From owner-freebsd-ipfw@FreeBSD.ORG Mon Dec 5 11:07:01 2011 Return-Path: Delivered-To: freebsd-ipfw@FreeBSD.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 8D8911065677 for ; Mon, 5 Dec 2011 11:07:01 +0000 (UTC) (envelope-from owner-bugmaster@FreeBSD.org) Received: from freefall.freebsd.org (freefall.freebsd.org [IPv6:2001:4f8:fff6::28]) by mx1.freebsd.org (Postfix) with ESMTP id 7B2FD8FC08 for ; Mon, 5 Dec 2011 11:07:01 +0000 (UTC) Received: from freefall.freebsd.org (localhost [127.0.0.1]) by freefall.freebsd.org (8.14.5/8.14.5) with ESMTP id pB5B71Fo081217 for ; Mon, 5 Dec 2011 11:07:01 GMT (envelope-from owner-bugmaster@FreeBSD.org) Received: (from gnats@localhost) by freefall.freebsd.org (8.14.5/8.14.5/Submit) id pB5B70mM081215 for freebsd-ipfw@FreeBSD.org; Mon, 5 Dec 2011 11:07:00 GMT (envelope-from owner-bugmaster@FreeBSD.org) Date: Mon, 5 Dec 2011 11:07:00 GMT Message-Id: <201112051107.pB5B70mM081215@freefall.freebsd.org> X-Authentication-Warning: freefall.freebsd.org: gnats set sender to owner-bugmaster@FreeBSD.org using -f From: FreeBSD bugmaster To: freebsd-ipfw@FreeBSD.org Cc: Subject: Current problem reports assigned to freebsd-ipfw@FreeBSD.org X-BeenThere: freebsd-ipfw@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: IPFW Technical Discussions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 05 Dec 2011 11:07:01 -0000 Note: to view an individual PR, use: http://www.freebsd.org/cgi/query-pr.cgi?pr=(number). The following is a listing of current problems submitted by FreeBSD users. These represent problem reports covering all versions including experimental development code and obsolete releases. S Tracker Resp. Description -------------------------------------------------------------------------------- o kern/158066 ipfw [ipfw] ipfw + netgraph + multicast = multicast packets o kern/157796 ipfw [ipfw] IPFW in-kernel NAT nat loopback / Default Route o kern/157689 ipfw [ipfw] ipfw nat config does not accept nonexistent int o kern/156770 ipfw [ipfw] [dummynet] [patch]: performance improvement and f kern/155927 ipfw [ipfw] ipfw stops to check packets for compliance with o bin/153252 ipfw [ipfw][patch] ipfw lockdown system in subsequent call o kern/153161 ipfw IPFIREWALL does not allow specify rules with ICMP code o kern/152113 ipfw [ipfw] page fault on 8.1-RELEASE caused by certain amo o kern/148827 ipfw [ipfw] divert broken with in-kernel ipfw o kern/148689 ipfw [ipfw] antispoof wrongly triggers on link local IPv6 a o kern/148430 ipfw [ipfw] IPFW schedule delete broken. o kern/148091 ipfw [ipfw] ipfw ipv6 handling broken. o kern/143973 ipfw [ipfw] [panic] ipfw forward option causes kernel reboo o kern/143621 ipfw [ipfw] [dummynet] [patch] dummynet and vnet use result o kern/137346 ipfw [ipfw] ipfw nat redirect_proto is broken o kern/137232 ipfw [ipfw] parser troubles o kern/135476 ipfw [ipfw] IPFW table breaks after adding a large number o f kern/129036 ipfw [ipfw] 'ipfw fwd' does not change outgoing interface n p kern/128260 ipfw [ipfw] [patch] ipfw_divert damages IPv6 packets o kern/127230 ipfw [ipfw] [patch] Feature request to add UID and/or GID l o kern/122963 ipfw [ipfw] tcpdump does not show packets redirected by 'ip s kern/121807 ipfw [request] TCP and UDP port_table in ipfw o kern/121122 ipfw [ipfw] [patch] add support to ToS IP PRECEDENCE fields o kern/116009 ipfw [ipfw] [patch] Ignore errors when loading