From owner-freebsd-ipfw@freebsd.org Thu Aug 13 15:22:58 2015 Return-Path: Delivered-To: freebsd-ipfw@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id 52C519A0AC5 for ; Thu, 13 Aug 2015 15:22:58 +0000 (UTC) (envelope-from melifaro@ipfw.ru) Received: from forward13h.cmail.yandex.net (forward13h.cmail.yandex.net [IPv6:2a02:6b8:0:f35::9e]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client CN "forwards.mail.yandex.net", Issuer "Certum Level IV CA" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id CB4549A; Thu, 13 Aug 2015 15:22:57 +0000 (UTC) (envelope-from melifaro@ipfw.ru) Received: from web29h.yandex.ru (web29h.yandex.ru [84.201.187.163]) by forward13h.cmail.yandex.net (Yandex) with ESMTP id AA3FC2205E; Thu, 13 Aug 2015 18:22:54 +0300 (MSK) Received: from 127.0.0.1 (localhost [127.0.0.1]) by web29h.yandex.ru (Yandex) with ESMTP id 0DF872FC0C82; Thu, 13 Aug 2015 18:22:54 +0300 (MSK) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=ipfw.ru; s=mail; t=1439479374; bh=ANBbemn4WjWI89hH9gjwC9Z5J5b2SYzk2pEodSX4hqY=; h=From:To:Cc:In-Reply-To:References:Subject:Date; b=kMngpcDZy2tidAHNSslEMvsHtjMl9iAhh/hxnJzfnBiiYklLzkMBA7rAAsW7GddDt LnfLZHp7znNbn0K5LINgu1HA6ve7Cga7lFxzD+2hRqY2gHSMht5uzmgOjvpDQBXIm8 PwUQewmt7IX4oCeruyAk2V41A22hbvGXKiaang2w= Received: by web29h.yandex.ru with HTTP; Thu, 13 Aug 2015 18:22:53 +0300 From: Alexander V. Chernikov To: Luigi Rizzo , Julian Elischer Cc: Ian Smith , "freebsd-ipfw@freebsd.org" In-Reply-To: References: <55BF368A.60004@elischer.org> <20150803234952.O17327@sola.nimnet.asn.au> <925201438613458@web7h.yandex.ru> <55BFC7A7.2000907@freebsd.org> <252361438673995@web5h.yandex.ru> <55CC1BFF.5090800@freebsd.org> <20150813233624.P8515@sola.nimnet.asn.au> <20150814003533.I8515@sola.nimnet.asn.au> <55CCB543.20504@freebsd.org> Subject: Re: ipfw delete 100-300 MIME-Version: 1.0 Message-Id: <932331439479373@web29h.yandex.ru> X-Mailer: Yamail [ http://yandex.ru ] 5.0 Date: Thu, 13 Aug 2015 18:22:53 +0300 Content-Transfer-Encoding: 8bit Content-Type: text/plain; charset=koi8-r X-BeenThere: freebsd-ipfw@freebsd.org X-Mailman-Version: 2.1.20 Precedence: list List-Id: IPFW Technical Discussions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 13 Aug 2015 15:22:58 -0000 13.08.2015, 18:21, "Luigi Rizzo" : > On Thu, Aug 13, 2015 at 5:18 PM, Julian Elischer wrote: >> šOn 8/13/15 10:41 PM, Ian Smith wrote: >>> šOn Thu, 13 Aug 2015 16:30:15 +0200, Luigi Rizzo wrote: >>> ššš> On Thu, Aug 13, 2015 at 4:00 PM, Ian Smith >>> šwrote: >>> ššš> > On Thu, 13 Aug 2015 12:24:31 +0800, Julian Elischer wrote: >>> ššš> > > BTW, any ideas as to what causes this? >>> ššš> > > # ipfw show >>> ššš> > > [...] >>> ššš> > > 00400 0 0 deny ip from 10.12.1.0/24 to >>> šany in recv >>> ššš> > > xn0 >>> ššš> > > 00500 0 16045693110842147038 deny ip from 204.109.63.0/25 to >>> šany in recv >>> ššš> > > xn1 >>> ššš> > > 00600 0 0 allow ip from any to any in >>> šrecv xn1 >>> ššš> > > [...] >>> ššš> > > 65535 8251 16045693110842147290 deny ip from any to any >>> ššš> > > >>> ššš> > > >>> ššš> > > -current as of the 5th of august >>> ššš> > > FreeBSD vps1.elischer.org 11.0-CURRENT FreeBSD 11.0-CURRENT #1 >>> šr286304: Wed >>> ššš> > > Aug 5 14:31:10 PDT 2015 >>> ššš> > > root@vps1.elischer.org:/usr/obj/usr/src-current/sys/VPS1 i386 >>> ššš> > > >>> ššš> > > note i386, not amd64. >>> ššš> > >>> ššš> > Assuming all digits were shown, on a wild hunch: >>> ššš> > >>> ššš> > t23% echo 'scale=20; 2^64 - 16045693110842147038' | bc >>> ššš> > 2401050962867404578 >>> ššš> > t23% echo 'scale=20; 2^63 - 16045693110842147038' | bc >>> ššš> > -6822321073987371230 >>> ššš> > >>> ššš> >>> ššš> bc >>> ššš> obase=16 >>> ššš> 16045693110842147038 >>> ššš> DEADC0DEDEADC0DE >>> ššš> >>> ššš> so... somehow pointing in a bad place. >>> >>> šAh, quite so .. and rule 65535 looks like a slightly worse place. >>> >>> št23% echo 'obase=16; 16045693110842147290' | bc >>> šDEADC0DEDEADC1DA >> >> šthat's deadcode when it's had some packets added to it :-) >> >> šI think our friend Mr Chernikov may have tripped up over something.. > > looks more like the "counter" API. The old counters were inline in the rules. In that case we would probably have garbage in pkts counter, too. Anyway, I'm setting up the VM to see if this is kernel or userland problem.. > > cheers > luigi > >>> šthanks, Ian >> >> š_______________________________________________ >> šfreebsd-ipfw@freebsd.org mailing list >> šhttps://lists.freebsd.org/mailman/listinfo/freebsd-ipfw >> šTo unsubscribe, send any mail to "freebsd-ipfw-unsubscribe@freebsd.org" > > -- > -----------------------------------------+------------------------------- > šProf. Luigi RIZZO, rizzo@iet.unipi.it . Dip. di Ing. dell'Informazione > šhttp://www.iet.unipi.it/~luigi/ . Universita` di Pisa > šTEL +39-050-2217533 . via Diotisalvi 2 > šMobile +39-338-6809875 . 56122 PISA (Italy) > -----------------------------------------+-------------------------------