From owner-freebsd-net@FreeBSD.ORG  Sat Apr 12 06:22:56 2008
Return-Path: <owner-freebsd-net@FreeBSD.ORG>
Delivered-To: net@freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34])
	by hub.freebsd.org (Postfix) with ESMTP id 3CFA6106567B
	for <net@freebsd.org>; Sat, 12 Apr 2008 06:22:56 +0000 (UTC)
	(envelope-from eugen@kuzbass.ru)
Received: from www.svzserv.kemerovo.su (www.svzserv.kemerovo.su
	[213.184.65.80])
	by mx1.freebsd.org (Postfix) with ESMTP id AECE08FC15
	for <net@freebsd.org>; Sat, 12 Apr 2008 06:22:54 +0000 (UTC)
	(envelope-from eugen@kuzbass.ru)
Received: from www.svzserv.kemerovo.su (eugen@localhost [127.0.0.1])
	by www.svzserv.kemerovo.su (8.13.8/8.13.8) with ESMTP id m3C6MpAV002846
	for <net@freebsd.org>; Sat, 12 Apr 2008 14:22:51 +0800 (KRAST)
	(envelope-from eugen@www.svzserv.kemerovo.su)
Received: (from eugen@localhost)
	by www.svzserv.kemerovo.su (8.13.8/8.13.8/Submit) id m3C6MpYL002845
	for net@freebsd.org; Sat, 12 Apr 2008 14:22:51 +0800 (KRAST)
	(envelope-from eugen)
Date: Sat, 12 Apr 2008 14:22:51 +0800
From: Eugene Grosbein <eugen@kuzbass.ru>
To: net@freebsd.org
Message-ID: <20080412062251.GA2199@svzserv.kemerovo.su>
Mime-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
User-Agent: Mutt/1.4.2.3i
Cc: 
Subject: bpf does not see packets forwarded with ipfw fwd
X-BeenThere: freebsd-net@freebsd.org
X-Mailman-Version: 2.1.5
Precedence: list
List-Id: Networking and TCP/IP with FreeBSD <freebsd-net.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-net>,
	<mailto:freebsd-net-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-net>
List-Post: <mailto:freebsd-net@freebsd.org>
List-Help: <mailto:freebsd-net-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-net>,
	<mailto:freebsd-net-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Sat, 12 Apr 2008 06:22:56 -0000

Hi!

One of 7.0 users has reported in some cyrillic newsgroup
a problem that I have reproduced in my 7.0-STABLE system.
That is: tcpdump does not show locally originated outgoing IP packets
that were processed by 'ipfw fwd' rule. The same configuration presents
no problems with 6.3-STABLE.

Consider simple schema: two FreeBSD boxes (A and B) directly connected
with ethernet intefaces. The box A has another ethernet interface and uses
"ipfw fwd" as its very first ipfw rule to forward some packets to B,
while these packets would normally go out trough mentioned another
interface. Now, tcpdump does NOT show outgoing packets but host B also
runs tcpdump on its incoming interface and does see them.

I double-checked all paramerets for tcpdump, all routing tables.
I even connected A and B with cross-over ethernet cable, without a switch.
Still, B sees incoming packets coming over the cable and A does not see
them leaving. This bothers me a bit :-)

Eugene Grosbein