From owner-freebsd-ipfw@FreeBSD.ORG Mon Jul 7 11:07:01 2008 Return-Path: Delivered-To: freebsd-ipfw@FreeBSD.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 09FC01065675 for ; Mon, 7 Jul 2008 11:07:01 +0000 (UTC) (envelope-from owner-bugmaster@FreeBSD.org) Received: from freefall.freebsd.org (freefall.freebsd.org [IPv6:2001:4f8:fff6::28]) by mx1.freebsd.org (Postfix) with ESMTP id E9D2E8FC28 for ; Mon, 7 Jul 2008 11:07:00 +0000 (UTC) (envelope-from owner-bugmaster@FreeBSD.org) Received: from freefall.freebsd.org (localhost [127.0.0.1]) by freefall.freebsd.org (8.14.2/8.14.2) with ESMTP id m67B70Cd062072 for ; Mon, 7 Jul 2008 11:07:00 GMT (envelope-from owner-bugmaster@FreeBSD.org) Received: (from gnats@localhost) by freefall.freebsd.org (8.14.2/8.14.1/Submit) id m67B70cw062068 for freebsd-ipfw@FreeBSD.org; Mon, 7 Jul 2008 11:07:00 GMT (envelope-from owner-bugmaster@FreeBSD.org) Date: Mon, 7 Jul 2008 11:07:00 GMT Message-Id: <200807071107.m67B70cw062068@freefall.freebsd.org> X-Authentication-Warning: freefall.freebsd.org: gnats set sender to owner-bugmaster@FreeBSD.org using -f From: FreeBSD bugmaster To: freebsd-ipfw@FreeBSD.org Cc: Subject: Current problem reports assigned to freebsd-ipfw@FreeBSD.org X-BeenThere: freebsd-ipfw@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: IPFW Technical Discussions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 07 Jul 2008 11:07:01 -0000 Current FreeBSD problem reports Critical problems Serious problems S Tracker Resp. Description -------------------------------------------------------------------------------- o kern/51274 ipfw [ipfw] [patch] ipfw2 create dynamic rules with parent o kern/73910 ipfw [ipfw] serious bug on forwarding of packets after NAT o kern/74104 ipfw [ipfw] ipfw2/1 conflict not detected or reported, manp o kern/88659 ipfw [modules] ipfw and ip6fw do not work properly as modul o kern/93300 ipfw [ipfw] ipfw pipe lost packets o kern/95084 ipfw [ipfw] [regression] [patch] IPFW2 ignores "recv/xmit/v o kern/97504 ipfw [ipfw] IPFW Rules bug o kern/97951 ipfw [ipfw] [patch] ipfw does not tie interface details to o kern/98831 ipfw [ipfw] ipfw has UDP hickups o kern/102471 ipfw [ipfw] [patch] add tos and dscp support o kern/103454 ipfw [ipfw] [patch] [request] add a facility to modify DF b o kern/106534 ipfw [ipfw] [panic] ipfw + dummynet o kern/112708 ipfw [ipfw] ipfw is seems to be broken to limit number of c o kern/117234 ipfw [ipfw] [patch] ipfw send_pkt() and ipfw_tick() don't s o kern/118993 ipfw [ipfw] page fault - probably it's a locking problem o conf/123119 ipfw [patch] rc script for ipfw does not handle IPv6 16 problems total. Non-critical problems S Tracker Resp. Description -------------------------------------------------------------------------------- a kern/26534 ipfw [ipfw] Add an option to ipfw to log gid/uid of who cau o kern/46159 ipfw [ipfw] [patch] [request] ipfw dynamic rules lifetime f o kern/48172 ipfw [ipfw] [patch] ipfw does not log size and flags o kern/55984 ipfw [ipfw] [patch] time based firewalling support for ipfw o kern/60719 ipfw [ipfw] Headerless fragments generate cryptic error mes o kern/69963 ipfw [ipfw] install_state warning about already existing en o kern/71366 ipfw [ipfw] "ipfw fwd" sometimes rewrites destination mac a o kern/72987 ipfw [ipfw] ipfw/dummynet pipe/queue 'queue [BYTES]KBytes ( o bin/78785 ipfw [patch] ipfw(8) verbosity locks machine if /etc/rc.fir s kern/80642 ipfw [ipfw] [patch] ipfw small patch - new RULE OPTION o kern/82724 ipfw [ipfw] [patch] [request] Add setnexthop and defaultrou o kern/86957 ipfw [ipfw] [patch] ipfw mac logging o kern/87032 ipfw [ipfw] [patch] ipfw ioctl interface implementation o kern/91847 ipfw [ipfw] ipfw with vlanX as the device o kern/103328 ipfw [ipfw] [request] sugestions about ipfw table o kern/104682 ipfw [ipfw] [patch] Some minor language consistency fixes a o bin/104921 ipfw [patch] ipfw(8) sometimes treats ipv6 input as ipv4 (a o kern/105330 ipfw [ipfw] [patch] ipfw (dummynet) does not allow to set q o kern/107305 ipfw [ipfw] ipfw fwd doesn't seem to work o kern/112561 ipfw [ipfw] ipfw fwd does not work with some TCP packets p kern/113388 ipfw [ipfw][patch] Addition actions with rules within speci o docs/113803 ipfw [patch] ipfw(8) - don't get bitten by the fwd rule o bin/115172 ipfw [patch] ipfw(8) list show some rules with a wrong form p kern/115755 ipfw [ipfw][patch] unify message and add a rule number wher o kern/116009 ipfw [ipfw] [patch] Ignore errors when loading ruleset from o kern/121122 ipfw [ipfw] [patch] add support to ToS IP PRECEDENCE fields o kern/121382 ipfw [dummynet]: 6.3-RELEASE-p1 page fault in dummynet (cor s kern/121807 ipfw [request] TCP and UDP port_table in ipfw o kern/122963 ipfw [ipfw] tcpdump does not show packets redirected by 'ip 29 problems total. From owner-freebsd-ipfw@FreeBSD.ORG Mon Jul 7 14:06:32 2008 Return-Path: Delivered-To: freebsd-ipfw@hub.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 856021065670; Mon, 7 Jul 2008 14:06:32 +0000 (UTC) (envelope-from sem@FreeBSD.org) Received: from freefall.freebsd.org (freefall.freebsd.org [IPv6:2001:4f8:fff6::28]) by mx1.freebsd.org (Postfix) with ESMTP id 5A9948FC14; Mon, 7 Jul 2008 14:06:32 +0000 (UTC) (envelope-from sem@FreeBSD.org) Received: from freefall.freebsd.org (sem@localhost [127.0.0.1]) by freefall.freebsd.org (8.14.2/8.14.2) with ESMTP id m67E6W4I083732; Mon, 7 Jul 2008 14:06:32 GMT (envelope-from sem@freefall.freebsd.org) Received: (from sem@localhost) by freefall.freebsd.org (8.14.2/8.14.1/Submit) id m67E6W3X083728; Mon, 7 Jul 2008 14:06:32 GMT (envelope-from sem) Date: Mon, 7 Jul 2008 14:06:32 GMT Message-Id: <200807071406.m67E6W3X083728@freefall.freebsd.org> To: sem@FreeBSD.org, freebsd-bugs@FreeBSD.org, freebsd-ipfw@FreeBSD.org From: sem@FreeBSD.org Cc: Subject: Re: bin/125370: [ipfw] increase a line buffer limit X-BeenThere: freebsd-ipfw@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: IPFW Technical Discussions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 07 Jul 2008 14:06:32 -0000 Synopsis: [ipfw] increase a line buffer limit Responsible-Changed-From-To: freebsd-bugs->freebsd-ipfw Responsible-Changed-By: sem Responsible-Changed-When: Mon Jul 7 14:06:09 UTC 2008 Responsible-Changed-Why: Over to maintainer http://www.freebsd.org/cgi/query-pr.cgi?pr=125370 From owner-freebsd-ipfw@FreeBSD.ORG Wed Jul 9 07:24:29 2008 Return-Path: Delivered-To: freebsd-ipfw@FreeBSD.