ruleset from o bin/104921 ipfw [patch] ipfw(8) sometimes treats ipv6 input as ipv4 (a o kern/104682 ipfw [ipfw] [patch] Some minor language consistency fixes a o kern/103454 ipfw [ipfw] [patch] [request] add a facility to modify DF b o kern/103328 ipfw [ipfw] [request] sugestions about ipfw table o kern/102471 ipfw [ipfw] [patch] add tos and dscp support o kern/97951 ipfw [ipfw] [patch] ipfw does not tie interface details to o kern/95084 ipfw [ipfw] [regression] [patch] IPFW2 ignores "recv/xmit/v o kern/86957 ipfw [ipfw] [patch] ipfw mac logging o bin/83046 ipfw [ipfw] ipfw2 error: "setup" is allowed for icmp, but s o kern/82724 ipfw [ipfw] [patch] [request] Add setnexthop and defaultrou o bin/78785 ipfw [patch] ipfw(8) verbosity locks machine if /etc/rc.fir o kern/60719 ipfw [ipfw] Headerless fragments generate cryptic error mes s kern/55984 ipfw [ipfw] [patch] time based firewalling support for ipfw o kern/48172 ipfw [ipfw] [patch] ipfw does not log size and flags o kern/46159 ipfw [ipfw] [patch] [request] ipfw dynamic rules lifetime f a kern/26534 ipfw [ipfw] Add an option to ipfw to log gid/uid of who cau 40 problems total. From owner-freebsd-ipfw@FreeBSD.ORG Tue Dec 6 01:43:27 2011 Return-Path: Delivered-To: freebsd-ipfw@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 92A30106564A for ; Tue, 6 Dec 2011 01:43:27 +0000 (UTC) (envelope-from alancyang@gmail.com) Received: from mail-fx0-f54.google.com (mail-fx0-f54.google.com [209.85.161.54]) by mx1.freebsd.org (Postfix) with ESMTP id 2F0288FC13 for ; Tue, 6 Dec 2011 01:43:26 +0000 (UTC) Received: by faak28 with SMTP id k28so5339553faa.13 for ; Mon, 05 Dec 2011 17:43:26 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=gamma; h=mime-version:date:message-id:subject:from:to:content-type; bh=8powRA9wJXy1YswyyTVL7B0eYcYQnWUwVbAODLOCGSo=; b=nOvZuurhrfHlRc80oBSddxP/u7aZAMwfO8pQENx+1MT5+y4+z8trrSU1x17YHxjbaQ 1kUIQu5CRYuY2u0RpQAw83cCX8kcDIZ2UXbBvC8DAbGKUbbeghyHcVSnCrXRLgsdgprI sVPYyKvXhLvQwd3Gt8VQz4A1LzFB6Lhvd9oKo= MIME-Version: 1.0 Received: by 10.227.207.82 with SMTP id fx18mr383225wbb.19.1323134435196; Mon, 05 Dec 2011 17:20:35 -0800 (PST) Received: by 10.216.168.195 with HTTP; Mon, 5 Dec 2011 17:20:35 -0800 (PST) Date: Mon, 5 Dec 2011 17:20:35 -0800 Message-ID: From: alan yang To: freebsd-ipfw@freebsd.org Content-Type: text/plain; charset=ISO-8859-1 Subject: ipfw dscp support X-BeenThere: freebsd-ipfw@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: IPFW Technical Discussions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 06 Dec 2011 01:43:27 -0000 Hello, Running FreeBSD 8.2 release with ipfw command: "ipfw add 10 count ip from any to any dscp AF11" gives: ipfw: unrecognized option [49] dscp wonder people could shed some light if 8.2 release has ipfw support of dscp? o kern/102471 ipfw [ipfw] [patch] add tos and dscp support above is from 2011-04-11 FreeBSD bugmaster current problem report, Wonder the patch is available for 8.2? Thanks in advance! Alan From owner-freebsd-ipfw@FreeBSD.ORG Tue Dec 6 15:14:22 2011 Return-Path: Delivered-To: freebsd-ipfw@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 6E0301065670 for ; Tue, 6 Dec 2011 15:14:22 +0000 (UTC) (envelope-from sem@FreeBSD.org) Received: from mail.ciam.ru (mail.ciam.ru [91.209.218.18]) by mx1.freebsd.org (Postfix) with ESMTP id 24BA28FC17 for ; Tue, 6 Dec 2011 15:14:21 +0000 (UTC) Received: from dhcp170-160-red.yandex.net ([95.108.170.160] helo=dhcp170-205-red.yandex.net) by mail.ciam.ru with esmtpa (Exim 4.x) id 1RXw3G-000PLZ-5l; Tue, 06 Dec 2011 17:31:22 +0300 Message-ID: <4EDE2739.1040104@FreeBSD.org> Date: Tue, 06 Dec 2011 18:31:21 +0400 From: Sergey Matveychuk User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:8.0) Gecko/20111105 Thunderbird/8.0 MIME-Version: 1.0 To: alan yang References: In-Reply-To: Content-Type: text/plain; charset=ISO-8859-1; format=flowed Content-Transfer-Encoding: 7bit Cc: freebsd-ipfw@freebsd.org Subject: Re: ipfw dscp support X-BeenThere: freebsd-ipfw@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: IPFW Technical Discussions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 06 Dec 2011 15:14:22 -0000 06.12.2011 5:20, alan yang wrote: > Hello, > > Running FreeBSD 8.2 release with ipfw command: "ipfw add 10 count ip > from any to any dscp AF11" gives: > ipfw: unrecognized option [49] dscp > > wonder people could shed some light if 8.2 release has ipfw support of dscp? > > o kern/102471 ipfw [ipfw] [patch] add tos and dscp support > > above is from 2011-04-11 FreeBSD bugmaster current problem report, > Wonder the patch is available for 8.2? The PR you mentioned is in open state. It means it never been committed. Use man ipfw to find out options it supports. From owner-freebsd-ipfw@FreeBSD.ORG Tue Dec 6 20:10:51 2011 Return-Path: Delivered-To: freebsd-ipfw@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 557AA1065673 for ; Tue, 6 Dec 2011 20:10:51 +0000 (UTC) (envelope-from alancyang@gmail.com) Received: from mail-bw0-f54.google.com (mail-bw0-f54.google.com [209.85.214.54]) by mx1.freebsd.org (Postfix) with ESMTP id AD4078FC21 for ; Tue, 6 Dec 2011 20:10:50 +0000 (UTC) Received: by bkat2 with SMTP id t2so10958542bka.13 for ; Tue, 06 Dec 2011 12:10:49 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=gamma; h=mime-version:in-reply-to:references:date:message-id:subject:from:to :cc:content-type; bh=oZ67kMjp/Tn6hONHKQC5gPslz8w99quT8st/lzpYpLk=; b=yBa44/jIuhzZnQTekDaqlDenLYDnNIzg7kU94h+TUfXtH2K7AyyVvlq4mk06a4N5/J Bla5qKK/eW7OpxSCULDJJx3AyOWx0fMAN+NQDQNaa6ZIC1i1A/P0jESA96UzpqJdBWUM VXGQf375yDexhB4AnqtWuK6RbCbLzKk6oFWd8= MIME-Version: 1.0 Received: by 10.180.105.232 with SMTP id gp8mr19347765wib.65.1323202249273; Tue, 06 Dec 2011 12:10:49 -0800 (PST) Received: by 10.216.168.195 with HTTP; Tue, 6 Dec 2011 12:10:49 -0800 (PST) In-Reply-To: <4EDE2739.1040104@FreeBSD.org> References: <4EDE2739.1040104@FreeBSD.org> Date: Tue, 6 Dec 2011 12:10:49 -0800 Message-ID: From: alan yang To: Sergey Matveychuk Content-Type: text/plain; charset=ISO-8859-1 Cc: freebsd-ipfw@freebsd.org Subject: Re: ipfw dscp support X-BeenThere: freebsd-ipfw@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: IPFW Technical Discussions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 06 Dec 2011 20:10:51 -0000 Hi Sergey, I found from FreeBSD forum dated Aug. 2009 with the following: vlad2005 ... Anyway, testing with improvement from patch, give desired result. Code: ipfw add 20 count ip from any to any dscp AF11 Show command from ipfw look ok. Code: freebsd# ipfw show 00010 959 82291 modip dscp:AF11 ip from any to any 00020 24 1584 count ip from any to any dscp AF11 65535 1099 92987 allow ip from any to any that i wonder if a patch exists and maybe in 8.2 release already. For ipfw the support of ALTQ, wonder is it more like pf now other