From owner-freebsd-ipfw@FreeBSD.ORG Sun May 7 09:04:36 2006 Return-Path: X-Original-To: freebsd-ipfw@freebsd.org Delivered-To: freebsd-ipfw@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 8DF4C16A40B; Sun, 7 May 2006 09:04:36 +0000 (UTC) (envelope-from ibr5uv@supdie.com) Received: from supdie.com (10.104.185.220.broad.jx.zj.dynamic.cndata.com [220.185.104.10]) by mx1.FreeBSD.org (Postfix) with SMTP id 8C38C43D53; Sun, 7 May 2006 09:04:33 +0000 (GMT) (envelope-from ibr5uv@supdie.com) Received: from [192.168.1.3] ([220.185.104.10]) by supdie.com (Sendmail 8.7.7) with ESMTP (SSL) id IYT74032 for Message-ID: <231x7zpsyqfwboelgm@supdie.com> DomainKey-Signature: a=rsa-sha1; q=dns; c=nofws; s=expertsNorway d=supdie.com; b=QWOWQuPneHWlDFwmbipqbAonoMpBznnRKZgwuzJsphCnqDyrijjIFwRzutycDmpTBqLseYyfUoyNdQVI; Date: Sun, 07 May 2006 17:04:22 +0800 From: "mh0l" To: , , Content-return: allowed X-Mailer: droopMail 4.83 X-Authentication-Warning: localhost.localdomain: apache set sender to ibr5uv@supdie.com using -f MIME-Version: 1.0 Content-Type: text/plain X-Content-Filtered-By: Mailman/MimeDel 2.1.5 Cc: Subject: watch this stck trade WEEK STARTING MONDAY it isday [STCK REPORT] canons activity capitalizations X-BeenThere: freebsd-ipfw@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: IPFW Technical Discussions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sun, 07 May 2006 09:04:37 -0000 GAPJ- GOLDEN APPLE OIL/GAS This weeks Pick, Company already has solid potential Current Price: $ 0.50 5 Day Projected : $ 1.50 Golden Apple Oil and Gas, Inc. and Franklin Ross Securities Complete Private Placement Golden Apple Oil and Gas, Inc. (GAPJ - News) is pleased to announce it has completed the initial private placement with Franklin Ross Securities of New Jersey. The terms of the deal provide for Franklin Ross to purchase 181,818 shares of Golden Apple Oil and Gas, Inc. restricted stock priced at .10 per share. The company is currently negotiating with several investor groups for the next phase of financing. Headquartered in Phoenix, Arizona, Golden Apple is an independent oil and gas producer with a focus on North and South American properties. The Company applies advanced technologies to systematically explore and develop its oil and natural gas opportunities. Golden Apple focuses its activities where technology can be used effectively to maximize returns on invested capital by reducing drilling risk and enhancing its ability to cost-effectively grow reserves and production volumes. Golden Apple Oil and Gas, Inc has opened a Canadian office in Toronto, Ontario to facilitate the management of its Canadian operations. All correspondence and communication will continue to be serviced by the company's head office staff in Phoenix Arizona. This looks very lucrative in coming weeks, Get GAPJ First Thing Monday flashy baking Istvan confessions conclude diverting frugally besotting gerundive Wilmington cooperate drug baking incarnation's Verde attained immediately execute Atwood dipped Sandburg deferred applicable edicts aspersion From owner-freebsd-ipfw@FreeBSD.ORG Sun May 7 15:55:25 2006 Return-Path: X-Original-To: freebsd-ipfw@freebsd.org Delivered-To: freebsd-ipfw@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id E193516A402 for ; Sun, 7 May 2006 15:55:25 +0000 (UTC) (envelope-from mufalani@oi.com.br) Received: from smtp1.oi.com.br (smtp1.oi.com.br [200.222.115.16]) by mx1.FreeBSD.org (Postfix) with ESMTP id 35A7743D46 for ; Sun, 7 May 2006 15:55:24 +0000 (GMT) (envelope-from mufalani@oi.com.br) Received: from localhost (localhost.localdomain [127.0.0.1]) by smtp1.oi.com.br (Postfix) with ESMTP id 6C8E78021DCE for ; Sun, 7 May 2006 12:55:24 -0300 (BRT) Received: from smtp1.oi.com.br (localhost.localdomain [127.0.0.1]) by smtp1.oi.com.br (WCVirscan) with SMTP id 00003734445e186c ; Sun, 07 May 2006 12:55:24 -0300 Received: from oi.com.br (webmail3.oi.com.br [200.222.115.23]) by smtp1.oi.com.br (Postfix) with ESMTP id 4D61D8021B62 for ; Sun, 7 May 2006 12:55:24 -0300 (BRT) Received: from 201008043209.user.veloxzone.com.br (201008043209.user.veloxzone.com.br [201.8.43.209]) by webmail.oi.com.br (Horde) with HTTP for ; Sun, 07 May 2006 12:55:23 -0300 Message-ID: <20060507125523.8lbd71cj7k4w04og@webmail.oi.com.br> Date: Sun, 07 May 2006 12:55:23 -0300 From: Rodrigo Mufalani To: freebsd-ipfw@freebsd.org MIME-Version: 1.0 Content-Type: text/plain; charset=ISO-8859-1 Content-Disposition: inline Content-Transfer-Encoding: quoted-printable Subject: redirect requisitions of the port 80 to adders of my network X-BeenThere: freebsd-ipfw@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: IPFW Technical Discussions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sun, 07 May 2006 15:55:26 -0000 Hi all, I=B4ll liked to redirect all requisitions of ip 200.200.200.200 in the port 80 to address 192.168,1.50 in the port 80. How to make this with ipfw rule? http://200.200.200.200:80 --------> redirect to ---------> http://192.168.1.50:80 How it is this ipfw rule? Att, Rodrigo Mufalani mufalani@bsdmail.org ---------------------------------------------------------------------------= ----- Aqui na Oi Internet voc=EA ganha ou ganha. Al=E9m de acesso gr=E1tis com qu= alidade, ganha contas ilimitadas de email com 1 giga cada uma. Ganha 60 mega para ho= spedar sua p=E1gina pessoal. Ganha flog, suporte gr=E1tis e muito mais. Baixe gr= =E1tis o Discador em http://www.oi.com.br/discador e comece a ganhar. Agora, se o seu neg=F3cio =E9 voar na internet sem pagar uma fortuna, assin= e Oi Internet banda larga por apenas R$ 9,90. Clique em http://www.oi.com.br/bandalarga e aproveite essa bocada! From owner-freebsd-ipfw@FreeBSD.ORG Mon May 8 11:02:40 2006 Return-Path: X-Original-To: freebsd-ipfw@freebsd.org Delivered-To: freebsd-ipfw@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 7EDC016A419 for ; Mon, 8 May 2006 11:02:40 +0000 (UTC) (envelope-from owner-bugmaster@freebsd.org) Received: from freefall.freebsd.org (freefall.freebsd.org [216.136.204.21]) by mx1.FreeBSD.org (Postfix) with ESMTP id 84B1F43D5A for ; Mon, 8 May 2006 11:02:26 +0000 (GMT) (envelope-from owner-bugmaster@freebsd.org) Received: from freefall.freebsd.org (peter@localhost [127.0.0.1]) by freefall.freebsd.org (8.13.4/8.13.4) with ESMTP id k48B2Qj5048300 for ; Mon, 8 May 2006 11:02:26 GMT (envelope-from owner-bugmaster@freebsd.org) Received: (from peter@localhost) by freefall.freebsd.org (8.13.4/8.13.4/Submit) id k48B2Pux048294 for freebsd-ipfw@freebsd.org; Mon, 8 May 2006 11:02:25 GMT (envelope-from owner-bugmaster@freebsd.org) Date: Mon, 8 May 2006 11:02:25 GMT Message-Id: <200605081102.k48B2Pux048294@freefall.freebsd.org> X-Authentication-Warning: freefall.freebsd.org: peter set sender to owner-bugmaster@freebsd.org using -f From: FreeBSD bugmaster To: freebsd-ipfw@FreeBSD.org Cc: Subject: Current problem reports assigned to you X-BeenThere: freebsd-ipfw@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: IPFW Technical Discussions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 08 May 2006 11:02:41 -0000 Current FreeBSD problem reports Critical problems Serious problems S Submitted Tracker Resp. Description ------------------------------------------------------------------------------- o [2003/04/22] kern/51274 ipfw [ipfw] [patch] ipfw2 create dynamic rules f [2003/04/24] kern/51341 ipfw [ipfw] [patch] ipfw rule 'deny icmp from o [2004/11/13] kern/73910 ipfw [ipfw] serious bug on forwarding of packe o [2004/11/19] kern/74104 ipfw [ipfw] ipfw2/1 conflict not detected or r o [2005/03/13] conf/78762 ipfw [ipfw] [patch] /etc/rc.d/ipfw should exce o [2005/05/11] bin/80913 ipfw [patch] /sbin/ipfw2 silently discards MAC o [2005/11/08] kern/88659 ipfw [modules] ipfw and ip6fw do not work prop o [2005/11/08] kern/88664 ipfw [ipfw] ipfw stateful firewalling broken w o [2006/02/13] kern/93300 ipfw ipfw pipe lost packets o [2006/03/29] kern/95084 ipfw [ipfw] [patch] IPFW2 ignores "recv/xmit/v 10 problems total. Non-critical problems S Submitted Tracker Resp. Description ------------------------------------------------------------------------------- a [2001/04/13] kern/26534 ipfw [ipfw] Add an option to ipfw to log gid/u o [2002/12/10] kern/46159 ipfw [ipfw] [patch] ipfw dynamic rules lifetim o [2003/02/11] kern/48172 ipfw [ipfw] [patch] ipfw does not log size and o [2003/03/10] kern/49086 ipfw [ipfw] [patch] Make ipfw2 log to differen o [2003/04/09] bin/50749 ipfw [ipfw] [patch] ipfw2 incorrectly parses p o [2003/08/26] kern/55984 ipfw [ipfw] [patch] time based firewalling sup o [2003/12/30] kern/60719 ipfw [ipfw] Headerless fragments generate cryp o [2004/08/03] kern/69963 ipfw [ipfw] install_state warning about alread o [2004/09/04] kern/71366 ipfw [ipfw] "ipfw fwd" sometimes rewrites dest o [2004/10/22] kern/72987 ipfw [ipfw] ipfw/dummynet pipe/queue 'queue [B o [2004/10/29] kern/73276 ipfw [ipfw] [patch] ipfw2 vulnerability (parse o [2005/03/13] bin/78785 ipfw [ipfw] [patch] ipfw verbosity locks machi o [2005/05/05] kern/80642 ipfw [ipfw] [patch] ipfw small patch - new RUL o [2005/06/28] kern/82724 ipfw [ipfw] [patch] Add setnexthop and default o [2005/10/05] kern/86957 ipfw [ipfw] [patch] ipfw mac logging o [2005/10/07] kern/87032 ipfw [ipfw] [patch] ipfw ioctl interface imple o [2006/01/03] bin/91245 ipfw [patch] ipfw(8) sometimes treat ipv6 inpu o [2006/01/16] kern/91847 ipfw [ipfw] ipfw with vlanX as the device o [2006/02/16] kern/93422 ipfw ipfw divert rule no longer works in 6.0 ( o [2006/03/31] bin/95146 ipfw [ipfw][patch]ipfw -p option handler is bo 20 problems total. From owner-freebsd-ipfw@FreeBSD.ORG Wed May 10 06:41:21 2006 Return-Path: X-Original-To: freebsd-ipfw@freebsd.org Delivered-To: freebsd-ipfw@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 94AA416A401; Wed, 10 May 2006 06:41:21 +0000 (UTC) (envelope-from bu7cher@yandex.ru) Received: from mgat.rdu.kirov.ru (mgat.rdu.kirov.ru [85.93.37.3]) by mx1.FreeBSD.org (Postfix) with ESMTP id 441EF43D55; Wed, 10 May 2006 06:41:18 +0000 (GMT) (envelope-from bu7cher@yandex.ru) Received: from kirov.so-cdu.ru (kirov [172.21.81.1]) by mail.rdu.kirov.ru (Postfix) with ESMTP id D29BD33B97; Wed, 10 May 2006 10:41:15 +0400 (MSD) Received: from kirov.so-cdu.ru (localhost [127.0.0.1]) by rdu.kirov.ru (Postfix) with SMTP id 4D84E1543B; Wed, 10 May 2006 10:41:15 +0400 (MSD) Received: by rdu.kirov.ru (Postfix, from userid 1014) id 171041539D; Wed, 10 May 2006 10:41:15 +0400 (MSD) Received: from [172.21.81.52] (elsukov.kirov.so-cdu.ru [172.21.81.52]) by rdu.kirov.ru (Postfix) with ESMTP id 01CDC152A9; Wed, 10 May 2006 10:41:15 +0400 (MSD) Message-ID: <44618B0A.60504@yandex.ru> Date: Wed, 10 May 2006 10:41:14 +0400 From: "Andrey V. Elsukov" User-Agent: Mozilla Thunderbird 1.5 (FreeBSD/20051231) MIME-Version: 1.0 To: freebsd-net@freebsd.org, freebsd-ipfw@freebsd.org Content-Type: text/plain; charset=KOI8-R; format=flowed Content-Transfer-Encoding: 7bit Cc: Subject: [patch] ipfw packet tagging X-BeenThere: freebsd-ipfw@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: IPFW Technical Discussions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 10 May 2006 06:41:21 -0000 Hi, All! I have written a small patch for a packets tagging with ipfw. The description of OpenBSD packet tagging is here: http://www.openbsd.org/faq/pf/tagging.html An IPFW tags is not compatible with PF tags. This feature can be usable with some netgraph modules. We can create a netgraph node that marks packets with some tags and use this node with other nodes. IPFW can detect and filter packets with tags. Also we can mark packets before NAT and detect tagged packets after translation. NAT based on divert sockets do not allow this, but i think ng_nat can.. Patches can be found here: http://butcher.heavennet.ru/patches/kernel/ipfw_tags/ -- WBR, Andrey V. Elsukov From owner-freebsd-ipfw@FreeBSD.ORG Thu May 11 17:20:31 2006 Return-Path: X-Original-To: freebsd-ipfw@hub.freebsd.org Delivered-To: freebsd-ipfw@hub.freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 4923416A686 for ; Thu, 11 May 2006 17:20:31 +0000 (UTC) (envelope-from gnats@FreeBSD.org) Received: from freefall.freebsd.org (freefall.freebsd.org [216.136.204.21]) by mx1.FreeBSD.org (Postfix) with ESMTP id C52C743E4D for ; Thu, 11 May 2006 17:20:21 +0000 (GMT) (envelope-from gnats@FreeBSD.org) Received: from freefall.freebsd.org (gnats@localhost [127.0.0.1]) by freefall.freebsd.org (8.13.4/8.13.4) with ESMTP id k4BHKFRM043939 for ; Thu, 11 May 2006 17:20:15 GMT (envelope-from gnats@freefall.freebsd.org) Received: (from gnats@localhost) by freefall.freebsd.org (8.13.4/8.13.4/Submit) id k4BHKFgj043938; Thu, 11 May 2006 17:20:15 GMT (envelope-from gnats) Date: Thu, 11 May 2006 17:20:15 GMT Message-Id: <200605111720.k4BHKFgj043938@freefall.freebsd.org> To: freebsd-ipfw@FreeBSD.org From: Joost Bekkers Cc: Subject: Re: kern/88664: [ipfw] ipfw stateful firewalling broken with IPv6 X-BeenThere: freebsd-ipfw@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list Reply-To: Joost Bekkers List-Id: IPFW Technical Discussions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 11 May 2006 17:20:34 -0000 The following reply was made to PR kern/88664; it has been noted by GNATS. From: Joost Bekkers To: bug-followup@FreeBSD.org, jylefort@FreeBSD.org Cc: Subject: Re: kern/88664: [ipfw] ipfw stateful firewalling broken with IPv6 Date: Thu, 11 May 2006 18:58:46 +0200 The included patch fixes the problem, well for me anyway. Can somebody check if this is 'the right thing' (tm) ? --- ip_fw2.c-6.1R Thu May 11 18:02:22 2006 +++ ip_fw2.c Thu May 11 17:59:34 2006 @@ -671,17 +671,21 @@ static __inline int hash_packet6(struct ipfw_flow_id *id) { u_int32_t i; i = (id->dst_ip6.__u6_addr.__u6_addr32[0]) ^ (id->dst_ip6.__u6_addr.__u6_addr32[1]) ^ (id->dst_ip6.__u6_addr.__u6_addr32[2]) ^ (id->dst_ip6.__u6_addr.__u6_addr32[3]) ^ - (id->dst_port) ^ (id->src_port) ^ (id->flow_id6); + (id->src_ip6.__u6_addr.__u6_addr32[0]) ^ + (id->src_ip6.__u6_addr.__u6_addr32[1]) ^ + (id->src_ip6.__u6_addr.__u6_addr32[2]) ^ + (id->src_ip6.__u6_addr.__u6_addr32[3]) ^ + (id->dst_port) ^ (id->src_port); return i; } static int is_icmp6_query(int icmp6_type) { if ((icmp6_type <= ICMP6_MAXTYPE) && (icmp6_type == ICMP6_ECHO_REQUEST || -- greetz Joost joost@jodocus.org From owner-freebsd-ipfw@FreeBSD.ORG Fri May 12 09:01:34 2006 Return-Path: X-Original-To: freebsd-ipfw@freebsd.org Delivered-To: freebsd-ipfw@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 2546916A417 for ; Fri, 12 May 2006 09:01:34 +0000 (UTC) (envelope-from Tyrone.VanDerHaar@TelecityRedbus.se) Received: from s200aog2.obsmtp.com (s200aog2.obsmtp.com [207.126.144.86]) by mx1.FreeBSD.org (Postfix) with SMTP id 4471743D45 for ; Fri, 12 May 2006 09:01:32 +0000 (GMT) (envelope-from Tyrone.VanDerHaar@TelecityRedbus.se) Received: from source ([195.149.172.5]) by eu1sys200aob002.obsmtp.com ([207.126.147.11]) with SMTP; Fri, 12 May 2006 09:01:31 UTC X-MimeOLE: Produced By Microsoft Exchange V6.5 Content-class: urn:content-classes:message MIME-Version: 1.0 Date: Fri, 12 May 2006 11:01:31 +0200 Message-ID: X-MS-Has-Attach: X-MS-TNEF-Correlator: Thread-Topic: dropped traffic Thread-Index: AcZ1otTlnOVG81uZROCFhn+KH1dYcg== From: To: Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: quoted-printable X-Content-Filtered-By: Mailman/MimeDel 2.1.5 Subject: dropped traffic X-BeenThere: freebsd-ipfw@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: IPFW Technical Discussions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 12 May 2006 09:01:43 -0000 Hi=20 =20 Just a quick question if dummynet is dropping traffic every now and = again what can I do make this more stable? Another question can anyone explain what the following output means "3 = 600"=20 Does that mean 3 packets dropped and each packet is of size 600 bytes ? =20 00005: 20.500 Mbit/s 0 ms 50 sl. 0 queues (1 buckets) droptail q00009: weight 100 pipe 5 50 sl. 1 queues (1 buckets) droptail mask: 0x00 0x00000000/0x0000 -> 0x00000000/0x0000 BKT Prot ___Source IP/port____ ____Dest. IP/port____ Tot_pkt/bytes = Pkt/Byte Drp 0 udp 213.50.110.36/17934 81.191.155.252/16388 2874772593 = 573860667243 3 600 22378844 q00010: weight 100 pipe 5 50 sl. 1 queues (1 buckets) droptail mask: 0x00 0x00000000/0x0000 -> 0x00000000/0x0000 BKT Prot ___Source IP/port____ ____Dest. IP/port____ Tot_pkt/bytes = Pkt/Byte Drp 0 icmp 213.50.110.1/0 213.50.110.36/0 2855219376 = 569375967599 1 200 19707214 =20 =20 TeleCityRedbus Sverige Visit: Marieh=E4llsv=E4gen 36 Address: P.O.Box 20165, 161 02 Bromma, SWEDEN Phone: +46 8 799 38 00 - Direct: +46 8 799 38 07 Email: tyrone@telecity.se Internet: http://www.telecity.se =20 TelecityRedbus is an ISO 9001:2000 & BS7799 certified company Winner - Best Practice in Network and Infrastructure Security 2005, = Aberdeen Group =20 This e-mail is intended only for the use of the addressees named above an= d may be confidential. = If you are not an addressee you must not use any information contained in= nor copy it nor inform any person other than the addressees of its exist= ence or contents. = If you have received this e-mail in error, please contact the IT departme= nt on +44 207 001 0090 =0D From owner-freebsd-ipfw@FreeBSD.ORG Fri May 12 13:21:53 2006 