From owner-freebsd-ipfw@FreeBSD.ORG  Mon Jun 13 02:16:01 2011
Return-Path: <owner-freebsd-ipfw@FreeBSD.ORG>
Delivered-To: freebsd-ipfw@hub.freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34])
	by hub.freebsd.org (Postfix) with ESMTP id 07C471065672;
	Mon, 13 Jun 2011 02:16:01 +0000 (UTC)
	(envelope-from linimon@FreeBSD.org)
Received: from freefall.freebsd.org (freefall.freebsd.org
	[IPv6:2001:4f8:fff6::28])
	by mx1.freebsd.org (Postfix) with ESMTP id D3B9E8FC17;
	Mon, 13 Jun 2011 02:16:00 +0000 (UTC)
Received: from freefall.freebsd.org (localhost [127.0.0.1])
	by freefall.freebsd.org (8.14.4/8.14.4) with ESMTP id p5D2G0HI071459;
	Mon, 13 Jun 2011 02:16:00 GMT
	(envelope-from linimon@freefall.freebsd.org)
Received: (from linimon@localhost)
	by freefall.freebsd.org (8.14.4/8.14.4/Submit) id p5D2G0df071455;
	Mon, 13 Jun 2011 02:16:00 GMT (envelope-from linimon)
Date: Mon, 13 Jun 2011 02:16:00 GMT
Message-Id: <201106130216.p5D2G0df071455@freefall.freebsd.org>
To: linimon@FreeBSD.org, freebsd-bugs@FreeBSD.org, freebsd-ipfw@FreeBSD.org
From: linimon@FreeBSD.org
Cc: 
Subject: Re: kern/157796: [ipfw] IPFW in-kernel NAT nat loopback / Default
	Router Changes Unexpectedly
X-BeenThere: freebsd-ipfw@freebsd.org
X-Mailman-Version: 2.1.5
Precedence: list
List-Id: IPFW Technical Discussions <freebsd-ipfw.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-ipfw>,
	<mailto:freebsd-ipfw-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-ipfw>
List-Post: <mailto:freebsd-ipfw@freebsd.org>
List-Help: <mailto:freebsd-ipfw-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-ipfw>,
	<mailto:freebsd-ipfw-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Mon, 13 Jun 2011 02:16:01 -0000

Old Synopsis: IPFW in-kernel NAT nat loopback / Default Router Changes Unexpectedly
New Synopsis: [ipfw] IPFW in-kernel NAT nat loopback / Default Router Changes Unexpectedly

Responsible-Changed-From-To: freebsd-bugs->freebsd-ipfw
Responsible-Changed-By: linimon
Responsible-Changed-When: Mon Jun 13 02:15:48 UTC 2011
Responsible-Changed-Why: 
Over to maintainer(s).

http://www.freebsd.org/cgi/query-pr.cgi?pr=157796

From owner-freebsd-ipfw@FreeBSD.ORG  Mon Jun 13 06:37:10 2011
Return-Path: <owner-freebsd-ipfw@FreeBSD.ORG>
Delivered-To: freebsd-ipfw@freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34])
	by hub.freebsd.org (Postfix) with ESMTP id C1FD4106564A
	for <freebsd-ipfw@freebsd.org>; Mon, 13 Jun 2011 06:37:10 +0000 (UTC)
	(envelope-from smithi@nimnet.asn.au)
Received: from sola.nimnet.asn.au (paqi.nimnet.asn.au [115.70.110.159])
	by mx1.freebsd.org (Postfix) with ESMTP id 382288FC0C
	for <freebsd-ipfw@freebsd.org>; Mon, 13 Jun 2011 06:37:09 +0000 (UTC)
Received: from localhost (localhost [127.0.0.1])
	by sola.nimnet.asn.au (8.14.2/8.14.2) with ESMTP id p5D6Q8o4028082;
	Mon, 13 Jun 2011 16:26:08 +1000 (EST)
	(envelope-from smithi@nimnet.asn.au)
Date: Mon, 13 Jun 2011 16:26:08 +1000 (EST)
From: Ian Smith <smithi@nimnet.asn.au>
To: Ozkan KIRIK <ozkan.kirik@gmail.com>
In-Reply-To: <201106130216.p5D2G0df071455@freefall.freebsd.org>
Message-ID: <20110613153843.E34384@sola.nimnet.asn.au>
References: <201106130216.p5D2G0df071455@freefall.freebsd.org>
MIME-Version: 1.0
Content-Type: TEXT/PLAIN; charset=US-ASCII
Cc: freebsd-ipfw@freebsd.org
Subject: Re: kern/157796: [ipfw] IPFW in-kernel NAT nat loopback / Default
 Router Changes Unexpectedly
X-BeenThere: freebsd-ipfw@freebsd.org
X-Mailman-Version: 2.1.5
Precedence: list
List-Id: IPFW Technical Discussions <freebsd-ipfw.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-ipfw>,
	<mailto:freebsd-ipfw-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-ipfw>
List-Post: <mailto:freebsd-ipfw@freebsd.org>
List-Help: <mailto:freebsd-ipfw-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-ipfw>,
	<mailto:freebsd-ipfw-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Mon, 13 Jun 2011 06:37:10 -0000

On Mon, 13 Jun 2011, linimon@freebsd.org wrote:

 > http://www.freebsd.org/cgi/query-pr.cgi?pr=157796

Ozkan,

I'm not replying to your PR directly as this is purely speculative; I 
have no idea about your default route changing.  However your ruleset 
raises a couple of possible issues:

 > When a packet injects into ipfw in-kernel nat more then once,
 > operating systems behave abnormally.
 >
 > Let's inspect the ruleset below:
 >
 > ipfw table 12 add 10.0.14.1/32 33
 > ipfw table 13 add 193.X.128.30/32 33
 >
 > ipfw nat 33 config redirect_addr 10.0.14.1 193.X.128.30
 > ipfw nat 799 config ip 3.3.3.3 reverse
 >
 > 55000 nat tablearg ip from table(12) to not 3.3.3.3 via em3
 > 55000 nat tablearg ip from any to table(13) via em3
 > 55000 nat 799 ip from any to table(13) not via em3
 > 55000 nat tablearg ip from 3.3.3.3 to table(13)
 > 55000 nat tablearg ip from table(12) to 3.3.3.3
 > 55000 nat 799 ip from table(13) to 3.3.3.3

Firstly, if ipfw nat behaves the same as divert+natd in this respect, 
and assuming net.inet.ip.fw.one_pass=0 from your description, then any 
nat diversion would result in reentry of the ruleset at the next rule 
with a higher rule number, not at the next sequential rule with the same 
number.  I've never been certain whether that's also true with ipfw nat, 
but renumbering subsequent rules as 55001 etc would soon rule that out.

Secondly, I assume you're aware that 'via em3' on any outbound packets 
applies to packets that were either received on or are being transmitted 
on em3?  It's often better to disambiguate 'via' with 'recv' and 'xmit'.

HTH, Ian

From owner-freebsd-ipfw@FreeBSD.ORG  Mon Jun 13 11:07:05 2011
Return-Path: <owner-freebsd-ipfw@FreeBSD.ORG>
Delivered-To: freebsd-ipfw@FreeBSD.org
Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34])
	by hub.freebsd.org (Postfix) with ESMTP id E6B0D1065679
	for <freebsd-ipfw@FreeBSD.org>; Mon, 13 Jun 2011 11:07:05 +0000 (UTC)
	(envelope-from owner-bugmaster@FreeBSD.org)
Received: from freefall.freebsd.org (freefall.freebsd.org
	[IPv6:2001:4f8:fff6::28])
	by mx1.freebsd.org (Postfix) with ESMTP id D540B8FC1A
	for <freebsd-ipfw@FreeBSD.org>; Mon, 13 Jun 2011 11:07:05 +0000 (UTC)
Received: from freefall.freebsd.org (localhost [127.0.0.1])
	by freefall.freebsd.org (8.14.4/8.14.4) with ESMTP id p5DB750d092101
	for <freebsd-ipfw@FreeBSD.org>; Mon, 13 Jun 2011 11:07:05 GMT
	(envelope-from owner-bugmaster@FreeBSD.org)
Received: (from gnats@localhost)
	by freefall.freebsd.org (8.14.4/8.14.4/Submit) id p5DB75k1092099
	for freebsd-ipfw@FreeBSD.org; Mon, 13 Jun 2011 11:07:05 GMT
	(envelope-from owner-bugmaster@FreeBSD.org)
Date: Mon, 13 Jun 2011 11:07:05 GMT
Message-Id: <201106131107.p5DB75k1092099@freefall.freebsd.org>
X-Authentication-Warning: freefall.freebsd.org: gnats set sender to
	owner-bugmaster@FreeBSD.org using -f
From: FreeBSD bugmaster <bugmaster@FreeBSD.org>
To: freebsd-ipfw@FreeBSD.org
Cc: 
Subject: Current problem reports assigned to freebsd-ipfw@FreeBSD.org
X-BeenThere: freebsd-ipfw@freebsd.org
X-Mailman-Version: 2.1.5
Precedence: list
List-Id: IPFW Technical Discussions <freebsd-ipfw.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-ipfw>,
	<mailto:freebsd-ipfw-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-ipfw>
List-Post: <mailto:freebsd-ipfw@freebsd.org>
List-Help: <mailto:freebsd-ipfw-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-ipfw>,
	<mailto:freebsd-ipfw-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Mon, 13 Jun 2011 11:07:06 -0000

Note: to view an individual PR, use:
  http://www.freebsd.org/cgi/query-pr.cgi?pr=(number).

The following is a listing of current problems submitted by FreeBSD users.
These represent problem reports covering all versions including
experimental development code and obsolete releases.


