From owner-freebsd-ipfw@freebsd.org Thu Aug 13 04:45:53 2015 Return-Path: Delivered-To: freebsd-ipfw@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id 7846599F4A1 for ; Thu, 13 Aug 2015 04:45:53 +0000 (UTC) (envelope-from julian@freebsd.org) Received: from vps1.elischer.org (vps1.elischer.org [204.109.63.16]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client CN "vps1.elischer.org", Issuer "CA Cert Signing Authority" (not verified)) by mx1.freebsd.org (Postfix) with ESMTPS id B795BD85 for ; Thu, 13 Aug 2015 04:45:52 +0000 (UTC) (envelope-from julian@freebsd.org) Received: from Julian-MBP3.local (ppp121-45-227-250.lns20.per1.internode.on.net [121.45.227.250]) (authenticated bits=0) by vps1.elischer.org (8.15.2/8.15.2) with ESMTPSA id t7D4OavH000897 (version=TLSv1.2 cipher=DHE-RSA-AES128-SHA bits=128 verify=NO); Wed, 12 Aug 2015 21:24:39 -0700 (PDT) (envelope-from julian@freebsd.org) Subject: Re: ipfw delete 100-300 To: "Alexander V. Chernikov" References: <55BF368A.60004@elischer.org> <20150803234952.O17327@sola.nimnet.asn.au> <925201438613458@web7h.yandex.ru> <55BFC7A7.2000907@freebsd.org> <252361438673995@web5h.yandex.ru> Cc: "freebsd-ipfw@freebsd.org" From: Julian Elischer Message-ID: <55CC1BFF.5090800@freebsd.org> Date: Thu, 13 Aug 2015 12:24:31 +0800 User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.10; rv:38.0) Gecko/20100101 Thunderbird/38.1.0 MIME-Version: 1.0 In-Reply-To: <252361438673995@web5h.yandex.ru> Content-Type: text/plain; charset=koi8-r; format=flowed Content-Transfer-Encoding: 7bit X-BeenThere: freebsd-ipfw@freebsd.org X-Mailman-Version: 2.1.20 Precedence: list List-Id: IPFW Technical Discussions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 13 Aug 2015 04:45:53 -0000 BTW, any ideas as to what causes this? # ipfw show [...] 00400 0 0 deny ip from 10.12.1.0/24 to any in recv xn0 00500 0 16045693110842147038 deny ip from 204.109.63.0/25 to any in recv xn1 00600 0 0 allow ip from any to any in recv xn1 [...] 65535 8251 16045693110842147290 deny ip from any to any -current as of the 5th of august FreeBSD vps1.elischer.org 11.0-CURRENT FreeBSD 11.0-CURRENT #1 r286304: Wed Aug 5 14:31:10 PDT 2015 root@vps1.elischer.org:/usr/obj/usr/src-current/sys/VPS1 i386 note i386, not amd64. From owner-freebsd-ipfw@freebsd.org Thu Aug 13 14:23:38 2015 Return-Path: Delivered-To: freebsd-ipfw@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id A0F899B7DE9 for ; Thu, 13 Aug 2015 14:23:38 +0000 (UTC) (envelope-from smithi@nimnet.asn.au) Received: from sola.nimnet.asn.au (paqi.nimnet.asn.au [115.70.110.159]) (using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits)) (Client did not present a certificate) by mx1.freebsd.org (Postfix) with ESMTPS id 17C5E758; Thu, 13 Aug 2015 14:23:37 +0000 (UTC) (envelope-from smithi@nimnet.asn.au) Received: from localhost (localhost [127.0.0.1]) by sola.nimnet.asn.au (8.14.2/8.14.2) with ESMTP id t7DE0ppZ017091; Fri, 14 Aug 2015 00:00:51 +1000 (EST) (envelope-from smithi@nimnet.asn.au) Date: Fri, 14 Aug 2015 00:00:51 +1000 (EST) From: Ian Smith To: Julian Elischer cc: "Alexander V. Chernikov" , "freebsd-ipfw@freebsd.org" Subject: Re: ipfw delete 100-300 In-Reply-To: <55CC1BFF.5090800@freebsd.org> Message-ID: <20150813233624.P8515@sola.nimnet.asn.au> References: <55BF368A.60004@elischer.org> <20150803234952.O17327@sola.nimnet.asn.au> <925201438613458@web7h.yandex.ru> <55BFC7A7.2000907@freebsd.org> <252361438673995@web5h.yandex.ru> <55CC1BFF.5090800@freebsd.org> MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII X-BeenThere: freebsd-ipfw@freebsd.org X-Mailman-Version: 2.1.20 Precedence: list List-Id: IPFW Technical Discussions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 13 Aug 2015 14:23:38 -0000 On Thu, 13 Aug 2015 12:24:31 +0800, Julian Elischer wrote: > BTW, any ideas as to what causes this? > # ipfw show > [...] > 00400 0 0 deny ip from 10.12.1.0/24 to any in recv > xn0 > 00500 0 16045693110842147038 deny ip from 204.109.63.0/25 to any in recv > xn1 > 00600 0 0 allow ip from any to any in recv xn1 > [...] > 65535 8251 16045693110842147290 deny ip from any to any > > > -current as of the 5th of august > FreeBSD vps1.elischer.org 11.0-CURRENT FreeBSD 11.0-CURRENT #1 r286304: Wed > Aug 5 14:31:10 PDT 2015 > root@vps1.elischer.org:/usr/obj/usr/src-current/sys/VPS1 i386 > > note i386, not amd64. Assuming all digits were shown, on a wild hunch: t23% echo 'scale=20; 2^64 - 16045693110842147038' | bc 2401050962867404578 t23% echo 'scale=20; 2^63 - 16045693110842147038' | bc -6822321073987371230 Wrongly (un?)signed int64? Either way, a lot of bytes for 0 packets :) cheers, Ian From owner-freebsd-ipfw@freebsd.org Thu Aug 13 14:30:18 2015 Return-Path: Delivered-To: freebsd-ipfw@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id 80BBD9B7EF0 for ; Thu, 13 Aug 2015 14:30:18 +0000 (UTC) (envelope-from rizzo.unipi@gmail.com) Received: from mail-lb0-x22b.google.com (mail-lb0-x22b.google.com [IPv6:2a00:1450:4010:c04::22b]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (Client CN "smtp.gmail.com", Issuer "Google Internet Authority G2" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 24E599FC; Thu, 13 Aug 2015 14:30:18 +0000 (UTC) (envelope-from rizzo.unipi@gmail.com) Received: by lbcbn3 with SMTP id bn3so27973283lbc.2; Thu, 13 Aug 2015 07:30:15 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=mime-version:sender:in-reply-to:references:date:message-id:subject :from:to:cc:content-type; bh=XzRyg2yTkhEDIE21d5bPe+7wSFyFFVPyhLVJqNCXWIo=; b=jiuT1Nd+qmRtjN3Sap1zb2p/FQYaGwrTNy0k1bhDa8k1En1R+10QBFDb2RggHCvu3Z hEhqrY126eWTLsTSSYnQrDwYwmyWLs8t7P/VEyWiNCE+M2r7r/uOnRhLACgsoqrpFyCn 75F6968g76UL4Ws3m0hTLL3/V/rq4uilUpkjYmduAEnOaipPcST1hP29mwL+e5YU3Us/ KqnHcCXviQF/E4PvUbJBbWHBg9OvkXaBSOX+RA2e78h+lrz+jbencDhGM0ES2R4ZcsQq RXZDiTTMppw9BhZOa+nVAZH4Pn+peqWhFhxC66KBJAMaxeQIpXHUsu0gx1r9ZEQ2zJXF rE9g== MIME-Version: 1.0 X-Received: by 10.152.44.130 with SMTP id e2mr36634466lam.14.1439476215840; Thu, 13 Aug 2015 07:30:15 -0700 (PDT) Sender: rizzo.unipi@gmail.com Received: by 10.114.200.239 with HTTP; Thu, 13 Aug 2015 07:30:15 -0700 (PDT) In-Reply-To: <20150813233624.P8515@sola.nimnet.asn.au> References: <55BF368A.60004@elischer.org> <20150803234952.O17327@sola.nimnet.asn.au> <925201438613458@web7h.yandex.ru> <55BFC7A7.2000907@freebsd.org> <252361438673995@web5h.yandex.ru> <55CC1BFF.5090800@freebsd.org> <20150813233624.P8515@sola.nimnet.asn.au> Date: Thu, 13 Aug 2015 16:30:15 +0200 X-Google-Sender-Auth: 9soWpviE3GUyKTj53razKotxYkc Message-ID: Subject: Re: ipfw delete 100-300 From: Luigi Rizzo To: Ian Smith Cc: Julian Elischer , "freebsd-ipfw@freebsd.org" , "Alexander V. Chernikov" Content-Type: text/plain; charset=UTF-8 X-BeenThere: freebsd-ipfw@freebsd.org X-Mailman-Version: 2.1.20 Precedence: list List-Id: IPFW Technical Discussions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 13 Aug 2015 14:30:18 -0000 On Thu, Aug 13, 2015 at 4:00 PM, Ian Smith wrote: > On Thu, 13 Aug 2015 12:24:31 +0800, Julian Elischer wrote: > > BTW, any ideas as to what causes this? > > # ipfw show > > [...] > > 00400 0 0 deny ip from 10.12.1.0/24 to any in recv > > xn0 > > 00500 0 16045693110842147038 deny ip from 204.109.63.0/25 to any in recv > > xn1 > > 00600 0 0 allow ip from any to any in recv xn1 > > [...] > > 65535 8251 16045693110842147290 deny ip from any to any > > > > > > -current as of the 5th of august > > FreeBSD vps1.elischer.org 11.0-CURRENT FreeBSD 11.0-CURRENT #1 r286304: Wed > > Aug 5 14:31:10 PDT 2015 > > root@vps1.elischer.org:/usr/obj/usr/src-current/sys/VPS1 i386 > > > > note i386, not amd64. > > Assuming all digits were shown, on a wild hunch: > > t23% echo 'scale=20; 2^64 - 16045693110842147038' | bc > 2401050962867404578 > t23% echo 'scale=20; 2^63 - 16045693110842147038' | bc > -6822321073987371230 > bc obase=16 16045693110842147038 DEADC0DEDEADC0DE so... somehow pointing in a bad place. > Wrongly (un?)signed int64? Either way, a lot of bytes for 0 packets :) > > cheers, Ian > _______________________________________________ > freebsd-ipfw@freebsd.org mailing list > https://lists.freebsd.org/mailman/listinfo/freebsd-ipfw > To unsubscribe, send any mail to "freebsd-ipfw-unsubscribe@freebsd.org" -- -----------------------------------------+------------------------------- Prof. Luigi RIZZO, rizzo@iet.unipi.it . Dip. di Ing. dell'Informazione http://www.iet.unipi.it/~luigi/ . Universita` di Pisa TEL +39-050-2217533 . via Diotisalvi 2 Mobile +39-338-6809875 . 56122 PISA (Italy) -----------------------------------------+------------------------------- From owner-freebsd-ipfw@freebsd.org Thu Aug 13 14:41:47 2015 Return-Path: Delivered-To: freebsd-ipfw@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id 511789A019D for ; Thu, 13 Aug 2015 14:41:47 +0000 (UTC) (envelope-from smithi@nimnet.asn.au) Received: from sola.nimnet.asn.au (paqi.nimnet.asn.au [115.70.110.159]) (using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits)) (Client did not present a certificate) by mx1.freebsd.org (Postfix) with ESMTPS id AFB79DF8; Thu, 13 Aug 2015 14:41:45 +0000 (UTC) (envelope-from smithi@nimnet.asn.au) Received: from localhost (localhost [127.0.0.1]) by sola.nimnet.asn.au (8.14.2/8.14.2) with ESMTP id t7DEfgDE018350; Fri, 14 Aug 2015 00:41:42 +1000 (EST) (envelope-from smithi@nimnet.asn.au) Date: Fri, 14 Aug 2015 00:41:42 +1000 (EST) From: Ian Smith To: Luigi Rizzo cc: Julian Elischer , "freebsd-ipfw@freebsd.org" , "Alexander V. Chernikov" Subject: Re: ipfw delete 100-300 In-Reply-To: Message-ID: <20150814003533.I8515@sola.nimnet.asn.au> References: <55BF368A.60004@elischer.org> <20150803234952.O17327@sola.nimnet.asn.au> <925201438613458@web7h.yandex.ru> <55BFC7A7.2000907@freebsd.org> <252361438673995@web5h.yandex.ru> <55CC1BFF.5090800@freebsd.org> <20150813233624.P8515@sola.nimnet.asn.au> MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII X-BeenThere: freebsd-ipfw@freebsd.org X-Mailman-Version: 2.1.20 Precedence: list List-Id: IPFW Technical Discussions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 13 Aug 2015 14:41:47 -0000 On Thu, 13 Aug 2015 16:30:15 +0200, Luigi Rizzo wrote: > On Thu, Aug 13, 2015 at 4:00 PM, Ian Smith wrote: > > On Thu, 13 Aug 2015 12:24:31 +0800, Julian Elischer wrote: > > > BTW, any ideas as to what causes this? > > > # ipfw show > > > [...] > > > 00400 0 0 deny ip from 10.12.1.0/24 to any in recv > > > xn0 > > > 00500 0 16045693110842147038 deny ip from 204.109.63.0/25 to any in recv > > > xn1 > > > 00600 0 0 allow ip from any to any in recv xn1 > > > [...] > > > 65535 8251 16045693110842147290 deny ip from any to any > > > > > > > > > -current as of the 5th of august > > > FreeBSD vps1.elischer.org 11.0-CURRENT FreeBSD 11.0-CURRENT #1 r286304: Wed > > > Aug 5 14:31:10 PDT 2015 > > > root@vps1.elischer.org:/usr/obj/usr/src-current/sys/VPS1 i386 > > > > > > note i386, not amd64. > > > > Assuming all digits were shown, on a wild hunch: > > > > t23% echo 'scale=20; 2^64 - 16045693110842147038' | bc > > 2401050962867404578 > > t23% echo 'scale=20; 2^63 - 16045693110842147038' | bc > > -6822321073987371230 > > > > bc > obase=16 > 16045693110842147038 > DEADC0DEDEADC0DE > > so... somehow pointing in a bad place. Ah, quite so .. and rule 65535 looks like a slightly worse place. t23% echo 'obase=16; 16045693110842147290' | bc DEADC0DEDEADC1DA thanks, Ian From owner-freebsd-ipfw@freebsd.org Thu Aug 13 15:18:42 2015 Return-Path: Delivered-To: freebsd-ipfw@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id CAE739A08A5 for ; Thu, 13 Aug 2015 15:18:42 +0000 (UTC) (envelope-from julian@freebsd.org) Received: from vps1.elischer.org (vps1.elischer.org [204.109.63.16]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client CN "vps1.elischer.org", Issuer "CA Cert Signing Authority" (not verified)) by mx1.freebsd.org (Postfix) with ESMTPS id 88608B9B for ; Thu, 13 Aug 2015 15:18:42 +0000 (UTC) (envelope-from julian@freebsd.org) Received: from Julian-MBP3.local (ppp121-45-227-250.lns20.per1.internode.on.net [121.45.227.250]) (authenticated bits=0) by vps1.elischer.org (8.15.2/8.15.2) with ESMTPSA id t7DFIXhE003515 (version=TLSv1.2 cipher=DHE-RSA-AES128-SHA bits=128 verify=NO); Thu, 13 Aug 2015 08:18:37 -0700 (PDT) (envelope-from julian@freebsd.org) Subject: Re: ipfw delete 100-300 To: Ian Smith , Luigi Rizzo References: <55BF368A.60004@elischer.org> <20150803234952.O17327@sola.nimnet.asn.au> <925201438613458@web7h.yandex.ru> <55BFC7A7.2000907@freebsd.org> <252361438673995@web5h.yandex.ru> <55CC1BFF.5090800@freebsd.org> <20150813233624.P8515@sola.nimnet.asn.au> <20150814003533.I8515@sola.nimnet.asn.au> Cc: "freebsd-ipfw@freebsd.org" , "Alexander V. Chernikov" From: Julian Elischer Message-ID: <55CCB543.20504@freebsd.org> Date: Thu, 13 Aug 2015 23:18:27 +0800 User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.10; rv:38.0) Gecko/20100101 Thunderbird/38.1.0 MIME-Version: 1.0 In-Reply-To: <20150814003533.I8515@sola.nimnet.asn.au> Content-Type: text/plain; charset=windows-1252; format=flowed Content-Transfer-Encoding: 7bit X-BeenThere: freebsd-ipfw@freebsd.org X-Mailman-Version: 2.1.20 Precedence: list List-Id: IPFW Technical Discussions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 13 Aug 2015 15:18:42 -0000 On 8/13/15 10:41 PM, Ian Smith wrote: > On Thu, 13 Aug 2015 16:30:15 +0200, Luigi Rizzo wrote: > > On Thu, Aug 13, 2015 at 4:00 PM, Ian Smith wrote: > > > On Thu, 13 Aug 2015 12:24:31 +0800, Julian Elischer wrote: > > > > BTW, any ideas as to what causes this? > > > > # ipfw show > > > > [...] > > > > 00400 0 0 deny ip from 10.12.1.0/24 to any in recv > > > > xn0 > > > > 00500 0 16045693110842147038 deny ip from 204.109.63.0/25 to any in recv > > > > xn1 > > > > 00600 0 0 allow ip from any to any in recv xn1 > > > > [...] > > > > 65535 8251 16045693110842147290 deny ip from any to any > > > > > > > > > > > > -current as of the 5th of august > > > > FreeBSD vps1.elischer.org 11.0-CURRENT FreeBSD 11.0-CURRENT #1 r286304: Wed > > > > Aug 5 14:31:10 PDT 2015 > > > > root@vps1.elischer.org:/usr/obj/usr/src-current/sys/VPS1 i386 > > > > > > > > note i386, not amd64. > > > > > > Assuming all digits were shown, on a wild hunch: > > > > > > t23% echo 'scale=20; 2^64 - 16045693110842147038' | bc > > > 2401050962867404578 > > > t23% echo 'scale=20; 2^63 - 16045693110842147038' | bc > > > -6822321073987371230 > > > > > > > bc > > obase=16 > > 16045693110842147038 > > DEADC0DEDEADC0DE > > > > so... somehow pointing in a bad place. > > Ah, quite so .. and rule 65535 looks like a slightly worse place. > > t23% echo 'obase=16; 16045693110842147290' | bc > DEADC0DEDEADC1DA that's deadcode when it's had some packets added to it :-) I think our friend Mr Chernikov may have tripped up over something.. > > thanks, Ian > From owner-freebsd-ipfw@freebsd.org Thu Aug 13 15:20:43 2015 Return-Path: Delivered-To: freebsd-ipfw@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id E37DE9A094D for ; Thu, 13 Aug 2015 15:20:43 +0000 (UTC) (envelope-from melifaro@ipfw.ru) Received: from forward13h.cmail.yandex.net (forward13h.cmail.yandex.net [87.250.230.155]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client CN "forwards.mail.yandex.net", Issuer "Certum Level IV CA" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 96C9BE69; Thu, 13 Aug 2015 15:20:43 +0000 (UTC) (envelope-from melifaro@ipfw.ru) Received: from web29h.yandex.ru (web29h.yandex.ru [IPv6:2a02:6b8:0:f05::39]) by forward13h.cmail.yandex.net (Yandex) with ESMTP id 9E18E20DCE; Thu, 13 Aug 2015 18:20:32 +0300 (MSK) Received: from 127.0.0.1 (localhost [127.0.0.1]) by web29h.yandex.ru (Yandex) with ESMTP id D25142FC0C82; Thu, 13 Aug 2015 18:20:31 +0300 (MSK) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=ipfw.ru; s=mail; t=1439479232; bh=X4JYKS7ivfD1ZjFc8ESCHCy2bcDHBktwRi+3yYotVTg=; h=From:To:Cc:In-Reply-To:References:Subject:Date; b=smTbiv3EPGU77cwDgFAv+y9XWJPzf69J3P7Tda3Xx01Ow/7yLeCxd8xMab9W0mS6m uU9IZnbWHTNX21YbsMgnGkOoFWMjP6zZiRuVx1/drRmbzK4lWPX49pkZq+9CXV456t 0THTJabOzo5uKMEk7Cvo0Ii0euSylU6z8dRX09fI= Received: by web29h.yandex.ru with HTTP; Thu, 13 Aug 2015 18:20:29 +0300 From: Alexander V. Chernikov To: Julian Elischer , Ian Smith , Luigi Rizzo Cc: "freebsd-ipfw@freebsd.org" In-Reply-To: <55CCB543.20504@freebsd.org> References: <55BF368A.60004@elischer.org> <20150803234952.O17327@sola.nimnet.asn.au> <925201438613458@web7h.yandex.ru> <55BFC7A7.2000907@freebsd.org> <252361438673995@web5h.yandex.ru> <55CC1BFF.5090800@freebsd.org> <20150813233624.P8515@sola.nimnet.asn.au> <20150814003533.I8515@sola.nimnet.asn.au> <55CCB543.20504@freebsd.org> Subject: Re: ipfw delete 100-300 MIME-Version: 1.0 Message-Id: <926891439479229@web29h.yandex.ru> X-Mailer: Yamail [ http://yandex.ru ] 5.0 Date: Thu, 13 Aug 2015 18:20:29 +0300 Content-Transfer-Encoding: 8bit Content-Type: text/plain; charset=koi8-r X-BeenThere: freebsd-ipfw@freebsd.org X-Mailman-Version: 2.1.20 Precedence: list List-Id: IPFW Technical Discussions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 13 Aug 2015 15:20:44 -0000 13.08.2015, 18:19, "Julian Elischer" : > On 8/13/15 10:41 PM, Ian Smith wrote: >> šOn Thu, 13 Aug 2015 16:30:15 +0200, Luigi Rizzo wrote: >> ššš> On Thu, Aug 13, 2015 at 4:00 PM, Ian Smith wrote: >> ššš> > On Thu, 13 Aug 2015 12:24:31 +0800, Julian Elischer wrote: >> ššš> > > BTW, any ideas as to what causes this? >> ššš> > > # ipfw show >> ššš> > > [...] >> ššš> > > 00400 0 0 deny ip from 10.12.1.0/24 to any in recv >> ššš> > > xn0 >> ššš> > > 00500 0 16045693110842147038 deny ip from 204.109.63.0/25 to any in recv >> ššš> > > xn1 >> ššš> > > 00600 0 0 allow ip from any to any in recv xn1 >> ššš> > > [...] >> ššš> > > 65535 8251 16045693110842147290 deny ip from any to any >> ššš> > > >> ššš> > > >> ššš> > > -current as of the 5th of august >> ššš> > > FreeBSD vps1.elischer.org 11.0-CURRENT FreeBSD 11.0-CURRENT #1 r286304: Wed >> ššš> > > Aug 5 14:31:10 PDT 2015 >> ššš> > > root@vps1.elischer.org:/usr/obj/usr/src-current/sys/VPS1 i386 >> ššš> > > >> ššš> > > note i386, not amd64. >> ššš> > >> ššš> > Assuming all digits were shown, on a wild hunch: >> ššš> > >> ššš> > t23% echo 'scale=20; 2^64 - 16045693110842147038' | bc >> ššš> > 2401050962867404578 >> ššš> > t23% echo 'scale=20; 2^63 - 16045693110842147038' | bc >> ššš> > -6822321073987371230 >> ššš> > >> ššš> >> ššš> bc >> ššš> obase=16 >> ššš> 16045693110842147038 >> ššš> DEADC0DEDEADC0DE >> ššš> >> ššš> so... somehow pointing in a bad place. >> >> šAh, quite so .. and rule 65535 looks like a slightly worse place. >> >> št23% echo 'obase=16; 16045693110842147290' | bc >> šDEADC0DEDEADC1DA > > that's deadcode when it's had some packets added to it :-) > > I think our friend Mr Chernikov may have tripped up over something.. Well, I'll take a look on it when I setup an i386 vm :) Not easy to find one these days.. > >> šthanks, Ian From owner-freebsd-ipfw@freebsd.org Thu Aug 13 15:20:56 2015 Return-Path: Delivered-To: freebsd-ipfw@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id 1A0759A096F for ; Thu, 13 Aug 