213.p51CDUvI029638@freefall.freebsd.org> To: art@academ.org, ae@FreeBSD.org, freebsd-ipfw@FreeBSD.org From: ae@FreeBSD.org Cc: Subject: Re: kern/71366: [ipfw] "ipfw fwd" sometimes rewrites destination mac address when it's not necessary (packet must not meet the rule) X-BeenThere: freebsd-ipfw@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: IPFW Technical Discussions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 01 Jun 2011 12:13:31 -0000 Synopsis: [ipfw] "ipfw fwd" sometimes rewrites destination mac address when it's not necessary (packet must not meet the rule) State-Changed-From-To: open->feedback State-Changed-By: ae State-Changed-When: Wed Jun 1 12:13:05 UTC 2011 State-Changed-Why: Can you still reproduce this on a supported release? http://www.freebsd.org/cgi/query-pr.cgi?pr=71366 From owner-freebsd-ipfw@FreeBSD.ORG Wed Jun 1 12:47:25 2011 Return-Path: Delivered-To: freebsd-ipfw@hub.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 488101065670; Wed, 1 Jun 2011 12:47:25 +0000 (UTC) (envelope-from ae@FreeBSD.org) Received: from freefall.freebsd.org (freefall.freebsd.org [IPv6:2001:4f8:fff6::28]) by mx1.freebsd.org (Postfix) with ESMTP id 1FFB58FC08; Wed, 1 Jun 2011 12:47:25 +0000 (UTC) Received: from freefall.freebsd.org (localhost [127.0.0.1]) by freefall.freebsd.org (8.14.4/8.14.4) with ESMTP id p51ClPFp059073; Wed, 1 Jun 2011 12:47:25 GMT (envelope-from ae@freefall.freebsd.org) Received: (from ae@localhost) by freefall.freebsd.org (8.14.4/8.14.4/Submit) id p51ClOSO059068; Wed, 1 Jun 2011 12:47:24 GMT (envelope-from ae) Date: Wed, 1 Jun 2011 12:47:24 GMT Message-Id: <201106011247.p51ClOSO059068@freefall.freebsd.org> To: johne@zang.com, ae@FreeBSD.org, freebsd-ipfw@FreeBSD.org From: ae@FreeBSD.org Cc: Subject: Re: kern/72987: [ipfw] ipfw/dummynet pipe/queue 'queue [BYTES]KBytes (red|gred) [FLOAT]/[BYTES]/[BYTES]/[FLOAT]' parameter problem X-BeenThere: freebsd-ipfw@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: IPFW Technical Discussions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 01 Jun 2011 12:47:25 -0000 Synopsis: [ipfw] ipfw/dummynet pipe/queue 'queue [BYTES]KBytes (red|gred) [FLOAT]/[BYTES]/[BYTES]/[FLOAT]' parameter problem State-Changed-From-To: open->feedback State-Changed-By: ae State-Changed-When: Wed Jun 1 12:46:50 UTC 2011 State-Changed-Why: Can you still reproduce this on a supported release? http://www.freebsd.org/cgi/query-pr.cgi?pr=72987 From owner-freebsd-ipfw@FreeBSD.ORG Wed Jun 1 12:52:27 2011 Return-Path: Delivered-To: freebsd-ipfw@hub.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 370611065676; Wed, 1 Jun 2011 12:52:27 +0000 (UTC) (envelope-from ae@FreeBSD.org) Received: from freefall.freebsd.org (freefall.freebsd.org [IPv6:2001:4f8:fff6::28]) by mx1.freebsd.org (Postfix) with ESMTP id 0F6548FC13; Wed, 1 Jun 2011 12:52:27 +0000 (UTC) Received: from freefall.freebsd.org (localhost [127.0.0.1]) by freefall.freebsd.org (8.14.4/8.14.4) with ESMTP id p51CqQqg067502; Wed, 1 Jun 2011 12:52:26 GMT (envelope-from ae@freefall.freebsd.org) Received: (from ae@localhost) by freefall.freebsd.org (8.14.4/8.14.4/Submit) id p51CqQWH067498; Wed, 1 Jun 2011 12:52:26 GMT (envelope-from ae) Date: Wed, 1 Jun 2011 12:52:26 GMT Message-Id: <201106011252.p51CqQWH067498@freefall.freebsd.org> To: MAILER-DAEMON@wetteronline.de, ae@FreeBSD.org, freebsd-ipfw@FreeBSD.org From: ae@FreeBSD.org Cc: Subject: Re: kern/73910: [ipfw] serious bug on forwarding of packets after NAT X-BeenThere: freebsd-ipfw@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: IPFW Technical Discussions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 01 Jun 2011 12:52:27 -0000 Synopsis: [ipfw] serious bug on forwarding of packets after NAT State-Changed-From-To: open->feedback State-Changed-By: ae State-Changed-When: Wed Jun 1 12:51:53 UTC 2011 State-Changed-Why: Can you still reproduce this on a supported release? http://www.freebsd.org/cgi/query-pr.cgi?pr=73910 From owner-freebsd-ipfw@FreeBSD.ORG Wed Jun 1 19:50:04 2011 Return-Path: Delivered-To: freebsd-ipfw@hub.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 0DC2C106564A for ; Wed, 1 Jun 2011 19:50:04 +0000 (UTC) (envelope-from gnats@FreeBSD.org) Received: from freefall.freebsd.org (freefall.freebsd.org [IPv6:2001:4f8:fff6::28]) by mx1.freebsd.org (Postfix) with ESMTP id F1AFD8FC13 for ; Wed, 1 Jun 2011 19:50:03 +0000 (UTC) Received: from freefall.freebsd.org (localhost [127.0.0.1]) by freefall.freebsd.org (8.14.4/8.14.4) with ESMTP id p51Jo336040320 for ; Wed, 1 Jun 2011 19:50:03 GMT (envelope-from gnats@freefall.freebsd.org) Received: (from gnats@localhost) by freefall.freebsd.org (8.14.4/8.14.4/Submit) id p51Jo3VK040319; Wed, 1 Jun 2011 19:50:03 GMT (envelope-from gnats) Date: Wed, 1 Jun 2011 19:50:03 GMT Message-Id: <201106011950.p51Jo3VK040319@freefall.freebsd.org> To: freebsd-ipfw@FreeBSD.org From: dfilter@FreeBSD.ORG (dfilter service) Cc: Subject: Re: kern/147720: commit references a PR X-BeenThere: freebsd-ipfw@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list Reply-To: dfilter service List-Id: IPFW Technical Discussions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 01 Jun 2011 19:50:04 -0000 The following reply was made to PR kern/147720; it has been noted by GNATS. From: dfilter@FreeBSD.ORG (dfilter service) To: bug-followup@FreeBSD.org Cc: Subject: Re: kern/147720: commit references a PR Date: Wed, 1 Jun 2011 19:45:02 +0000 (UTC) Author: ae Date: Wed Jun 1 19:44:52 2011 New Revision: 222582 URL: http://svn.freebsd.org/changeset/base/222582 Log: O_FORWARD_IP is only action which depends from the result of lookup of dynamic rules. We are doing forwarding in the following cases: o For the simple ipfw fwd rule, e.g. fwd 10.0.0.1 ip from any to any out xmit em0 fwd 127.0.0.1,3128 tcp from any to any 80 in recv em1 o For the dynamic fwd rule, e.g. fwd 192.168.0.1 tcp from any to 10.0.0.3 3333 setup keep-state When this rule triggers it creates a dynamic rule, but this dynamic rule should forward packets only in forward direction. o And the last case that does not work before - simple fwd rule which triggers when some dynamic rule is already executed. PR: kern/147720, kern/150798 MFC after: 1 month Modified: head/sys/netinet/ipfw/ip_fw2.c Modified: head/sys/netinet/ipfw/ip_fw2.c ============================================================================== --- head/sys/netinet/ipfw/ip_fw2.c Wed Jun 1 18:42:44 2011 (r222581) +++ head/sys/netinet/ipfw/ip_fw2.c Wed Jun 1 19:44:52 2011 (r222582) @@ -2118,7 +2118,8 @@ do { \ case O_FORWARD_IP: if (args->eh) /* not valid on layer2 pkts */ break; - if (!q || dyn_dir == MATCH_FORWARD) { + if (q == NULL || q->rule != f || + dyn_dir == MATCH_FORWARD) { struct sockaddr_in *sa; sa = &(((ipfw_insn_sa *)cmd)->sa); if (sa->sin_addr.s_addr == INADDR_ANY) { _______________________________________________ svn-src-all@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/svn-src-all To unsubscribe, send any mail to "svn-src-all-unsubscribe@freebsd.org" From owner-freebsd-ipfw@FreeBSD.ORG Wed Jun 1 19:50:05 2011 Return-Path: Delivered-To: freebsd-ipfw@hub.