From owner-freebsd-ipfw@FreeBSD.ORG Mon Mar 18 11:06:45 2013 Return-Path: Delivered-To: freebsd-ipfw@FreeBSD.org Received: from mx1.freebsd.org (mx1.FreeBSD.org [8.8.178.115]) by hub.freebsd.org (Postfix) with ESMTP id EF8C0A5E for ; Mon, 18 Mar 2013 11:06:44 +0000 (UTC) (envelope-from owner-bugmaster@FreeBSD.org) Received: from freefall.freebsd.org (freefall.freebsd.org [IPv6:2001:1900:2254:206c::16:87]) by mx1.freebsd.org (Postfix) with ESMTP id E6FBEAAF for ; Mon, 18 Mar 2013 11:06:43 +0000 (UTC) Received: from freefall.freebsd.org (localhost [127.0.0.1]) by freefall.freebsd.org (8.14.6/8.14.6) with ESMTP id r2IB6hmj002166 for ; Mon, 18 Mar 2013 11:06:43 GMT (envelope-from owner-bugmaster@FreeBSD.org) Received: (from gnats@localhost) by freefall.freebsd.org (8.14.6/8.14.6/Submit) id r2IB6hxm002164 for freebsd-ipfw@FreeBSD.org; Mon, 18 Mar 2013 11:06:43 GMT (envelope-from owner-bugmaster@FreeBSD.org) Date: Mon, 18 Mar 2013 11:06:43 GMT Message-Id: <201303181106.r2IB6hxm002164@freefall.freebsd.org> X-Authentication-Warning: freefall.freebsd.org: gnats set sender to owner-bugmaster@FreeBSD.org using -f From: FreeBSD bugmaster To: freebsd-ipfw@FreeBSD.org Subject: Current problem reports assigned to freebsd-ipfw@FreeBSD.org X-BeenThere: freebsd-ipfw@freebsd.org X-Mailman-Version: 2.1.14 Precedence: list List-Id: IPFW Technical Discussions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 18 Mar 2013 11:06:45 -0000 Note: to view an individual PR, use: http://www.freebsd.org/cgi/query-pr.cgi?pr=(number). The following is a listing of current problems submitted by FreeBSD users. These represent problem reports covering all versions including experimental development code and obsolete releases. S Tracker Resp. Description -------------------------------------------------------------------------------- o kern/176503 ipfw [ipfw] ipfw layer2 problem o kern/174749 ipfw Unexpected change of default route o kern/169206 ipfw [ipfw] ipfw does not flush entries in table o conf/167822 ipfw [ipfw] [patch] start script doesn't load firewall_type o kern/166406 ipfw [ipfw] ipfw does not set ALTQ identifier for ipv6 traf o kern/165939 ipfw [ipw] bug: incomplete firewall rules loaded if tables o kern/165190 ipfw [ipfw] [lo] [patch] loopback interface is not marking o kern/158066 ipfw [ipfw] ipfw + netgraph + multicast = multicast packets o kern/157796 ipfw [ipfw] IPFW in-kernel NAT nat loopback / Default Route o kern/157689 ipfw [ipfw] ipfw nat config does not accept nonexistent int f kern/155927 ipfw [ipfw] ipfw stops to check packets for compliance with o bin/153252 ipfw [ipfw][patch] ipfw lockdown system in subsequent call o kern/153161 ipfw [ipfw] does not support specifying rules with ICMP cod o kern/152113 ipfw [ipfw] page fault on 8.1-RELEASE caused by certain amo o kern/148827 ipfw [ipfw] divert broken with in-kernel ipfw o kern/148430 ipfw [ipfw] IPFW schedule delete broken. o kern/148091 ipfw [ipfw] ipfw ipv6 handling broken. f kern/143973 