than pfctl is needed to setup the queue? Thanks again! Alan From owner-freebsd-ipfw@FreeBSD.ORG Tue Dec 6 22:09:24 2011 Return-Path: Delivered-To: freebsd-ipfw@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 862551065675; Tue, 6 Dec 2011 22:09:24 +0000 (UTC) (envelope-from araujobsdport@gmail.com) Received: from mail-qy0-f182.google.com (mail-qy0-f182.google.com [209.85.216.182]) by mx1.freebsd.org (Postfix) with ESMTP id 2EC1D8FC26; Tue, 6 Dec 2011 22:09:23 +0000 (UTC) Received: by qcse13 with SMTP id e13so3894347qcs.13 for ; Tue, 06 Dec 2011 14:09:23 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=gamma; h=mime-version:reply-to:in-reply-to:references:date:message-id :subject:from:to:cc:content-type; bh=P1zRX2UeUach5CdldE7YkihCt7xUmbRv8DNy9Uf+75E=; b=CT7jjaTwY+0/mLPFP8Qtkgj9GN09cA4ZtV48UCFwMEwaErLCnvw919BgpoHmvYeDlc 5jq1cluP1j0g+y7a+fZ7Tl48bV4xj5aATs+dXrY5uSx8R8e+kv55OOTRQPXrCyRUO7mG kx/9wHn2bTb1PyaOg/WIPoMDhHgnJLkXeLluY= MIME-Version: 1.0 Received: by 10.50.173.74 with SMTP id bi10mr18321891igc.4.1323207572510; Tue, 06 Dec 2011 13:39:32 -0800 (PST) Received: by 10.231.130.66 with HTTP; Tue, 6 Dec 2011 13:39:32 -0800 (PST) In-Reply-To: References: <4EDE2739.1040104@FreeBSD.org> Date: Tue, 6 Dec 2011 19:39:32 -0200 Message-ID: From: Marcelo Araujo To: alan yang Content-Type: text/plain; charset=windows-1252 Content-Transfer-Encoding: quoted-printable X-Content-Filtered-By: Mailman/MimeDel 2.1.5 Cc: freebsd-ipfw@freebsd.org, Sergey Matveychuk Subject: Re: ipfw dscp support X-BeenThere: freebsd-ipfw@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list Reply-To: araujo@FreeBSD.org List-Id: IPFW Technical Discussions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 06 Dec 2011 22:09:24 -0000 Hi guys, The modip was a patch that I wrote at 2008. A lot of people asked me to re-write it, as I came(last week) from a long trip to ASIA(4 months), I=92m trying to find time to re-write it, but in other hand, regards the Christmas Day and the new year, and also my master degree, I don=92t believ= e I can do it still in this year. But due a lot of people request it, I'll try to put all my effort to re-write it in the beggining of next year. Best Regards, - Araujo 2011/12/6 alan yang > Hi Sergey, > > I found from FreeBSD forum dated Aug. 2009 with the following: > > vlad2005 > ... > Anyway, testing with improvement from patch, give desired result. > Code: > ipfw add 20 count ip from any to any dscp AF11 > Show command from ipfw look ok. > Code: > freebsd# ipfw show > 00010 959 82291 modip dscp:AF11 ip from any to any > 00020 24 1584 count ip from any to any dscp AF11 > 65535 1099 92987 allow ip from any to any > > that i wonder if a patch exists and maybe in 8.2 release already. > > For ipfw the support of ALTQ, wonder is it more like pf now other than > pfctl is needed to setup the queue? > > Thanks again! > Alan > _______________________________________________ > freebsd-ipfw@freebsd.org mailing list > http://lists.freebsd.org/mailman/listinfo/freebsd-ipfw > To unsubscribe, send any mail to "freebsd-ipfw-unsubscribe@freebsd.org" > --=20 Marcelo Araujo araujo@FreeBSD.org From owner-freebsd-ipfw@FreeBSD.ORG Wed Dec 7 12:23:53 2011 Return-Path: Delivered-To: freebsd-ipfw@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id AD415106564A for ; Wed, 7 Dec 2011 12:23:53 +0000 (UTC) (envelope-from amix@cwn.ru) Received: from mail-ey0-f182.google.com (mail-ey0-f182.google.com [209.85.215.182]) by mx1.freebsd.org (Postfix) with ESMTP id 4256F8FC13 for ; Wed, 7 Dec 2011 12:23:52 +0000 (UTC) Received: by eaai12 with SMTP id i12so513269eaa.13 for ; Wed, 07 Dec 2011 04:23:52 -0800 (PST) Received: by 10.213.114.130 with SMTP id e2mr451681ebq.7.1323259126658; Wed, 07 Dec 2011 03:58:46 -0800 (PST) Received: from [178.236.240.97] ([178.236.240.97]) by mx.google.com with ESMTPS id jf4sm2039618bkc.5.2011.12.07.03.58.44 (version=SSLv3 cipher=OTHER); Wed, 07 Dec 2011 03:58:45 -0800 (PST) Message-ID: <4EDF5516.7030101@cwn.ru> Date: Wed, 07 Dec 2011 15:59:18 +0400 From: Amix User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:8.0) Gecko/20111111 Thunderbird/8.0 MIME-Version: 1.0 To: freebsd-ipfw@freebsd.org References: <4EDE2739.1040104@FreeBSD.org> In-Reply-To: Content-Type: text/plain; charset=windows-1252 Content-Transfer-Encoding: 8bit Subject: Re: ipfw dscp support X-BeenThere: freebsd-ipfw@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: IPFW Technical Discussions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 07 Dec 2011 12:23:53 -0000 Hello Marcelo! I confirm that this patch is highly needed by lot of freebsd users. > Hi guys, > > The modip was a patch that I wrote at 2008. A lot of people asked me to > re-write it, as I came(last week) from a long trip to ASIA(4 months), I’m > trying to find time to re-write it, but in other hand, regards the > Christmas Day and the new year, and also my master degree, I don’t believe > I can do it still in this year. > > But due a lot of people request it, I'll try to put all my effort to > re-write it in the beggining of next year. > > Best Regards, > - Araujo > > 2011/12/6 alan yang > >> Hi Sergey, >> >> I found from FreeBSD forum dated Aug. 2009 with the following: >> >> vlad2005 >> ... >> Anyway, testing with improvement from patch, give desired result. >> Code: >> ipfw add 20 count ip from any to any dscp AF11 >> Show command from ipfw look ok. >> Code: >> freebsd# ipfw show >> 00010 959 82291 modip dscp:AF11 ip from any to any >> 00020 24 1584 count ip from any to any dscp AF11 >> 65535 1099 92987 allow ip from any to any >> >> that i wonder if a patch exists and maybe in 8.2 release already. >> >> For ipfw the support of ALTQ, wonder is it more like pf now other than >> pfctl is needed to setup the queue? >> >> Thanks again! >> Alan >> _______________________________________________ >> freebsd-ipfw@freebsd.org mailing list >> http://lists.freebsd.org/mailman/listinfo/freebsd-ipfw >> To unsubscribe, send any mail to "freebsd-ipfw-unsubscribe@freebsd.org" >> > > From owner-freebsd-ipfw@FreeBSD.ORG Thu Dec 8 02:56:09 2011 Return-Path: Delivered-To: freebsd-ipfw@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 16A28106566B; Thu, 8 Dec 2011 02:56:09 +0000 (UTC) (envelope-from smithi@nimnet.asn.au) Received: from sola.nimnet.asn.au (paqi.nimnet.asn.au [115.70.110.159]) by mx1.freebsd.org (Postfix) with ESMTP id 7C19B8FC08; Thu, 8 Dec 2011 02:56:08 +0000 (UTC) Received: from localhost (localhost [127.0.0.1]) by sola.nimnet.asn.au (8.14.2/8.14.2) with ESMTP id pB82eET2087821; Thu, 8 Dec 2011 13:40:14 +1100 (EST) (envelope-from smithi@nimnet.asn.au) Date: Thu, 8 Dec 2011 13:40:14 +1100 (EST) From: Ian Smith To: alan yang In-Reply-To: Message-ID: <20111208132002.R16498@sola.nimnet.asn.au> References: <4EDE2739.1040104@FreeBSD.org> MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Cc: freebsd-ipfw@freebsd.org, Sergey Matveychuk Subject: Re: ipfw dscp support X-BeenThere: freebsd-ipfw@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: IPFW Technical Discussions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 08 Dec 2011 02:56:09 -0000 On Tue, 6 Dec 2011, alan yang wrote: > Hi Sergey, > > I found from FreeBSD forum dated Aug. 2009 with the following: > > vlad2005 Insufficient information to locate a forum post. URL, please? > ... > Anyway, testing with improvement from patch, give desired result. > Code: > ipfw add 20 count ip from any to any dscp AF11 > Show command from ipfw look ok. > Code: > freebsd# ipfw show > 00010 959 82291 modip dscp:AF11 ip from any to any > 00020 24 1584 count ip from any to any dscp AF11 > 65535 1099 92987 allow ip from any to any The PR you pointed to (kern/102471) includes some description, update to ipfw(8) and some references. It doesn't mention any 'modip' action. I can't guess what 'modip' is even supposed to mean, let alone how it's supposed to work? cheers, Ian From owner-freebsd-ipfw@FreeBSD.ORG Thu Dec 8 10:21:30 2011 Return-Path: Delivered-To: freebsd-ipfw@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 5F8EA1065670; Thu, 8 Dec 2011 10:21:30 +0000 (UTC) (envelope-from araujobsdport@gmail.com) Received: from mail-iy0-f182.google.com (mail-iy0-f182.google.com [209.85.210.182]) by mx1.freebsd.org (Postfix) with ESMTP id 1ADE18FC16; Thu, 8 Dec 2011 10:21:29 +0000 (UTC) Received: by iafi7 with SMTP id i7so3968075iaf.13 for ; Thu, 08 Dec 2011 02:21:29 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=gamma; h=mime-version:reply-to:in-reply-to:references:date:message-id :subject:from:to:cc:content-type; bh=irbaHpWJ3JHrKlsvIwD/ro/4EYrKpq22Cf6HeIR7ecw=; b=Tlt3NSUp64OZfnbNaiHyS9fREnIvHNtxdRDaIyN+Jbe/Of+ZuMnxLDvsYEURTE0JEP xNgdWxF3EL75hK8FvGvANEdWegG7un79wg7/CgaeV2mwbN8ZucHR/oQ/hgJGLzrWS3HR jnaI2OeaxO3OnLxZ1APKg3Fop5H/urlVoB+ZI= MIME-Version: 1.0 Received: by 10.42.148.136 with SMTP id r8mr2984030icv.1.1323339689559; Thu, 08 Dec 2011 02:21:29 -0800 (PST) Received: by 10.231.130.66 with HTTP; Thu, 8 Dec 2011 02:21:29 -0800 (PST) In-Reply-To: <20111208132002.R16498@sola.nimnet.asn.au> References: <4EDE2739.1040104@FreeBSD.org> <20111208132002.R16498@sola.nimnet.asn.au> Date: Thu, 8 Dec 2011 08:21:29 -0200 Message-ID: From: Marcelo Araujo To: Ian Smith Content-Type: text/plain; charset=ISO-8859-1 X-Content-Filtered-By: Mailman/MimeDel 2.1.5 Cc: freebsd-ipfw@freebsd.org, alan yang , Sergey Matveychuk Subject: Re: ipfw dscp support X-BeenThere: freebsd-ipfw@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list Reply-To: araujo@FreeBSD.org List-Id: IPFW Technical Discussions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 08 Dec 2011 10:21:30 -0000 2011/12/8 Ian Smith > > The PR you pointed to (kern/102471) includes some description, update to > ipfw(8) and some references. It doesn't mention any 'modip' action. I > can't guess what 'modip' is even supposed to mean, let alone how it's > supposed to work? > > Hi Ian, Here is the patch: http://people.freebsd.org/~araujo/logs/ipfw/ipfw-modip20080324.diff Also it include an update on manpage that explain how use the modip. Best Regards, -- Marcelo Araujo araujo@FreeBSD.org From owner-freebsd-ipfw@FreeBSD.ORG Thu Dec 8 15:24:25 2011 Return-Path: Delivered-To: freebsd-ipfw@FreeBSD.