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id D1E5D106566B for ; Wed, 1 Jun 2011 19:50:05 +0000 (UTC) (envelope-from gnats@FreeBSD.org) Received: from freefall.freebsd.org (freefall.freebsd.org [IPv6:2001:4f8:fff6::28]) by mx1.freebsd.org (Postfix) with ESMTP id C1EB58FC08 for ; Wed, 1 Jun 2011 19:50:05 +0000 (UTC) Received: from freefall.freebsd.org (localhost [127.0.0.1]) by freefall.freebsd.org (8.14.4/8.14.4) with ESMTP id p51Jo5w4040331 for ; Wed, 1 Jun 2011 19:50:05 GMT (envelope-from gnats@freefall.freebsd.org) Received: (from gnats@localhost) by freefall.freebsd.org (8.14.4/8.14.4/Submit) id p51Jo56M040330; Wed, 1 Jun 2011 19:50:05 GMT (envelope-from gnats) Date: Wed, 1 Jun 2011 19:50:05 GMT Message-Id: <201106011950.p51Jo56M040330@freefall.freebsd.org> To: freebsd-ipfw@FreeBSD.org From: dfilter@FreeBSD.ORG (dfilter service) Cc: Subject: Re: kern/150798: commit references a PR X-BeenThere: freebsd-ipfw@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list Reply-To: dfilter service List-Id: IPFW Technical Discussions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 01 Jun 2011 19:50:05 -0000 The following reply was made to PR kern/150798; it has been noted by GNATS. From: dfilter@FreeBSD.ORG (dfilter service) To: bug-followup@FreeBSD.org Cc: Subject: Re: kern/150798: commit references a PR Date: Wed, 1 Jun 2011 19:45:03 +0000 (UTC) Author: ae Date: Wed Jun 1 19:44:52 2011 New Revision: 222582 URL: http://svn.freebsd.org/changeset/base/222582 Log: O_FORWARD_IP is only action which depends from the result of lookup of dynamic rules. We are doing forwarding in the following cases: o For the simple ipfw fwd rule, e.g. fwd 10.0.0.1 ip from any to any out xmit em0 fwd 127.0.0.1,3128 tcp from any to any 80 in recv em1 o For the dynamic fwd rule, e.g. fwd 192.168.0.1 tcp from any to 10.0.0.3 3333 setup keep-state When this rule triggers it creates a dynamic rule, but this dynamic rule should forward packets only in forward direction. o And the last case that does not work before - simple fwd rule which triggers when some dynamic rule is already executed. PR: kern/147720, kern/150798 MFC after: 1 month Modified: head/sys/netinet/ipfw/ip_fw2.c Modified: head/sys/netinet/ipfw/ip_fw2.c ============================================================================== --- head/sys/netinet/ipfw/ip_fw2.c Wed Jun 1 18:42:44 2011 (r222581) +++ head/sys/netinet/ipfw/ip_fw2.c Wed Jun 1 19:44:52 2011 (r222582) @@ -2118,7 +2118,8 @@ do { \ case O_FORWARD_IP: if (args->eh) /* not valid on layer2 pkts */ break; - if (!q || dyn_dir == MATCH_FORWARD) { + if (q == NULL || q->rule != f || + dyn_dir == MATCH_FORWARD) { struct sockaddr_in *sa; sa = &(((ipfw_insn_sa *)cmd)->sa); if (sa->sin_addr.s_addr == INADDR_ANY) { _______________________________________________ svn-src-all@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/svn-src-all To unsubscribe, send any mail to "svn-src-all-unsubscribe@freebsd.org" From owner-freebsd-ipfw@FreeBSD.ORG Fri Jun 3 06:10:12 2011 Return-Path: Delivered-To: freebsd-ipfw@hub.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 57786106564A for ; Fri, 3 Jun 2011 06:10:12 +0000 (UTC) (envelope-from gnats@FreeBSD.org) Received: from freefall.freebsd.org (freefall.freebsd.org [IPv6:2001:4f8:fff6::28]) by mx1.freebsd.org (Postfix) with ESMTP id 2F0678FC0C for ; Fri, 3 Jun 2011 06:10:12 +0000 (UTC) Received: from freefall.freebsd.org (localhost [127.0.0.1]) by freefall.freebsd.org (8.14.4/8.14.4) with ESMTP id p536ABMM064050 for ; Fri, 3 Jun 2011 06:10:11 GMT (envelope-from gnats@freefall.freebsd.org) Received: (from gnats@localhost) by freefall.freebsd.org (8.14.4/8.14.4/Submit) id p536ABfN064049; Fri, 3 Jun 2011 06:10:11 GMT (envelope-from gnats) Date: Fri, 3 Jun 2011 06:10:11 GMT Message-Id: <201106030610.p536ABfN064049@freefall.freebsd.org> To: freebsd-ipfw@FreeBSD.org From: "Alexander V. Chernikov" Cc: Subject: Re: kern/122109: [ipfw] ipfw nat traceroute problem X-BeenThere: freebsd-ipfw@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list Reply-To: "Alexander V. Chernikov" List-Id: IPFW Technical Discussions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 03 Jun 2011 06:10:12 -0000 The following reply was made to PR kern/122109; it has been noted by GNATS. From: "Alexander V. Chernikov" To: bug-followup@FreeBSD.org, m.dyadchenko@211.ru, ae@FreeBSD.org Cc: Subject: Re: kern/122109: [ipfw] ipfw nat traceroute problem Date: Fri, 03 Jun 2011 10:08:13 +0400 Problem is actually a bit deeper. Before libalias-based kernel nat appears natd uses PKT_ALIAS_IGNORE retrun code to drop packets iff PKT_ALIAS_DENY_INCOMING flag is set: status = LibAliasIn (mla, buf, IP_MAXPACKET); if (status == PKT_ALIAS_IGNORED && mip->dropIgnoredIncoming) { if (verbose) printf (" dropped.\n"); Current ipfw nat (and ng_nat) implementation simply drops every packet with PKT_ALIAS_IGNORE return code: if (retval != PKT_ALIAS_OK && retval != PKT_ALIAS_FOUND_HEADER_FRAGMENT) { /* XXX - should i add some logging? */ m_free(mcl); Most of PKT_ALIAS_IGNORED are returned in case of no state is found (the rest are some (possibly) very rare unknown errors/handlers error). Libalias automatically create new state for every packet not found in aliasing database if it reasonable to do so (TCP/UDP packets is definitely reasonable since they represent logical sessions, icmp req/reply is reasonable too, etc..). On the opposite, there is no reason for creating state for packets signaling some existing session errors (icmp unreach, etc..) since such packets are rare/unidirectional and no reply is needed. The only 2 places states are not created (not mentioning PKT_ALIAS_PROXY_ONLY and PKT_ALIAS_DENY_INCOMING modes) are IcmpAliasIn2()|IcmpAliasOut2() functions. Those function dispatches various ICMP notification and tries to map those notification to existing states using original packet header within ICMP message. If such session is not found (PR case, since usually locally-originated packets are not passed to libalias and no replies are transmitted due to traceroute specific) return code is set to PKT_ALIAS_IGNORED. As a result: restoring original behavior should not break anything. This patch seems to fix the problem: Index: ip_fw_nat.c =================================================================== --- ip_fw_nat.c (revision 221263) +++ ip_fw_nat.c (working copy) @@ -267,8 +267,9 @@ m->m_flags |= M_SKIP_FIREWALL; retval = PKT_ALIAS_OK; } - if (retval != PKT_ALIAS_OK && - retval != PKT_ALIAS_FOUND_HEADER_FRAGMENT) { + if (retval == PKT_ALIAS_ERROR || retval == PKT_ALIAS_UNRESOLVED_FRAGMENT || + (retval == PKT_ALIAS_IGNORED && + (t->lib->packetAliasMode & PKT_ALIAS_DENY_INCOMING))) { /* XXX - should i add some logging? */ m_free(mcl); args->m = NULL; Something similar should be applied to ng_nat.c From owner-freebsd-ipfw@FreeBSD.ORG Fri Jun 3 10:17:59 2011 Return-Path: Delivered-To: freebsd-ipfw@FreeBSD.