From owner-freebsd-ipfw@FreeBSD.ORG Mon Oct 4 11:02:37 2004 Return-Path: Delivered-To: freebsd-ipfw@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id D08CC16A4D2 for ; Mon, 4 Oct 2004 11:02:37 +0000 (GMT) Received: from freefall.freebsd.org (freefall.freebsd.org [216.136.204.21]) by mx1.FreeBSD.org (Postfix) with ESMTP id C4A1043D1F for ; Mon, 4 Oct 2004 11:02:37 +0000 (GMT) (envelope-from owner-bugmaster@freebsd.org) Received: from freefall.freebsd.org (peter@localhost [127.0.0.1]) by freefall.freebsd.org (8.12.11/8.12.11) with ESMTP id i94B2bQG031831 for ; Mon, 4 Oct 2004 11:02:37 GMT (envelope-from owner-bugmaster@freebsd.org) Received: (from peter@localhost) by freefall.freebsd.org (8.12.11/8.12.11/Submit) id i94B2bUD031825 for ipfw@freebsd.org; Mon, 4 Oct 2004 11:02:37 GMT (envelope-from owner-bugmaster@freebsd.org) Date: Mon, 4 Oct 2004 11:02:37 GMT Message-Id: <200410041102.i94B2bUD031825@freefall.freebsd.org> X-Authentication-Warning: freefall.freebsd.org: peter set sender to owner-bugmaster@freebsd.org using -f From: FreeBSD bugmaster To: ipfw@FreeBSD.org Subject: Current problem reports assigned to you X-BeenThere: freebsd-ipfw@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: IPFW Technical Discussions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 04 Oct 2004 11:02:37 -0000 Current FreeBSD problem reports Critical problems Serious problems S Submitted Tracker Resp. Description ------------------------------------------------------------------------------- o [2003/04/22] kern/51274 ipfw ipfw2 create dynamic rules with parent nu f [2003/04/24] kern/51341 ipfw ipfw rule 'deny icmp from any to any icmp o [2003/12/11] kern/60154 ipfw ipfw core (crash) o [2004/03/03] kern/63724 ipfw IPFW2 Queues dont t work f [2004/03/25] kern/64694 ipfw [ipfw] UID/GID matching in ipfw non-funct 5 problems total. Non-critical problems S Submitted Tracker Resp. Description ------------------------------------------------------------------------------- a [2001/04/13] kern/26534 ipfw Add an option to ipfw to log gid/uid of w o [2002/12/10] kern/46159 ipfw ipfw dynamic rules lifetime feature o [2003/02/11] kern/48172 ipfw ipfw does not log size and flags o [2003/03/10] kern/49086 ipfw [patch] Make ipfw2 log to different syslo o [2003/04/09] bin/50749 ipfw ipfw2 incorrectly parses ports and port r o [2003/08/26] kern/55984 ipfw [patch] time based firewalling support fo o [2003/12/30] kern/60719 ipfw ipfw: Headerless fragments generate cryp o [2004/08/03] kern/69963 ipfw ipfw: install_state warning about already o [2004/09/04] kern/71366 ipfw "ipfw fwd" sometimes rewrites destination 9 problems total. From owner-freebsd-ipfw@FreeBSD.ORG Mon Oct 4 21:09:28 2004 Return-Path: Delivered-To: freebsd-ipfw@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id E3D3F16A4E1 for ; Mon, 4 Oct 2004 21:09:28 +0000 (GMT) Received: from regulus.redepegasus.com.br (regulus.redepegasus.com.br [200.195.111.166]) by mx1.FreeBSD.org (Postfix) with ESMTP id 9854B43D1F for ; Mon, 4 Oct 2004 21:09:28 +0000 (GMT) (envelope-from jb@redepegasus.com.br) Received: from localhost (localhost.redepegasus.com.br [127.0.0.1]) by regulus.redepegasus.com.br (Postfix) with ESMTP id 59147B88C9 for ; Sat, 2 Oct 2004 06:12:55 -0300 (BRT) Received: from regulus.redepegasus.com.br ([127.0.0.1])port 10024) with ESMTP id 53068-10 for ; Sat, 2 Oct 2004 06:12:55 -0300 (BRT) Received: by regulus.redepegasus.com.br (Postfix, from userid 85) id 15E77B88C8; Sat, 2 Oct 2004 06:12:55 -0300 (BRT) Received: from polaris (unknown [200.195.111.170]) by regulus.redepegasus.com.br (Postfix) with ESMTP id B91D9B88E2 for ; Sat, 2 Oct 2004 06:12:54 -0300 (BRT) Message-ID: <005101c4a85f$e16d6960$aa6fc3c8@redepegasus.com.br> From: =?iso-8859-1?Q?Juli=E3o_Braga_-_Rede_Pegasus?= To: Date: Sat, 2 Oct 2004 06:12:02 -0300 X-Priority: 3 X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook Express 6.00.2900.2180 X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2900.2180 X-Sanitizer: Advosys mail filter MIME-Version: 1.0 Content-Type: text/plain; format=flowed; charset="iso-8859-1"; reply-type=original Content-Transfer-Encoding: 7bit Subject: ipfw2 syntax to specify address sets and or-blocks X-BeenThere: freebsd-ipfw@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: IPFW Technical Discussions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 04 Oct 2004 21:09:29 -0000 Hi, I'm using a 5.2.1 version: [root@unidade1 root]# uname -a FreeBSD unidade1.redepegasus.com.br 5.2.1-RELEASE FreeBSD 5.2.1-RELEASE #0: Fri Jun 18 15:08:10 BRT 2004 root@unidade1.redepegasus.com.br:/usr/src/sys/i386/compile/UNIDADE1 i386 and created the following rules: ipsmsn="{ 192.168.0.0/24{1,6,23,58,65,111} or 192.168.1.0/24{32,34,60} or 192.168.3.0/24{4} }" ... ipfw add 00200 check-state ... #KAZAA/MSN/YAHOO ipfw add 40210 allow all from any to ${ipsmsn} 1863,5050,5190 keep-state ipfw add 40211 allow all from ${ipsmsn} to any 1863,5050,5190 keep-state #additional MSN ports ipfw add 40212 allow all from any to ${ipsmsn} 6891-6901,6801,2001-2120,7801-7825 keep-state ipfw add 40213 allow all from ${ipsmsn} to any 6891-6901,6801,2001-2120,7801-7825 keep-state ipfw add 40214 deny all from any to any 6891-6901,6801,2001-2120,7801-7825 keep-state ipfw add 40223 deny all from any to any 5190 keep-state # ICQ deny And I'm getting from ipfw -a l: ... 40210 0 0 allow ip from any to 0.0.7.71,0.0.19.186,0.0.20.70 keep-state Some help about? Thank you, Juliao --- Rede Pegasus http://www.redepegasus.com.br From owner-freebsd-ipfw@FreeBSD.ORG Mon Oct 4 21:09:57 2004 Return-Path: Delivered-To: freebsd-ipfw@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 1CA9F16A4CE for ; Mon, 4 Oct 2004 21:09:57 +0000 (GMT) Received: from regulus.redepegasus.com.br (regulus.redepegasus.com.br [200.195.111.166]) by mx1.FreeBSD.org (Postfix) with ESMTP id 8E55C43D53 for ; Mon, 4 Oct 2004 21:09:55 +0000 (GMT) (envelope-from juliao@braga.eti.br) Received: from localhost (localhost.redepegasus.com.br [127.0.0.1]) by regulus.redepegasus.com.br (Postfix) with ESMTP id B80E9B89BB for ; Fri, 1 Oct 2004 19:58:00 -0300 (BRT) Received: from regulus.redepegasus.com.br ([127.0.0.1])port 10024) with ESMTP id 18815-08 for ; Fri, 1 Oct 2004 19:58:00 -0300 (BRT) Received: by regulus.redepegasus.com.br (Postfix, from userid 85) id 5AD24B89BA; Fri, 1 Oct 2004 19:58:00 -0300 (BRT) Received: from polaris (unknown [200.195.111.170]) by regulus.redepegasus.com.br (Postfix) with ESMTP id 0A2C7B89B2 for ; Fri, 1 Oct 2004 19:58:00 -0300 (BRT) Message-ID: <079101c4a809$fab1b9e0$aa6fc3c8@redepegasus.com.br> From: "Juliao Braga - Rede Pegasus" To: References: <20040929195920.GC1807@green.homeunix.org> <20041001031248.GC3411@green.homeunix.org> Date: Fri, 1 Oct 2004 19:57:08 -0300 X-Priority: 3 X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook Express 6.00.2900.2180 X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2900.2180 X-Sanitizer: Advosys mail filter MIME-Version: 1.0 Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: quoted-printable X-Content-Filtered-By: Mailman/MimeDel 2.1.1 Subject: ipfw2 syntax to specify address sets X-BeenThere: freebsd-ipfw@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: IPFW Technical Discussions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 04 Oct 2004 21:09:57 -0000 Hi, I'm using a 5.2.1 version: [root@unidade1 root]# uname -a FreeBSD unidade1.redepegasus.com.br 5.2.1-RELEASE FreeBSD 5.2.1-RELEASE #0:= =20 Fri Jun 18 15:08:10 BRT 2004=20 root@unidade1.redepegasus.com.br:/usr/src/sys/i386/compile/UNIDADE1 i386 and created the following rules: ipsmsn=3D"{ 192.168.0.0/24{1,6,23,58,65,111} or 192.168.1.0/24{32,34,60} or= =20 192.168.3.0/24{4} }" ... ipfw add 00200 check-state ... #KAZAA/MSN/YAHOO ipfw add 40210 allow all from any to ${ipsmsn} 1863,5050,5190 keep-state ipfw add 40211 allow all from ${ipsmsn} to any 1863,5050,5190 keep-state #additional MSN ports ipfw add 40212 allow all from any to ${ipsmsn}=20 6891-6901,6801,2001-2120,7801-7825 keep-state ipfw add 40213 allow all from ${ipsmsn} to any=20 6891-6901,6801,2001-2120,7801-7825 keep-state ipfw add 40214 deny all from any to any 6891-6901,6801,2001-2120,7801-7825= =20 keep-state ipfw add 40223 deny all from any to any 5190 keep-state # ICQ deny And I'm getting from ipfw -a l: ... 40210 0 0 allow ip from any to 0.0.7.71,0.0.19.186,0.0.20.70= =20 keep-state Some help about? Thank you, Juliao --- Rede Pegasus http://www.redepegasus.com.br From owner-freebsd-ipfw@FreeBSD.ORG Mon Oct 4 22:20:26 2004 Return-Path: Delivered-To: freebsd-ipfw@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 7744A16A4CE for ; Mon, 4 Oct 2004 22:20:26 +0000 (GMT) Received: from regulus.redepegasus.com.br (regulus.redepegasus.com.br [200.195.111.166]) by mx1.FreeBSD.org (Postfix) with ESMTP id 2FE7E43D1F for ; Mon, 4 Oct 2004 22:20:26 +0000 (GMT) (envelope-from jb@redepegasus.com.br) Received: from localhost (localhost.redepegasus.com.br [127.0.0.1]) by regulus.redepegasus.com.br (Postfix) with ESMTP id 10EB0B88B9 for ; Fri, 1 Oct 2004 17:33:51 -0300 (BRT) Received: from regulus.redepegasus.com.br ([127.0.0.1])port 10024) with ESMTP id 05301-03 for ; Fri, 1 Oct 2004 17:33:50 -0300 (BRT) Received: by regulus.redepegasus.com.br (Postfix, from userid 85) id 85F4EB88B7; Fri, 1 Oct 2004 17:33:50 -0300 (BRT) Received: from polaris (unknown [200.195.111.170]) by regulus.redepegasus.com.br (Postfix) with ESMTP id 35B4FB88B3 for ; Fri, 1 Oct 2004 17:33:50 -0300 (BRT) Message-ID: <051a01c4a7f5$d70f5970$aa6fc3c8@redepegasus.com.br> From: =?iso-8859-1?Q?Juli=E3o_Braga_-_Rede_Pegasus?= To: References: <20040929195920.GC1807@green.homeunix.org> <20041001031248.GC3411@green.homeunix.org> Date: Fri, 1 Oct 2004 17:32:58 -0300 X-Priority: 3 X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook Express 6.00.2900.2180 X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2900.2180 X-Sanitizer: Advosys mail filter MIME-Version: 1.0 Content-Type: text/plain; format=flowed; charset="iso-8859-1"; reply-type=original Content-Transfer-Encoding: 7bit Subject: ipfw2 syntax to specify address sets X-BeenThere: freebsd-ipfw@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: IPFW Technical Discussions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 04 Oct 2004 22:20:26 -0000 Hi, I'm using a 5.2.1 version: [root@unidade1 root]# uname -a FreeBSD unidade1.redepegasus.com.br 5.2.1-RELEASE FreeBSD 5.2.1-RELEASE #0: Fri Jun 18 15:08:10 BRT 2004 root@unidade1.redepegasus.com.br:/usr/src/sys/i386/compile/UNIDADE1 i386 and created the following rules: ipsmsn="{ 192.168.0.0/24{1,6,23,58,65,111} or 192.168.1.0/24{32,34,60} or 192.168.3.0/24{4} }" ... ipfw add 00200 check-state ... #KAZAA/MSN/YAHOO ipfw add 40210 allow all from any to ${ipsmsn} 1863,5050,5190 keep-state ipfw add 40211 allow all from ${ipsmsn} to any 1863,5050,5190 keep-state #additional MSN ports ipfw add 40212 allow all from any to ${ipsmsn} 6891-6901,6801,2001-2120,7801-7825 keep-state ipfw add 40213 allow all from ${ipsmsn} to any 6891-6901,6801,2001-2120,7801-7825 keep-state ipfw add 40214 deny all from any to any 6891-6901,6801,2001-2120,7801-7825 keep-state ipfw add 40223 deny all from any to any 5190 keep-state # ICQ deny And I'm getting from ipfw -a l: ... 40210 0 0 allow ip from any to 0.0.7.71,0.0.19.186,0.0.20.70 keep-state Some help about? Thank you, Juliao --- Rede Pegasus http://www.redepegasus.com.br From owner-freebsd-ipfw@FreeBSD.ORG Thu Oct 7 04:52:39 2004 Return-Path: Delivered-To: freebsd-ipfw@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 8548516A4CE for ; Thu, 7 Oct 2004 04:52:39 +0000 (GMT) Received: from ctb-mesg1.saix.net (ctb-mesg1.saix.net [196.25.240.73]) by mx1.FreeBSD.org (Postfix) with ESMTP id DE25643D2D for ; Thu, 7 Oct 2004 04:52:38 +0000 (GMT) (envelope-from savage@savage.za.org) Received: from netsphere.cenergynetworks.com (wblv-250-78.telkomadsl.co.za [165.165.250.78]) by ctb-mesg1.saix.net (Postfix) with ESMTP id 380A66234 for ; Thu, 7 Oct 2004 06:52:36 +0200 (SAST) Received: from 192-168-1-010.ops.cenergynetworks.com ([192.168.1.10] helo=netphobia) by netsphere.cenergynetworks.com with smtp (Exim 4.41) id 1CFQGZ-0000Wm-sV for freebsd-ipfw@freebsd.org; Thu, 07 Oct 2004 06:52:36 +0200 Message-ID: <000901c4ac29$79fd3350$0a01a8c0@ops.cenergynetworks.com> From: "Chris Knipe" To: Date: Thu, 7 Oct 2004 06:52:41 +0200 MIME-Version: 1.0 Content-Type: text/plain; format=flowed; charset="iso-8859-1"; reply-type=original Content-Transfer-Encoding: 7bit X-Priority: 3 X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook Express 6.00.2900.2180 X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2900.2180 Subject: ipfw and ipid... X-BeenThere: freebsd-ipfw@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list Reply-To: Chris Knipe List-Id: IPFW Technical Discussions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 07 Oct 2004 04:52:39 -0000 Hi, Is anyone using ipfw's ipid option to match tcp packets based on their id??? We wrote a custom app using divert and then mark certain packets with a specific ipid. Our application marks x amounts of packets successfully, but ipfw doesn't even see halve of the amount of packets that we mark if we tell ipfw to match with the ipid field.... -- Chris From owner-freebsd-ipfw@FreeBSD.ORG Fri Oct 8 06:09:55 2004 Return-Path: Delivered-To: freebsd-ipfw@freebsd.org Received: from green.homeunix.org (freefall.freebsd.org [216.136.204.21]) by hub.freebsd.org (Postfix) with ESMTP id A40ED16A4CF; Fri, 8 Oct 2004 06:09:54 +0000 (GMT) Received: from green.homeunix.org (green@localhost [127.0.0.1]) by green.homeunix.org (8.13.1/8.13.1) with ESMTP id i9869sGp001858; Fri, 8 Oct 2004 02:09:54 -0400 (EDT) (envelope-from green@green.homeunix.org) Received: (from green@localhost) by green.homeunix.org (8.13.1/8.13.1/Submit) id i9869pPB001857; Fri, 8 Oct 2004 02:09:51 -0400 (EDT) (envelope-from green) Date: Fri, 8 Oct 2004 02:09:51 -0400 From: Brian Fundakowski Feldman To: Pawel Malachowski Message-ID: <20041008060950.GA980@green.homeunix.org> References: <20040825110455.GB57463@shellma.zin.lublin.pl> <20040825111911.GE92931@elvis.mu.org> <20040825113822.GC57463@shellma.zin.lublin.pl> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <20040825113822.GC57463@shellma.zin.lublin.pl> User-Agent: Mutt/1.5.6i cc: ipfw@freebsd.org Subject: Re: (not) Protecting of case IP_FW_GET. X-BeenThere: freebsd-ipfw@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: IPFW Technical Discussions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 08 Oct 2004 06:09:55 -0000 On Wed, Aug 25, 2004 at 01:38:22PM +0200, Pawel Malachowski wrote: > On Wed, Aug 25, 2004 at 01:19:11PM +0200, Maxime Henrion wrote: > > > > Another thing, in HEAD, there are three mallocs with M_WAITOK flag, only > > > one of them checks if malloc succeed (lookup tables code) and returns > > > ENOMEM, if not. Another two are assuming malloc will always succeed. > > > In RELENG_4, result is checked and ENOBUFS (why not ENOMEM?) is returned > > > if malloc failed. > > > > The case where it checks the return value of malloc() is wrong. When > > called with the M_WAITOK flag, malloc() is not supposed to return NULL. > > malloc(9) states that. What would happen, if one tries to malloc more > memory than we physically have, with M_WAITOK flag -- will it eat all > available memory and wait forever for more? No, it would crash the kernel. You are only supposed to make "reasonable" request for memory. -- Brian Fundakowski Feldman \'[ FreeBSD ]''''''''''\ <> green@FreeBSD.org \ The Power to Serve! \ Opinions expressed are my own. \,,,,,,,,,,,,,,,,,,,,,,\