Skip site navigation (1)Skip section navigation (2) 
Date:      Sun, 19 Apr 2026 19:57:28 +0000
From:      bugzilla-noreply@freebsd.org
To:        bugs@FreeBSD.org
Subject:   [Bug 294648] ipfw(8): "inner protocol" term undefined and undocumented (Manpage/Docs bug)
Message-ID:  <bug-294648-227@https.bugs.freebsd.org/bugzilla/>
index | next in thread | raw e-mail 

https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=294648

            Bug ID: 294648
           Summary: ipfw(8): "inner protocol" term undefined and
                    undocumented (Manpage/Docs bug)
           Product: Base System
           Version: 14.3-RELEASE
          Hardware: Any
                OS: Any
            Status: New
          Severity: Affects Only Me
          Priority: ---
         Component: misc
          Assignee: bugs@FreeBSD.org
          Reporter: freebsd@gushi.org

In the RULE BODY section, under the "protocol" field definition, the manpage
contains the following note:

"The ipv6 in proto option will be treated as inner protocol. And, the ipv4 is
not available in proto option."

This is the only occurrence of the word "inner" in the entire manpage. The term
is not defined, not cross-referenced, and the behavioral implications are not
explained.

Specifically, the following is unclear:

1) What does "inner protocol" mean in this context? Is this referring to
tunneled traffic (e.g., 6in4 on gif(4) interfaces), and if so, which tunnel
types does this apply to?

2) Does specifying "ipv6" as the proto match differently on tunnel interfaces
vs. plain IPv6 traffic? Is it a no-op for non-tunneled IPv6?

3) What is the practical consequence for a user writing rules matching IPv6 TCP
traffic on a non-tunnel interface -- does the "inner protocol" treatment affect
their rule semantics?

4) Why is "ipv4" unavailable in the proto option? Is this related to the tunnel
distinction, and if so, how?

A reader attempting to write correct IPv6 ipfw rules cannot determine from the
current text whether this note is relevant to their situation or safely
ignorable.

Suggested fix: Define "inner protocol" explicitly, with a cross-reference to
relevant tunnel interface types (gif(4), gre(4), etc.) and a brief explanation
of when this distinction matters vs. when it can be ignored.

-- 
You are receiving this mail because:
You are the assignee for the bug.
home | help

Want to link to this message? Use this
URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?bug-294648-227>