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 3892E106566B; Fri, 3 Jun 2011 10:17:59 +0000 (UTC) (envelope-from vadim@nuclight.avtf.net) Received: from nuclight.avtf.net (nuclight.avtf.net [82.117.70.99]) by mx1.freebsd.org (Postfix) with ESMTP id 09B1F8FC16; Fri, 3 Jun 2011 10:17:57 +0000 (UTC) Received: from kernblitz.nuclight.avtf.net (vadim@localhost [127.0.0.1]) by nuclight.avtf.net (8.14.4/8.14.4) with ESMTP id p539jcWh020457; Fri, 3 Jun 2011 16:45:38 +0700 (NOVST) (envelope-from vadim@kernblitz.nuclight.avtf.net) Received: (from vadim@localhost) by kernblitz.nuclight.avtf.net (8.14.4/8.14.4/Submit) id p539ja7J020454; Fri, 3 Jun 2011 16:45:36 +0700 (NOVST) (envelope-from vadim) Message-Id: <201106030945.p539ja7J020454@kernblitz.nuclight.avtf.net> To: "Andrey V. Elsukov" From: Vadim Goncharov In-Reply-To: =?UTF-8?Q?=3C201106011944=2Ep51JiqRh084264=5F=5F3976=2E0375?= =?UTF-8?Q?3158382=241306957522=24gmane=24org=40svn=2Efreebsd=2Eorg=3E?= References: <201106011944.p51JiqRh084264__3976.03753158382$1306957522$gmane$org@svn.freebsd.org> X-Comment-To: Andrey V. Elsukov Date: Fri, 3 Jun 2011 16:45:36 +0700 User-Agent: slrn/0.9.9p1 (FreeBSD) Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit Cc: freebsd-ipfw@FreeBSD.org, svn-src-all@FreeBSD.org Subject: Re: svn commit: r222582 - head/sys/netinet/ipfw X-BeenThere: freebsd-ipfw@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list Reply-To: vadim_nuclight@mail.ru List-Id: IPFW Technical Discussions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 03 Jun 2011 10:17:59 -0000 Hi Andrey V. Elsukov! On Wed, 1 Jun 2011 19:44:52 +0000 (UTC); Andrey V. Elsukov wrote: > Log: > O_FORWARD_IP is only action which depends from the result of lookup of > dynamic rules. We are doing forwarding in the following cases: > o For the simple ipfw fwd rule, e.g. > > fwd 10.0.0.1 ip from any to any out xmit em0 > fwd 127.0.0.1,3128 tcp from any to any 80 in recv em1 > > o For the dynamic fwd rule, e.g. > > fwd 192.168.0.1 tcp from any to 10.0.0.3 3333 setup keep-state > > When this rule triggers it creates a dynamic rule, but this > dynamic rule should forward packets only in forward direction. > > o And the last case that does not work before - simple fwd rule which > triggers when some dynamic rule is already executed. [...] > case O_FORWARD_IP: > if (args->eh) /* not valid on layer2 pkts */ > break; > - if (!q || dyn_dir == MATCH_FORWARD) { > + if (q == NULL || q->rule != f || > + dyn_dir == MATCH_FORWARD) { > struct sockaddr_in *sa; > sa = &(((ipfw_insn_sa *)cmd)->sa); The log is not clear in the purpose of the last case: it is used to make a "subroutine" on the execution of dynamic rule instead of only one action (it is clear only from both PRs which takes much time to grok rulesets). Also, it is questionable whether this patch will stay correct in the future when dynamic rules will be changed, and/or new opcodes (depending on packet direction) are added. We should keep in mind this place for such future changes now. -- WBR, Vadim Goncharov. ICQ#166852181 mailto:vadim_nuclight@mail.ru [Moderator of RU.ANTI-ECOLOGY][FreeBSD][http://antigreen.org][LJ:/nuclight] From owner-freebsd-ipfw@FreeBSD.ORG Sat Jun 4 13:00:25 2011 Return-Path: Delivered-To: freebsd-ipfw@hub.