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id E1C16106568B for ; Wed, 9 Jul 2008 07:24:29 +0000 (UTC) (envelope-from bu7cher@yandex.ru) Received: from smtp8.yandex.ru (smtp8.yandex.ru [213.180.200.213]) by mx1.freebsd.org (Postfix) with ESMTP id 30D088FC2F for ; Wed, 9 Jul 2008 07:24:28 +0000 (UTC) (envelope-from bu7cher@yandex.ru) Received: from mail.kirov.so-cdu.ru ([77.72.136.145]:13001 "EHLO [127.0.0.1]" smtp-auth: "bu7cher" TLS-CIPHER: "DHE-RSA-AES256-SHA keybits 256/256 version TLSv1/SSLv3" TLS-PEER-CN1: ) by mail.yandex.ru with ESMTP id S7455999AbYGIHNF (ORCPT ); Wed, 9 Jul 2008 11:13:05 +0400 X-Yandex-Spam: 1 X-Yandex-Front: smtp8 X-Yandex-TimeMark: 1215587585 X-MsgDayCount: 3 X-Comment: RFC 2476 MSA function at smtp8.yandex.ru logged sender identity as: bu7cher Message-ID: <487464E0.3090909@yandex.ru> Date: Wed, 09 Jul 2008 11:12:32 +0400 From: "Andrey V. Elsukov" User-Agent: Mozilla Thunderbird 1.5 (FreeBSD/20051231) MIME-Version: 1.0 To: Paolo Pisati References: <200803122100.m2CL0t7V088955@freefall.freebsd.org> <20080313094356.GA9219@tin.it> In-Reply-To: <20080313094356.GA9219@tin.it> Content-Type: text/plain; charset=KOI8-R; format=flowed Content-Transfer-Encoding: 7bit Cc: Vadim Goncharov , freebsd-ipfw@FreeBSD.org Subject: Re: kern/80642: [ipfw] [patch] ipfw small patch - new RULE OPTION X-BeenThere: freebsd-ipfw@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: IPFW Technical Discussions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 09 Jul 2008 07:24:30 -0000 Paolo Pisati wrote: >> add packet counter as well. That's all possible with one opcode, though... > > if anyone post an updated patch, i'll commit it. Hi, Paolo. Any progress in this? I updated patch: http://butcher.heavennet.ru/patches/kernel/ipfw/ipfw_counterlimit.diff -- WBR, Andrey V. Elsukov From owner-freebsd-ipfw@FreeBSD.ORG Fri Jul 11 10:57:34 2008 Return-Path: Delivered-To: freebsd-ipfw@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 6F272106564A for ; Fri, 11 Jul 2008 10:57:34 +0000 (UTC) (envelope-from nickhardcore@gmail.com) Received: from fg-out-1718.google.com (fg-out-1718.google.com [72.14.220.159]) by mx1.freebsd.org (Postfix) with ESMTP id 0CB8B8FC14 for ; Fri, 11 Jul 2008 10:57:33 +0000 (UTC) (envelope-from nickhardcore@gmail.com) Received: by fg-out-1718.google.com with SMTP id l26so2098434fgb.35 for ; Fri, 11 Jul 2008 03:57:32 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=gamma; h=domainkey-signature:received:received:message-id:date:from:reply-to :user-agent:mime-version:to:subject:content-type :content-transfer-encoding; bh=2HP+4S0/9+OcIJoezG1FzIGNFDNIhN10ZMcTTBfLVB4=; b=l8gnjaia2r3BAmv/C4ohtTb/quq44iY2hK3Tx4Tria6PzR3H0Md/KdOM7Nu7z2N6DK 1+NGfJIfBeky+r9nzgX3/FgZBs5qtTNDxE5EOtn1q9I4Xk3ikV8a+KLKqeSIhL8SiuRS S6gSVbcgay6VKI/c1kwHwSUc52QKXe+IL0LMk= DomainKey-Signature: a=rsa-sha1; c=nofws; d=gmail.com; s=gamma; h=message-id:date:from:reply-to:user-agent:mime-version:to:subject :content-type:content-transfer-encoding; b=PhTkN9A00ch9krGUf5AEcn/kPGgHiB+8T5G9CFmTE5+E4+UaMOR9pP4MU5RPT5Y+0v w7C2nmRfo8tVRykccAH1yVjepHkhU/8SXJ9jE0FtT1pMPdF4SYOx0fspkWCYed3SH75b Ey/1b72Yyvx8V/kKbDOMM2sVcM44WSINlYMw0= Received: by 10.86.1.11 with SMTP id 11mr9642381fga.27.1215772402868; Fri, 11 Jul 2008 03:33:22 -0700 (PDT) Received: from ?212.4.4.20? ( [212.4.4.20]) by mx.google.com with ESMTPS id e11sm766803fga.4.2008.07.11.03.33.21 (version=TLSv1/SSLv3 cipher=RC4-MD5); Fri, 11 Jul 2008 03:33:22 -0700 (PDT) Message-ID: <48773733.6040709@gmail.com> Date: Fri, 11 Jul 2008 12:34:27 +0200 From: nickhardcore User-Agent: Thunderbird 2.0.0.14 (X11/20080505) MIME-Version: 1.0 To: freebsd-ipfw@FreeBSD.org Content-Type: text/plain; charset=ISO-8859-1 Content-Transfer-Encoding: 7bit Cc: Subject: unknown option IPV6FIREWALL_VERBOSE when compiling X-BeenThere: freebsd-ipfw@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list Reply-To: nickhardcore@gmail.com