From owner-freebsd-ipfw@FreeBSD.ORG Mon Nov 5 11:06:35 2012 Return-Path: Delivered-To: freebsd-ipfw@FreeBSD.org Received: from mx1.freebsd.org (mx1.freebsd.org [69.147.83.52]) by hub.freebsd.org (Postfix) with ESMTP id 06CD1CEC for ; Mon, 5 Nov 2012 11:06:35 +0000 (UTC) (envelope-from owner-bugmaster@FreeBSD.org) Received: from freefall.freebsd.org (freefall.freebsd.org [IPv6:2001:1900:2254:206c::16:87]) by mx1.freebsd.org (Postfix) with ESMTP id DFD858FC15 for ; Mon, 5 Nov 2012 11:06:34 +0000 (UTC) Received: from freefall.freebsd.org (localhost [127.0.0.1]) by freefall.freebsd.org (8.14.5/8.14.5) with ESMTP id qA5B6YMS001185 for ; Mon, 5 Nov 2012 11:06:34 GMT (envelope-from owner-bugmaster@FreeBSD.org) Received: (from gnats@localhost) by freefall.freebsd.org (8.14.5/8.14.5/Submit) id qA5B6YAh001183 for freebsd-ipfw@FreeBSD.org; Mon, 5 Nov 2012 11:06:34 GMT (envelope-from owner-bugmaster@FreeBSD.org) Date: Mon, 5 Nov 2012 11:06:34 GMT Message-Id: <201211051106.qA5B6YAh001183@freefall.freebsd.org> X-Authentication-Warning: freefall.freebsd.org: gnats set sender to owner-bugmaster@FreeBSD.org using -f From: FreeBSD bugmaster To: freebsd-ipfw@FreeBSD.org Subject: Current problem reports assigned to freebsd-ipfw@FreeBSD.org X-BeenThere: freebsd-ipfw@freebsd.org X-Mailman-Version: 2.1.14 Precedence: list List-Id: IPFW Technical Discussions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 05 Nov 2012 11:06:35 -0000 Note: to view an individual PR, use: http://www.freebsd.org/cgi/query-pr.cgi?pr=(number). The following is a listing of current problems submitted by FreeBSD users. These represent problem reports covering all versions including experimental development code and obsolete releases. S Tracker Resp. Description -------------------------------------------------------------------------------- o kern/169206 ipfw [ipfw] ipfw does not flush entries in table o conf/167822 ipfw [ipfw] [patch] start script doesn't load firewall_type o kern/166406 ipfw [ipfw] ipfw does not set ALTQ identifier for ipv6 traf o kern/165939 ipfw [ipw] bug: incomplete firewall rules loaded if tables o kern/165190 ipfw [ipfw] [lo] [patch] loopback interface is not marking f kern/163873 ipfw [ipfw] ipfw fwd does not work with 'via interface' in o kern/158066 ipfw [ipfw] ipfw + netgraph + multicast = multicast packets o kern/157796 ipfw [ipfw] IPFW in-kernel NAT nat loopback / Default Route o kern/157689 ipfw [ipfw] ipfw nat config does not accept nonexistent int f kern/155927 ipfw [ipfw] ipfw stops to check packets for compliance with o bin/153252 ipfw [ipfw][patch] ipfw lockdown system in subsequent call o kern/153161 ipfw [ipfw] does not support specifying rules with ICMP cod o kern/152113 ipfw [ipfw] page fault on 8.1-RELEASE caused by certain amo o kern/148827 ipfw [ipfw] divert broken with in-kernel ipfw o kern/148689 ipfw [ipfw] antispoof wrongly triggers on link local IPv6 a o kern/148430 ipfw [ipfw] IPFW schedule delete broken. o kern/148091 ipfw [ipfw] ipfw ipv6 handling broken. o kern/143973 ipfw [ipfw] [panic] ipfw forward option causes kernel reboo o kern/143621 ipfw [ipfw] [dummynet] [patch] dummynet and vnet use result o kern/137346 ipfw [ipfw] ipfw nat redirect_proto is broken o kern/137232 ipfw [ipfw] parser troubles o kern/135476 ipfw [ipfw] IPFW table breaks after adding a large number o o kern/129036 ipfw [ipfw] 'ipfw fwd' does not change outgoing interface n p kern/128260 ipfw [ipfw] [patch] ipfw_divert damages IPv6 packets o kern/127230 ipfw [ipfw] [patch] Feature request to add UID and/or GID l f kern/122963 ipfw [ipfw] tcpdump does not show packets redirected by 'ip s kern/121807 ipfw [request] TCP and UDP port_table in ipfw o kern/121122 ipfw [ipfw] [patch] add support to ToS IP PRECEDENCE fields o kern/116009 ipfw [ipfw] [patch] Ignore errors when loading ruleset from o bin/104921 ipfw [patch] ipfw(8) sometimes treats ipv6 input as ipv4 (a o kern/104682 ipfw [ipfw] [patch] Some minor language consistency fixes a o kern/103454 ipfw [ipfw] [patch] [request] add a facility to modify DF b o kern/103328 ipfw [ipfw] [request] sugestions about ipfw table o kern/102471 ipfw [ipfw] [patch] add tos and dscp support o kern/97951 ipfw [ipfw] [patch] ipfw does not tie interface details to o kern/95084 ipfw [ipfw] [regression] [patch] IPFW2 ignores "recv/xmit/v o kern/86957 ipfw [ipfw] [patch] ipfw mac logging o bin/83046 ipfw [ipfw] ipfw2 error: "setup" is allowed for icmp, but s o kern/82724 ipfw [ipfw] [patch] [request] Add setnexthop and defaultrou o bin/78785 ipfw [patch] ipfw(8) verbosity locks machine if /etc/rc.fir o bin/65961 ipfw [ipfw] ipfw2 memory corruption inside add() o kern/60719 ipfw [ipfw] Headerless fragments generate cryptic error mes s kern/55984 ipfw [ipfw] [patch] time based firewalling support for ipfw o kern/48172 ipfw [ipfw] [patch] ipfw does not log size and flags o kern/46159 ipfw [ipfw] [patch] [request] ipfw dynamic rules lifetime f a kern/26534 ipfw [ipfw] Add an option to ipfw to log gid/uid of who cau 46 problems total. From owner-freebsd-ipfw@FreeBSD.ORG Mon Nov 5 19:13:19 2012 Return-Path: Delivered-To: freebsd-ipfw@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [69.147.83.52]) by hub.freebsd.org (Postfix) with ESMTP id E91DEC50 for ; Mon, 5 Nov 2012 19:13:19 +0000 (UTC) (envelope-from nejc@skoberne.net) Received: from mail-pb0-f54.google.com (mail-pb0-f54.google.com [209.85.160.54]) by mx1.freebsd.org (Postfix) with ESMTP id A8E718FC08 for ; Mon, 5 Nov 2012 19:13:19 +0000 (UTC) Received: by mail-pb0-f54.google.com with SMTP id rp8so4364720pbb.13 for ; Mon, 05 Nov 2012 11:13:19 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=skoberne.net; s=google; h=message-id:date:from:user-agent:mime-version:to:subject :content-type:content-transfer-encoding; bh=fpInHXwcRRKssHQWBmOslycbuR/Kku5g8d1igvn1+U8=; b=FfL1zEWgqFwCPZyNrTMBmfsBjMMKLbadpzTVexCqHD8SRjxBHlmW0FEc4nE5VbT5AS Wm6dLvw4hAn1iX24NA99OAStTTpyaJ4s+bXoCV8HUDm4od+KREao96DFOugrbVS5DyAB d/6qQy9sWy2Gs3bayNv2VIzaYyDmKIUTMvLSQ= X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=20120113; h=message-id:date:from:user-agent:mime-version:to:subject :content-type:content-transfer-encoding:x-gm-message-state; bh=fpInHXwcRRKssHQWBmOslycbuR/Kku5g8d1igvn1+U8=; b=JqdZoEEFqMVSIDBOhteb8xzXUOhwNNPMUCdXI2KT2W0QH/wLIK7mVc1jQq9gcfrvA/ 8x8G/0YSMAEmCgDJns8/V10aZNMp1gZo9DJ6MKK4Oh1eQ4lT7tNFMONrMiFvE/vsjKfa cVhjoHKNiffrwqYdeYs7/xheL2awCPIWVGCo85RZo8suSwE0J+nxqmnSqsqvF6srS3aH gVcbCwTLW/vjsZONGqHqhP2qZzsIa3PxSz+alkQdl9z4SFmQ6vXRwbW8FpoiBK6MPqYh v5+FpF0t6tI+QcHEehWxJ0hEZjSvLoSIF623jk3yMW1c1mrGzSCoyjKosxC99i6itXvf HQnw== Received: by 10.68.135.42 with SMTP id pp10mr33414605pbb.159.1352142798797; Mon, 05 Nov 2012 11:13:18 -0800 (PST) Received: from ?IPv6:2001:df8:0:16:1d72:2a0:19ec:cd77? ([2001:df8:0:16:1d72:2a0:19ec:cd77]) by mx.google.com with ESMTPS id f2sm11052397paz.25.2012.11.05.11.13.16 (version=SSLv3 cipher=OTHER); Mon, 05 Nov 2012 11:13:17 -0800 (PST) Message-ID: <50980FCB.9060905@skoberne.net> Date: Mon, 05 Nov 2012 14:13:15 -0500 From: =?windows-1252?Q?Nejc_=8Akoberne?= User-Agent: Mozilla/5.0 (Windows NT 6.2; WOW64; rv:16.0) Gecko/20121026 Thunderbird/16.0.2 MIME-Version: 1.0 To: freebsd-ipfw@freebsd.org Subject: Source port translation only Content-Type: text/plain; charset=windows-1252; format=flowed Content-Transfer-Encoding: 7bit X-Gm-Message-State: ALoCoQk7oFnXqtTpIa72kaoMGGQFb1mmO949J0+NB/jtj1BR3D5a7e3NJ4SFVIX0P9hl127QY7kH X-BeenThere: freebsd-ipfw@freebsd.org X-Mailman-Version: 2.1.14 Precedence: list List-Id: IPFW Technical Discussions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 05 Nov 2012 19:13:20 -0000 Hi, I want to do (stateful) source port translation (restriction actually) on my