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 62A0B106566B for ; Sat, 4 Jun 2011 13:00:25 +0000 (UTC) (envelope-from gnats@FreeBSD.org) Received: from freefall.freebsd.org (freefall.freebsd.org [IPv6:2001:4f8:fff6::28]) by mx1.freebsd.org (Postfix) with ESMTP id 394CF8FC0A for ; Sat, 4 Jun 2011 13:00:25 +0000 (UTC) Received: from freefall.freebsd.org (localhost [127.0.0.1]) by freefall.freebsd.org (8.14.4/8.14.4) with ESMTP id p54D0OQC030793 for ; Sat, 4 Jun 2011 13:00:24 GMT (envelope-from gnats@freefall.freebsd.org) Received: (from gnats@localhost) by freefall.freebsd.org (8.14.4/8.14.4/Submit) id p54D0Oji030792; Sat, 4 Jun 2011 13:00:24 GMT (envelope-from gnats) Date: Sat, 4 Jun 2011 13:00:24 GMT Message-Id: <201106041300.p54D0Oji030792@freefall.freebsd.org> To: freebsd-ipfw@FreeBSD.org From: Manuel Kasper Cc: Subject: Re: kern/157239: [ipfw] [dummynet] ipfw + dummynet corrupts ipv6 packets X-BeenThere: freebsd-ipfw@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list Reply-To: Manuel Kasper List-Id: IPFW Technical Discussions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sat, 04 Jun 2011 13:00:25 -0000 The following reply was made to PR kern/157239; it has been noted by GNATS. From: Manuel Kasper To: bug-followup@FreeBSD.org Cc: crest@tzi.de Subject: Re: kern/157239: [ipfw] [dummynet] ipfw + dummynet corrupts ipv6 packets Date: Sat, 4 Jun 2011 14:37:56 +0200 --Apple-Mail-18-318878430 Content-Transfer-Encoding: quoted-printable Content-Type: text/plain; charset=us-ascii I've been able to reproduce this on a FreeBSD 9.0-CURRENT snapshot dated = May 12 as well, but the behavior is a bit different compared to 8.2 with = respect to direction and one_pass setting: FreeBSD 8.2: - dummynet on input, one_pass=3D0: OK - dummynet on input, one_pass=3D1: broken - dummynet on output, one_pass=3D0: broken - dummynet on output, one_pass=3D1: broken FreeBSD 9: - dummynet on input, one_pass=3D0: OK - dummynet on input, one_pass=3D1: broken - dummynet on output, one_pass=3D0: broken - dummynet on output, one_pass=3D1: OK Also, I believe I've found the cause: ipfw/dummynet code uses = SET_HOST_IPLEN on IPv6 packets in two instances, thus inadvertently = swapping the next header and hop limit fields in the IPv6 header, = causing the "Unknown Extension Header" warnings and dropped packets (or = bad packets appearing on the wire if = net.inet6.ip6.fw.deny_unknown_exthdrs=3D0). A patch against 8.2-RELEASE that fixes this issue for me is attached - = Jan, could you please verify if this fixes the issue for you too? - Manuel --Apple-Mail-18-318878430 Content-Disposition: attachment; filename=dummynet_v6.patch Content-Type: application/octet-stream; name="dummynet_v6.patch" Content-Transfer-Encoding: 7bit --- sys/netinet/ipfw/ip_dn_io.c.orig 2010-12-28 13:18:46.000000000 +0100 +++ sys/netinet/ipfw/ip_dn_io.c 2011-06-04 14:35:45.305439000 +0200 @@ -610,7 +610,6 @@ break; case DIR_OUT | PROTO_IPV6: - SET_HOST_IPLEN(mtod(m, struct ip *)); ip6_output(m, NULL, NULL, IPV6_FORWARDING, NULL, NULL, NULL); break; #endif --- sys/netinet/ipfw/ip_fw_pfil.c.orig 2010-12-21 18:09:25.000000000 +0100 +++ sys/netinet/ipfw/ip_fw_pfil.c 2011-06-04 14:35:45.305439000 +0200 @@ -127,7 +127,8 @@ args.rule = *((struct ipfw_rule_ref *)(tag+1)); m_tag_delete(*m0, tag); if (args.rule.info & IPFW_ONEPASS) { - SET_HOST_IPLEN(mtod(*m0, struct ip *)); + if (mtod(*m0, struct ip *)->ip_v == 4) + SET_HOST_IPLEN(mtod(*m0, struct ip *)); return 0; } } --Apple-Mail-18-318878430--