List-Id: IPFW Technical Discussions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 11 Jul 2008 10:57:34 -0000 Hi list. I was following this guide (http://www.freebsd.org/doc/en/books/handbook/firewalls-ipfw.html) to configure and use IPFW on my FreeBSD 7 (is a vmware virtual machine but I don't think this is a problem) [root@hyperion /usr/src]$ uname -a FreeBSD hyperion.xxx.org 7.0-RELEASE-p2 FreeBSD 7.0-RELEASE-p2 #1: Wed Jul 2 19:48:58 CEST 2008 root@hyperion.xxx.org:/usr/obj/usr/src/sys/CUSTOM i386 But when compiling the kernel I have the following error: [root@hyperion /usr/src]# make buildkernel KERNCONF=CUSTOM -------------------------------------------------------------- >>> Kernel build for CUSTOM started on Thu Jul 10 23:21:45 CEST 2008 -------------------------------------------------------------- ===> CUSTOM mkdir -p /usr/obj/usr/src/sys -------------------------------------------------------------- >>> stage 1: configuring the kernel -------------------------------------------------------------- cd /usr/src/sys/i386/conf; PATH=/usr/obj/usr/src/tmp/legacy/usr/sbin:/usr/obj/usr/src/tmp/legacy/usr/bin:/usr/obj/usr/src/tmp/legacy/usr/games:/usr/obj/usr/src/tmp/usr/sbin:/usr/obj/usr/src/tmp/usr/bin:/usr/obj/usr/src/tmp/usr/games:/sbin:/bin:/usr/sbin:/usr/bin config -d /usr/obj/usr/src/sys/CUSTOM /usr/src/sys/i386/conf/CUSTOM /usr/src/sys/i386/conf/CUSTOM: unknown option "IPV6FIREWALL_VERBOSE" *** Error code 1 Stop in /usr/src. *** Error code 1 Stop in /usr/src. The kernel configuration is a "GENERIC" with this few customizations: options ACCEPT_FILTER_HTTP options ACCEPT_FILTER_DATA options DEVICE_POLLING options IPFIREWALL options IPFIREWALL_VERBOSE options IPFIREWALL_DEFAULT_TO_ACCEPT options IPV6FIREWALL options IPV6FIREWALL_VERBOSE options IPV6FIREWALL_DEFAULT_TO_ACCEPT options IPDIVERT I tried to update through cvsup the system and then recompile the kernel with the new options but the error is still there. Any idea? nick From owner-freebsd-ipfw@FreeBSD.ORG Sat Jul 12 11:06:47 2008 Return-Path: Delivered-To: freebsd-ipfw@hub.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 18382106564A; Sat, 12 Jul 2008 11:06:47 +0000 (UTC) (envelope-from az@FreeBSD.org) Received: from freefall.freebsd.org (freefall.freebsd.org [IPv6:2001:4f8:fff6::28]) by mx1.freebsd.org (Postfix) with ESMTP id E24E28FC12; Sat, 12 Jul 2008 11:06:46 +0000 (UTC) (envelope-from az@FreeBSD.org) Received: from freefall.freebsd.org (az@localhost [127.0.0.1]) by freefall.freebsd.org (8.14.2/8.14.2) with ESMTP id m6CB6kBm092533; Sat, 12 Jul 2008 11:06:46 GMT (envelope-from az@freefall.freebsd.org) Received: (from az@localhost) by freefall.freebsd.org (8.14.2/8.14.1/Submit) id m6CB6kl1092529; Sat, 12 Jul 2008 11:06:46 GMT (envelope-from az) Date: Sat, 12 Jul 2008 11:06:46 GMT Message-Id: <200807121106.m6CB6kl1092529@freefall.freebsd.org> To: az@freebsd.org, az@FreeBSD.org, freebsd-ipfw@FreeBSD.org From: az@FreeBSD.org Cc: Subject: Re: kern/106534: [ipfw] [panic] ipfw + dummynet X-BeenThere: freebsd-ipfw@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: IPFW Technical Discussions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sat, 12 Jul 2008 11:06:47 -0000 Synopsis: [ipfw] [panic] ipfw + dummynet State-Changed-From-To: open->closed State-Changed-By: az State-Changed-When: Sat Jul 12 11:06:46 UTC 2008 State-Changed-Why: No way to repeat such panic http://www.freebsd.org/cgi/query-pr.cgi?pr=106534