From owner-freebsd-bugs@FreeBSD.ORG Thu Feb 7 01:40:01 2013 Return-Path: Delivered-To: freebsd-bugs@smarthost.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) by hub.freebsd.org (Postfix) with ESMTP id 950D1A6B for ; Thu, 7 Feb 2013 01:40:01 +0000 (UTC) (envelope-from gnats@FreeBSD.org) Received: from freefall.freebsd.org (freefall.freebsd.org [IPv6:2001:1900:2254:206c::16:87]) by mx1.freebsd.org (Postfix) with ESMTP id 65B329BA for ; Thu, 7 Feb 2013 01:40:01 +0000 (UTC) Received: from freefall.freebsd.org (localhost [127.0.0.1]) by freefall.freebsd.org (8.14.6/8.14.6) with ESMTP id r171e1r8072417 for ; Thu, 7 Feb 2013 01:40:01 GMT (envelope-from gnats@freefall.freebsd.org) Received: (from gnats@localhost) by freefall.freebsd.org (8.14.6/8.14.6/Submit) id r171e1h3072416; Thu, 7 Feb 2013 01:40:01 GMT (envelope-from gnats) Resent-Date: Thu, 7 Feb 2013 01:40:01 GMT Resent-Message-Id: <201302070140.r171e1h3072416@freefall.freebsd.org> Resent-From: FreeBSD-gnats-submit@FreeBSD.org (GNATS Filer) Resent-To: freebsd-bugs@FreeBSD.org Resent-Reply-To: FreeBSD-gnats-submit@FreeBSD.org, Daniel Hagerty Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) by hub.freebsd.org (Postfix) with ESMTP id 94731A4D for ; Thu, 7 Feb 2013 01:38:31 +0000 (UTC) (envelope-from hag@linnaean.org) Received: from perdition.linnaean.org (perdition.linnaean.org [IPv6:2001:470:8917:1::1]) by mx1.freebsd.org (Postfix) with ESMTP id 6CAED9AC for ; Thu, 7 Feb 2013 01:38:31 +0000 (UTC) Received: by perdition.linnaean.org (Postfix, from userid 31013) id A2816CEC; Wed, 6 Feb 2013 20:38:24 -0500 (EST) Message-Id: <20130207013824.A2816CEC@perdition.linnaean.org> Date: Wed, 6 Feb 2013 20:38:24 -0500 (EST) From: Daniel Hagerty To: FreeBSD-gnats-submit@freebsd.org X-Send-Pr-Version: 3.113 Subject: kern/175909: FreeBSD 9.1 ipfw lookup dst-port regression X-BeenThere: freebsd-bugs@freebsd.org X-Mailman-Version: 2.1.14 Precedence: list Reply-To: Daniel Hagerty List-Id: Bug reports List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 07 Feb 2013 01:40:01 -0000 >Number: 175909 >Category: kern >Synopsis: FreeBSD 9.1 ipfw lookup dst-port regression >Confidential: no >Severity: serious >Priority: medium >Responsible: freebsd-bugs >State: open >Quarter: >Keywords: >Date-Required: >Class: sw-bug >Submitter-Id: current-users >Arrival-Date: Thu Feb 07 01:40:00 UTC 2013 >Closed-Date: >Last-Modified: >Originator: Daniel Hagerty >Release: FreeBSD 9.1-RELEASE amd64 >Organization: I misplaced my organization >Environment: System: FreeBSD perdition.linnaean.org 9.1-RELEASE FreeBSD 9.1-RELEASE #0 r243710+9a57fd8: Fri Jan 25 23:38:46 EST 2013 hag@yall.linnaean.org:/sys/amd64/compile/LINNAEAN64 amd64 >Description: ipfw lookup dst-port rules don't seem to work. Didn't test similar cases, like src-port. >How-To-Repeat: Load these ipfw rules: table 1 add 22 add 00001 permit log ip4 from any to any proto tcp lookup dst-port 1 add 00010 permit log ip from any to any proto tcp dst-port 22 Observe how on freebsd 9.1, rule 1 will never match port 22 traffic it should, whereas the same rules on 8.3 will hit rule 1, as expected. >Fix: I worked around it for the moment by writing the rule without a lookup table; don't have time to kernel spelunk. >Release-Note: >Audit-Trail: >Unformatted: