Date: Sat, 19 Apr 2003 01:00:04 +0800 (KRAST) From: Eugene Grosbein <eugen@grosbein.pp.ru> To: FreeBSD-gnats-submit@FreeBSD.org Subject: kern/51132: kernel part of ipfw1 processes 'to not me in recv rl0' incorrectly Message-ID: <200304181700.h3IH04O1002397@grosbein.pp.ru> Resent-Message-ID: <200304181710.h3IHADeT072070@freefall.freebsd.org>
next in thread | raw e-mail | index | archive | help
>Number: 51132 >Category: kern >Synopsis: kernel part of ipfw1 processes 'to not me in recv rl0' incorrectly >Confidential: no >Severity: serious >Priority: high >Responsible: freebsd-bugs >State: open >Quarter: >Keywords: >Date-Required: >Class: sw-bug >Submitter-Id: current-users >Arrival-Date: Fri Apr 18 10:10:13 PDT 2003 >Closed-Date: >Last-Modified: >Originator: Eugene Grosbein >Release: FreeBSD 4.8-RC i386 >Organization: Svyaz Service JSC >Environment: System: FreeBSD gw3.svzserv.kemerovo.su 4.8-RC FreeBSD 4.8-RC #0: Wed Apr 2 12:05:11 KRAST 2003 sa@gw3.svzserv.kemerovo.su:/home/obj/usr/src/sys/GW3 i386 ipfw1 >Description: One of my routers has gif tunnel with another FreeBSD 4.8-RC system. The gif0 has 'inet 172.20.15.14' and works nice. The other side of the tunnel has 'inet 172.20.15.13' Now I'm trying to implement policy routing and direct all transit traffic coming from rl0 into the tunnel. So I use ipfw add 2000 fwd 172.20.15.13 ip from any to not me via rl0 in. It does NOT match any packet while 'to any via rl0 in' does. The workaround is to avoid using 'to not me' here. Let's see ipfw show and look at bad things: 01990 20 940 deny ip from any to me 01993 0 0 count ip from any to me in recv rl0 01995 0 0 fwd 172.20.15.13 ip from any to not me in recv rl0 02000 109658 5813420 fwd 172.20.15.13 ip from any to any in recv rl0 65000 295571 40747130 allow ip from any to any The rule 1990 blocks 'to me' packets via rl0. The rule 1995 is the one that should match other packets, it does not. The rule 2000 is here as workaround. >How-To-Repeat: See above. >Fix: Unknown to me. The workaroung is not to use 'to not me' in such cases. Eugene Grosbein >Release-Note: >Audit-Trail: >Unformatted:
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?200304181700.h3IH04O1002397>