From owner-freebsd-ipfw@FreeBSD.ORG Mon Mar 24 11:08:16 2008 Return-Path: Delivered-To: freebsd-ipfw@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id DFDA21065678 for ; Mon, 24 Mar 2008 11:08:16 +0000 (UTC) (envelope-from bu7cher@yandex.ru) Received: from smtp4.yandex.ru (smtp4.yandex.ru [213.180.223.136]) by mx1.freebsd.org (Postfix) with ESMTP id 391C48FC17 for ; Mon, 24 Mar 2008 11:08:15 +0000 (UTC) (envelope-from bu7cher@yandex.ru) Received: from ns.kirov.so-cdu.ru ([77.72.136.145]:40947 "EHLO [127.0.0.1]" smtp-auth: "bu7cher" TLS-CIPHER: "DHE-RSA-AES256-SHA keybits 256/256 version TLSv1/SSLv3" TLS-PEER-CN1: ) by mail.yandex.ru with ESMTP id S737739AbYCXLIH (ORCPT ); Mon, 24 Mar 2008 14:08:07 +0300 X-Yandex-Spam: 1 X-Yandex-Front: smtp4 X-Yandex-TimeMark: 1206356887 X-MsgDayCount: 6 X-Comment: RFC 2476 MSA function at smtp4.yandex.ru logged sender identity as: bu7cher Message-ID: <47E78B92.4020907@yandex.ru> Date: Mon, 24 Mar 2008 14:08:02 +0300 From: "Andrey V. Elsukov" User-Agent: Mozilla Thunderbird 1.5 (FreeBSD/20051231) MIME-Version: 1.0 To: AT Matik References: <18292fe60803240107v1462a87v4222790745844d5d@mail.gmail.com> <18292fe60803240123o66d161d9l188f2e4b7dcd610b@mail.gmail.com> <47E77E43.4020109@yandex.ru> <200803240727.05809.asstec@matik.com.br> In-Reply-To: <200803240727.05809.asstec@matik.com.br> Content-Type: text/plain; charset=KOI8-R; format=flowed Content-Transfer-Encoding: 7bit Cc: freebsd-ipfw@freebsd.org, Alexander Shulikov Subject: Re: kern/121955: [ipfw] [panic] freebsd 7.0 panic with mpd X-BeenThere: freebsd-ipfw@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: IPFW Technical Discussions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 24 Mar 2008 11:08:17 -0000 AT Matik wrote: > what do you mean? By setting to 0 the packages are not re-injected into the > pipe but go through other existing rules after the matching pipe, or not? When you reset net.inet.ip.fw.one_pass to zero, packets return back into ipfw to the next rule after dummynet/netgraph. And if you have similar rules packets will be passed into dummynet/netgraph again. This is example how to get double fault (from mail archive): ifconfig em0 192.168.0.2/24 kldload ipfw kldload dummynet sysctl net.inet.ip.fw.one_pass=0 ipfw pipe 2 config bw 0 ipfw add 2 pipe 2 ip from any to any ipfw add 2 pipe 2 ip from any to any ipfw add 2 pipe 2 ip from any to any ipfw add 2 pipe 2 ip from any to any ipfw add 2 pipe 2 ip from any to any ipfw add 2 pipe 2 ip from any to any ipfw add 2 pipe 2 ip from any to any ipfw add 2 pipe 2 ip from any to any ipfw add 2 pipe 2 ip from any to any ipfw add 2 pipe 2 ip from any to any ipfw add 2 pipe 2 ip from any to any ipfw add 2 pipe 2 ip from any to any ipfw add 2 pipe 2 ip from any to any ipfw add 2 pipe 2 ip from any to any ipfw add 2 pipe 2 ip from any to any ipfw add 2 pipe 2 ip from any to any ipfw add 2 pipe 2 ip from any to any ping 192.168.0.1 -- WBR, Andrey V. Elsukov