S Tracker      Resp.      Description
--------------------------------------------------------------------------------
o kern/157796  ipfw       [ipfw] IPFW in-kernel NAT nat loopback / Default Route
o kern/157689  ipfw       [ipfw] ipfw nat config does not accept nonexistent int
p kern/157379  ipfw       [ipfw] mtr does not work if I use ipfw nat
o kern/157239  ipfw       [ipfw] [dummynet] ipfw + dummynet corrupts ipv6 packet
o kern/156770  ipfw       [ipfw] [dummynet] [patch]: performance improvement and
o bin/156653   ipfw       ipfw(8) reports missing file as parameter problem
p kern/156410  ipfw       [patch][ipfw] tablearg option for ipfw setfib
o kern/155927  ipfw       [ipfw] ipfw stops to check packets for compliance with
o bin/153252   ipfw       [ipfw][patch] ipfw lockdown system in subsequent call 
o kern/153161  ipfw       IPFIREWALL does not allow specify rules with ICMP code
o kern/152113  ipfw       [ipfw] page fault on 8.1-RELEASE caused by certain amo
p kern/150798  ipfw       [ipfw] ipfw2 fwd rule matches packets but does not do 
o kern/148827  ipfw       [ipfw] divert broken with in-kernel ipfw
o kern/148689  ipfw       [ipfw] antispoof wrongly triggers on link local IPv6 a
o kern/148430  ipfw       [ipfw] IPFW schedule delete broken.
f kern/148157  ipfw       [ipfw] IPFW in kernel nat BUG found in FreeBSD 8.1-PRE
o kern/148091  ipfw       [ipfw] ipfw ipv6 handling broken.
o kern/147720  ipfw       [ipfw] ipfw dynamic rules and fwd
o kern/145305  ipfw       [ipfw] ipfw problems, panics, data corruption, ipv6 so
o kern/144269  ipfw       [ipfw] problem with ipfw tables
o kern/144187  ipfw       [ipfw] deadlock using multiple ipfw nat and multiple l
o kern/143973  ipfw       [ipfw] [panic] ipfw forward option causes kernel reboo
o kern/143621  ipfw       [ipfw] [dummynet] [patch] dummynet and vnet use result
o kern/143474  ipfw       [ipfw] ipfw table contains the same address
o kern/137346  ipfw       [ipfw] ipfw nat redirect_proto is broken
o kern/137232  ipfw       [ipfw] parser troubles
p kern/136695  ipfw       [ipfw] [patch] fwd reached after skipto in dynamic rul
o kern/135476  ipfw       [ipfw] IPFW table breaks after adding a large number o
p bin/134975   ipfw       [patch] ipfw(8) can't work with set in rule file.
o kern/131817  ipfw       [ipfw] blocks layer2 packets that should not be blocke
o kern/131558  ipfw       [ipfw] Inconsistent "via" ipfw behavior
f bin/130132   ipfw       [patch] ipfw(8): no way to get mask from ipfw pipe sho
o kern/129103  ipfw       [ipfw] IPFW check state does not work =(
p kern/129093  ipfw       [ipfw] ipfw nat must not drop packets
o kern/129036  ipfw       [ipfw] 'ipfw fwd' does not change outgoing interface n
o kern/128260  ipfw       [ipfw] [patch] ipfw_divert damages IPv6 packets
o kern/127230  ipfw       [ipfw] [patch] Feature request to add UID and/or GID l
o kern/127209  ipfw       [ipfw] IPFW table become corrupted after many changes
p bin/125370   ipfw       [ipfw] [patch] increase a line buffer limit
o conf/123119  ipfw       [patch] rc script for ipfw does not handle IPv6
o kern/122963  ipfw       [ipfw] tcpdump does not show packets redirected by 'ip
p kern/122109  ipfw       [ipfw] ipfw nat traceroute problem
s kern/121807  ipfw       [request] TCP and UDP port_table in ipfw
o kern/121382  ipfw       [dummynet] 6.3-RELEASE-p1 page fault in dummynet (corr
o kern/121122  ipfw       [ipfw] [patch] add support to ToS IP PRECEDENCE fields
o kern/118993  ipfw       [ipfw] page fault - probably it's a locking problem
o bin/117214   ipfw       ipfw(8) fwd with IPv6 treats input as IPv4
o kern/116009  ipfw       [ipfw] [patch] Ignore errors when loading ruleset from
o docs/113803  ipfw       [patch] ipfw(8) - don't get bitten by the fwd rule
f kern/112561  ipfw       [ipfw] ipfw fwd does not work with some TCP packets
o bin/104921   ipfw       [patch] ipfw(8) sometimes treats ipv6 input as ipv4 (a
o kern/104682  ipfw       [ipfw] [patch] Some minor language consistency fixes a
o kern/103454  ipfw       [ipfw] [patch] [request] add a facility to modify DF b
o kern/103328  ipfw       [ipfw] [request] sugestions about ipfw table
o kern/102471  ipfw       [ipfw] [patch] add tos and dscp support
f kern/98831   ipfw       [ipfw] ipfw has UDP hickups
o kern/97951   ipfw       [ipfw] [patch] ipfw does not tie interface details to 
o kern/95084   ipfw       [ipfw] [regression] [patch] IPFW2 ignores "recv/xmit/v
f kern/93300   ipfw       [ipfw] ipfw pipe lost packets
o kern/91847   ipfw       [ipfw] ipfw with vlanX as the device
o kern/86957   ipfw       [ipfw] [patch] ipfw mac logging
o bin/83046    ipfw       [ipfw] ipfw2 error: "setup" is allowed for icmp, but s
o kern/82724   ipfw       [ipfw] [patch] [request] Add setnexthop and defaultrou
o bin/78785    ipfw       [patch] ipfw(8) verbosity locks machine if /etc/rc.fir
f kern/73910   ipfw       [ipfw] serious bug on forwarding of packets after NAT
f kern/72987   ipfw       [ipfw] ipfw/dummynet pipe/queue 'queue [BYTES]KBytes (
f kern/71366   ipfw       [ipfw] "ipfw fwd" sometimes rewrites destination mac a
o kern/60719   ipfw       [ipfw] Headerless fragments generate cryptic error mes
o kern/55984   ipfw       [ipfw] [patch] time based firewalling support for ipfw
o kern/48172   ipfw       [ipfw] [patch] ipfw does not log size and flags
o kern/46159   ipfw       [ipfw] [patch] [request] ipfw dynamic rules lifetime f
a kern/26534   ipfw       [ipfw] Add an option to ipfw to log gid/uid of who cau

72 problems total.


From owner-freebsd-ipfw@FreeBSD.ORG  Tue Jun 14 04:38:37 2011
Return-Path: <owner-freebsd-ipfw@FreeBSD.ORG>
Delivered-To: freebsd-ipfw@hub.freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34])
	by hub.freebsd.org (Postfix) with ESMTP id 539CE1065670;
	Tue, 14 Jun 2011 04:38:37 +0000 (UTC) (envelope-from ae@FreeBSD.org)
Received: from freefall.freebsd.org (freefall.freebsd.org
	[IPv6:2001:4f8:fff6::28])
	by mx1.freebsd.org (Postfix) with ESMTP id 2C9848FC08;
	Tue, 14 Jun 2011 04:38:37 +0000 (UTC)
Received: from freefall.freebsd.org (localhost [127.0.0.1])
	by freefall.freebsd.org (8.14.4/8.14.4) with ESMTP id p5E4cb3w071379;
	Tue, 14 Jun 2011 04:38:37 GMT (envelope-from ae@freefall.freebsd.org)
Received: (from ae@localhost)
	by freefall.freebsd.org (8.14.4/8.14.4/Submit) id p5E4caHD071375;
	Tue, 14 Jun 2011 04:38:36 GMT (envelope-from ae)
Date: Tue, 14 Jun 2011 04:38:36 GMT
Message-Id: <201106140438.p5E4caHD071375@freefall.freebsd.org>
To: melifaro@ipfw.ru, ae@FreeBSD.org, freebsd-ipfw@FreeBSD.org
From: ae@FreeBSD.org
Cc: 
Subject: Re: kern/156410: [patch][ipfw] tablearg option for ipfw setfib
X-BeenThere: freebsd-ipfw@freebsd.org
X-Mailman-Version: 2.1.5
Precedence: list
List-Id: IPFW Technical Discussions <freebsd-ipfw.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-ipfw>,
	<mailto:freebsd-ipfw-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-ipfw>
List-Post: <mailto:freebsd-ipfw@freebsd.org>
List-Help: <mailto:freebsd-ipfw-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-ipfw>,
	<mailto:freebsd-ipfw-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Tue, 14 Jun 2011 04:38:37 -0000

Synopsis: [patch][ipfw] tablearg option for ipfw setfib

State-Changed-From-To: patched->closed
State-Changed-By: ae
State-Changed-When: Tue Jun 14 04:38:12 UTC 2011
State-Changed-Why: 
Merged to stable/8. Thanks!

http://www.freebsd.org/cgi/query-pr.cgi?pr=156410

From owner-freebsd-ipfw@FreeBSD.ORG  Tue Jun 14 04:40:09 2011
Return-Path: <owner-freebsd-ipfw@FreeBSD.ORG>
Delivered-To: freebsd-ipfw@hub.freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34])
	by hub.freebsd.org (Postfix) with ESMTP id D545B106566B
	for <freebsd-ipfw@hub.freebsd.org>;
	Tue, 14 Jun 2011 04:40:09 +0000 (UTC)
	(envelope-from gnats@FreeBSD.org)
Received: from freefall.freebsd.org (freefall.freebsd.org
	[IPv6:2001:4f8:fff6::28])
	by mx1.freebsd.org (Postfix) with ESMTP id C4E988FC13
	for <freebsd-ipfw@hub.freebsd.org>;
	Tue, 14 Jun 2011 04:40:09 +0000 (UTC)
Received: from freefall.freebsd.org (localhost [127.0.0.1])
	by freefall.freebsd.org (8.14.4/8.14.4) with ESMTP id p5E4e9a0071464
	for <freebsd-ipfw@freefall.freebsd.org>; Tue, 14 Jun 2011 04:40:09 GMT
	(envelope-from gnats@freefall.freebsd.org)
Received: (from gnats@localhost)
	by freefall.freebsd.org (8.14.4/8.14.4/Submit) id p5E4e9La071463;
	Tue, 14 Jun 2011 04:40:09 GMT (envelope-from gnats)
Date: Tue, 14 Jun 2011 04:40:09 GMT
Message-Id: <201106140440.p5E4e9La071463@freefall.freebsd.org>
To: freebsd-ipfw@FreeBSD.org
From: dfilter@FreeBSD.ORG (dfilter service)
Cc: 
Subject: Re: kern/156410: commit references a PR
X-BeenThere: freebsd-ipfw@freebsd.org
X-Mailman-Version: 2.1.5
Precedence: list
Reply-To: dfilter service <dfilter@FreeBSD.ORG>
List-Id: IPFW Technical Discussions <freebsd-ipfw.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-ipfw>,
	<mailto:freebsd-ipfw-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-ipfw>
List-Post: <mailto:freebsd-ipfw@freebsd.org>
List-Help: <mailto:freebsd-ipfw-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-ipfw>,
	<mailto:freebsd-ipfw-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Tue, 14 Jun 2011 04:40:09 -0000

The following reply was made to PR kern/156410; it has been noted by GNATS.

