From owner-freebsd-current@FreeBSD.ORG Tue Nov 25 17:26:22 2003 Return-Path: Delivered-To: freebsd-current@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id A6A2516A4CE for ; Tue, 25 Nov 2003 17:26:22 -0800 (PST) Received: from mail.dt.e-technik.uni-dortmund.de (krusty.dt.e-technik.Uni-Dortmund.DE [129.217.163.1]) by mx1.FreeBSD.org (Postfix) with ESMTP id A2E9C43F3F for ; Tue, 25 Nov 2003 17:26:21 -0800 (PST) (envelope-from matthias.andree@gmx.de) Received: from m2a2.dyndns.org (krusty.dt.e-technik.uni-dortmund.de [129.217.163.1])A1F0C13F2B for ; Wed, 26 Nov 2003 02:26:20 +0100 (CET) Received: by merlin.emma.line.org (Postfix, from userid 500) id AE2F29361D; Wed, 26 Nov 2003 02:26:18 +0100 (CET) Date: Wed, 26 Nov 2003 02:26:18 +0100 From: Matthias Andree To: Sean Chittenden Message-ID: <20031126012618.GA10030@merlin.emma.line.org> Mail-Followup-To: Sean Chittenden , freebsd-current@freebsd.org References: <20031126010655.GB19485@perrin.nxad.com> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <20031126010655.GB19485@perrin.nxad.com> User-Agent: Mutt/1.5.5.1i cc: freebsd-current@freebsd.org cc: Matthias Andree Subject: Re: IPFW2 verrevpath issue (IPv4 TCP, fresh kernel) X-BeenThere: freebsd-current@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Discussions about the use of FreeBSD-current List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 26 Nov 2003 01:26:22 -0000 On Tue, 25 Nov 2003, Sean Chittenden wrote: > > Is my expectation wrong or is there a pertinent IPFW2 bug in a current > > 5.2-BETA kernel? > > You're alone in this, though cjc hasn't been able to reproduce this. > Are you on a multi-homed system? -sc Sort of. I do have three xl(4) NICs in my system. xl0 and xl1 are bridged via ng_bridge(*), IP 192.168.0.1 on one card, no IP on the other; xl2 is the transport for tun0 (which is PPPoE in my case) and doesn't have an IP either, so "multi-homed" might read "tun0 has an address, xl0 has another and lo0 has a third one". These xl* cards shouldn't matter for my problem, at the time I tested my firewall setups, the networks were idle with no other hosts attached. I noticed that very recently there was a bug fix that made the machine pick the right outbound address again (which it didn't for some days or weeks, haven't compiled kernels daily) - I wonder if it's related. Unfortunately, I don't have a 5.1-RELEASE box here to test. Would 4.9 with IPFW2 option be sufficiently similar in IPFW2 matters that it's worthwhile testing? (*) I have a configuration where the bridge is to have the same IP from both xl0 and xl1. Traditional bridge code gets confused over ARP and coughs up the MACs it would need and "locks itself out", netgraph-bridge is fine however.