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 49C3A1065679; Thu, 8 Dec 2011 15:24:25 +0000 (UTC) (envelope-from smithi@nimnet.asn.au) Received: from sola.nimnet.asn.au (paqi.nimnet.asn.au [115.70.110.159]) by mx1.freebsd.org (Postfix) with ESMTP id BEEC28FC15; Thu, 8 Dec 2011 15:24:24 +0000 (UTC) Received: from localhost (localhost [127.0.0.1]) by sola.nimnet.asn.au (8.14.2/8.14.2) with ESMTP id pB8FOMCe013525; Fri, 9 Dec 2011 02:24:22 +1100 (EST) (envelope-from smithi@nimnet.asn.au) Date: Fri, 9 Dec 2011 02:24:21 +1100 (EST) From: Ian Smith To: araujo@FreeBSD.org In-Reply-To: Message-ID: <20111209021345.Y11090@sola.nimnet.asn.au> References: <4EDE2739.1040104@FreeBSD.org> <20111208132002.R16498@sola.nimnet.asn.au> MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Cc: freebsd-ipfw@FreeBSD.org, alan yang , Sergey Matveychuk Subject: Re: ipfw dscp support X-BeenThere: freebsd-ipfw@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: IPFW Technical Discussions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 08 Dec 2011 15:24:25 -0000 On Thu, 8 Dec 2011, Marcelo Araujo wrote: > 2011/12/8 Ian Smith > > > > > The PR you pointed to (kern/102471) includes some description, update to > > ipfw(8) and some references. It doesn't mention any 'modip' action. I > > can't guess what 'modip' is even supposed to mean, let alone how it's > > supposed to work? > > > > > Hi Ian, > > Here is the patch: > http://people.freebsd.org/~araujo/logs/ipfw/ipfw-modip20080324.diff Thanks Araujo. I think I'm starting to get the drift .. > Also it include an update on manpage that explain how use the modip. .. but I couldn't find that? cheers, Ian From owner-freebsd-ipfw@FreeBSD.ORG Thu Dec 8 22:24:26 2011 Return-Path: Delivered-To: freebsd-ipfw@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 9643B1065688; Thu, 8 Dec 2011 22:24:26 +0000 (UTC) (envelope-from araujobsdport@gmail.com) Received: from mail-iy0-f182.google.com (mail-iy0-f182.google.com [209.85.210.182]) by mx1.freebsd.org (Postfix) with ESMTP id 506548FC18; Thu, 8 Dec 2011 22:24:26 +0000 (UTC) Received: by iafi7 with SMTP id i7so5278082iaf.13 for ; Thu, 08 Dec 2011 14:24:25 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=gamma; h=mime-version:reply-to:in-reply-to:references:date:message-id :subject:from:to:cc:content-type; bh=6Q6kqVxEvtNmGqmJeWoewOF0Nef2TqVZYeSN/THZqws=; b=rnOoZIrPq7yR/hhjoI+rtmVUBwSIIh27+mUnZc4kgs6V8Udw0U6EmUQhgu3GINWR9Y 2/EKwRpPpfhZjHDuBM0/F0mcRUWQxMaFAeDeBoEgH4Z+iLx2ou+O6s5pnmoRuX4y8MM4 j9giJUcuyN3ii1zydKdyLxO+kVS/uHzWsUhD0= MIME-Version: 1.0 Received: by 10.50.180.193 with SMTP id dq1mr745017igc.34.1323383065708; Thu, 08 Dec 2011 14:24:25 -0800 (PST) Received: by 10.231.130.66 with HTTP; Thu, 8 Dec 2011 14:24:25 -0800 (PST) In-Reply-To: <20111209021345.Y11090@sola.nimnet.asn.au> References: <4EDE2739.1040104@FreeBSD.org> <20111208132002.R16498@sola.nimnet.asn.au> <20111209021345.Y11090@sola.nimnet.asn.au> Date: Thu, 8 Dec 2011 20:24:25 -0200 Message-ID: From: Marcelo Araujo To: Ian Smith Content-Type: text/plain; charset=ISO-8859-1 X-Content-Filtered-By: Mailman/MimeDel 2.1.5 Cc: freebsd-ipfw@freebsd.org, alan yang , Sergey Matveychuk Subject: Re: ipfw dscp support X-BeenThere: freebsd-ipfw@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list Reply-To: araujo@FreeBSD.org List-Id: IPFW Technical Discussions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 