From: dfilter@FreeBSD.ORG (dfilter service)
To: bug-followup@FreeBSD.org
Cc:  
Subject: Re: kern/156410: commit references a PR
Date: Tue, 14 Jun 2011 04:37:23 +0000 (UTC)

 Author: ae
 Date: Tue Jun 14 04:37:09 2011
 New Revision: 223070
 URL: http://svn.freebsd.org/changeset/base/223070
 
 Log:
   MFC r222473:
     Add tablearg support for ipfw setfib.
   
     PR:		kern/156410
   
   MFC r222474:
     Wrap long line.
 
 Modified:
   stable/8/sbin/ipfw/ipfw.8
   stable/8/sbin/ipfw/ipfw2.c
   stable/8/sys/netinet/ipfw/ip_fw2.c
   stable/8/sys/netinet/ipfw/ip_fw_sockopt.c
 Directory Properties:
   stable/8/sbin/ipfw/   (props changed)
   stable/8/sys/   (props changed)
   stable/8/sys/amd64/include/xen/   (props changed)
   stable/8/sys/cddl/contrib/opensolaris/   (props changed)
   stable/8/sys/contrib/dev/acpica/   (props changed)
   stable/8/sys/contrib/pf/   (props changed)
 
 Modified: stable/8/sbin/ipfw/ipfw.8
 ==============================================================================
 --- stable/8/sbin/ipfw/ipfw.8	Tue Jun 14 04:34:20 2011	(r223069)
 +++ stable/8/sbin/ipfw/ipfw.8	Tue Jun 14 04:37:09 2011	(r223070)
 @@ -1,7 +1,7 @@
  .\"
  .\" $FreeBSD$
  .\"
 -.Dd July 27, 2010
 +.Dd May 30, 2011
  .Dt IPFW 8
  .Os
  .Sh NAME
 @@ -867,13 +867,16 @@ for more information on
  and
  .Cm ngtee
  actions.
 -.It Cm setfib Ar fibnum
 +.It Cm setfib Ar fibnum | tablearg
  The packet is tagged so as to use the FIB (routing table)
  .Ar fibnum
  in any subsequent forwarding decisions.
  Initially this is limited to the values 0 through 15, see
  .Xr setfib 1 .
  Processing continues at the next rule.
 +It is possible to use the 
 +.Cm tablearg
 +keyword with a setfib. If tablearg value is not within compiled FIB range packet fib is set to 0.
  .It Cm reass
  Queue and reassemble ip fragments.
  If the packet is not fragmented, counters are updated and processing continues with the next rule.
 @@ -1697,7 +1700,7 @@ is used.
  The
  .Cm tablearg
  argument can be used with the following actions:
 -.Cm nat, pipe , queue, divert, tee, netgraph, ngtee, fwd, skipto
 +.Cm nat, pipe , queue, divert, tee, netgraph, ngtee, fwd, skipto, setfib,
  action parameters:
  .Cm tag, untag,
  rule options:
 
 Modified: stable/8/sbin/ipfw/ipfw2.c
 ==============================================================================
 --- stable/8/sbin/ipfw/ipfw2.c	Tue Jun 14 04:34:20 2011	(r223069)
 +++ stable/8/sbin/ipfw/ipfw2.c	Tue Jun 14 04:37:09 2011	(r223070)
 @@ -2826,14 +2826,19 @@ chkarg:	
  		size_t intsize = sizeof(int);
  
  		action->opcode = O_SETFIB;
 - 		NEED1("missing fib number");
 - 	        action->arg1 = strtoul(*av, NULL, 10);
 -		if (sysctlbyname("net.fibs", &numfibs, &intsize, NULL, 0) == -1)
 -			errx(EX_DATAERR, "fibs not suported.\n");
 -		if (action->arg1 >= numfibs)  /* Temporary */
 -			errx(EX_DATAERR, "fib too large.\n");
 - 		av++;
 - 		break;
 +		NEED1("missing fib number");
 +		if (_substrcmp(*av, "tablearg") == 0) {
 +			action->arg1 = IP_FW_TABLEARG;
 +		} else {
 +		        action->arg1 = strtoul(*av, NULL, 10);
 +			if (sysctlbyname("net.fibs", &numfibs, &intsize,
 +			    NULL, 0) == -1)
 +				errx(EX_DATAERR, "fibs not suported.\n");
 +			if (action->arg1 >= numfibs)  /* Temporary */
 +				errx(EX_DATAERR, "fib too large.\n");
 +		}
 +		av++;
 +		break;
  	    }
  
  	case TOK_REASS:
 
 Modified: stable/8/sys/netinet/ipfw/ip_fw2.c
 ==============================================================================
 --- stable/8/sys/netinet/ipfw/ip_fw2.c	Tue Jun 14 04:34:20 2011	(r223069)
 +++ stable/8/sys/netinet/ipfw/ip_fw2.c	Tue Jun 14 04:37:09 2011	(r223070)
 @@ -2101,14 +2101,21 @@ do {								\
  				done = 1;       /* exit outer loop */
  				break;
  
 -			case O_SETFIB:
 +			case O_SETFIB: {
 +				uint32_t fib;
 +
  				f->pcnt++;	/* update stats */
  				f->bcnt += pktlen;
  				f->timestamp = time_uptime;
 -				M_SETFIB(m, cmd->arg1);
 -				args->f_id.fib = cmd->arg1;
 +				fib = (cmd->arg1 == IP_FW_TABLEARG) ? tablearg:
 +				    cmd->arg1;
 +				if (fib >= rt_numfibs)
 +					fib = 0;
 +				M_SETFIB(m, fib);
 +				args->f_id.fib = fib;
  				l = 0;		/* exit inner loop */
  				break;
 +		        }
  
  			case O_NAT:
   				if (!IPFW_NAT_LOADED) {
 
 Modified: stable/8/sys/netinet/ipfw/ip_fw_sockopt.c
 ==============================================================================
 --- stable/8/sys/netinet/ipfw/ip_fw_sockopt.c	Tue Jun 14 04:34:20 2011	(r223069)
 +++ stable/8/sys/netinet/ipfw/ip_fw_sockopt.c	Tue Jun 14 04:37:09 2011	(r223070)
 @@ -605,7 +605,8 @@ check_ipfw_struct(struct ip_fw *rule, in
  		case O_SETFIB:
  			if (cmdlen != F_INSN_SIZE(ipfw_insn))
  				goto bad_size;
 -			if (cmd->arg1 >= rt_numfibs) {
 +			if ((cmd->arg1 != IP_FW_TABLEARG) &&
 +			    (cmd->arg1 >= rt_numfibs)) {
  				printf("ipfw: invalid fib number %d\n",
  					cmd->arg1);
  				return EINVAL;
 _______________________________________________
 svn-src-all@freebsd.org mailing list
 http://lists.freebsd.org/mailman/listinfo/svn-src-all
 To unsubscribe, send any mail to "svn-src-all-unsubscribe@freebsd.org"
 

From owner-freebsd-ipfw@FreeBSD.ORG  Tue Jun 14 06:37:21 2011
Return-Path: <owner-freebsd-ipfw@FreeBSD.ORG>
Delivered-To: freebsd-ipfw@hub.freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34])
	by hub.freebsd.org (Postfix) with ESMTP id 4066F1065675;
	Tue, 14 Jun 2011 06:37:21 +0000 (UTC) (envelope-from ae@FreeBSD.org)
Received: from freefall.freebsd.org (freefall.freebsd.org
	[IPv6:2001:4f8:fff6::28])
	by mx1.freebsd.org (Postfix) with ESMTP id 18BA38FC08;
	Tue, 14 Jun 2011 06:37:21 +0000 (UTC)
Received: from freefall.freebsd.org (localhost [127.0.0.1])
	by freefall.freebsd.org (8.14.4/8.14.4) with ESMTP id p5E6bKjr086108;
	Tue, 14 Jun 2011 06:37:20 GMT (envelope-from ae@freefall.freebsd.org)
Received: (from ae@localhost)
	by freefall.freebsd.org (8.14.4/8.14.4/Submit) id p5E6bKGh086104;
	Tue, 14 Jun 2011 06:37:20 GMT (envelope-from ae)
Date: Tue, 14 Jun 2011 06:37:20 GMT
Message-Id: <201106140637.p5E6bKGh086104@freefall.freebsd.org>
To: ae@FreeBSD.org, freebsd-bugs@FreeBSD.org, freebsd-ipfw@FreeBSD.org
From: ae@FreeBSD.org
Cc: 
Subject: Re: kern/157867: [patch][ipfw] natd globalport support for ipfw nat
X-BeenThere: freebsd-ipfw@freebsd.org
X-Mailman-Version: 2.1.5
Precedence: list
List-Id: IPFW Technical Discussions <freebsd-ipfw.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-ipfw>,
	<mailto:freebsd-ipfw-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-ipfw>
List-Post: <mailto:freebsd-ipfw@freebsd.org>
List-Help: <mailto:freebsd-ipfw-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-ipfw>,
	<mailto:freebsd-ipfw-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Tue, 14 Jun 2011 06:37:21 -0000

