From owner-freebsd-bugs@FreeBSD.ORG Mon Dec 4 13:50:24 2006 Return-Path: X-Original-To: freebsd-bugs@hub.freebsd.org Delivered-To: freebsd-bugs@hub.freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [69.147.83.52]) by hub.freebsd.org (Postfix) with ESMTP id 06B6B16A416 for ; Mon, 4 Dec 2006 13:50:24 +0000 (UTC) (envelope-from gnats@FreeBSD.org) Received: from freefall.freebsd.org (freefall.freebsd.org [69.147.83.40]) by mx1.FreeBSD.org (Postfix) with ESMTP id 4D19743CAB for ; Mon, 4 Dec 2006 13:49:32 +0000 (GMT) (envelope-from gnats@FreeBSD.org) Received: from freefall.freebsd.org (gnats@localhost [127.0.0.1]) by freefall.freebsd.org (8.13.4/8.13.4) with ESMTP id kB4Do5Mf063698 for ; Mon, 4 Dec 2006 13:50:05 GMT (envelope-from gnats@freefall.freebsd.org) Received: (from gnats@localhost) by freefall.freebsd.org (8.13.4/8.13.4/Submit) id kB4Do5lZ063697; Mon, 4 Dec 2006 13:50:05 GMT (envelope-from gnats) Resent-Date: Mon, 4 Dec 2006 13:50:05 GMT Resent-Message-Id: <200612041350.kB4Do5lZ063697@freefall.freebsd.org> Resent-From: FreeBSD-gnats-submit@FreeBSD.org (GNATS Filer) Resent-To: freebsd-bugs@FreeBSD.org Resent-Reply-To: FreeBSD-gnats-submit@FreeBSD.org, Cichas Received: from mx1.FreeBSD.org (mx1.freebsd.org [69.147.83.52]) by hub.freebsd.org (Postfix) with ESMTP id D9FF616A500 for ; Mon, 4 Dec 2006 13:42:23 +0000 (UTC) (envelope-from nobody@FreeBSD.org) Received: from www.freebsd.org (www.freebsd.org [69.147.83.33]) by mx1.FreeBSD.org (Postfix) with ESMTP id C31F243CD7 for ; Mon, 4 Dec 2006 13:39:09 +0000 (GMT) (envelope-from nobody@FreeBSD.org) Received: from www.freebsd.org (localhost [127.0.0.1]) by www.freebsd.org (8.13.1/8.13.1) with ESMTP id kB4Ddgs5026012 for ; Mon, 4 Dec 2006 13:39:42 GMT (envelope-from nobody@www.freebsd.org) Received: (from nobody@localhost) by www.freebsd.org (8.13.1/8.13.1/Submit) id kB4DdgjE026011; Mon, 4 Dec 2006 13:39:42 GMT (envelope-from nobody) Message-Id: <200612041339.kB4DdgjE026011@www.freebsd.org> Date: Mon, 4 Dec 2006 13:39:42 GMT From: Cichas To: freebsd-gnats-submit@FreeBSD.org X-Send-Pr-Version: www-3.0 Cc: Subject: kern/106316: Dummynet with multipass ipfw drops packets when reloading FW X-BeenThere: freebsd-bugs@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: Bug reports List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 04 Dec 2006 13:50:24 -0000 >Number: 106316 >Category: kern >Synopsis: Dummynet with multipass ipfw drops packets when reloading FW >Confidential: no >Severity: serious >Priority: medium >Responsible: freebsd-bugs >State: open >Quarter: >Keywords: >Date-Required: >Class: sw-bug >Submitter-Id: current-users >Arrival-Date: Mon Dec 04 13:50:04 GMT 2006 >Closed-Date: >Last-Modified: >Originator: Cichas >Release: 5.5-Release, 6.1-Release, 6.2-RC1 >Organization: >Environment: >Description: IPFW2 with dummynet pipes net.inet.ip.fw.one_pass: 0 no skipto rule After 'ipfw -f flush' you will get lots of: ipfw: ouch!, skip past end of rules, denying packet It's bug because at least kernel rule 65535 should be used for packets going out of pipes after rule flush. >How-To-Repeat: PC1 -- ethernet -- PC2 Run iperf test between them On PC1 od PC2 run: /sbin/sysctl net.inet.ip.fw.one_pass 0 ipfw pipe 1 config bw 256Kbit/s queue 512KBytes ipfw pipe 2 config bw 256Kbit/s queue 512KBytes ipfw add 10 pipe 1 ip from any to any out ipfw add 10 allow ip from any to any out ipfw add 20 pipe 2 ip from any to any in ipfw add 20 allow ip from any to any in /bin/sleep 20 ipfw -f flush >Fix: Only workaround: /sbin/sysctl net.inet.ip.fw.one_pass=1 $fwcmd -f flush $fwcmd add 65500 allow all from any to any sleep XY to flush pipes, load new ruleset, one_pass=0 and delete rule 65500 >Release-Note: >Audit-Trail: >Unformatted: