From owner-freebsd-net@FreeBSD.ORG Thu Nov 4 14:12:48 2004 Return-Path: Delivered-To: freebsd-net@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 1DF5916A4CE for ; Thu, 4 Nov 2004 14:12:48 +0000 (GMT) Received: from c00l3r.networx.ch (c00l3r.networx.ch [62.48.2.2]) by mx1.FreeBSD.org (Postfix) with ESMTP id 5B48A43D48 for ; Thu, 4 Nov 2004 14:12:47 +0000 (GMT) (envelope-from oppermann@networx.ch) Received: (qmail 97600 invoked from network); 4 Nov 2004 14:08:53 -0000 Received: from unknown (HELO networx.ch) ([62.48.0.53]) (envelope-sender ) by c00l3r.networx.ch (qmail-ldap-1.03) with SMTP for ; 4 Nov 2004 14:08:53 -0000 Message-ID: <418A38E6.9D3DCD7E@networx.ch> Date: Thu, 04 Nov 2004 15:12:54 +0100 From: Andre Oppermann X-Mailer: Mozilla 4.8 [en] (Windows NT 5.0; U) X-Accept-Language: en MIME-Version: 1.0 To: Jeremie Le Hen References: <20041104121602.GA89896@gvr.gvr.org> <20041104140217.GS10641@sitadelle.com> Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit cc: freebsd-net@freebsd.org Subject: Re: dummynet setting ifp pointer in mbuf? X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 04 Nov 2004 14:12:48 -0000 Jeremie Le Hen wrote: > > Hi Guido, > > this is a known problem on RELENG_4, there is an existing patch [1] for > this in the PR database. > > Which version of FreeBSD are you using ? I don't know if this problem > has been corrected in RELENG_5. Yes, I have fixed it together with the ipfw to pfil changes in -current and RELENG_5. > [1] http://www.freebsd.org/cgi/query-pr.cgi?pr=kern/61685 Took it over. However I'm not sure if it is the right fix and whether we are going to fix it in RELENG_4. You'll get an update through GNATS once I've made up my mind. -- Andre > Regards, > Jeremie > > On Thu, Nov 04, 2004 at 01:16:02PM +0100, Guido van Rooij wrote: > > > > I am having problems combining ipf's ipnat rules with dummynet. The > > reason is that if I use dummmynet queues configured to > > be used outbound (queue .... out xmit if), then ipnat starts > > applying rewriting of RDR rules on the wrong interface. > > > > e.g.: > > firewall has 2 interfaces: if0 and if1 > > if i say: > > rdr from any to 1.2.3.4 port 22 -> 2.2.3.4 port 2222 > > then ipfilter should rewrite incoming packets on if0 (and > > outgoing packets as well). > > With a dummynet rule like > > queue 2 tcp from any 22 to any out xmit if0 > > ipf starts rewriting on if1, which leads to blocked packets as > > the rewritten packet does not match the state entry for the connection. > > > > When looking in the dummynet source I see (rev 1.75, line 1190): > > pkt->ifp = fwa->oif; > > So it seems the queued packets interface is set to the outgoing interface. > > But according to me, that is wrong. > > > > Can a dummynet expert verify if my analysis is correct or come up > > with a real explanation if not? > > > > -Guido > -- > Jeremie Le Hen > jeremie@le-hen.org > _______________________________________________ > freebsd-net@freebsd.org mailing list > http://lists.freebsd.org/mailman/listinfo/freebsd-net > To unsubscribe, send any mail to "freebsd-net-unsubscribe@freebsd.org"