Synopsis: [patch][ipfw] natd globalport support for ipfw nat

Responsible-Changed-From-To: freebsd-bugs->freebsd-ipfw
Responsible-Changed-By: ae
Responsible-Changed-When: Tue Jun 14 06:36:57 UTC 2011
Responsible-Changed-Why: 
Over to maintainer(s).


http://www.freebsd.org/cgi/query-pr.cgi?pr=157867

From owner-freebsd-ipfw@FreeBSD.ORG  Tue Jun 14 06:57:20 2011
Return-Path: <owner-freebsd-ipfw@FreeBSD.ORG>
Delivered-To: freebsd-ipfw@hub.freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34])
	by hub.freebsd.org (Postfix) with ESMTP id 79B90106566C;
	Tue, 14 Jun 2011 06:57:20 +0000 (UTC) (envelope-from ae@FreeBSD.org)
Received: from freefall.freebsd.org (freefall.freebsd.org
	[IPv6:2001:4f8:fff6::28])
	by mx1.freebsd.org (Postfix) with ESMTP id 528BB8FC15;
	Tue, 14 Jun 2011 06:57:20 +0000 (UTC)
Received: from freefall.freebsd.org (localhost [127.0.0.1])
	by freefall.freebsd.org (8.14.4/8.14.4) with ESMTP id p5E6vKZh006883;
	Tue, 14 Jun 2011 06:57:20 GMT (envelope-from ae@freefall.freebsd.org)
Received: (from ae@localhost)
	by freefall.freebsd.org (8.14.4/8.14.4/Submit) id p5E6vKkW006879;
	Tue, 14 Jun 2011 06:57:20 GMT (envelope-from ae)
Date: Tue, 14 Jun 2011 06:57:20 GMT
Message-Id: <201106140657.p5E6vKkW006879@freefall.freebsd.org>
To: ae@FreeBSD.org, freebsd-net@FreeBSD.org, freebsd-ipfw@FreeBSD.org
From: ae@FreeBSD.org
Cc: 
Subject: Re: kern/152360: [dummynet] [panic] Crash related to dummynet.
X-BeenThere: freebsd-ipfw@freebsd.org
X-Mailman-Version: 2.1.5
Precedence: list
List-Id: IPFW Technical Discussions <freebsd-ipfw.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-ipfw>,
	<mailto:freebsd-ipfw-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-ipfw>
List-Post: <mailto:freebsd-ipfw@freebsd.org>
List-Help: <mailto:freebsd-ipfw-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-ipfw>,
	<mailto:freebsd-ipfw-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Tue, 14 Jun 2011 06:57:20 -0000

Synopsis: [dummynet] [panic] Crash related to dummynet.

Responsible-Changed-From-To: freebsd-net->freebsd-ipfw
Responsible-Changed-By: ae
Responsible-Changed-When: Tue Jun 14 06:56:18 UTC 2011
Responsible-Changed-Why: 
Reassign. It's ipfw related.

http://www.freebsd.org/cgi/query-pr.cgi?pr=152360

From owner-freebsd-ipfw@FreeBSD.ORG  Tue Jun 14 13:40:15 2011
Return-Path: <owner-freebsd-ipfw@FreeBSD.ORG>
Delivered-To: freebsd-ipfw@hub.freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34])
	by hub.freebsd.org (Postfix) with ESMTP id 708AB106568E
	for <freebsd-ipfw@hub.freebsd.org>;
	Tue, 14 Jun 2011 13:40:15 +0000 (UTC)
	(envelope-from gnats@FreeBSD.org)
Received: from freefall.freebsd.org (freefall.freebsd.org
	[IPv6:2001:4f8:fff6::28])
	by mx1.freebsd.org (Postfix) with ESMTP id 6B98F8FC17
	for <freebsd-ipfw@hub.freebsd.org>;
	Tue, 14 Jun 2011 13:40:12 +0000 (UTC)
Received: from freefall.freebsd.org (localhost [127.0.0.1])
	by freefall.freebsd.org (8.14.4/8.14.4) with ESMTP id p5EDeCBI009244
	for <freebsd-ipfw@freefall.freebsd.org>; Tue, 14 Jun 2011 13:40:12 GMT
	(envelope-from gnats@freefall.freebsd.org)
Received: (from gnats@localhost)
	by freefall.freebsd.org (8.14.4/8.14.4/Submit) id p5EDeCnO009243;
	Tue, 14 Jun 2011 13:40:12 GMT (envelope-from gnats)
Date: Tue, 14 Jun 2011 13:40:12 GMT
Message-Id: <201106141340.p5EDeCnO009243@freefall.freebsd.org>
To: freebsd-ipfw@FreeBSD.org
From: dfilter@FreeBSD.ORG (dfilter service)
Cc: 
Subject: Re: kern/157867: commit references a PR
X-BeenThere: freebsd-ipfw@freebsd.org
X-Mailman-Version: 2.1.5
Precedence: list
Reply-To: dfilter service <dfilter@FreeBSD.ORG>
List-Id: IPFW Technical Discussions <freebsd-ipfw.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-ipfw>,
	<mailto:freebsd-ipfw-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-ipfw>
List-Post: <mailto:freebsd-ipfw@freebsd.org>
List-Help: <mailto:freebsd-ipfw-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-ipfw>,
	<mailto:freebsd-ipfw-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Tue, 14 Jun 2011 13:40:15 -0000

The following reply was made to PR kern/157867; it has been noted by GNATS.

From: dfilter@FreeBSD.ORG (dfilter service)
To: bug-followup@FreeBSD.org
Cc:  
Subject: Re: kern/157867: commit references a PR
Date: Tue, 14 Jun 2011 13:35:34 +0000 (UTC)

 Author: ae
 Date: Tue Jun 14 13:35:24 2011
 New Revision: 223080
 URL: http://svn.freebsd.org/changeset/base/223080
 
 Log:
   Implement "global" mode for ipfw nat. It is similar to natd(8)
   "globalport" option for multiple NAT instances.
   
   If ipfw rule contains "global" keyword instead of nat_number, then
   for each outgoing packet ipfw_nat looks up translation state in all
   configured nat instances. If an entry is found, packet aliased
   according to that entry, otherwise packet is passed unchanged.
   
   User can specify "skip_global" option in NAT configuration to exclude
   an instance from the lookup in global mode.
   
   PR:		kern/157867
   Submitted by:	Alexander V. Chernikov (previous version)
   Tested by:	Eugene Grosbein
 
 Modified:
   head/sbin/ipfw/ipfw.8
   head/sbin/ipfw/ipfw2.c
   head/sbin/ipfw/ipfw2.h
   head/sbin/ipfw/nat.c
   head/sys/netinet/ipfw/ip_fw2.c
   head/sys/netinet/ipfw/ip_fw_nat.c
   head/sys/netinet/libalias/alias.h
 
 Modified: head/sbin/ipfw/ipfw.8
 ==============================================================================
 --- head/sbin/ipfw/ipfw.8	Tue Jun 14 13:02:26 2011	(r223079)
 +++ head/sbin/ipfw/ipfw.8	Tue Jun 14 13:35:24 2011	(r223080)
 @@ -1,7 +1,7 @@
  .\"
  .\" $FreeBSD$
  .\"
 -.Dd May 30, 2011
 +.Dd June 14, 2011
  .Dt IPFW 8
  .Os
  .Sh NAME
 @@ -2435,6 +2435,27 @@ Reset table of the packet aliasing engin
  Reverse the way libalias handles aliasing.
  .It Cm proxy_only
  Obey transparent proxy rules only, packet aliasing is not performed.
 +.It Cm skip_global
 +Skip instance in case of global state lookup (see below).
 +.El
 +.Pp
 +Some specials value can be supplied instead of
 +.Va nat_number:
 +.Bl -tag -width indent
 +.It Cm global
 +Looks up translation state in all configured nat instances.
 +If an entry is found, packet is aliased according to that entry.
 +If no entry was found in any of the instances, packet is passed unchanged,
 +and no new entry will be created.
 +See section
 +.Sx MULTIPLE INSTANCES
 +in
 +.Xr natd 8
 +for more information.
 +.It Cm tablearg
 +Uses argument supplied in lookup table. See
 +.Sx LOOKUP TABLES
 +section below for more information on lookup tables.
  .El
  .Pp
  To let the packet continue after being (de)aliased, set the sysctl variable
 
 Modified: head/sbin/ipfw/ipfw2.c
 ==============================================================================
 --- head/sbin/ipfw/ipfw2.c	Tue Jun 14 13:02:26 2011	(r223079)
 +++ head/sbin/ipfw/ipfw2.c	Tue Jun 14 13:35:24 2011	(r223080)
 @@ -1121,8 +1121,11 @@ show_ipfw(struct ip_fw *rule, int pcwidt
  			break;
  
  		case O_NAT:
 -			PRINT_UINT_ARG("nat ", cmd->arg1);
 - 			break;
 +			if (cmd->arg1 != 0)
 +				PRINT_UINT_ARG("nat ", cmd->arg1);
 +			else
 +				printf("nat global");
 +			break;
  
  		case O_SETFIB:
  			PRINT_UINT_ARG("setfib ", cmd->arg1);
 @@ -2738,9 +2741,14 @@ ipfw_add(char *av[])
  		break;
  
  	case TOK_NAT:
 - 		action->opcode = O_NAT;
 - 		action->len = F_INSN_SIZE(ipfw_insn_nat);
 -		goto chkarg;
 +		action->opcode = O_NAT;
 +		action->len = F_INSN_SIZE(ipfw_insn_nat);
 +		if (_substrcmp(*av, "global") == 0) {
 +			action->arg1 = 0;
 +			av++;
 +			break;
 +		} else
 +			goto chkarg;
  
  	case TOK_QUEUE:
  		action->opcode = O_QUEUE;
 
 Modified: head/sbin/ipfw/ipfw2.h
 ==============================================================================
 --- head/sbin/ipfw/ipfw2.h	Tue Jun 14 13:02:26 2011	(r223079)
 +++ head/sbin/ipfw/ipfw2.h	Tue Jun 14 13:35:24 2011	(r223080)
 @@ -178,6 +178,7 @@ enum tokens {
   	TOK_DENY_INC,
   	TOK_SAME_PORTS,
   	TOK_UNREG_ONLY,
 +	TOK_SKIP_GLOBAL,
   	TOK_RESET_ADDR,
   	TOK_ALIAS_REV,
   	TOK_PROXY_ONLY,
 
 Modified: head/sbin/ipfw/nat.c
 ==============================================================================
 --- head/sbin/ipfw/nat.c	Tue Jun 14 13:02:26 2011	(r223079)
 +++ head/sbin/ipfw/nat.c	Tue Jun 14 13:35:24 2011	(r223080)
 @@ -53,6 +53,7 @@ static struct _s_x nat_params[] = {
   	{ "deny_in",		TOK_DENY_INC },
   	{ "same_ports",		TOK_SAME_PORTS },
   	{ "unreg_only",		TOK_UNREG_ONLY },
 +	{ "skip_global",	TOK_SKIP_GLOBAL },
   	{ "reset",		TOK_RESET_ADDR },
   	{ "reverse",		TOK_ALIAS_REV },
   	{ "proxy_only",		TOK_PROXY_ONLY },
 @@ -628,6 +629,9 @@ print_nat_config(unsigned char *buf)
  		} else if (n->mode & PKT_ALIAS_SAME_PORTS) {
  			printf(" same_ports");
  			n->mode &= ~PKT_ALIAS_SAME_PORTS;
 +		} else if (n->mode & PKT_ALIAS_SKIP_GLOBAL) {
 +			printf(" skip_global");
 +			n->mode &= ~PKT_ALIAS_SKIP_GLOBAL;
  		} else if (n->mode & PKT_ALIAS_UNREGISTERED_ONLY) {
  			printf(" unreg_only");
  			n->mode &= ~PKT_ALIAS_UNREGISTERED_ONLY;
 @@ -746,10 +750,11 @@ ipfw_config_nat(int ac, char **av)
  		case TOK_IP:
  		case TOK_IF:
  			ac1--; av1++;
 -			break;	    
 +			break;
  		case TOK_ALOG:
  		case TOK_DENY_INC:
  		case TOK_SAME_PORTS:
 +		case TOK_SKIP_GLOBAL:
  		case TOK_UNREG_ONLY:
  		case TOK_RESET_ADDR:
  		case TOK_ALIAS_REV:
 @@ -821,6 +826,9 @@ ipfw_config_nat(int ac, char **av)
  		case TOK_UNREG_ONLY:
  			n->mode |= PKT_ALIAS_UNREGISTERED_ONLY;
  			break;
 +		case TOK_SKIP_GLOBAL:
 +			n->mode |= PKT_ALIAS_SKIP_GLOBAL;
 +			break;
  		case TOK_RESET_ADDR:
  			n->mode |= PKT_ALIAS_RESET_ON_ADDR_CHANGE;
  			break;
 
 Modified: head/sys/netinet/ipfw/ip_fw2.c
 ==============================================================================
 --- head/sys/netinet/ipfw/ip_fw2.c	Tue Jun 14 13:02:26 2011	(r223079)
 +++ head/sys/netinet/ipfw/ip_fw2.c	Tue Jun 14 13:35:24 2011	(r223080)
 @@ -2194,6 +2194,13 @@ do {								\
  				    int nat_id;
  
  				    set_match(args, f_pos, chain);
 +				    /* Check if this is 'global' nat rule */
 +				    if (cmd->arg1 == 0) {
 +					    retval = ipfw_nat_ptr(args, NULL, m);
 +					    l = 0;
 +					    done = 1;
 +					    break;
 +				    }
  				    t = ((ipfw_insn_nat *)cmd)->nat;
  				    if (t == NULL) {
  					nat_id = (cmd->arg1 == IP_FW_TABLEARG) ?
 
 Modified: head/sys/netinet/ipfw/ip_fw_nat.c
 ==============================================================================
 --- head/sys/netinet/ipfw/ip_fw_nat.c	Tue Jun 14 13:02:26 2011	(r223079)
 +++ head/sys/netinet/ipfw/ip_fw_nat.c	Tue Jun 14 13:35:24 2011	(r223080)
 @@ -207,7 +207,8 @@ ipfw_nat(struct ip_fw_args *args, struct
  	struct mbuf *mcl;
  	struct ip *ip;
  	/* XXX - libalias duct tape */
 -	int ldt, retval;
 +	int ldt, retval, found;
 +	struct ip_fw_chain *chain;
  	char *c;
  
  	ldt = 0;
 @@ -256,12 +257,44 @@ ipfw_nat(struct ip_fw_args *args, struct
  		ldt = 1;
  
  	c = mtod(mcl, char *);
 -	if (args->oif == NULL)
 -		retval = LibAliasIn(t->lib, c,
 -			mcl->m_len + M_TRAILINGSPACE(mcl));
 -	else
 -		retval = LibAliasOut(t->lib, c,
 -			mcl->m_len + M_TRAILINGSPACE(mcl));
 +
 +	/* Check if this is 'global' instance */
 +	if (t == NULL) {
 +		if (args->oif == NULL) {
 +			/* Wrong direction, skip processing */
 +			args->m = mcl;
 +			return (IP_FW_NAT);
 +		}
 +
 +		found = 0;
 +		chain = &V_layer3_chain;
 +		IPFW_RLOCK(chain);
 +		/* Check every nat entry... */
 +		LIST_FOREACH(t, &chain->nat, _next) {
 +			if ((t->mode & PKT_ALIAS_SKIP_GLOBAL) != 0)
 +				continue;
 +			retval = LibAliasOutTry(t->lib, c,
 +			    mcl->m_len + M_TRAILINGSPACE(mcl), 0);
 +			if (retval == PKT_ALIAS_OK) {
 +				/* Nat instance recognises state */
 +				found = 1;
 +				break;
 +			}
 +		}
 +		IPFW_RUNLOCK(chain);
 +		if (found != 1) {
 +			/* No instance found, return ignore */
 +			args->m = mcl;
 +			return (IP_FW_NAT);
 +		}
 +	} else {
 +		if (args->oif == NULL)
 +			retval = LibAliasIn(t->lib, c,
 +				mcl->m_len + M_TRAILINGSPACE(mcl));
 +		else
 +			retval = LibAliasOut(t->lib, c,
 +				mcl->m_len + M_TRAILINGSPACE(mcl));
 +	}
  
  	/*
  	 * We drop packet when:
 @@ -274,7 +307,7 @@ ipfw_nat(struct ip_fw_args *args, struct
  	if (retval == PKT_ALIAS_ERROR ||
  	    (args->oif == NULL && (retval == PKT_ALIAS_UNRESOLVED_FRAGMENT ||
  	    (retval == PKT_ALIAS_IGNORED &&
 -	    (t->lib->packetAliasMode & PKT_ALIAS_DENY_INCOMING) != 0)))) {
 +	    (t->mode & PKT_ALIAS_DENY_INCOMING) != 0)))) {
  		/* XXX - should i add some logging? */
  		m_free(mcl);
  		args->m = NULL;
 
 Modified: head/sys/netinet/libalias/alias.h
 ==============================================================================
 --- head/sys/netinet/libalias/alias.h	Tue Jun 14 13:02:26 2011	(r223079)
 +++ head/sys/netinet/libalias/alias.h	Tue Jun 14 13:35:24 2011	(r223080)
 @@ -220,6 +220,12 @@ struct mbuf    *m_megapullup(struct mbuf
  #define	PKT_ALIAS_PUNCH_FW		0x100
  #endif
  
 +/*
 + * If PKT_ALIAS_SKIP_GLOBAL is set, nat instance is not checked for matching
 + * states in 'ipfw nat global' rule.
 + */
 +#define	PKT_ALIAS_SKIP_GLOBAL		0x200
 +
  /* Function return codes. */
  #define	PKT_ALIAS_ERROR			-1
  #define	PKT_ALIAS_OK			1
 _______________________________________________
 svn-src-all@freebsd.org mailing list
 http://lists.freebsd.org/mailman/listinfo/svn-src-all
 To unsubscribe, send any mail to "svn-src-all-unsubscribe@freebsd.org"
 

From owner-freebsd-ipfw@FreeBSD.ORG  Tue Jun 14 14:40:13 2011
Return-Path: <owner-freebsd-ipfw@FreeBSD.ORG>
Delivered-To: freebsd-ipfw@hub.freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34])
	by hub.freebsd.org (Postfix) with ESMTP id 483D81065672
	for <freebsd-ipfw@hub.freebsd.org>;
	Tue, 14 Jun 2011 14:40:13 +0000 (UTC)
	(envelope-from gnats@FreeBSD.org)
Received: from freefall.freebsd.org (freefall.freebsd.org
	[IPv6:2001:4f8:fff6::28])
	by mx1.freebsd.org (Postfix) with ESMTP id 1F61E8FC12
	for <freebsd-ipfw@hub.freebsd.org>;
	Tue, 14 Jun 2011 14:40:13 +0000 (UTC)
Received: from freefall.freebsd.org (localhost [127.0.0.1])
	by freefall.freebsd.org (8.14.4/8.14.4) with ESMTP id p5EEeC7t064003
	for <freebsd-ipfw@freefall.freebsd.org>; Tue, 14 Jun 2011 14:40:12 GMT
	(envelope-from gnats@freefall.freebsd.org)
Received: (from gnats@localhost)
	by freefall.freebsd.org (8.14.4/8.14.4/Submit) id p5EEeCi7064002;
	Tue, 14 Jun 2011 14:40:12 GMT (envelope-from gnats)
Date: Tue, 14 Jun 2011 14:40:12 GMT
Message-Id: <201106141440.p5EEeCi7064002@freefall.freebsd.org>
To: freebsd-ipfw@FreeBSD.org
From: Pawel Tyll <ptyll@nitronet.pl>
Cc: 
Subject: Re: kern/152360: [dummynet] [panic] Crash related to dummynet.
X-BeenThere: freebsd-ipfw@freebsd.org
X-Mailman-Version: 2.1.5
Precedence: list
Reply-To: Pawel Tyll <ptyll@nitronet.pl>
List-Id: IPFW Technical Discussions <freebsd-ipfw.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-ipfw>,
	<mailto:freebsd-ipfw-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-ipfw>
List-Post: <mailto:freebsd-ipfw@freebsd.org>
List-Help: <mailto:freebsd-ipfw-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-ipfw>,
	<mailto:freebsd-ipfw-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Tue, 14 Jun 2011 14:40:13 -0000

The following reply was made to PR kern/152360; it has been noted by GNATS.

From: Pawel Tyll <ptyll@nitronet.pl>
To: bug-followup@FreeBSD.org, ptyll@nitronet.pl
Cc:  
Subject: Re: kern/152360: [dummynet] [panic] Crash related to dummynet.
Date: Tue, 14 Jun 2011 16:10:52 +0200

 Hi,
 
 It has been fixed already. Thanks.
 
 Kind regards.
 
 

From owner-freebsd-ipfw@FreeBSD.ORG  Tue Jun 14 14:54:44 2011
Return-Path: <owner-freebsd-ipfw@FreeBSD.ORG>
Delivered-To: freebsd-ipfw@hub.freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34])
	by hub.freebsd.org (Postfix) with ESMTP id D34AF1065674;
	Tue, 14 Jun 2011 14:54:44 +0000 (UTC) (envelope-from ae@FreeBSD.org)
Received: from freefall.freebsd.org (freefall.freebsd.org
	[IPv6:2001:4f8:fff6::28])
	by mx1.freebsd.org (Postfix) with ESMTP id ABD408FC0C;
	Tue, 14 Jun 2011 14:54:44 +0000 (UTC)
Received: from freefall.freebsd.org (localhost [127.0.0.1])
	by freefall.freebsd.org (8.14.4/8.14.4) with ESMTP id p5EEsiOL080957;
	Tue, 14 Jun 2011 14:54:44 GMT (envelope-from ae@freefall.freebsd.org)
Received: (from ae@localhost)
	by freefall.freebsd.org (8.14.4/8.14.4/Submit) id p5EEsiZM080953;
	Tue, 14 Jun 2011 14:54:44 GMT (envelope-from ae)
Date: Tue, 14 Jun 2011 14:54:44 GMT
Message-Id: <201106141454.p5EEsiZM080953@freefall.freebsd.org>
To: ptyll@nitronet.pl, ae@FreeBSD.org, freebsd-ipfw@FreeBSD.org
From: ae@FreeBSD.org
Cc: 
Subject: Re: kern/152360: [dummynet] [panic] Crash related to dummynet.
X-BeenThere: freebsd-ipfw@freebsd.org
X-Mailman-Version: 2.1.5
Precedence: list
List-Id: IPFW Technical Discussions <freebsd-ipfw.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-ipfw>,
	<mailto:freebsd-ipfw-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-ipfw>
List-Post: <mailto:freebsd-ipfw@freebsd.org>
List-Help: <mailto:freebsd-ipfw-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-ipfw>,
	<mailto:freebsd-ipfw-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Tue, 14 Jun 2011 14:54:44 -0000

Synopsis: [dummynet] [panic] Crash related to dummynet.

State-Changed-From-To: open->closed
State-Changed-By: ae
State-Changed-When: Tue Jun 14 14:52:41 UTC 2011
State-Changed-Why: 
Submitter has confirmed that the problem is already fixed.

http://www.freebsd.org/cgi/query-pr.cgi?pr=152360

From owner-freebsd-ipfw@FreeBSD.ORG  Tue Jun 14 14:55:36 2011
Return-Path: <owner-freebsd-ipfw@FreeBSD.ORG>
Delivered-To: freebsd-ipfw@hub.freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34])
	by hub.freebsd.org (Postfix) with ESMTP id 530FD1065677;
	Tue, 14 Jun 2011 14:55:36 +0000 (UTC) (envelope-from ae@FreeBSD.org)
Received: from freefall.freebsd.org (freefall.freebsd.org
	[IPv6:2001:4f8:fff6::28])
	by mx1.freebsd.org (Postfix) with ESMTP id 2BE668FC16;
	Tue, 14 Jun 2011 14:55:36 +0000 (UTC)
Received: from freefall.freebsd.org (localhost [127.0.0.1])
	by freefall.freebsd.org (8.14.4/8.14.4) with ESMTP id p5EEtaSs081031;
	Tue, 14 Jun 2011 14:55:36 GMT (envelope-from ae@freefall.freebsd.org)
Received: (from ae@localhost)
	by freefall.freebsd.org (8.14.4/8.14.4/Submit) id p5EEtZrg081027;
	Tue, 14 Jun 2011 14:55:35 GMT (envelope-from ae)
Date: Tue, 14 Jun 2011 14:55:35 GMT
Message-Id: <201106141455.p5EEtZrg081027@freefall.freebsd.org>
To: melifaro@ipfw.ru, ae@FreeBSD.org, freebsd-ipfw@FreeBSD.org
From: ae@FreeBSD.org
Cc: 
Subject: Re: kern/157867: [patch][ipfw] natd globalport support for ipfw nat
X-BeenThere: freebsd-ipfw@freebsd.org
X-Mailman-Version: 2.1.5
Precedence: list
List-Id: IPFW Technical Discussions <freebsd-ipfw.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-ipfw>,
	<mailto:freebsd-ipfw-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-ipfw>
List-Post: <mailto:freebsd-ipfw@freebsd.org>
List-Help: <mailto:freebsd-ipfw-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-ipfw>,
	<mailto:freebsd-ipfw-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Tue, 14 Jun 2011 14:55:36 -0000

Synopsis: [patch][ipfw] natd globalport support for ipfw nat

State-Changed-From-To: open->patched
State-Changed-By: ae
State-Changed-When: Tue Jun 14 14:55:08 UTC 2011
State-Changed-Why: 
Patched in head/. Thanks!

http://www.freebsd.org/cgi/query-pr.cgi?pr=157867

From owner-freebsd-ipfw@FreeBSD.ORG  Tue Jun 14 15:40:10 2011
Return-Path: <owner-freebsd-ipfw@FreeBSD.ORG>
Delivered-To: freebsd-ipfw@hub.freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34])
	by hub.freebsd.org (Postfix) with ESMTP id 43EC1106566B
	for <freebsd-ipfw@hub.freebsd.org>;
	Tue, 14 Jun 2011 15:40:10 +0000 (UTC)
	(envelope-from gnats@FreeBSD.org)
Received: from freefall.freebsd.org (freefall.freebsd.org
	[IPv6:2001:4f8:fff6::28])
	by mx1.freebsd.org (Postfix) with ESMTP id 3403D8FC12
	for <freebsd-ipfw@hub.freebsd.org>;
	Tue, 14 Jun 2011 15:40:10 +0000 (UTC)
Received: from freefall.freebsd.org (localhost [127.0.0.1])
	by freefall.freebsd.org (8.14.4/8.14.4) with ESMTP id p5EFe9h0018743
	for <freebsd-ipfw@freefall.freebsd.org>; Tue, 14 Jun 2011 15:40:09 GMT
	(envelope-from gnats@freefall.freebsd.org)
Received: (from gnats@localhost)
	by freefall.freebsd.org (8.14.4/8.14.4/Submit) id p5EFe9ok018742;
	Tue, 14 Jun 2011 15:40:09 GMT (envelope-from gnats)
Date: Tue, 14 Jun 2011 15:40:09 GMT
Message-Id: <201106141540.p5EFe9ok018742@freefall.freebsd.org>
To: freebsd-ipfw@FreeBSD.org
From: ten <dm@211.ru>
Cc: 
Subject: Re: kern/122109: [ipfw] ipfw nat traceroute problem
X-BeenThere: freebsd-ipfw@freebsd.org
X-Mailman-Version: 2.1.5
Precedence: list
Reply-To: ten <dm@211.ru>
List-Id: IPFW Technical Discussions <freebsd-ipfw.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-ipfw>,
	<mailto:freebsd-ipfw-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-ipfw>
List-Post: <mailto:freebsd-ipfw@freebsd.org>
List-Help: <mailto:freebsd-ipfw-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-ipfw>,
	<mailto:freebsd-ipfw-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Tue, 14 Jun 2011 15:40:10 -0000

The following reply was made to PR kern/122109; it has been noted by GNATS.

From: ten <dm@211.ru>
To: "Andrey V. Elsukov" <bu7cher@yandex.ru>, bug-followup@FreeBSD.org
Cc:  
Subject: Re: kern/122109: [ipfw] ipfw nat traceroute problem
Date: Tue, 14 Jun 2011 22:32:03 +0700

 --000e0cd2bd02de68fe04a5adbcee
 Content-Type: text/plain; charset=ISO-8859-1
 
 Yes, works. Thanks.
 
 On 06.06.2011 14:31, Andrey V. Elsukov wrote:
 
 > On 06.06.2011 18:50, ten wrote:
 > > Subject: Re: kern/122109: [ipfw] ipfw nat traceroute problem
 > > Date: Mon, 6 Jun 2011 21:38:36 +0700
 > >
 > >  --000e0cd22f68002b4704a50c0f97
 > >  Content-Type: text/plain; charset=ISO-8859-1
 > >
 > >  It seems I have too old version, and patch not applicable to me
 > >
 > >  7.3-STABLE FreeBSD 7.3-STABLE #2 amd64
 >
 > I adapted the patch for stable/7:
 > http://people.freebsd.org/~ae/ipfw_nat7.diff
 >
 > --
 > WBR, Andrey V. Elsukov
 >
 >
 
 --000e0cd2bd02de68fe04a5adbcee
 Content-Type: text/html; charset=ISO-8859-1
 Content-Transfer-Encoding: quoted-printable
 
 Yes, works. Thanks.<br><br><div class=3D"gmail_quote">On 06.06.2011 14:31, =
 Andrey V. Elsukov wrote:<br><blockquote class=3D"gmail_quote" style=3D"marg=
 in:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex;">On 06.06.2011 1=
 8:50, ten wrote:<br>
 
 &gt; Subject: Re: kern/122109: [ipfw] ipfw nat traceroute problem<br>
 &gt; Date: Mon, 6 Jun 2011 21:38:36 +0700<br>
 &gt;<br>
 &gt; =A0--000e0cd22f68002b4704a50c0f97<br>
 &gt; =A0Content-Type: text/plain; charset=3DISO-8859-1<br>
 <div class=3D"im">&gt;<br>
 &gt; =A0It seems I have too old version, and patch not applicable to me<br>
 &gt;<br>
 &gt; =A07.3-STABLE FreeBSD 7.3-STABLE #2 amd64<br>
 <br>
 </div>I adapted the patch for stable/7:<br>
 <a href=3D"http://people.freebsd.org/%7Eae/ipfw_nat7.diff" target=3D"_blank=
 ">http://people.freebsd.org/~ae/ipfw_nat7.diff</a><br>
 <font color=3D"#888888"><br>
 --<br>
 WBR, Andrey V. Elsukov<br>
 <br>
 </font></blockquote></div><br>
 
 --000e0cd2bd02de68fe04a5adbcee--

From owner-freebsd-ipfw@FreeBSD.ORG  Wed Jun 15 12:31:57 2011
Return-Path: <owner-freebsd-ipfw@FreeBSD.ORG>
Delivered-To: freebsd-ipfw@freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34])
	by hub.freebsd.org (Postfix) with ESMTP id 20CD6106566B
	for <freebsd-ipfw@freebsd.org>; Wed, 15 Jun 2011 12:31:57 +0000 (UTC)
	(envelope-from matt@chronos.org.uk)
Received: from chronos.org.uk (chronos-pt.tunnel.tserv5.lon1.ipv6.he.net
	[IPv6:2001:470:1f08:12b::2])
	by mx1.freebsd.org (Postfix) with ESMTP id 6EEF98FC19
	for <freebsd-ipfw@freebsd.org>; Wed, 15 Jun 2011 12:31:56 +0000 (UTC)
Received: from workstation1.localnet (workstation1.local.chronos.org.uk
	[IPv6:2001:470:1f09:12b::20]) (authenticated bits=0)
	by chronos.org.uk (8.14.4/8.14.4) with ESMTP id p5FCVrCx007213
	(version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=NO)
	for <freebsd-ipfw@freebsd.org>; Wed, 15 Jun 2011 13:31:53 +0100 (BST)
	(envelope-from matt@chronos.org.uk)
X-DKIM: Sendmail DKIM Filter v2.8.3 chronos.org.uk p5FCVrCx007213
DKIM-Signature: v=1; a=rsa-sha256; c=simple/simple; d=chronos.org.uk;
	s=mail; t=1308141113;
	bh=lpMJydjMxkj/D7wL6Kx7lwCgK7XN6Ze+XpYKccznZU0=;
	h=From:To:Subject:Date:References:In-Reply-To:MIME-Version:
	Content-Type:Content-Transfer-Encoding:Message-Id;
	b=D5J6UGjnMLoJnXA1cA7jz25ZPPTzy3HPFF+KV5NDqs3TBF8M3Y8pmx4XTU4Hnni3I
	/i5uEM4rvmUern06VHnSi956cavdRVcT60iAhXYswKL9Z+RzAq/wN7gbn3dYNNTuaf
	bS5H2gcaMlC4iQqKS2BOiQyZ5fMb5v2a6e6pj8Ns=
From: Matt Dawson <matt@chronos.org.uk>
To: freebsd-ipfw@freebsd.org
Date: Wed, 15 Jun 2011 13:31:49 +0100
User-Agent: KMail/1.13.7 (FreeBSD/8.2-RELEASE; KDE/4.6.3; amd64; ; )
References: <20110615120028.8733C1065705@hub.freebsd.org>
In-Reply-To: <20110615120028.8733C1065705@hub.freebsd.org>
X-Face: Uq{{&_!oO{M&ydj<DA1zX|w-l1]w>?-f%{D]bN7/|/]a+utod35[+IyH#R>F~YPffK,=?utf-8?q?=25=60=7D=25=0A?=FTMbmzo,]0X3K:N&{h7],FI{?EkORzB;
	f:V3"vKXsUNw5Yh`}ef4MZ*a4,=?utf-8?q?ObuJ=5F=26=5B1S=27zP=5CK0wcKZP=0A?==?utf-8?q?_=60=23L=25=5Dq*OUPQ-4T=3FHZ=7EAKX0=7D3W=25o=3DP?=<g-V5B.b\Y7
MIME-Version: 1.0
Content-Type: Text/Plain;
  charset="iso-8859-15"
Content-Transfer-Encoding: 7bit
Message-Id: <201106151331.51191.matt@chronos.org.uk>
X-Greylist: Sender succeeded SMTP AUTH, not delayed by milter-greylist-4.2.7
	(chronos.org.uk [IPv6:2001:470:1f09:12b::1]);
	Wed, 15 Jun 2011 13:31:54 +0100 (BST)
X-Virus-Scanned: clamav-milter 0.97 at central.local.chronos.org.uk
X-Virus-Status: Clean
X-Spam-Status: No, score=-100.9 required=3.0 tests=BAYES_00,
	DATE_IN_FUTURE_96_Q,DKIM_SIGNED,DKIM_VALID,DKIM_VALID_AU,SPF_PASS,
	T_RP_MATCHES_RCVD,USER_IN_WHITELIST autolearn=no version=3.3.1
X-Spam-Checker-Version: SpamAssassin 3.3.1 (2010-03-16) on
	central.local.chronos.org.uk
Subject: IPFW2 IPv6 tables
X-BeenThere: freebsd-ipfw@freebsd.org
X-Mailman-Version: 2.1.5
Precedence: list
List-Id: IPFW Technical Discussions <freebsd-ipfw.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-ipfw>,
	<mailto:freebsd-ipfw-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-ipfw>
List-Post: <mailto:freebsd-ipfw@freebsd.org>
List-Help: <mailto:freebsd-ipfw-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-ipfw>,
	<mailto:freebsd-ipfw-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Wed, 15 Jun 2011 12:31:57 -0000

Is there a patchset for 8.2R to add IPv6 table functionality to IPFW2? 
I seem to recall one floating about for 7 (Luigi?) a while ago. I'm 
currently using individual rules, but it's becoming cumbersome.
-- 
Matt Dawson
MTD15-RIPE
matt@chronos.org.uk

From owner-freebsd-ipfw@FreeBSD.ORG  Wed Jun 15 16:24:15 2011
Return-Path: <owner-freebsd-ipfw@FreeBSD.ORG>
Delivered-To: freebsd-ipfw@freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34])
	by hub.freebsd.org (Postfix) with ESMTP id BF5E9106564A
	for <freebsd-ipfw@freebsd.org>; Wed, 15 Jun 2011 16:24:15 +0000 (UTC)
	(envelope-from crest@informatik.uni-bremen.de)
Received: from informatik.uni-bremen.de (mailhost.informatik.uni-bremen.de
	[134.102.201.18])
	by mx1.freebsd.org (Postfix) with ESMTP id 4F9698FC13
	for <freebsd-ipfw@freebsd.org>; Wed, 15 Jun 2011 16:24:13 +0000 (UTC)
Received: from smtp-fb3.informatik.uni-bremen.de
	(smtp-fb3.informatik.uni-bremen.de [134.102.224.120])
	by informatik.uni-bremen.de (8.14.3/8.14.3) with ESMTP id
	p5EEitGq027621
	for <freebsd-ipfw@freebsd.org>; Tue, 14 Jun 2011 16:44:55 +0200 (CEST)
Received: from eduroam-0977.wlan.uni-bremen.de
	(eduroam-0977.wlan.uni-bremen.de [134.102.19.209])
	(using TLSv1 with cipher AES128-SHA (128/128 bits))
	(No client certificate requested)
	by smtp-fb3.informatik.uni-bremen.de (Postfix) with ESMTPSA id 438B1581
	for <freebsd-ipfw@freebsd.org>; Tue, 14 Jun 2011 16:44:55 +0200 (CEST)
Content-Type: text/plain; charset=us-ascii
Mime-Version: 1.0 (Apple Message framework v1084)
From: crest <crest@informatik.uni-bremen.de>
In-Reply-To: <CB5F654C-227D-43C0-8A13-F57C19A1861C@informatik.uni-bremen.de>
Date: Tue, 14 Jun 2011 16:44:54 +0200
Content-Transfer-Encoding: quoted-printable
Message-Id: <B4003759-75D3-4663-87E0-FD9374227D60@informatik.uni-bremen.de>
References: <201106041300.p54D0Oji030792@freefall.freebsd.org>
	<CB5F654C-227D-43C0-8A13-F57C19A1861C@informatik.uni-bremen.de>
To: freebsd-ipfw@freebsd.org
X-Mailer: Apple Mail (2.1084)
Subject: Re: kern/157239: [ipfw] [dummynet] ipfw + dummynet corrupts ipv6
	packets
X-BeenThere: freebsd-ipfw@freebsd.org
X-Mailman-Version: 2.1.5
Precedence: list
List-Id: IPFW Technical Discussions <freebsd-ipfw.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-ipfw>,
	<mailto:freebsd-ipfw-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-ipfw>
List-Post: <mailto:freebsd-ipfw@freebsd.org>
List-Help: <mailto:freebsd-ipfw-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-ipfw>,
	<mailto:freebsd-ipfw-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Wed, 15 Jun 2011 16:24:15 -0000


