From owner-freebsd-net@FreeBSD.ORG Thu Nov 4 14:08:24 2004 Return-Path: Delivered-To: freebsd-net@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 75DD416A4CE for ; Thu, 4 Nov 2004 14:08:24 +0000 (GMT) Received: from c00l3r.networx.ch (c00l3r.networx.ch [62.48.2.2]) by mx1.FreeBSD.org (Postfix) with ESMTP id 92C1243D46 for ; Thu, 4 Nov 2004 14:08:23 +0000 (GMT) (envelope-from oppermann@networx.ch) Received: (qmail 97545 invoked from network); 4 Nov 2004 14:04:29 -0000 Received: from unknown (HELO networx.ch) ([62.48.0.53]) (envelope-sender ) by c00l3r.networx.ch (qmail-ldap-1.03) with SMTP for ; 4 Nov 2004 14:04:29 -0000 Message-ID: <418A37DE.694C18AA@networx.ch> Date: Thu, 04 Nov 2004 15:08:30 +0100 From: Andre Oppermann X-Mailer: Mozilla 4.8 [en] (Windows NT 5.0; U) X-Accept-Language: en MIME-Version: 1.0 To: Guido van Rooij References: <20041104121602.GA89896@gvr.gvr.org> Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit cc: freebsd-net@freebsd.org Subject: Re: dummynet setting ifp pointer in mbuf? X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 04 Nov 2004 14:08:24 -0000 Guido van Rooij wrote: > > I am having problems combining ipf's ipnat rules with dummynet. The > reason is that if I use dummmynet queues configured to > be used outbound (queue .... out xmit if), then ipnat starts > applying rewriting of RDR rules on the wrong interface. > > e.g.: > firewall has 2 interfaces: if0 and if1 > if i say: > rdr from any to 1.2.3.4 port 22 -> 2.2.3.4 port 2222 > then ipfilter should rewrite incoming packets on if0 (and > outgoing packets as well). > With a dummynet rule like > queue 2 tcp from any 22 to any out xmit if0 > ipf starts rewriting on if1, which leads to blocked packets as > the rewritten packet does not match the state entry for the connection. > > When looking in the dummynet source I see (rev 1.75, line 1190): > pkt->ifp = fwa->oif; > So it seems the queued packets interface is set to the outgoing interface. > But according to me, that is wrong. > > Can a dummynet expert verify if my analysis is correct or come up > with a real explanation if not? Which version of FreeBSD do you run? Rev 1.75 of ip_dummynet.c is relatively old. The problem you are having is not that dummynet is saving the ifp (it needs that for bridged packets) but that it is using it for IP packets. I've fixed it in 1.83 of ip_dummynet.c together with pfil_hooks move of ipfw2. -- Andre