FreeBSD Mail Archives

Date:      Mon, 24 Feb 2014 13:51:33 -0800 (PST)
From:      George Amanakis <g_amanakis@yahoo.com>
To:        "bug-followup@FreeBSD.org" <bug-followup@FreeBSD.org>, "a.v.volobuev@gmail.com" <a.v.volobuev@gmail.com>, "andre@freebsd.org" <andre@freebsd.org>, "melifaro@FreeBSD.org" <melifaro@FreeBSD.org>, "freebsd-bugs@freebsd.org" <freebsd-bugs@freebsd.org>
Subject:   Re: kern/185876: ipfw not matching incoming packets decapsulating ipsec. example l2tp/ipsec
Message-ID:  <1393278693.34428.YahooMailNeo@web121003.mail.ne1.yahoo.com>
In-Reply-To: <1393277450.77946.YahooMailNeo@web121001.mail.ne1.yahoo.com>
References:  <1393176921.3248.YahooMailNeo@web121006.mail.ne1.yahoo.com> <1393197488.20693.YahooMailNeo@web121004.mail.ne1.yahoo.com> <1393277450.77946.YahooMailNeo@web121001.mail.ne1.yahoo.com>


The problem seems to be that M_SKIP_FIREWALL (macro of M_PROTO3) is 
cleared through m_clrprotoflags(), i.e. not transferred between the 
layers.

This is a reversion of the 254519 on 10.0-STABLE:

Index: netinet/ip_var.h
===================================================================
--- netinet/ip_var.h��� (revision 262459)
+++ netinet/ip_var.h��� (working copy)
@@ -163,12 +163,10 @@
�#define IP_ALLOWBROADCAST��� SO_BROADCAST��� /* 0x20 can send broadcast packets */
�
�/*
- * IPv4 protocol layer specific mbuf flags.
+ * mbuf flag used by ip_fastfwd
� */
�#define��� M_FASTFWD_OURS��� ��� M_PROTO1��� /* changed dst to local */
�#define��� M_IP_NEXTHOP��� ��� M_PROTO2��� /* explicit ip nexthop */
-#define��� M_SKIP_FIREWALL��� ��� M_PROTO3��� /* skip firewall processing,
-��� ��� ��� ��� ��� ��� �� keep in sync with IP6 */
�#define��� M_IP_FRAG��� ��� M_PROTO4��� /* fragment reassembly */
�
�#ifdef __NO_STRICT_ALIGNMENT
Index: netinet6/ip6_var.h
===================================================================
--- netinet6/ip6_var.h��� (revision 262459)
+++ netinet6/ip6_var.h��� (working copy)
@@ -293,12 +293,7 @@
�#define��� IPV6_FORWARDING��� ��� 0x02��� /* most of IPv6 header exists */
�#define��� IPV6_MINMTU��� ��� 0x04��� /* use minimum MTU (IPV6_USE_MIN_MTU) */
�
-/*
- * IPv6 protocol layer specific mbuf flags.
- */
-#define��� M_IP6_NEXTHOP��� ��� M_PROTO2��� /* explicit ip nexthop */
-#define��� M_SKIP_FIREWALL��� ��� M_PROTO3��� /* skip firewall processing,
-��� ��� ��� ��� ��� ��� �� keep in sync with IPv4 */
+#define��� M_IP6_NEXTHOP��� ��� M_PROTO7��� /* explicit ip nexthop */
�
�#ifdef __NO_STRICT_ALIGNMENT
�#define IP6_HDR_ALIGNED_P(ip)��� 1
Index: sys/mbuf.h
===================================================================
--- sys/mbuf.h��� (revision 262459)
+++ sys/mbuf.h��� (working copy)
@@ -235,7 +235,7 @@
�#define��� M_PROTO9��� 0x00100000 /* protocol-specific */
�#define��� M_PROTO10��� 0x00200000 /* protocol-specific */
�#define��� M_PROTO11��� 0x00400000 /* protocol-specific */
-#define��� M_PROTO12��� 0x00800000 /* protocol-specific */
+#define��� M_SKIP_FIREWALL��� 0x00800000
�
�/*
� * Flags to purge when crossing layers.
@@ -242,13 +242,13 @@
� */
�#define��� M_PROTOFLAGS \
���� (M_PROTO1|M_PROTO2|M_PROTO3|M_PROTO4|M_PROTO5|M_PROTO6|M_PROTO7|M_PROTO8|\
-���� M_PROTO9|M_PROTO10|M_PROTO11|M_PROTO12)
+���� M_PROTO9|M_PROTO10|M_PROTO11)

� /*
� * Flags preserved when copying m_pkthdr.
� */
�#define M_COPYFLAGS \
-��� (M_PKTHDR|M_EOR|M_RDONLY|M_BCAST|M_MCAST|M_VLANTAG|M_PROMISC| \
+��� (M_PKTHDR|M_EOR|M_RDONLY|M_SKIP_FIREWALL|M_BCAST|M_MCAST|M_VLANTAG|M_PROMISC| \
����� M_PROTOFLAGS)
�/*
@@ -255,12 +255,12 @@
� * Mbuf flag description for use with printf(9) %b identifier.
� */
�#define��� M_FLAG_BITS \
-��� "\20\1M_EXT\2M_PKTHDR\3M_EOR\4M_RDONLY\5M_BCAST\6M_MCAST" \
-��� "\7M_PROMISC\10M_VLANTAG\11M_FLOWID"
+��� "\20\1M_EXT\2M_PKTHDR\3M_EOR\4M_RDONLY\5M_SKIP_FIREWALL\6M_BCAST\7M_MCAST" \
+��� "\8M_PROMISC\10M_VLANTAG\11M_FLOWID"
�#define��� M_FLAG_PROTOBITS \
���� "\15M_PROTO1\16M_PROTO2\17M_PROTO3\20M_PROTO4\21M_PROTO5" \
���� "\22M_PROTO6\23M_PROTO7\24M_PROTO8\25M_PROTO9\26M_PROTO10" \
-��� "\27M_PROTO11\30M_PROTO12"
+��� "\27M_PROTO11"
�#define��� M_FLAG_PRINTF (M_FLAG_BITS M_FLAG_PROTOBITS)
�
�/*

From owner-freebsd-bugs@FreeBSD.ORG  Mon Feb 24 22:09:52 2014
Return-Path: <owner-freebsd-bugs@FreeBSD.ORG>
Delivered-To: freebsd-bugs@smarthost.ysv.freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org [8.8.178.115])
 (using TLSv1 with cipher ADH-AES256-SHA (256/256 bits))
 (No client certificate requested)
 by hub.freebsd.org (Postfix) with ESMTPS id 3621A409;
 Mon, 24 Feb 2014 22:09:52 +0000 (UTC)
Received: from freefall.freebsd.org (freefall.freebsd.org
 [IPv6:2001:1900:2254:206c::16:87])
 (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits))
 (No client certificate requested)
 by mx1.freebsd.org (Postfix) with ESMTPS id 0886D1C5F;
 Mon, 24 Feb 2014 22:09:52 +0000 (UTC)
Received: from freefall.freebsd.org (localhost [127.0.0.1])
 by freefall.freebsd.org (8.14.7/8.14.7) with ESMTP id s1OM9prA044457;
 Mon, 24 Feb 2014 22:09:51 GMT
 (envelope-from linimon@freefall.freebsd.org)
Received: (from linimon@localhost)
 by freefall.freebsd.org (8.14.8/8.14.8/Submit) id s1OM9peL044456;
 Mon, 24 Feb 2014 22:09:51 GMT (envelope-from linimon)
Date: Mon, 24 Feb 2014 22:09:51 GMT
Message-Id: <201402242209.s1OM9peL044456@freefall.freebsd.org>
To: linimon@FreeBSD.org, freebsd-bugs@FreeBSD.org,
 freebsd-ports-bugs@FreeBSD.org
From: linimon@FreeBSD.org
Subject: Re: ports/187007: [maintainer update] net/tigervnc: Fix disabling
 VIEWER option didn't work, support stage, etc
X-BeenThere: freebsd-bugs@freebsd.org
X-Mailman-Version: 2.1.17
Precedence: list
List-Id: Bug reports <freebsd-bugs.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/options/freebsd-bugs>,
 <mailto:freebsd-bugs-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-bugs/>;
List-Post: <mailto:freebsd-bugs@freebsd.org>
List-Help: <mailto:freebsd-bugs-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-bugs>,
 <mailto:freebsd-bugs-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Mon, 24 Feb 2014 22:09:52 -0000

Synopsis: [maintainer update] net/tigervnc:  Fix disabling VIEWER option didn't work, support stage, etc

Responsible-Changed-From-To: freebsd-bugs->freebsd-ports-bugs
Responsible-Changed-By: linimon
Responsible-Changed-When: Mon Feb 24 22:09:43 UTC 2014
Responsible-Changed-Why:
ports PR.

http://www.freebsd.org/cgi/query-pr.cgi?pr7007

Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?1393278693.34428.YahooMailNeo>

Header And Logo

Peripheral Links

Site Navigation

Header And Logo

Peripheral Links

Search

Site Navigation