On 06.06.2011, at 19:30, crest wrote:

>=20
> On 04.06.2011, at 15:00, Manuel Kasper wrote:
>=20
>> The following reply was made to PR kern/157239; it has been noted by =
GNATS.
>>=20
>> Also, I believe I've found the cause: ipfw/dummynet code uses =3D
>> SET_HOST_IPLEN on IPv6 packets in two instances, thus inadvertently =3D=

>> swapping the next header and hop limit fields in the IPv6 header, =3D
>> causing the "Unknown Extension Header" warnings and dropped packets =
(or =3D
>> bad packets appearing on the wire if =3D
>> net.inet6.ip6.fw.deny_unknown_exthdrs=3D3D0).
>>=20
>> A patch against 8.2-RELEASE that fixes this issue for me is attached =
- =3D
>> Jan, could you please verify if this fixes the issue for you too?
>=20
> I tested the patch and it solved the problem for a simple test setup. =
I'll test it in a more complex setup this evening/ night (TZ=3DCEST).

I tried the patch on 3 Boxes (2 x amd64, 1 x i386). The patch solves the =
reported problem. I detected no regression.=

From owner-freebsd-ipfw@FreeBSD.ORG  Thu Jun 16 18:39:40 2011
Return-Path: <owner-freebsd-ipfw@FreeBSD.ORG>
Delivered-To: freebsd-ipfw@hub.freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34])
	by hub.freebsd.org (Postfix) with ESMTP id 273511065674;
	Thu, 16 Jun 2011 18:39:40 +0000 (UTC) (envelope-from ae@FreeBSD.org)
Received: from freefall.freebsd.org (freefall.freebsd.org
	[IPv6:2001:4f8:fff6::28])
	by mx1.freebsd.org (Postfix) with ESMTP id F291E8FC12;
	Thu, 16 Jun 2011 18:39:39 +0000 (UTC)
Received: from freefall.freebsd.org (localhost [127.0.0.1])
	by freefall.freebsd.org (8.14.4/8.14.4) with ESMTP id p5GIdd9C001471;
	Thu, 16 Jun 2011 18:39:39 GMT (envelope-from ae@freefall.freebsd.org)
Received: (from ae@localhost)
	by freefall.freebsd.org (8.14.4/8.14.4/Submit) id p5GIdd9K001466;
	Thu, 16 Jun 2011 18:39:39 GMT (envelope-from ae)
Date: Thu, 16 Jun 2011 18:39:39 GMT
Message-Id: <201106161839.p5GIdd9K001466@freefall.freebsd.org>
To: eugen@eg.svzserv.kuzbass.ru, ae@FreeBSD.org, freebsd-ipfw@FreeBSD.org
From: ae@FreeBSD.org
Cc: 
Subject: Re: kern/129036: [ipfw] 'ipfw fwd' does not change outgoing
	interface name
X-BeenThere: freebsd-ipfw@freebsd.org
X-Mailman-Version: 2.1.5
Precedence: list
List-Id: IPFW Technical Discussions <freebsd-ipfw.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-ipfw>,
	<mailto:freebsd-ipfw-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-ipfw>
List-Post: <mailto:freebsd-ipfw@freebsd.org>
List-Help: <mailto:freebsd-ipfw-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-ipfw>,
	<mailto:freebsd-ipfw-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Thu, 16 Jun 2011 18:39:40 -0000

Synopsis: [ipfw] 'ipfw fwd' does not change outgoing interface name

State-Changed-From-To: open->feedback
State-Changed-By: ae
State-Changed-When: Thu Jun 16 18:38:43 UTC 2011
State-Changed-Why: 
Can you still reproduce this on a supported release? 

http://www.freebsd.org/cgi/query-pr.cgi?pr=129036

From owner-freebsd-ipfw@FreeBSD.ORG  Thu Jun 16 21:00:27 2011
Return-Path: <owner-freebsd-ipfw@FreeBSD.ORG>
Delivered-To: freebsd-ipfw@hub.freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34])
	by hub.freebsd.org (Postfix) with ESMTP id 6844D1065693
	for <freebsd-ipfw@hub.freebsd.org>;
	Thu, 16 Jun 2011 21:00:27 +0000 (UTC)
	(envelope-from gnats@FreeBSD.org)
Received: from freefall.freebsd.org (freefall.freebsd.org
	[IPv6:2001:4f8:fff6::28])
	by mx1.freebsd.org (Postfix) with ESMTP id E93D68FC25
	for <freebsd-ipfw@hub.freebsd.org>;
	Thu, 16 Jun 2011 21:00:24 +0000 (UTC)
Received: from freefall.freebsd.org (localhost [127.0.0.1])
	by freefall.freebsd.org (8.14.4/8.14.4) with ESMTP id p5GL0OnQ039126
	for <freebsd-ipfw@freefall.freebsd.org>; Thu, 16 Jun 2011 21:00:24 GMT
	(envelope-from gnats@freefall.freebsd.org)
Received: (from gnats@localhost)
	by freefall.freebsd.org (8.14.4/8.14.4/Submit) id p5GL0Ob1039125;
	Thu, 16 Jun 2011 21:00:24 GMT (envelope-from gnats)
Date: Thu, 16 Jun 2011 21:00:24 GMT
Message-Id: <201106162100.p5GL0Ob1039125@freefall.freebsd.org>
To: freebsd-ipfw@FreeBSD.org
From: Eugene Grosbein <egrosbein@rdtc.ru>
Cc: 
Subject: Re: kern/129036: [ipfw] 'ipfw fwd' does not change outgoing
 interface name
X-BeenThere: freebsd-ipfw@freebsd.org
X-Mailman-Version: 2.1.5
Precedence: list
Reply-To: Eugene Grosbein <egrosbein@rdtc.ru>
List-Id: IPFW Technical Discussions <freebsd-ipfw.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-ipfw>,
	<mailto:freebsd-ipfw-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-ipfw>
List-Post: <mailto:freebsd-ipfw@freebsd.org>
List-Help: <mailto:freebsd-ipfw-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-ipfw>,
	<mailto:freebsd-ipfw-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Thu, 16 Jun 2011 21:00:27 -0000

The following reply was made to PR kern/129036; it has been noted by GNATS.

From: Eugene Grosbein <egrosbein@rdtc.ru>
To: bug-followup@FreeBSD.ORG
Cc: ae@FreeBSD.ORG
Subject: Re: kern/129036: [ipfw] 'ipfw fwd' does not change outgoing interface
 name
Date: Fri, 17 Jun 2011 03:54:30 +0700

 > Can you still reproduce this on a supported release? 
 
 Yes, the same problem can be reproduced with 8.2-STABLE.
 
 Eugene Grosbein.
 
 P.S. Please note that my original e-mail of this PR is no longer valid.

From owner-freebsd-ipfw@FreeBSD.ORG  Fri Jun 17 18:37:57 2011
Return-Path: <owner-freebsd-ipfw@FreeBSD.ORG>
Delivered-To: freebsd-ipfw@hub.freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34])
	by hub.freebsd.org (Postfix) with ESMTP id E5A501065679;
	Fri, 17 Jun 2011 18:37:57 +0000 (UTC) (envelope-from ae@FreeBSD.org)
Received: from freefall.freebsd.org (freefall.freebsd.org
	[IPv6:2001:4f8:fff6::28])
	by mx1.freebsd.org (Postfix) with ESMTP id BDEE18FC1A;
	Fri, 17 Jun 2011 18:37:57 +0000 (UTC)
Received: from freefall.freebsd.org (localhost [127.0.0.1])
	by freefall.freebsd.org (8.14.4/8.14.4) with ESMTP id p5HIbvsL002456;
	Fri, 17 Jun 2011 18:37:57 GMT (envelope-from ae@freefall.freebsd.org)
Received: (from ae@localhost)
	by freefall.freebsd.org (8.14.4/8.14.4/Submit) id p5HIbvmA002452;
	Fri, 17 Jun 2011 18:37:57 GMT (envelope-from ae)
Date: Fri, 17 Jun 2011 18:37:57 GMT
Message-Id: <201106171837.p5HIbvmA002452@freefall.freebsd.org>
To: ae@FreeBSD.org, freebsd-bugs@FreeBSD.org, freebsd-ipfw@FreeBSD.org
From: ae@FreeBSD.org
Cc: 
Subject: Re: kern/157957: [libalias][patch] alias_ftp does not alias data
	sessions corretly
X-BeenThere: freebsd-ipfw@freebsd.org
X-Mailman-Version: 2.1.5
Precedence: list
List-Id: IPFW Technical Discussions <freebsd-ipfw.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-ipfw>,
	<mailto:freebsd-ipfw-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-ipfw>
List-Post: <mailto:freebsd-ipfw@freebsd.org>
List-Help: <mailto:freebsd-ipfw-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-ipfw>,
	<mailto:freebsd-ipfw-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Fri, 17 Jun 2011 18:37:58 -0000

Synopsis: [libalias][patch] alias_ftp does not alias data sessions corretly

Responsible-Changed-From-To: freebsd-bugs->freebsd-ipfw
Responsible-Changed-By: ae
Responsible-Changed-When: Fri Jun 17 18:35:50 UTC 2011
Responsible-Changed-Why: 
Over to maintainer(s).

http://www.freebsd.org/cgi/query-pr.cgi?pr=157957