From owner-freebsd-ipfw@freebsd.org Thu Aug 13 15:18:42 2015 Return-Path: Delivered-To: freebsd-ipfw@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id CAE739A08A5 for ; Thu, 13 Aug 2015 15:18:42 +0000 (UTC) (envelope-from julian@freebsd.org) Received: from vps1.elischer.org (vps1.elischer.org [204.109.63.16]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client CN "vps1.elischer.org", Issuer "CA Cert Signing Authority" (not verified)) by mx1.freebsd.org (Postfix) with ESMTPS id 88608B9B for ; Thu, 13 Aug 2015 15:18:42 +0000 (UTC) (envelope-from julian@freebsd.org) Received: from Julian-MBP3.local (ppp121-45-227-250.lns20.per1.internode.on.net [121.45.227.250]) (authenticated bits=0) by vps1.elischer.org (8.15.2/8.15.2) with ESMTPSA id t7DFIXhE003515 (version=TLSv1.2 cipher=DHE-RSA-AES128-SHA bits=128 verify=NO); Thu, 13 Aug 2015 08:18:37 -0700 (PDT) (envelope-from julian@freebsd.org) Subject: Re: ipfw delete 100-300 To: Ian Smith , Luigi Rizzo References: <55BF368A.60004@elischer.org> <20150803234952.O17327@sola.nimnet.asn.au> <925201438613458@web7h.yandex.ru> <55BFC7A7.2000907@freebsd.org> <252361438673995@web5h.yandex.ru> <55CC1BFF.5090800@freebsd.org> <20150813233624.P8515@sola.nimnet.asn.au> <20150814003533.I8515@sola.nimnet.asn.au> Cc: "freebsd-ipfw@freebsd.org" , "Alexander V. Chernikov" From: Julian Elischer Message-ID: <55CCB543.20504@freebsd.org> Date: Thu, 13 Aug 2015 23:18:27 +0800 User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.10; rv:38.0) Gecko/20100101 Thunderbird/38.1.0 MIME-Version: 1.0 In-Reply-To: <20150814003533.I8515@sola.nimnet.asn.au> Content-Type: text/plain; charset=windows-1252; format=flowed Content-Transfer-Encoding: 7bit X-BeenThere: freebsd-ipfw@freebsd.org X-Mailman-Version: 2.1.20 Precedence: list List-Id: IPFW Technical Discussions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 13 Aug 2015 15:18:42 -0000 On 8/13/15 10:41 PM, Ian Smith wrote: > On Thu, 13 Aug 2015 16:30:15 +0200, Luigi Rizzo wrote: > > On Thu, Aug 13, 2015 at 4:00 PM, Ian Smith wrote: > > > On Thu, 13 Aug 2015 12:24:31 +0800, Julian Elischer wrote: > > > > BTW, any ideas as to what causes this? > > > > # ipfw show > > > > [...] > > > > 00400 0 0 deny ip from 10.12.1.0/24 to any in recv > > > > xn0 > > > > 00500 0 16045693110842147038 deny ip from 204.109.63.0/25 to any in recv > > > > xn1 > > > > 00600 0 0 allow ip from any to any in recv xn1 > > > > [...] > > > > 65535 8251 16045693110842147290 deny ip from any to any > > > > > > > > > > > > -current as of the 5th of august > > > > FreeBSD vps1.elischer.org 11.0-CURRENT FreeBSD 11.0-CURRENT #1 r286304: Wed > > > > Aug 5 14:31:10 PDT 2015 > > > > root@vps1.elischer.org:/usr/obj/usr/src-current/sys/VPS1 i386 > > > > > > > > note i386, not amd64. > > > > > > Assuming all digits were shown, on a wild hunch: > > > > > > t23% echo 'scale=20; 2^64 - 16045693110842147038' | bc > > > 2401050962867404578 > > > t23% echo 'scale=20; 2^63 - 16045693110842147038' | bc > > > -6822321073987371230 > > > > > > > bc > > obase=16 > > 16045693110842147038 > > DEADC0DEDEADC0DE > > > > so... somehow pointing in a bad place. > > Ah, quite so .. and rule 65535 looks like a slightly worse place. > > t23% echo 'obase=16; 16045693110842147290' | bc > DEADC0DEDEADC1DA that's deadcode when it's had some packets added to it :-) I think our friend Mr Chernikov may have tripped up over something.. > > thanks, Ian >