08 Dec 2011 22:24:26 -0000 2011/12/8 Ian Smith > On Thu, 8 Dec 2011, Marcelo Araujo wrote: > > 2011/12/8 Ian Smith > > .. but I couldn't find that? > > Hi Ian, Here bellow there are some examples how you can use the modip: *ipfw add 10 modip tos:lowdelay ip from any to any ipfw add 11 modip dscp:af14 ip from any to any * *ipfw add 12 modip ippre:flash ip from any to any* I hope it could be useful. Best Regards, -- Marcelo Araujo araujo@FreeBSD.org From owner-freebsd-ipfw@FreeBSD.ORG Sat Dec 10 01:39:12 2011 Return-Path: Delivered-To: freebsd-ipfw@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id DA59F106566B for ; Sat, 10 Dec 2011 01:39:12 +0000 (UTC) (envelope-from alancyang@gmail.com) Received: from mail-ww0-f50.google.com (mail-ww0-f50.google.com [74.125.82.50]) by mx1.freebsd.org (Postfix) with ESMTP id 755A38FC08 for ; Sat, 10 Dec 2011 01:39:12 +0000 (UTC) Received: by wgbdr11 with SMTP id dr11so6744221wgb.31 for ; Fri, 09 Dec 2011 17:39:11 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=gamma; h=mime-version:date:message-id:subject:from:to:content-type; bh=8HdYZlg8UI7aKyzrXTNy0yv2MEW0vRW+834GvGB6fj4=; b=L4AsDnUnWZjLSAYm/CKEwyYb4R88JGL1DN+vpEEXaTDxCO/PW0aW99wbQ3UtbIAVNc F3ZHq8l1TGUTbv53revV6FKwKx8/JET0gFCVkO+eZVPYIs35bU2ARB4e7a5OtK8X5QyC nhXGWRsH3ZB0LeM9gJoGz64dPoh3m9qGTYuns= MIME-Version: 1.0 Received: by 10.180.75.204 with SMTP id e12mr12648013wiw.61.1323481151407; Fri, 09 Dec 2011 17:39:11 -0800 (PST) Received: by 10.216.168.195 with HTTP; Fri, 9 Dec 2011 17:39:11 -0800 (PST) Date: Fri, 9 Dec 2011 17:39:11 -0800 Message-ID: From: alan yang To: freebsd-ipfw@freebsd.org Content-Type: text/plain; charset=ISO-8859-1 Subject: ipfw + altq + pf + ipfw-classifyd identifying/queuing ftp traffic X-BeenThere: freebsd-ipfw@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: IPFW Technical Discussions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sat, 10 Dec 2011 01:39:12 -0000 Hello, I have the following setup in trying to identify ftp traffic with ipfw-classifyd and direct ftp traffic into ALTQ CBQ queue, and non-ftp traffic should not go through the ftp queue. With 'ipfw show' and 'pfctl -s queue -v' command, at run time with ping and ftp, I have couple questions; 1) the re-injected diverted packet with fwrule (1000), should it match rule 63001 and be directed to ftp queue? 2) for non ftp traffic, should it match rule 1000 and NOT be directed to ftp queue? >From 'pfctl -s queue -v' command, it seems ALL traffics got through ALTQ ftp queue. Wonder people could shed some light on the right rule configuration, and how to verify the ipfw processing of reinjected diverted packets with more ALTQ debugging? Thanks in advance! Alan --- ipfw rules: #! /bin/sh ipfw -f flush ipfw pipe 1 config bw 256Kbit/s queue 30 ipfw pipe 2 config bw 256Kbit/s queue 30 ipfw add 400 divert 7777 tcp from any to any via em0 ipfw add 410 divert 7777 udp from any to any via em0 ipfw add 1000 allow ip from any to any ipfw add 63000 allow altq ftp ip from any to any in diverted ipfw add 63001 allow altq ftp ip from any to any out diverted ipfw add 64000 pipe 1 log ip from any to any in diverted ipfw add 64001 pipe 2 log ip from any to any out diverted /etc/pf.conf altq on emo cbq bandwidth 5Mb queue { ftp } queue ftp bandwidth 10% cbq(default) ipfw-classifyd /usr/local/sbin/ipfw-classifyd p 7777 ipfw-classifyd configuration file has ftp = 1000