From owner-freebsd-bugs Fri Mar 23 8: 0:12 2001 Delivered-To: freebsd-bugs@hub.freebsd.org Received: from freefall.freebsd.org (freefall.freebsd.org [216.136.204.21]) by hub.freebsd.org (Postfix) with ESMTP id 9F1DD37B71D for ; Fri, 23 Mar 2001 08:00:02 -0800 (PST) (envelope-from gnats@FreeBSD.org) Received: (from gnats@localhost) by freefall.freebsd.org (8.11.1/8.11.1) id f2NG02r69826; Fri, 23 Mar 2001 08:00:02 -0800 (PST) (envelope-from gnats) Received: from freefall.freebsd.org (freefall.freebsd.org [216.136.204.21]) by hub.freebsd.org (Postfix) with ESMTP id 36A5337B71A for ; Fri, 23 Mar 2001 07:52:11 -0800 (PST) (envelope-from nobody@FreeBSD.org) Received: (from nobody@localhost) by freefall.freebsd.org (8.11.1/8.11.1) id f2NFqBO68889; Fri, 23 Mar 2001 07:52:11 -0800 (PST) (envelope-from nobody) Message-Id: <200103231552.f2NFqBO68889@freefall.freebsd.org> Date: Fri, 23 Mar 2001 07:52:11 -0800 (PST) From: bugs@daemon.se To: freebsd-gnats-submit@FreeBSD.org X-Send-Pr-Version: www-1.0 Subject: kern/26030: IPDIVERT problems with ipfw as module Sender: owner-freebsd-bugs@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org >Number: 26030 >Category: kern >Synopsis: IPDIVERT problems with ipfw as module >Confidential: no >Severity: non-critical >Priority: medium >Responsible: freebsd-bugs >State: open >Quarter: >Keywords: >Date-Required: >Class: sw-bug >Submitter-Id: current-users >Arrival-Date: Fri Mar 23 08:00:02 PST 2001 >Closed-Date: >Last-Modified: >Originator: Håkan Carlsson >Release: 4.2-RELEASE >Organization: daemon software >Environment: FreeBSD machine.dot.com 4.2-RELEASE FreeBSD 4.2-RELEASE #0: Fri Feb 9 13:38:52 CET 2001 root@pro.easylogic.se:/usr/src/sys/compile/GENERIC i386 >Description: IPDIVERT does not work when built in to the ipfw module. Have tested the same setup with a modified ipfw module (Makefile below) and could not get the packets diverted to the receving process. When IPDIVERT is built in to the kernel (along with IPFIREWALL etc) it works... It seems like the packets is discarded (see ipfw show logs below), ktrace-ing the receiving process shows that there isn't any thing received in the ipfw-moduel case. # uname -a # with IPDIVERT in ipfw module FreeBSD machine.dot.com 4.2-RELEASE FreeBSD 4.2-RELEASE #0: Fri Feb 9 13:38:52 CET 2001 root@pro.easylogic.se:/usr/src/sys/compile/GENERIC i386 # uname -a # with IPDIVERT built into kernel FreeBSD machine.dot.com 4.2-RELEASE FreeBSD 4.2-RELEASE #0: Fri Mar 23 15:23:03 GMT 2001 root@machine.dot.com:/usr/src/sys/compile/IPDIVERT i386 # ipfw show # with IPDIVERT in ipfw module 01200 11 660 divert 5555 ip from any to any recv xl0 01300 0 0 allow ip from any to any # ipfw show # with IPDIVERT built into kernel 01200 360 21504 divert 5555 ip from any to any recv xl0 01300 360 21504 allow ip from any to any # cat /sys/modules/ipfw/Makefile # $FreeBSD: src/sys/modules/ipfw/Makefile,v 1.11 1999/08/28 00:47:21 peter Exp $ .PATH: ${.CURDIR}/../../netinet KMOD= ipfw SRCS= ip_fw.c NOMAN= CFLAGS+= -DIPFIREWALL # #If you want it verbose CFLAGS+= -DIPFIREWALL_VERBOSE #CFLAGS+= -DIPFIREWALL_VERBOSE_LIMIT=100 # #If you want it to pass all packets by default CFLAGS+= -DIPFIREWALL_DEFAULT_TO_ACCEPT # #If you want ipdivert CFLAGS+= -DIPDIVERT # .include # cat /boot/loader.conf ipfw_load="YES" # Firewall >How-To-Repeat: Trying to use IPDIVERT in ipfw-module (i guess natd would fail to). >Fix: Build a kernel with IPDIVERT (along with IPFIREWALL etc) >Release-Note: >Audit-Trail: >Unformatted: To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-bugs" in the body of the message