From owner-freebsd-bugs@FreeBSD.ORG Wed Aug 8 07:00:05 2007 Return-Path: Delivered-To: freebsd-bugs@hub.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id EEAC016A418 for ; Wed, 8 Aug 2007 07:00:05 +0000 (UTC) (envelope-from gnats@FreeBSD.org) Received: from freefall.freebsd.org (freefall.freebsd.org [IPv6:2001:4f8:fff6::28]) by mx1.freebsd.org (Postfix) with ESMTP id B2F3913C468 for ; Wed, 8 Aug 2007 07:00:05 +0000 (UTC) (envelope-from gnats@FreeBSD.org) Received: from freefall.freebsd.org (gnats@localhost [127.0.0.1]) by freefall.freebsd.org (8.14.1/8.14.1) with ESMTP id l78705Mq083251 for ; Wed, 8 Aug 2007 07:00:05 GMT (envelope-from gnats@freefall.freebsd.org) Received: (from gnats@localhost) by freefall.freebsd.org (8.14.1/8.14.1/Submit) id l78705AY083247; Wed, 8 Aug 2007 07:00:05 GMT (envelope-from gnats) Resent-Date: Wed, 8 Aug 2007 07:00:05 GMT Resent-Message-Id: <200708080700.l78705AY083247@freefall.freebsd.org> Resent-From: FreeBSD-gnats-submit@FreeBSD.org (GNATS Filer) Resent-To: freebsd-bugs@FreeBSD.org Resent-Reply-To: FreeBSD-gnats-submit@FreeBSD.org, Pekka Savola Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 06C1616A417 for ; Wed, 8 Aug 2007 06:51:38 +0000 (UTC) (envelope-from nobody@FreeBSD.org) Received: from www.freebsd.org (www.freebsd.org [IPv6:2001:4f8:fff6::21]) by mx1.freebsd.org (Postfix) with ESMTP id E6AEE13C45A for ; Wed, 8 Aug 2007 06:51:37 +0000 (UTC) (envelope-from nobody@FreeBSD.org) Received: from www.freebsd.org (localhost [127.0.0.1]) by www.freebsd.org (8.14.1/8.14.1) with ESMTP id l786pb5R002097 for ; Wed, 8 Aug 2007 06:51:37 GMT (envelope-from nobody@www.freebsd.org) Received: (from nobody@localhost) by www.freebsd.org (8.14.1/8.14.1/Submit) id l786pbTq002089; Wed, 8 Aug 2007 06:51:37 GMT (envelope-from nobody) Message-Id: <200708080651.l786pbTq002089@www.freebsd.org> Date: Wed, 8 Aug 2007 06:51:37 GMT From: Pekka Savola To: freebsd-gnats-submit@FreeBSD.org X-Send-Pr-Version: www-3.0 Cc: Subject: kern/115293: ip6_fw doesn't count base IPv6 header in byte statistics X-BeenThere: freebsd-bugs@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: Bug reports List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 08 Aug 2007 07:00:06 -0000 >Number: 115293 >Category: kern >Synopsis: ip6_fw doesn't count base IPv6 header in byte statistics >Confidential: no >Severity: non-critical >Priority: medium >Responsible: freebsd-bugs >State: open >Quarter: >Keywords: >Date-Required: >Class: sw-bug >Submitter-Id: current-users >Arrival-Date: Wed Aug 08 07:00:04 GMT 2007 >Closed-Date: >Last-Modified: >Originator: Pekka Savola >Release: 6.2-STABLE >Organization: >Environment: FreeBSD sixpack.funet.fi 6.2-STABLE FreeBSD 6.2-STABLE #10: Tue Aug 7 10:59:15 EEST 2007 root@sixpack.funet.fi:/usr/obj/usr/src/sys/SIXPACK i386 >Description: I noticed that in contrast to IPv4, 'ip6fw -ta l' output doesn't seem to include the base IPv6 header in byte statistics as evidenced by the following stats line: 00004 38913 0 Wed Aug 8 09:46:00 2007 deny ipv6 from 2001::/32 to fe80::/10 Digging around, this seems to be a problem in netinet6/ip6_fw.c: /* Update statistics */ f->fw_pcnt += 1; f->fw_bcnt += ntohs(ip6->ip6_plen) . but "ip6_plen" only includes the length of the next header. This is incorrect in two ways: 1) it doesn't include the base header itself, and 2) if there are multiple next headers (chained extension headers), this will only list the length of the first one. Looking at IPv4 code, the latter should probably be something like (not tested): f->fw_bcnt += (*m)->m_pkthdr.len; . which should fix both the problems above. >How-To-Repeat: Create an ip6fw rule (e.g. TCP RST reject rule is good) with with it's easy to create just one hit. Run tcpdump and check the byte counter. >Fix: Probably replace fw_bcnt with m_pkthdr.len. >Release-Note: >Audit-Trail: >Unformatted: