From owner-freebsd-ipfw@FreeBSD.ORG Mon Sep 24 11:08:25 2007 Return-Path: Delivered-To: freebsd-ipfw@FreeBSD.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id A8DED16A49A for ; Mon, 24 Sep 2007 11:08:25 +0000 (UTC) (envelope-from owner-bugmaster@FreeBSD.org) Received: from freefall.freebsd.org (freefall.freebsd.org [IPv6:2001:4f8:fff6::28]) by mx1.freebsd.org (Postfix) with ESMTP id 7B22C13C448 for ; Mon, 24 Sep 2007 11:08:25 +0000 (UTC) (envelope-from owner-bugmaster@FreeBSD.org) Received: from freefall.freebsd.org (gnats@localhost [127.0.0.1]) by freefall.freebsd.org (8.14.1/8.14.1) with ESMTP id l8OB8Pue064200 for ; Mon, 24 Sep 2007 11:08:25 GMT (envelope-from owner-bugmaster@FreeBSD.org) Received: (from gnats@localhost) by freefall.freebsd.org (8.14.1/8.14.1/Submit) id l8OB8ORd064196 for freebsd-ipfw@FreeBSD.org; Mon, 24 Sep 2007 11:08:24 GMT (envelope-from owner-bugmaster@FreeBSD.org) Date: Mon, 24 Sep 2007 11:08:24 GMT Message-Id: <200709241108.l8OB8ORd064196@freefall.freebsd.org> X-Authentication-Warning: freefall.freebsd.org: gnats set sender to owner-bugmaster@FreeBSD.org using -f From: FreeBSD bugmaster To: freebsd-ipfw@FreeBSD.org Cc: Subject: Current problem reports assigned to you X-BeenThere: freebsd-ipfw@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: IPFW Technical Discussions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 24 Sep 2007 11:08:25 -0000 Current FreeBSD problem reports Critical problems Serious problems S Tracker Resp. Description -------------------------------------------------------------------------------- o kern/51274 ipfw [ipfw] [patch] ipfw2 create dynamic rules with parent o kern/73910 ipfw [ipfw] serious bug on forwarding of packets after NAT o kern/74104 ipfw [ipfw] ipfw2/1 conflict not detected or reported, manp o kern/88659 ipfw [modules] ipfw and ip6fw do not work properly as modul o kern/93300 ipfw [ipfw] ipfw pipe lost packets o kern/95084 ipfw [ipfw] [patch] IPFW2 ignores "recv/xmit/via any" (IPFW o kern/97504 ipfw [ipfw] IPFW Rules bug o kern/97951 ipfw [ipfw] [patch] ipfw does not tie interface details to o kern/98831 ipfw [ipfw] ipfw has UDP hickups o kern/102471 ipfw [ipfw] [patch] add tos and dscp support o kern/103454 ipfw [ipfw] [patch] add a facility to modify DF bit of the o kern/106534 ipfw [ipfw] [panic] ipfw + dummynet o kern/112708 ipfw ipfw is seems to be broken to limit number of connecti 13 problems total. Non-critical problems S Tracker Resp. Description -------------------------------------------------------------------------------- a kern/26534 ipfw [ipfw] Add an option to ipfw to log gid/uid of who cau o kern/46159 ipfw [ipfw] [patch] ipfw dynamic rules lifetime feature o kern/48172 ipfw [ipfw] [patch] ipfw does not log size and flags o bin/50749 ipfw [ipfw] [patch] ipfw2 incorrectly parses ports and port o kern/55984 ipfw [ipfw] [patch] time based firewalling support for ipfw o kern/60719 ipfw [ipfw] Headerless fragments generate cryptic error mes o kern/69963 ipfw [ipfw] install_state warning about already existing en o kern/71366 ipfw [ipfw] "ipfw fwd" sometimes rewrites destination mac a o kern/72987 ipfw [ipfw] ipfw/dummynet pipe/queue 'queue [BYTES]KBytes ( o kern/73276 ipfw [ipfw] [patch] ipfw2 vulnerability (parser error) o bin/78785 ipfw [ipfw] [patch] ipfw verbosity locks machine if /etc/rc o kern/80642 ipfw [ipfw] [patch] ipfw small patch - new RULE OPTION o kern/82724 ipfw [ipfw] [patch] Add setnexthop and defaultroute feature o kern/86957 ipfw [ipfw] [patch] ipfw mac logging o kern/87032 ipfw [ipfw] [patch] ipfw ioctl interface implementation o kern/91847 ipfw [ipfw] ipfw with vlanX as the device o kern/103328 ipfw [ipfw] sugestions about ipfw table o kern/104682 ipfw [ipfw] [patch] Some minor language consistency fixes a o bin/104921 ipfw [patch] ipfw(8) sometimes treats ipv6 input as ipv4 (a o kern/105330 ipfw [ipfw] [patch] ipfw (dummynet) does not allow to set q o kern/107305 ipfw [ipfw] ipfw fwd doesn't seem to work o kern/111713 ipfw [dummynet] Too few dummynet queue slots o kern/112561 ipfw [ipfw] ipfw fwd does not work with some TCP packets p kern/113388 ipfw [ipfw][patch] Addition actions with rules within speci o bin/115172 ipfw [patch] ipfw(8) list show some rules with a wrong form o kern/115755 ipfw [ipfw][patch] unify message and add a rule number wher o kern/116009 ipfw [ipfw] [patch] Ignore errors when loading ruleset from 27 problems total. From owner-freebsd-ipfw@FreeBSD.ORG Mon Sep 24 18:11:49 2007 Return-Path: Delivered-To: freebsd-ipfw@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 5877E16A41B for ; Mon, 24 Sep 2007 18:11:49 +0000 (UTC) (envelope-from feighery@mitre.org) Received: from smtp-bedford.mitre.org (smtp-bedford.mitre.org [192.160.51.76]) by mx1.freebsd.org (Postfix) with ESMTP id 22E3413C4CA for ; Mon, 24 Sep 2007 18:11:48 +0000 (UTC) (envelope-from feighery@mitre.org) Received: from smtp-bedford.mitre.org (localhost.localdomain [127.0.0.1]) by smtp-bedford.mitre.org (8.12.11.20060308/8.12.11) with SMTP id l8OH2HVi001911 for ; Mon, 24 Sep 2007 13:02:17 -0400 Received: from smtp-bedford.mitre.org (localhost.localdomain [127.0.0.1]) by smtp-bedford.mitre.org (Postfix) with ESMTP id F0F0EBF01 for ; Mon, 24 Sep 2007 13:02:16 -0400 (EDT) Received: from imcfe2.MITRE.ORG (imcfe2.mitre.org [129.83.29.4]) by smtp-bedford.mitre.org (8.12.11.20060308/8.12.11) with ESMTP id l8OH2GCp001898 for ; Mon, 24 Sep 2007 13:02:16 -0400 Received: from IMCSRV4.MITRE.ORG ([129.83.20.161]) by imcfe2.MITRE.ORG with Microsoft SMTPSVC(6.0.3790.1830); Mon, 24 Sep 2007 12:54:14 -0400 X-MimeOLE: Produced By Microsoft Exchange V6.5 Content-class: urn:content-classes:message MIME-Version: 1.0 Date: Mon, 24 Sep 2007 12:54:08 -0400 Message-ID: <87ABB5B9BD11A240B9CBB3F0485AEC8901E01984@IMCSRV4.MITRE.ORG> X-MS-Has-Attach: X-MS-TNEF-Correlator: Thread-Topic: ECN Capability in the Network Layer Thread-Index: Acf+y4YxZm1tpK9hRsexPu30pHOYOQ== From: "Feighery, Patrick D." To: X-OriginalArrivalTime: 24 Sep 2007 16:54:14.0668 (UTC) FILETIME=[89C6ECC0:01C7FECB] Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: quoted-printable X-Content-Filtered-By: Mailman/MimeDel 2.1.5 Subject: ECN Capability in the Network Layer X-BeenThere: freebsd-ipfw@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: IPFW Technical Discussions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 24 Sep 2007 18:11:49 -0000 I am currently trying to integrate an ECN capability into a third party's transport layer protocol. In the past I have used Dummynet to test how transport protocols react under a variety of strange and non-typical network characteristics. Now I am trying to use a combination of Dummynet and ECN. Unfortunately after crawling the network for a few days, I can't really figure out how to configure FreeBSD to support ECN. I have been testing with a FreeBSD 6.2 installation and have added the ALTQ into the kernel. However I can't figure out how to create an /etc/pf.conf config file for ECN. Do I need to install a different version of FreeBSD to get this functionality. =20 Can anyone point me into the correct direction? =20 Best Regards =20 Pat Feighery =20 From owner-freebsd-ipfw@FreeBSD.ORG Tue Sep 25 08:46:45 2007 Return-Path: Delivered-To: freebsd-ipfw@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 330BD16A41A for ; Tue, 25 Sep 2007 08:46:45 +0000 (UTC) (envelope-from afsincakir@hotmail.com) Received: from bay0-omc3-s35.bay0.hotmail.com (bay0-omc3-s35.bay0.hotmail.com [65.54.246.235]) by mx1.freebsd.org (Postfix) with ESMTP id 10A0F13C447 for ; Tue, 25 Sep 2007 08:46:45 +0000 (UTC) (envelope-from afsincakir@hotmail.com) Received: from BLU107-W44 ([10.6.58.79]) by bay0-omc3-s35.bay0.hotmail.com with Microsoft SMTPSVC(6.0.3790.3959); Tue, 25 Sep 2007 01:34:43 -0700 Message-ID: X-Originating-IP: [85.105.212.194] From: afsin cakir To: Date: Tue, 25 Sep 2007 08:34:43 +0000 Importance: Normal MIME-Version: 1.0 X-OriginalArrivalTime: 25 Sep 2007 08:34:43.0743 (UTC) FILETIME=[EC2072F0:01C7FF4E] Content-Type: text/plain; charset="windows-1254" Content-Transfer-Encoding: 8bit X-Content-Filtered-By: Mailman/MimeDel 2.1.5 Subject: ipfw + natd + stateful X-BeenThere: freebsd-ipfw@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: IPFW Technical Discussions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 25 Sep 2007 08:46:45 -0000 I'm using 6,2 Relase with working caching only dns server. I'm testing ipfw for learning. this is my ipfw rules. I have a problem this config. I can browse internet but I can't login to hotmail.the page not displaying. 00009 allow ip from any to any via lo0 00010 deny ip from any to 127.0.0.0/8 00011 deny ip from 127.0.0.0/8 to any 00012 allow ip from any to any via lnc1 00016 divert 8668 ip from any to any in via lnc0 00017 check-state 00025 skipto 900 log logamount 1000 ip from me to any out via lnc0 uid root keep-state 00036 skipto 900 log logamount 1000 tcp from 192.168.55.56 to any dst-port 80 out via lnc0 setup keep-state 00037 skipto 900 log logamount 1000 tcp from 192.168.55.56 to any dst-port 443 out via lnc0 setup keep-state 00100 deny log logamount 1000 ip from any to any 00900 divert 8668 ip from any to any out via lnc0 00901 allow log logamount 10000 ip from any to any 01000 deny log logamount 10000 ip from any to any 65535 deny ip from any to any _________________________________________________________________ Windows Live Messenger'ın en son sürümünü ŞİMDİ indir! http://get.live.com/tr-tr/messenger/overview From owner-freebsd-ipfw@FreeBSD.ORG Tue Sep 25 20:19:32 2007 Return-Path: Delivered-To: freebsd-ipfw@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 1633A16A417 for ; Tue, 25 Sep 2007 20:19:32 +0000 (UTC) (envelope-from ady@ady.ro) Received: from wr-out-0506.google.com (wr-out-0506.google.com [64.233.184.239]) by mx1.freebsd.org (Postfix) with ESMTP id A4FD713C4A3 for ; Tue, 25 Sep 2007 20:19:31 +0000 (UTC) (envelope-from ady@ady.ro) Received: by wr-out-0506.google.com with SMTP id 70so713615wra for ; Tue, 25 Sep 2007 13:19:31 -0700 (PDT) Received: by 10.142.83.4 with SMTP id g4mr1731344wfb.1190751168182; Tue, 25 Sep 2007 13:12:48 -0700 (PDT) Received: by 10.142.102.8 with HTTP; Tue, 25 Sep 2007 13:12:48 -0700 (PDT) Message-ID: <78cb3d3f0709251312i546b26dfie9201d855fbd9b81@mail.gmail.com> Date: Tue, 25 Sep 2007 23:12:48 +0300 From: "Adrian Penisoara" Sender: ady@ady.ro To: "afsin cakir" In-Reply-To: MIME-Version: 1.0 References: X-Google-Sender-Auth: 6061988c42a4ada7 Content-Type: text/plain; charset=ISO-8859-1 Content-Transfer-Encoding: 7bit Content-Disposition: inline X-Content-Filtered-By: Mailman/MimeDel 2.1.5 Cc: freebsd-ipfw@freebsd.org Subject: Re: ipfw + natd + stateful X-BeenThere: freebsd-ipfw@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: IPFW Technical Discussions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 25 Sep 2007 20:19:32 -0000 Hi, On 9/25/07, afsin cakir wrote: > > > > I'm using 6,2 Relase with working caching only dns server. I'm testing > ipfw for learning. this is my ipfw rules. I have a problem this config. > I can browse internet but I can't login to hotmail.the page not > displaying. You should get hold of tcpdump and try getting a dump analysis on your public interface to see what kind of (weird) packets you are seeing from hotmail.com. Also since you have "log" statements on your deny rules, make sure that the "net.inet.ip.fw.verbose" sysctl is set to 1 and check the syslogs for possibly problematic dropped packets. Regards, Adrian Penisoara. From owner-freebsd-ipfw@FreeBSD.ORG Tue Sep 25 20:34:14 2007 Return-Path: Delivered-To: freebsd-ipfw@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id D4CEF16A417 for ; Tue, 25 Sep 2007 20:34:14 +0000 (UTC) (envelope-from ady@ady.ro) Received: from wr-out-0506.google.com (wr-out-0506.google.com [64.233.184.227]) by mx1.freebsd.org (Postfix) with ESMTP id 6A9C213C44B for ; Tue, 25 Sep 2007 20:34:14 +0000 (UTC) (envelope-from ady@ady.ro) Received: by wr-out-0506.google.com with SMTP id 70so716573wra for ; Tue, 25 Sep 2007 13:34:13 -0700 (PDT) Received: by 10.142.237.20 with SMTP id k20mr1721201wfh.1190750712061; Tue, 25 Sep 2007 13:05:12 -0700 (PDT) Received: by 10.142.102.8 with HTTP; Tue, 25 Sep 2007 13:05:11 -0700 (PDT) Message-ID: <78cb3d3f0709251305q31f6d161wba2f69607a61c9a8@mail.gmail.com> Date: Tue, 25 Sep 2007 23:05:11 +0300 From: "Adrian Penisoara" Sender: ady@ady.ro To: "Feighery, Patrick D." In-Reply-To: <87ABB5B9BD11A240B9CBB3F0485AEC8901E01984@IMCSRV4.MITRE.ORG> MIME-Version: 1.0 References: <87ABB5B9BD11A240B9CBB3F0485AEC8901E01984@IMCSRV4.MITRE.ORG> X-Google-Sender-Auth: c8224845f6683ce1 Content-Type: text/plain; charset=ISO-8859-1 Content-Transfer-Encoding: 7bit Content-Disposition: inline X-Content-Filtered-By: Mailman/MimeDel 2.1.5 Cc: freebsd-ipfw@freebsd.org Subject: Re: ECN Capability in the Network Layer X-BeenThere: freebsd-ipfw@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: IPFW Technical Discussions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 25 Sep 2007 20:34:14 -0000 Hi, You should lookup the pf.conf(5) man page for the red and ecn scheduler parameters (as a matter of fact ecn implies red). Regards, Adrian. On 9/24/07, Feighery, Patrick D. wrote: > > I am currently trying to integrate an ECN capability into a third > party's transport layer protocol. In the past I have used Dummynet to > test how transport protocols react under a variety of strange and > non-typical network characteristics. Now I am trying to use a > combination of Dummynet and ECN. Unfortunately after crawling the > network for a few days, I can't really figure out how to configure > FreeBSD to support ECN. I have been testing with a FreeBSD 6.2 > installation and have added the ALTQ into the kernel. However I can't > figure out how to create an /etc/pf.conf config file for ECN. Do I > need to install a different version of FreeBSD to get this > functionality. > > Can anyone point me into the correct direction? > > Best Regards > > Pat Feighery > > _______________________________________________ > freebsd-ipfw@freebsd.org mailing list > http://lists.freebsd.org/mailman/listinfo/freebsd-ipfw > To unsubscribe, send any mail to "freebsd-ipfw-unsubscribe@freebsd.org" > From owner-freebsd-ipfw@FreeBSD.ORG Sat Sep 29 15:02:41 2007 Return-Path: Delivered-To: freebsd-ipfw@hub.