2015 15:20:56 +0000 (UTC) (envelope-from julian@freebsd.org) Received: from vps1.elischer.org (vps1.elischer.org [204.109.63.16]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client CN "vps1.elischer.org", Issuer "CA Cert Signing Authority" (not verified)) by mx1.freebsd.org (Postfix) with ESMTPS id CB0A7EC2 for ; Thu, 13 Aug 2015 15:20:55 +0000 (UTC) (envelope-from julian@freebsd.org) Received: from Julian-MBP3.local (ppp121-45-227-250.lns20.per1.internode.on.net [121.45.227.250]) (authenticated bits=0) by vps1.elischer.org (8.15.2/8.15.2) with ESMTPSA id t7DFKlH0003530 (version=TLSv1.2 cipher=DHE-RSA-AES128-SHA bits=128 verify=NO); Thu, 13 Aug 2015 08:20:51 -0700 (PDT) (envelope-from julian@freebsd.org) Subject: Re: ipfw delete 100-300 To: Ian Smith , Luigi Rizzo References: <55BF368A.60004@elischer.org> <20150803234952.O17327@sola.nimnet.asn.au> <925201438613458@web7h.yandex.ru> <55BFC7A7.2000907@freebsd.org> <252361438673995@web5h.yandex.ru> <55CC1BFF.5090800@freebsd.org> <20150813233624.P8515@sola.nimnet.asn.au> <20150814003533.I8515@sola.nimnet.asn.au> Cc: "freebsd-ipfw@freebsd.org" , "Alexander V. Chernikov" From: Julian Elischer Message-ID: <55CCB5CA.2090007@freebsd.org> Date: Thu, 13 Aug 2015 23:20:42 +0800 User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.10; rv:38.0) Gecko/20100101 Thunderbird/38.1.0 MIME-Version: 1.0 In-Reply-To: <20150814003533.I8515@sola.nimnet.asn.au> Content-Type: text/plain; charset=windows-1252; format=flowed Content-Transfer-Encoding: 7bit X-BeenThere: freebsd-ipfw@freebsd.org X-Mailman-Version: 2.1.20 Precedence: list List-Id: IPFW Technical Discussions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 13 Aug 2015 15:20:56 -0000 On 8/13/15 10:41 PM, Ian Smith wrote: > On Thu, 13 Aug 2015 16:30:15 +0200, Luigi Rizzo wrote: > > On Thu, Aug 13, 2015 at 4:00 PM, Ian Smith wrote: > > > On Thu, 13 Aug 2015 12:24:31 +0800, Julian Elischer wrote: > > > > BTW, any ideas as to what causes this? > > > > # ipfw show > > > > [...] > > > > 00400 0 0 deny ip from 10.12.1.0/24 to any in recv > > > > xn0 > > > > 00500 0 16045693110842147038 deny ip from 204.109.63.0/25 to any in recv > > > > xn1 > > > > 00600 0 0 allow ip from any to any in recv xn1 > > > > [...] > > > > 65535 8251 16045693110842147290 deny ip from any to any > > > > > > > > > > > > -current as of the 5th of august > > > > FreeBSD vps1.elischer.org 11.0-CURRENT FreeBSD 11.0-CURRENT #1 r286304: Wed > > > > Aug 5 14:31:10 PDT 2015 > > > > root@vps1.elischer.org:/usr/obj/usr/src-current/sys/VPS1 i386 > > > > > > > > note i386, not amd64. > > > > > > Assuming all digits were shown, on a wild hunch: > > > > > > t23% echo 'scale=20; 2^64 - 16045693110842147038' | bc > > > 2401050962867404578 > > > t23% echo 'scale=20; 2^63 - 16045693110842147038' | bc > > > -6822321073987371230 > > > > > > > bc > > obase=16 > > 16045693110842147038 > > DEADC0DEDEADC0DE > > > > so... somehow pointing in a bad place. > > Ah, quite so .. and rule 65535 looks like a slightly worse place. > > t23% echo 'obase=16; 16045693110842147290' | bc > DEADC0DEDEADC1DA > > thanks, Ian > this is a few days old. I'll check the newest one later tonight. From owner-freebsd-ipfw@freebsd.org Thu Aug 13 15:21:27 2015 Return-Path: Delivered-To: freebsd-ipfw@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id 3E7EF9A0A73 for ; Thu, 13 Aug 2015 15:21:27 +0000 (UTC) (envelope-from rizzo.unipi@gmail.com) Received: from mail-la0-x236.google.com (mail-la0-x236.google.com [IPv6:2a00:1450:4010:c03::236]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (Client CN "smtp.gmail.com", Issuer "Google Internet Authority G2" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id B957CF60; Thu, 13 Aug 2015 15:21:26 +0000 (UTC) (envelope-from rizzo.unipi@gmail.com) Received: by labd1 with SMTP id d1so28208457lab.1; Thu, 13 Aug 2015 08:21:24 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=mime-version:sender:in-reply-to:references:date:message-id:subject :from:to:cc:content-type; bh=nXqmoSSA4ykYDcJF+uMQIz7bumA/RQ4PIhvr/yfLX8s=; b=oupfysNyBdVGvdhGoWscbZLQO3NHAB2XTAjmb5fHUqtxkQXkCBByDufRg2bGhjHnjX 0Rz1tGYtCCW1W9l1UrEOJKojeVVXtNqJzBOptmvXlHcWNGYF06HDRM6DKYj4xmZvkmJV yYU3kXu0J24zkM6kHpX/kRVK5vH6Hg/DxSS5YZ4PiBVuNVwxAl+uSW1iFBoMdbSD24VH WbHj6aFeSj4Nw59nzFkoRj7VgyvBauhZPGNBufyyJgzVAilrw0z/EpmiofBOQaGrgTcm TwET52eyJX0CX3iN9Xk0Q2aIFtor2DUKS6TEaeq+85JUcI3p0SEWxU4oBQqMp28g4yIH 8Cyg== MIME-Version: 1.0 X-Received: by 10.112.210.6 with SMTP id mq6mr36973757lbc.83.1439479284772; Thu, 13 Aug 2015 08:21:24 -0700 (PDT) Sender: rizzo.unipi@gmail.com Received: by 10.114.172.140 with HTTP; Thu, 13 Aug 2015 08:21:24 -0700 (PDT) In-Reply-To: <55CCB543.20504@freebsd.org> References: <55BF368A.60004@elischer.org> <20150803234952.O17327@sola.nimnet.asn.au> <925201438613458@web7h.yandex.ru> <55BFC7A7.2000907@freebsd.org> <252361438673995@web5h.yandex.ru> <55CC1BFF.5090800@freebsd.org> <20150813233624.P8515@sola.nimnet.asn.au> <20150814003533.I8515@sola.nimnet.asn.au> <55CCB543.20504@freebsd.org> Date: Thu, 13 Aug 2015 17:21:24 +0200 X-Google-Sender-Auth: Hnb4tWkzaRWgBCJtwpAwvY3kCWI Message-ID: Subject: Re: ipfw delete 100-300 From: Luigi Rizzo To: Julian Elischer Cc: Ian Smith , "freebsd-ipfw@freebsd.org" , "Alexander V. Chernikov" Content-Type: text/plain; charset=UTF-8 X-BeenThere: freebsd-ipfw@freebsd.org X-Mailman-Version: 2.1.20 Precedence: list List-Id: IPFW Technical Discussions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 13 Aug 2015 15:21:27 -0000 On Thu, Aug 13, 2015 at 5:18 PM, Julian Elischer wrote: > On 8/13/15 10:41 PM, Ian Smith wrote: >> >> On Thu, 13 Aug 2015 16:30:15 +0200, Luigi Rizzo wrote: >> > On Thu, Aug 13, 2015 at 4:00 PM, Ian Smith >> wrote: >> > > On Thu, 13 Aug 2015 12:24:31 +0800, Julian Elischer wrote: >> > > > BTW, any ideas as to what causes this? >> > > > # ipfw show >> > > > [...] >> > > > 00400 0 0 deny ip from 10.12.1.0/24 to >> any in recv >> > > > xn0 >> > > > 00500 0 16045693110842147038 deny ip from 204.109.63.0/25 to >> any in recv >> > > > xn1 >> > > > 00600 0 0 allow ip from any to any in >> recv xn1 >> > > > [...] >> > > > 65535 8251 16045693110842147290 deny ip from any to any >> > > > >> > > > >> > > > -current as of the 5th of august >> > > > FreeBSD vps1.elischer.org 11.0-CURRENT FreeBSD 11.0-CURRENT #1 >> r286304: Wed >> > > > Aug 5 14:31:10 PDT 2015 >> > > > root@vps1.elischer.org:/usr/obj/usr/src-current/sys/VPS1 i386 >> > > > >> > > > note i386, not amd64. >> > > >> > > Assuming all digits were shown, on a wild hunch: >> > > >> > > t23% echo 'scale=20; 2^64 - 16045693110842147038' | bc >> > > 2401050962867404578 >> > > t23% echo 'scale=20; 2^63 - 16045693110842147038' | bc >> > > -6822321073987371230 >> > > >> > >> > bc >> > obase=16 >> > 16045693110842147038 >> > DEADC0DEDEADC0DE >> > >> > so... somehow pointing in a bad place. >> >> Ah, quite so .. and rule 65535 looks like a slightly worse place. >> >> t23% echo 'obase=16; 16045693110842147290' | bc >> DEADC0DEDEADC1DA > > that's deadcode when it's had some packets added to it :-) > > I think our friend Mr Chernikov may have tripped up over something.. looks more like the "counter" API. The old counters were inline in the rules. cheers luigi > > > >> >> thanks, Ian >> > > _______________________________________________ > freebsd-ipfw@freebsd.org mailing list > https://lists.freebsd.org/mailman/listinfo/freebsd-ipfw > To unsubscribe, send any mail to "freebsd-ipfw-unsubscribe@freebsd.org" -- -----------------------------------------+------------------------------- Prof. Luigi RIZZO, rizzo@iet.unipi.it . Dip. di Ing. dell'Informazione http://www.iet.unipi.it/~luigi/ . Universita` di Pisa TEL +39-050-2217533 . via Diotisalvi 2 Mobile +39-338-6809875 . 56122 PISA (Italy) -----------------------------------------+------------------------------- From owner-freebsd-ipfw@freebsd.org Thu Aug 13 15:22:58 2015 Return-Path: Delivered-To: freebsd-ipfw@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id 52C519A0AC5 for ; Thu, 13 Aug 2015 15:22:58 +0000 (UTC) (envelope-from melifaro@ipfw.ru) Received: from forward13h.cmail.yandex.net (forward13h.cmail.yandex.net [IPv6:2a02:6b8:0:f35::9e]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client CN "forwards.mail.yandex.net", Issuer "Certum Level IV CA" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id CB4549A; Thu, 13 Aug 2015 15:22:57 +0000 (UTC) (envelope-from melifaro@ipfw.ru) Received: from web29h.yandex.ru (web29h.yandex.ru [84.201.187.163]) by forward13h.cmail.yandex.net (Yandex) with ESMTP id AA3FC2205E; Thu, 13 Aug 2015 18:22:54 +0300 (MSK) Received: from 127.0.0.1 (localhost [127.0.0.1]) by web29h.yandex.ru (Yandex) with ESMTP id 0DF872FC0C82; Thu, 13 Aug 2015 18:22:54 +0300 (MSK) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=ipfw.ru; s=mail; t=1439479374; bh=ANBbemn4WjWI89hH9gjwC9Z5J5b2SYzk2pEodSX4hqY=; h=From:To:Cc:In-Reply-To:References:Subject:Date; b=kMngpcDZy2tidAHNSslEMvsHtjMl9iAhh/hxnJzfnBiiYklLzkMBA7rAAsW7GddDt LnfLZHp7znNbn0K5LINgu1HA6ve7Cga7lFxzD+2hRqY2gHSMht5uzmgOjvpDQBXIm8 PwUQewmt7IX4oCeruyAk2V41A22hbvGXKiaang2w= Received: by web29h.yandex.ru with HTTP; Thu, 13 Aug 2015 18:22:53 +0300 From: Alexander V. Chernikov To: Luigi Rizzo , Julian Elischer Cc: Ian Smith , "freebsd-ipfw@freebsd.org" In-Reply-To: References: <55BF368A.60004@elischer.org> <20150803234952.O17327@sola.nimnet.asn.au> <925201438613458@web7h.yandex.ru> <55BFC7A7.2000907@freebsd.org> <252361438673995@web5h.yandex.ru> <55CC1BFF.5090800@freebsd.org> <20150813233624.P8515@sola.nimnet.asn.au> <20150814003533.I8515@sola.nimnet.asn.au> <55CCB543.20504@freebsd.org> Subject: Re: ipfw delete 100-300 MIME-Version: 1.0 Message-Id: <932331439479373@web29h.yandex.ru> X-Mailer: Yamail [ http://yandex.ru ] 5.0 Date: Thu, 13 Aug 2015 18:22:53 +0300 Content-Transfer-Encoding: 8bit Content-Type: text/plain; charset=koi8-r X-BeenThere: freebsd-ipfw@freebsd.org X-Mailman-Version: 2.1.20 Precedence: list List-Id: IPFW Technical Discussions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 13 Aug 2015 15:22:58 -0000 13.08.2015, 18:21, "Luigi Rizzo" : > On Thu, Aug 13, 2015 at 5:18 PM, Julian Elischer wrote: >> šOn 8/13/15 10:41 PM, Ian Smith wrote: >>> šOn Thu, 13 Aug 2015 16:30:15 +0200, Luigi Rizzo wrote: >>> ššš> On Thu, Aug 13, 2015 at 4:00 PM, Ian Smith >>> šwrote: >>> ššš> > On Thu, 13 Aug 2015 12:24:31 +0800, Julian Elischer wrote: >>> ššš> > > BTW, any ideas as to what causes this? >>> ššš> > > # ipfw show >>> ššš> > > [...] >>> ššš> > > 00400 0 0 deny ip from 10.12.1.0/24 to >>> šany in recv >>> ššš> > > xn0 >>> ššš> > > 00500 0 16045693110842147038 deny ip from 204.109.63.0/25 to >>> šany in recv >>> ššš> > > xn1 >>> ššš> > > 00600 0 0 allow ip from any to any in >>> šrecv xn1 >>> ššš> > > [...] >>> ššš> > > 65535 8251 16045693110842147290 deny ip from any to any >>> ššš> > > >>> ššš> > > >>> ššš> > > -current as of the 5th of august >>> ššš> > > FreeBSD vps1.elischer.org 11.0-CURRENT FreeBSD 11.0-CURRENT #1 >>> šr286304: Wed >>> ššš> > > Aug 5 14:31:10 PDT 2015 >>> ššš> > > root@vps1.elischer.org:/usr/obj/usr/src-current/sys/VPS1 i386 >>> ššš> > > >>> ššš> > > note i386, not amd64. >>> ššš> > >>> ššš> > Assuming all digits were shown, on a wild hunch: >>> ššš> > >>> ššš> > t23% echo 'scale=20; 2^64 - 16045693110842147038' | bc >>> ššš> > 2401050962867404578 >>> ššš> > t23% echo 'scale=20; 2^63 - 16045693110842147038' | bc >>> ššš> > -6822321073987371230 >>> ššš> > >>> ššš> >>> ššš> bc >>> ššš> obase=16 >>> ššš> 16045693110842147038 >>> ššš> DEADC0DEDEADC0DE >>> ššš> >>> ššš> so... somehow pointing in a bad place. >>> >>> šAh, quite so .. and rule 65535 looks like a slightly worse place. >>> >>> št23% echo 'obase=16; 16045693110842147290' | bc >>> šDEADC0DEDEADC1DA >> >> šthat's deadcode when it's had some packets added to it :-) >> >> šI think our friend Mr Chernikov may have tripped up over something.. > > looks more like the "counter" API. The old counters were inline in the rules. In that case we would probably have garbage in pkts counter, too. Anyway, I'm setting up the VM to see if this is kernel or userland problem.. > > cheers > luigi > >>> šthanks, Ian >> >> š_______________________________________________ >> šfreebsd-ipfw@freebsd.org mailing list >> šhttps://lists.freebsd.org/mailman/listinfo/freebsd-ipfw >> šTo unsubscribe, send any mail to "freebsd-ipfw-unsubscribe@freebsd.org" > > -- > -----------------------------------------+------------------------------- > šProf. Luigi RIZZO, rizzo@iet.unipi.it . Dip. di Ing. dell'Informazione > šhttp://www.iet.unipi.it/~luigi/ . Universita` di Pisa > šTEL +39-050-2217533 . via Diotisalvi 2 > šMobile +39-338-6809875 . 56122 PISA (Italy) > -----------------------------------------+------------------------------- From owner-freebsd-ipfw@freebsd.org Fri Aug 14 21:49:04 2015 Return-Path: Delivered-To: freebsd-ipfw@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id 432789B9892 for ; Fri, 14 Aug 2015 21:49:04 +0000 (UTC) (envelope-from melifaro@ipfw.ru) Received: from forward13j.cmail.yandex.net (forward13j.cmail.yandex.net [IPv6:2a02:6b8:0:1630::b3]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client CN "forwards.mail.yandex.net", Issuer "Certum Level IV CA" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id C4E8E17A1; Fri, 14 Aug 2015 21:49:03 +0000 (UTC) (envelope-from melifaro@ipfw.ru) Received: from web12j.yandex.ru (web12j.yandex.ru [5.45.198.53]) by forward13j.cmail.yandex.net (Yandex) with ESMTP id 09C9D218F9; Sat, 15 Aug 2015 00:48:49 +0300 (MSK) Received: from 127.0.0.1 (localhost [127.0.0.1]) by web12j.yandex.ru (Yandex) with ESMTP id 0565DBC081C; Sat, 15 Aug 2015 00:48:48 +0300 (MSK) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=ipfw.ru; s=mail; t=1439588929; bh=P79KJVw1uw0Zwk6YLyeXsvT8Q8F2rGvzW/qgCeuo5ZQ=; h=From:To:Cc:In-Reply-To:References:Subject:Date; b=gi7z6uf7pUeiuU7wAe0D0Cl7ltaxHdQXoLQaXlRs43246FzH0m7pFiBg0ULqUIPIX AojL2XFdLACyx1+8Bc//YrRZ2Tmy5dyQCA8PTzgr3QfqSpqsx0LQa5z3HWZcnoFLq9 Js5dF7z0dojve6vYhayoLLJMBs/0R2hKHpp9MtXk= Received: by web12j.yandex.ru with HTTP; Sat, 15 Aug 2015 00:48:48 +0300 From: Alexander V. Chernikov To: Luigi Rizzo , Julian Elischer Cc: Ian Smith , "freebsd-ipfw@freebsd.org" In-Reply-To: <932331439479373@web29h.yandex.ru> References: <55BF368A.60004@elischer.org> <20150803234952.O17327@sola.nimnet.asn.au> <925201438613458@web7h.yandex.ru> <55BFC7A7.2000907@freebsd.org> <252361438673995@web5h.yandex.ru> <55CC1BFF.5090800@freebsd.org> <20150813233624.P8515@sola.nimnet.asn.au> <20150814003533.I8515@sola.nimnet.asn.au> <55CCB543.20504@freebsd.org> <932331439479373@web29h.yandex.ru> Subject: Re: ipfw delete 100-300 MIME-Version: 1.0 Message-Id: <120111439588928@web12j.yandex.ru> X-Mailer: Yamail [ http://yandex.ru ] 5.0 Date: Sat, 15 Aug 2015 00:48:48 +0300 Content-Type: multipart/mixed; boundary="----==--bound.12012.web12j.yandex.ru" X-BeenThere: freebsd-ipfw@freebsd.org X-Mailman-Version: 2.1.20 Precedence: list List-Id: IPFW Technical Discussions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 14 Aug 2015 21:49:04 -0000 ------==--bound.12012.web12j.yandex.ru Content-Transfer-Encoding: 8bit Content-Type: text/plain; charset=koi8-r 13.08.2015, 18:22, "Alexander V. Chernikov" : > 13.08.2015, 18:21, "Luigi Rizzo" : >> šOn Thu, Aug 13, 2015 at 5:18 PM, Julian Elischer wrote: >>> ššOn 8/13/15 10:41 PM, Ian Smith wrote: >>>> ššOn Thu, 13 Aug 2015 16:30:15 +0200, Luigi Rizzo wrote: >>>> šššš> On Thu, Aug 13, 2015 at 4:00 PM, Ian Smith >>>> ššwrote: >>>> šššš> > On Thu, 13 Aug 2015 12:24:31 +0800, Julian Elischer wrote: >>>> šššš> > > BTW, any ideas as to what causes this? >>>> šššš> > > # ipfw show >>>> šššš> > > [...] >>>> šššš> > > 00400 0 0 deny ip from 10.12.1.0/24 to >>>> ššany in recv >>>> šššš> > > xn0 >>>> šššš> > > 00500 0 16045693110842147038 deny ip from 204.109.63.0/25 to >>>> ššany in recv >>>> šššš> > > xn1 >>>> šššš> > > 00600 0 0 allow ip from any to any in >>>> ššrecv xn1 >>>> šššš> > > [...] >>>> šššš> > > 65535 8251 16045693110842147290 deny ip from any to any >>>> šššš> > > >>>> šššš> > > >>>> šššš> > > -current as of the 5th of august >>>> šššš> > > FreeBSD vps1.elischer.org 11.0-CURRENT FreeBSD 11.0-CURRENT #1 >>>> ššr286304: Wed >>>> šššš> > > Aug 5 14:31:10 PDT 2015 >>>> šššš> > > root@vps1.elischer.org:/usr/obj/usr/src-current/sys/VPS1 i386 >>>> šššš> > > >>>> šššš> > > note i386, not amd64. >>>> šššš> > >>>> šššš> > Assuming all digits were shown, on a wild hunch: >>>> šššš> > >>>> šššš> > t23% echo 'scale=20; 2^64 - 16045693110842147038' | bc >>>> šššš> > 2401050962867404578 >>>> šššš> > t23% echo 'scale=20; 2^63 - 16045693110842147038' | bc >>>> šššš> > -6822321073987371230 >>>> šššš> > >>>> šššš> >>>> šššš> bc >>>> šššš> obase=16 >>>> šššš> 16045693110842147038 >>>> šššš> DEADC0DEDEADC0DE >>>> šššš> >>>> šššš> so... somehow pointing in a bad place. >>>> >>>> ššAh, quite so .. and rule 65535 looks like a slightly worse place. >>>> >>>> ššt23% echo 'obase=16; 16045693110842147290' | bc >>>> ššDEADC0DEDEADC1DA >>> >>> ššthat's deadcode when it's had some packets added to it :-) >>> >>> ššI think our friend Mr Chernikov may have tripped up over something.. >> >> šlooks more like the "counter" API. The old counters were inline in the rules. > > In that case we would probably have garbage in pkts counter, too. > Anyway, I'm setting up the VM to see if this is kernel or userland problem.. This is actually counters-related problem. The attached diff should fix it. (But it looks like I'd better get a bit more counter(9) support for that case). >> šcheers >> šluigi >> >>>> ššthanks, Ian >>> >>> šš_______________________________________________ >>> ššfreebsd-ipfw@freebsd.org mailing list >>> ššhttps://lists.freebsd.org/mailman/listinfo/freebsd-ipfw >>> ššTo unsubscribe, send any mail to "freebsd-ipfw-unsubscribe@freebsd.org" >> >> š-- >> š-----------------------------------------+------------------------------- >> ššProf. Luigi RIZZO, rizzo@iet.unipi.it . Dip. di Ing. dell'Informazione >> ššhttp://www.iet.unipi.it/~luigi/ . Universita` di Pisa >> ššTEL +39-050-2217533 . via Diotisalvi 2 >> ššMobile +39-338-6809875 . 56122 PISA (Italy) >> š-----------------------------------------+------------------------------- ------==--bound.12012.web12j.yandex.ru Content-Disposition: attachment; filename="ipfw_cntr.diff" Content-Transfer-Encoding: base64 Content-Type: text/x-diff; name="ipfw_cntr.diff" SW5kZXg6IHN5cy9uZXRwZmlsL2lwZncvaXBfZndfcHJpdmF0ZS5oCj09PT09PT09PT09PT09PT09 PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT0KLS0tIHN5 cy9uZXRwZmlsL2lwZncvaXBfZndfcHJpdmF0ZS5oCShyZXZpc2lvbiAyODY3NzApCisrKyBzeXMv bmV0cGZpbC9pcGZ3L2lwX2Z3X3ByaXZhdGUuaAkod29ya2luZyBjb3B5KQpAQCAtMjU2LDcgKzI1 Niw3IEBAIHN0cnVjdCBpcF9mdyB7CiAJaXBmd19pbnNuCWNtZFsxXTsJCS8qIHN0b3JhZ2UgZm9y IGNvbW1hbmRzCQkqLwogfTsKIAotI2RlZmluZQlJUEZXX1JVTEVfQ05UUl9TSVpFCSgyICogc2l6 ZW9mKGNvdW50ZXJfdTY0X3QpKQorI2RlZmluZQlJUEZXX1JVTEVfQ05UUl9TSVpFCSgyICogc2l6 ZW9mKHVpbnQ2NF90KSkKIAogI2VuZGlmCiAK ------==--bound.12012.web12j.yandex.ru--