ipfw [ipfw] [panic] ipfw forward option causes kernel reboo o kern/143621 ipfw [ipfw] [dummynet] [patch] dummynet and vnet use result o kern/137346 ipfw [ipfw] ipfw nat redirect_proto is broken o kern/137232 ipfw [ipfw] parser troubles o kern/135476 ipfw [ipfw] IPFW table breaks after adding a large number o o kern/129036 ipfw [ipfw] 'ipfw fwd' does not change outgoing interface n o kern/127230 ipfw [ipfw] [patch] Feature request to add UID and/or GID l f kern/122963 ipfw [ipfw] tcpdump does not show packets redirected by 'ip s kern/121807 ipfw [request] TCP and UDP port_table in ipfw o kern/116009 ipfw [ipfw] [patch] Ignore errors when loading ruleset from o bin/104921 ipfw [patch] ipfw(8) sometimes treats ipv6 input as ipv4 (a o kern/104682 ipfw [ipfw] [patch] Some minor language consistency fixes a o kern/103454 ipfw [ipfw] [patch] [request] add a facility to modify DF b o kern/103328 ipfw [ipfw] [request] sugestions about ipfw table o kern/97951 ipfw [ipfw] [patch] ipfw does not tie interface details to o kern/95084 ipfw [ipfw] [regression] [patch] IPFW2 ignores "recv/xmit/v o kern/86957 ipfw [ipfw] [patch] ipfw mac logging o bin/83046 ipfw [ipfw] ipfw2 error: "setup" is allowed for icmp, but s o kern/82724 ipfw [ipfw] [patch] [request] Add setnexthop and defaultrou o bin/78785 ipfw [patch] ipfw(8) verbosity locks machine if /etc/rc.fir o kern/60719 ipfw [ipfw] Headerless fragments generate cryptic error mes s kern/55984 ipfw [ipfw] [patch] time based firewalling support for ipfw o kern/48172 ipfw [ipfw] [patch] ipfw does not log size and flags o kern/46159 ipfw [ipfw] [patch] [request] ipfw dynamic rules lifetime f a kern/26534 ipfw [ipfw] Add an option to ipfw to log gid/uid of who cau 42 problems total. From owner-freebsd-ipfw@FreeBSD.ORG Tue Mar 19 21:49:32 2013 Return-Path: Delivered-To: freebsd-ipfw@freebsd.org Received: from mx1.freebsd.org (mx1.FreeBSD.org [8.8.178.115]) by hub.freebsd.org (Postfix) with ESMTP id 948EDF42 for ; Tue, 19 Mar 2013 21:49:32 +0000 (UTC) (envelope-from naptu@mail.ru) Received: from f16.mail.ru (f16.mail.ru [217.69.129.84]) by mx1.freebsd.org (Postfix) with ESMTP id 1A8F4909 for ; Tue, 19 Mar 2013 21:49:31 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=mail.ru; s=mail; h=Content-Type:Message-ID:Reply-To:Date:Mime-Version:Subject:To:From; bh=k5lgkO0taeuuNmvTaa1or90g1mVI6lM90mrAKPbL87Q=; b=iNSJUIe2U5FUw+eG2HQaUHuYK3ovV0xZ7X+QzqUa4+OWr5AFuAL3CXYTnafcGgkbdRrBLZn7BhWg2rfNq0yHZPgYUNgJVGbobhwonLJ9O60JETXyUygt6Ac9ZBTznERB; Received: from mail by f16.mail.ru with local (envelope-from ) id 1UI4PR-00016I-Oh for freebsd-ipfw@freebsd.org; Wed, 20 Mar 2013 01:49:29 +0400 Received: from [194.187.148.216] by e.mail.ru with HTTP; Wed, 20 Mar 2013 01:49:29 +0400 From: =?UTF-8?B?bmFQdHUgM2Fo?= To: freebsd-ipfw@freebsd.org Subject: =?UTF-8?B?SVBGVyB0YWJsZXMgdHJvdWJsZSZJbi1SZXBseS1Ubz00RkI0OUY3MC4yMDAw?= =?UTF-8?B?MjA5QEZyZWVCU0Qub3Jn?= Mime-Version: 1.0 X-Mailer: Mail.Ru Mailer 1.0 X-Originating-IP: [194.187.148.216] Date: Wed, 20 Mar 2013 01:49:29 +0400 X-Priority: 3 (Normal) Message-ID: <1363729769.579870118@f16.mail.ru> X-Spam: Not detected X-Mras: Ok X-Mailman-Approved-At: Tue, 19 Mar 2013 23:10:47 +0000 Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: base64 X-Content-Filtered-By: Mailman/MimeDel 2.1.14 X-BeenThere: freebsd-ipfw@freebsd.org X-Mailman-Version: 2.1.14 Precedence: list Reply-To: =?UTF-8?B?bmFQdHUgM2Fo?= List-Id: IPFW Technical Discussions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 19 Mar 2013 21:49:32 -0000 IHByb2JsZW0gaXMgc3RpbGwgaGVyZQoKcm91dGVyNTovZXRjQFsyMzowNV0gIyBpcGZ3IHNob3cg MTIwMDAtMTIyMDAKMTIxMDHCoMKgwqDCoMKgIDk2wqDCoMKgwqDCoMKgIDcyMzYgY291bnQgaXAg ZnJvbSBhbnkgdG8gOTEuMjIyLjQ5Ljc3IG91dCB2aWEgZW0wCjEyMTAywqDCoCAxMTYxNMKgwqDC oCA3NjMyMzU1IGFsbG93IGlwIGZyb20gYW55IHRvIHRhYmxlKDExKSBvdXQgdmlhIGVtMAoxMjE0 MMKgwqDCoMKgwqDCoCAwwqDCoMKgwqDCoMKgwqDCoMKgIDAgY291bnQgaXAgZnJvbSBhbnkgdG8g OTEuMjIyLjQ5Ljc3IG91dCB2aWEgZW0wCgpyb3V0ZXI1Oi9ldGNAWzIzOjA1XSAjIGlwZncgdGFi bGUgMTEgbGlzdAo5MS4yMjIuNDkuMjYvMzIgMApyb3V0ZXI1Oi9ldGNAWzIzOjA2XSAjIGlwZncg dGFibGUgMTEgZmx1c2gKcm91dGVyNTovZXRjQFsyMzowNl0gIyBpcGZ3IHRhYmxlIDExIGZsdXNo CnJvdXRlcjU6L2V0Y0BbMjM6MDZdICMgaXBmdyB0YWJsZSAxMSBsaXN0CjkxLjIyMi40OS4yNi8z MiAwCnJvdXRlcjU6L2V0Y0BbMjM6MDZdICMgaXBmdyB0YWJsZSAxMSBkZWxldGUgOTEuMjIyLjQ5 LjI2LzMyCmlwZnc6IHNldHNvY2tvcHQoSVBfRldfVEFCTEVfREVMKTogTm8gc3VjaCBwcm9jZXNz CnJvdXRlcjU6L2V0Y0BbMjM6MDZdICMgaXBmdyB0YWJsZSAxMSBsaXN0CjkxLjIyMi40OS4yNi8z MiAwCnJvdXRlcjU6L2V0Y0BbMjM6MDZdICMgaXBmdyB0YWJsZSAxMSBmbHVzaApyb3V0ZXI1Oi9l dGNAWzIzOjA3XSAjIGlwZncgdGFibGUgMTEgbGlzdAo5MS4yMjIuNDkuMjYvMzIgMApyb3V0ZXI1 Oi9ldGNAWzIzOjA3XSAjIHVuYW1lIC1hCkZyZWVCU0Qgcm91dGVyNSA4LjMtUkVMRUFTRS1wNSBG cmVlQlNEIDguMy1SRUxFQVNFLXA1ICMzOiBUdWUgRmViwqAgNSAwNjo1NTo0NyBFRVQgMjAxM8Kg wqDCoMKgIHJvb3RAaWNlbmV0Lm5ldC51YTovdXNyL29iai91c3Ivc3JjL3N5cy9JQ0VORVQzwqAg aTM4NgoKCg== From owner-freebsd-ipfw@FreeBSD.ORG Thu Mar 21 20:29:41 2013 Return-Path: Delivered-To: freebsd-ipfw@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) by hub.freebsd.org (Postfix) with ESMTP id BB6F0E05 for ; Thu, 21 Mar 2013 20:29:41 +0000 (UTC) (envelope-from bchoi@sandvine.com) Received: from mail1.sandvine.com (Mail1.sandvine.com [64.7.137.134]) by mx1.freebsd.org (Postfix) with ESMTP id 6E4C692A for ; Thu, 21 Mar 2013 20:29:41 +0000 (UTC) Received: from WTL-EXCH-2.sandvine.com ([fe80::8959:ede3:2dbe:c1b]) by blr-exch-2.sandvine.com ([::1]) with mapi id 14.01.0289.001; Thu, 21 Mar 2013 16:29:35 -0400 From: Ben Choi To: "freebsd-ipfw@freebsd.org" Subject: UDP forward issue with ipfw on Freebsd8 Thread-Topic: UDP forward issue with ipfw on Freebsd8 Thread-Index: Ac4mcsypS3sO6hqMSoOk6Rco5b829A== Date: Thu, 21 Mar 2013 20:29:34 +0000 Message-ID: Accept-Language: en-US Content-Language: en-US X-MS-Has-Attach: X-MS-TNEF-Correlator: x-originating-ip: [192.168.200.85] MIME-Version: 1.0 Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: quoted-printable X-Content-Filtered-By: Mailman/MimeDel 2.1.14 X-BeenThere: freebsd-ipfw@freebsd.org X-Mailman-Version: 2.1.14 Precedence: list List-Id: IPFW Technical Discussions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 21 Mar 2013 20:29:41 -0000 Hi When I try to forward incoming UDP packets to local host without providing = destination port, no packets are forwarded. My ipfw rule is: # ipfw add 100 fwd 127.0.0.1 ipv4 from any to any dst-port 8000-11999 = recv em1 Since I am not giving any port number after 127.0.0.1, ipfw should forward = the packets with the destination port in the packets, but it does not. I checked ipfw code and udp_input() in udp_usrreq.c, and modified it to for= ward to the original ports in the packets like below. #ifdef IPFIREWALL_FORWARD /* * Grab info from PACKET_TAG_IPFORWARD tag prepended to the = chain. */ fwd_tag =3D m_tag_find(m, PACKET_TAG_IPFORWARD, NULL); if (fwd_tag !=3D NULL) { struct sockaddr_in *next_hop; /* * Do the hack. */ next_hop =3D (struct sockaddr_in *)(fwd_tag= + 1); ip->ip_dst =3D next_hop->sin_addr; if (next_hop->sin_port) { // Add this = line uh->uh_dport =3D htons(next= _hop->sin_port); } // and this line /* * Remove the tag from the packet. We don't= need it anymore. */ m_tag_delete(m, fwd_tag); } #endif Basically, only if forwarding port is given, the destination port is modifi= ed. If not, it leaves the original destination port. After this changes ipfw can forward the packets to the local host. But I am= facing another issue: I cannot send any packets with the same socket which= I received the packets from. I checked the codes thoroughly again and found that udp_input() changes the= destination IP address and destination port with forward rule and calls in= _pcblookup_hash() function with forward destination IP and port while in Fr= eebsd6, the destination IP and port on mbuf are not modified and in_pcblook= up_hash() is called with the original desitnation IP and port. I am not very familiar with the Kernel codes so I don't know if this differ= ence is the reason why that application cannot send response through the fo= rwarded UDP sockets. Does anyone have any idea on how to debug it or even to solve it? Thank you very much for your help in advance, Ben Choi From owner-freebsd-ipfw@FreeBSD.ORG Fri Mar 22 10:21:27 2013 Return-Path: Delivered-To: freebsd-ipfw@freebsd.org Received: from mx1.freebsd.org (mx1.FreeBSD.org [8.8.178.115]) by hub.freebsd.org (Postfix) with ESMTP id 2220CA27 for ; Fri, 22 Mar 2013 10:21:27 +0000 (UTC) (envelope-from melifaro@ipfw.ru) Received: from mail.ipfw.ru (unknown [IPv6:2a01:4f8:120:6141::2]) by mx1.freebsd.org (Postfix) with ESMTP id DB80B8EF for ; Fri, 22 Mar 2013 10:21:26 +0000 (UTC) Received: from [195.68.67.65] (helo=yafree.ipfw.ru) by mail.ipfw.ru with esmtpsa (TLSv1:CAMELLIA256-SHA:256) (Exim 4.76 (FreeBSD)) (envelope-from ) id 1UIz9a-000NiL-9Q; Fri, 22 Mar 2013 14:24:54 +0400 Message-ID: <514C308B.1040609@ipfw.ru> Date: Fri, 22 Mar 2013 14:20:59 +0400 From: "Alexander V. Chernikov" User-Agent: Mozilla/5.0 (X11; FreeBSD amd64; rv:14.0) Gecko/20120824 Thunderbird/14.0 MIME-Version: 1.0 To: naPtu 3ah Subject: Re: IPFW tables trouble&In-Reply-To=4FB49F70.2000209@FreeBSD.org References: <1363729769.579870118@f16.mail.ru> In-Reply-To: <1363729769.579870118@f16.mail.ru> Content-Type: multipart/mixed; boundary="------------050409030106020907080206" Cc: freebsd-ipfw@freebsd.org X-BeenThere: freebsd-ipfw@freebsd.org X-Mailman-Version: 2.1.14 Precedence: list List-Id: IPFW Technical Discussions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 22 Mar 2013 10:21:27 -0000 This is a multi-part message in MIME format. --------------050409030106020907080206 Content-Type: text/plain; charset=UTF-8; format=flowed Content-Transfer-Encoding: 7bit On 20.03.2013 01:49, naPtu 3ah wrote: > problem is still here > > router5:/etc@[23:05] # ipfw show 12000-12200 > 12101 96 7236 count ip from any to 91.222.49.77 out via em0 > 12102 11614 7632355 allow ip from any to table(11) out via em0 > 12140 0 0 count ip from any to 91.222.49.77 out via em0 > > router5:/etc@[23:05] # ipfw table 11 list > 91.222.49.26/32 0 > router5:/etc@[23:06] # ipfw table 11 flush > router5:/etc@[23:06] # ipfw table 11 flush > router5:/etc@[23:06] # ipfw table 11 list > 91.222.49.26/32 0 > router5:/etc@[23:06] # ipfw table 11 delete 91.222.49.26/32 > ipfw: setsockopt(IP_FW_TABLE_DEL): No such process > router5:/etc@[23:06] # ipfw table 11 list > 91.222.49.26/32 0 > router5:/etc@[23:06] # ipfw table 11 flush > router5:/etc@[23:07] # ipfw table 11 list > 91.222.49.26/32 0 > router5:/etc@[23:07] # uname -a > FreeBSD router5 8.3-RELEASE-p5 FreeBSD 8.3-RELEASE-p5 #3: Tue Feb 5 06:55:47 EET 2013 root@icenet.net.ua:/usr/obj/usr/src/sys/ICENET3 i386 Can you please update to recent -STABLE (or at least apply attached simple patch) and see if the problem remains? > > > _______________________________________________ > freebsd-ipfw@freebsd.org mailing list > http://lists.freebsd.org/mailman/listinfo/freebsd-ipfw > To unsubscribe, send any mail to "freebsd-ipfw-unsubscribe@freebsd.org" --------------050409030106020907080206 Content-Type: text/plain; charset=UTF-8; name="ipfw_ffix.diff" Content-Transfer-Encoding: base64 Content-Disposition: attachment; filename="ipfw_ffix.diff" SW5kZXg6IGlwX2Z3X3RhYmxlLmMKPT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09 PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PQotLS0gaXBfZndfdGFibGUuYwko cmV2aXNpb24gMjMyNDM4KQorKysgaXBfZndfdGFibGUuYwkod29ya2luZyBjb3B5KQpAQCAt OTYsNyArOTYsNyBAQCBpcGZ3X2FkZF90YWJsZV9lbnRyeShzdHJ1Y3QgaXBfZndfY2hhaW4g KmNoLCB1aW50MQogCXN0cnVjdCB0YWJsZV9lbnRyeSAqZW50OwogCXN0cnVjdCByYWRpeF9u b2RlICpybjsKIAotCWlmICh0YmwgPj0gSVBGV19UQUJMRVNfTUFYKQorCWlmICgodGJsID49 IElQRldfVEFCTEVTX01BWCkgfHwgKG1sZW4gPiAzMikpCiAJCXJldHVybiAoRUlOVkFMKTsK IAlybmggPSBjaC0+dGFibGVzW3RibF07CiAJZW50ID0gbWFsbG9jKHNpemVvZigqZW50KSwg TV9JUEZXX1RCTCwgTV9OT1dBSVQgfCBNX1pFUk8pOwo= --------------050409030106020907080206--