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id EF10B16A417; Sat, 29 Sep 2007 15:02:41 +0000 (UTC) (envelope-from maxim@FreeBSD.org) Received: from freefall.freebsd.org (freefall.freebsd.org [IPv6:2001:4f8:fff6::28]) by mx1.freebsd.org (Postfix) with ESMTP id C2C2F13C43E; Sat, 29 Sep 2007 15:02:41 +0000 (UTC) (envelope-from maxim@FreeBSD.org) Received: from freefall.freebsd.org (maxim@localhost [127.0.0.1]) by freefall.freebsd.org (8.14.1/8.14.1) with ESMTP id l8TF2fXN092903; Sat, 29 Sep 2007 15:02:41 GMT (envelope-from maxim@freefall.freebsd.org) Received: (from maxim@localhost) by freefall.freebsd.org (8.14.1/8.14.1/Submit) id l8TF2fmd092899; Sat, 29 Sep 2007 15:02:41 GMT (envelope-from maxim) Date: Sat, 29 Sep 2007 15:02:41 GMT Message-Id: <200709291502.l8TF2fmd092899@freefall.freebsd.org> To: sem@FreeBSD.org, maxim@FreeBSD.org, freebsd-ipfw@FreeBSD.org From: maxim@FreeBSD.org Cc: Subject: Re: kern/115755: [ipfw][patch] unify message and add a rule number where limit was reached X-BeenThere: freebsd-ipfw@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: IPFW Technical Discussions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sat, 29 Sep 2007 15:02:42 -0000 Synopsis: [ipfw][patch] unify message and add a rule number where limit was reached State-Changed-From-To: open->patched State-Changed-By: maxim State-Changed-When: Sat Sep 29 15:02:06 UTC 2007 State-Changed-Why: Committed to HEAD. Thanks! http://www.freebsd.org/cgi/query-pr.cgi?pr=115755 From owner-freebsd-ipfw@FreeBSD.ORG Sat Sep 29 15:10:06 2007 Return-Path: Delivered-To: freebsd-ipfw@hub.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 7E60316A420 for ; Sat, 29 Sep 2007 15:10:06 +0000 (UTC) (envelope-from gnats@FreeBSD.org) Received: from freefall.freebsd.org (freefall.freebsd.org [IPv6:2001:4f8:fff6::28]) by mx1.freebsd.org (Postfix) with ESMTP id 6A19913C458 for ; Sat, 29 Sep 2007 15:10:06 +0000 (UTC) (envelope-from gnats@FreeBSD.org) Received: from freefall.freebsd.org (gnats@localhost [127.0.0.1]) by freefall.freebsd.org (8.14.1/8.14.1) with ESMTP id l8TFA6jx093010 for ; Sat, 29 Sep 2007 15:10:06 GMT (envelope-from gnats@freefall.freebsd.org) Received: (from gnats@localhost) by freefall.freebsd.org (8.14.1/8.14.1/Submit) id l8TFA63m093009; Sat, 29 Sep 2007 15:10:06 GMT (envelope-from gnats) Date: Sat, 29 Sep 2007 15:10:06 GMT Message-Id: <200709291510.l8TFA63m093009@freefall.freebsd.org> To: freebsd-ipfw@FreeBSD.org From: dfilter@FreeBSD.ORG (dfilter service) Cc: Subject: Re: kern/115755: commit references a PR X-BeenThere: freebsd-ipfw@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list Reply-To: dfilter service List-Id: IPFW Technical Discussions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sat, 29 Sep 2007 15:10:06 -0000 The following reply was made to PR kern/115755; it has been noted by GNATS. From: dfilter@FreeBSD.ORG (dfilter service) To: bug-followup@FreeBSD.org Cc: Subject: Re: kern/115755: commit references a PR Date: Sat, 29 Sep 2007 15:01:51 +0000 (UTC) maxim 2007-09-29 15:01:42 UTC FreeBSD src repository Modified files: sys/netinet ip_fw2.c Log: o For dynamic rules log a parent rule number. Prefix a log message by 'ipfw: '. PR: kern/115755 Submitted by: sem Approved by: re (gnn) MFC after: 4 weeks Revision Changes Path 1.174 +2 -1 src/sys/netinet/ip_fw2.c _______________________________________________ cvs-all@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/cvs-all To unsubscribe, send any mail to "cvs-all-unsubscribe@freebsd.org"