From owner-freebsd-hackers@FreeBSD.ORG  Wed Dec 15 13:12:28 2004
Return-Path: <owner-freebsd-hackers@FreeBSD.ORG>
Delivered-To: freebsd-hackers@freebsd.org
Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125])
	by hub.freebsd.org (Postfix) with ESMTP id EA31B16A4CE
	for <freebsd-hackers@freebsd.org>;
	Wed, 15 Dec 2004 13:12:28 +0000 (GMT)
Received: from c00l3r.networx.ch (c00l3r.networx.ch [62.48.2.2])
	by mx1.FreeBSD.org (Postfix) with ESMTP id 36B1D43D53
	for <freebsd-hackers@freebsd.org>;
	Wed, 15 Dec 2004 13:12:28 +0000 (GMT)
	(envelope-from andre@freebsd.org)
Received: (qmail 35559 invoked from network); 15 Dec 2004 13:01:09 -0000
Received: from dotat.atdotat.at (HELO [62.48.0.47]) ([62.48.0.47])
          (envelope-sender <andre@freebsd.org>)
          by c00l3r.networx.ch (qmail-ldap-1.03) with SMTP
          for <freebsd@mmk.ru>; 15 Dec 2004 13:01:09 -0000
Message-ID: <41C0386F.3090602@freebsd.org>
Date: Wed, 15 Dec 2004 14:13:19 +0100
From: Andre Oppermann <andre@freebsd.org>
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 5.0; en-US;
	rv:1.8a5) Gecko/20041122
X-Accept-Language: en-us, en
MIME-Version: 1.0
To: "Dmitry A. Bondareff" <freebsd@mmk.ru>
References: <003701c4e29d$f1fe3c50$02010101@dimasic>
In-Reply-To: <003701c4e29d$f1fe3c50$02010101@dimasic>
Content-Type: text/plain; charset=KOI8-R; format=flowed
Content-Transfer-Encoding: 7bit
cc: freebsd-hackers@freebsd.org
Subject: Re: 5.3 IPFW bug
X-BeenThere: freebsd-hackers@freebsd.org
X-Mailman-Version: 2.1.1
Precedence: list
List-Id: Technical Discussions relating to FreeBSD
	<freebsd-hackers.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-hackers>,
	<mailto:freebsd-hackers-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-hackers>
List-Post: <mailto:freebsd-hackers@freebsd.org>
List-Help: <mailto:freebsd-hackers-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-hackers>,
	<mailto:freebsd-hackers-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Wed, 15 Dec 2004 13:12:29 -0000

Dmitry A. Bondareff wrote:
> Hello hackers!
> 
> Today I upgraded my 5.2.1-p11 box up to 5.3-p2.
> My firewall rules includes like this:
> ...
> /sbin/ipfw add tee 10000 ip from 1.2.3.4 to 4.3.2.1
> ...
> On 5.2.1-FreeBSD it's works fine.
> But FreeBSD 5.3 halted each time!!!
> 
> After changed "tee 10000" to "allow"  now works all fine.
> 
> Is this bug ??

No.  It was a bug before.  'tee' now behaves as it should and
your packet gets copied and delivered to the divert socket and
it continues with the next rule.  Prior to 5.3 it was terminating
the rule processing and accepting the packet the moment the 'tee'
action was hit.

-- 
Andre