gateway device, but no source address translation. And I want to do it for IPv6. So if there is a TCP packet like this: SRC ADDR: 2001:db8::10 DST ADDR: 2001:c0de: SRC PORT: 53523 DST PORT: 80 I want to translate it so that the source port falls into a specific port range, say [1024:2047]: SRC ADDR: 2001:db8::10 DST ADDR: 2001:c0de: SRC PORT: 1500 DST PORT: 80 If the source port is already in the requested port range, no translation is needed (but the state has to be kept anyway). Is this possible to do with ipfw? If not, does anybody know for any other (simple) way to do it? Thanks, Nejc From owner-freebsd-ipfw@FreeBSD.ORG Wed Nov 7 16:09:36 2012 Return-Path: Delivered-To: freebsd-ipfw@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [69.147.83.52]) by hub.freebsd.org (Postfix) with ESMTP id 4BFE376F for ; Wed, 7 Nov 2012 16:09:36 +0000 (UTC) (envelope-from ptyll@nitronet.pl) Received: from mail.nitronet.pl (smtp.nitronet.pl [195.90.106.27]) by mx1.freebsd.org (Postfix) with ESMTP id 00A6D8FC0A for ; Wed, 7 Nov 2012 16:09:35 +0000 (UTC) Received: from mailnull by mail.nitronet.pl with virscan (Exim 4.76 (FreeBSD)) (envelope-from ) id 1TW7Yc-000Dw4-Km for freebsd-ipfw@freebsd.org; Wed, 07 Nov 2012 16:28:46 +0100 Date: Wed, 7 Nov 2012 16:28:16 +0100 From: Pawel Tyll X-Priority: 3 (Normal) Message-ID: <805416930.20121107162816@nitronet.pl> To: freebsd-net@freebsd.org, freebsd-ipfw@freebsd.org Subject: IPFW pipe list - invalid oid len 0 MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit X-Virus-Scanned: Nitronet.pl X-SA-Exim-Connect-IP: X-SA-Exim-Mail-From: ptyll@nitronet.pl X-SA-Exim-Scanned: No (on mail.nitronet.pl); SAEximRunCond expanded to false X-BeenThere: freebsd-ipfw@freebsd.org X-Mailman-Version: 2.1.14 Precedence: list List-Id: IPFW Technical Discussions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 07 Nov 2012 16:09:36 -0000 Hi lists, I'm running: /sbin/ipfw pipe list > pipestats-`date "+%Y%m%d-%H%M%S"` from cron every minute for statistical purposes. Randomly (more often in loaded hours) it results in: ipfw: invalid oid len 0 Is this enough to squash this bug? From owner-freebsd-ipfw@FreeBSD.ORG Wed Nov 7 16:22:59 2012 Return-Path: Delivered-To: freebsd-ipfw@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [69.147.83.52]) by hub.freebsd.org (Postfix) with ESMTP id 0B593E24 for ; Wed, 7 Nov 2012 16:22:59 +0000 (UTC) (envelope-from ptyll@nitronet.pl) Received: from mail.nitronet.pl (smtp.nitronet.pl [195.90.106.27]) by mx1.freebsd.org (Postfix) with ESMTP id B238E8FC0C for ; Wed, 7 Nov 2012 16:22:58 +0000 (UTC) Received: from mailnull by mail.nitronet.pl with virscan (Exim 4.76 (FreeBSD)) (envelope-from ) id 1TW8P3-000FPZ-TI for freebsd-ipfw@freebsd.org; Wed, 07 Nov 2012 17:22:57 +0100 Date: Wed, 7 Nov 2012 17:22:28 +0100 From: Pawel Tyll X-Priority: 3 (Normal) Message-ID: <1688071357.20121107172228@nitronet.pl> To: freebsd-net@freebsd.org, freebsd-ipfw@freebsd.org Subject: Re: IPFW pipe list - invalid oid len 0 In-Reply-To: <805416930.20121107162816@nitronet.pl> References: <805416930.20121107162816@nitronet.pl> MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit X-Virus-Scanned: Nitronet.pl X-SA-Exim-Connect-IP: X-SA-Exim-Mail-From: ptyll@nitronet.pl X-SA-Exim-Scanned: No (on mail.nitronet.pl); SAEximRunCond expanded to false X-BeenThere: freebsd-ipfw@freebsd.org X-Mailman-Version: 2.1.14 Precedence: list List-Id: IPFW Technical Discussions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 07 Nov 2012 16:22:59 -0000 > I'm running: > /sbin/ipfw pipe list > pipestats-`date "+%Y%m%d-%H%M%S"` > from cron every minute for statistical purposes. > Randomly (more often in loaded hours) it results in: > ipfw: invalid oid len 0 > Is this enough to squash this bug? Just a quick note: It happened since 8.2, and it's still happening on 12-hour old 9-PRERELEASE.