Return-Path: X-Original-To: freebsd-ipfw@freebsd.org Delivered-To: freebsd-ipfw@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id C25A816A454; Fri, 12 May 2006 13:21:53 +0000 (UTC) (envelope-from vadim_nuclight@mail.ru) Received: from mx1.mail.ru (mx1.mail.ru [194.67.23.121]) by mx1.FreeBSD.org (Postfix) with ESMTP id 65E2B43D68; Fri, 12 May 2006 13:21:53 +0000 (GMT) (envelope-from vadim_nuclight@mail.ru) Received: from [82.211.136.13] (port=16166 helo=nuclight.avtf.net) by mx1.mail.ru with esmtp id 1FeXaM-000AGA-00; Fri, 12 May 2006 17:21:39 +0400 Date: Fri, 12 May 2006 20:20:13 +0700 To: freebsd-net@freebsd.org, freebsd-ipfw@freebsd.org From: "Vadim Goncharov" Organization: AVTF TPU Hostel Content-Type: text/plain; format=flowed; delsp=yes; charset=koi8-r MIME-Version: 1.0 Content-Transfer-Encoding: 8bit Message-ID: User-Agent: Opera M2/7.54 (Win32, build 3865) Cc: Subject: [patch] ipfw packet tagging X-BeenThere: freebsd-ipfw@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: IPFW Technical Discussions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 12 May 2006 13:21:55 -0000 Hi, All! I've tried Andrey Elsukov's ipfw "tag/tagged" patches from: http://butcher.heavennet.ru/patches/kernel/ipfw_tags/ Tested on 5.5-PRERELEASE production server with moderate load - rock stable [I've also looked through the code - patch is small, so it simply can't be any bugs there ;)]. Personally I very like the idea from original Andrey's letter about possibility to make a netgraph(4) node able to mark packets: this is a potential ability to build fast (in-kernel) level 7 firewall / traffic filter without need to fully duplicate entire TCP/IP stack in this marking node - that's ipfw's work. For example, rules can look like this: # node marks traffic as good or bad based on first packets in the flow node=300 good=1 bad=2 check-state # here most sorted traffic goes netgraph $node all from any to any # divert unmarked traffic to node deny all from any to any tagged $bad allow all from any to any tagged $good keep-state -- WBR, Vadim Goncharov From owner-freebsd-ipfw@FreeBSD.ORG Fri May 12 13:32:34 2006 Return-Path: X-Original-To: freebsd-ipfw@freebsd.org Delivered-To: freebsd-ipfw@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id A494916A411 for ; Fri, 12 May 2006 13:32:34 +0000 (UTC) (envelope-from eksffa@freebsdbrasil.com.br) Received: from capeta.freebsdbrasil.com.br (vrrp.freebsdbrasil.com.br [200.210.70.30]) by mx1.FreeBSD.org (Postfix) with SMTP id 0E61743D46 for ; Fri, 12 May 2006 13:32:32 +0000 (GMT) (envelope-from eksffa@freebsdbrasil.com.br) Received: (qmail 97662 invoked by uid 0); 12 May 2006 10:33:38 -0300 Received: from eksffa@freebsdbrasil.com.br by capeta.freebsdbrasil.com.br by uid 82 with qmail-scanner-1.22 (spamassassin: 2.64. Clear:RC:1(201.17.165.158):. Processed in 2.373098 secs); 12 May 2006 13:33:38 -0000 Received: from unknown (HELO ?10.69.69.69?) (201.17.165.158) by capeta.freebsdbrasil.com.br with SMTP; 12 May 2006 10:33:35 -0300 Message-ID: <44648E66.6010800@freebsdbrasil.com.br> Date: Fri, 12 May 2006 10:32:22 -0300 From: Patrick Tracanelli Organization: FreeBSD Brasil LTDA User-Agent: Mozilla/5.0 (X11; U; FreeBSD i386; en-US; rv:1.7.12) Gecko/20051013 X-Accept-Language: en-us, en MIME-Version: 1.0 To: Vadim Goncharov References: In-Reply-To: Content-Type: text/plain; charset=us-ascii; format=flowed Content-Transfer-Encoding: 7bit Cc: freebsd-net@freebsd.org, freebsd-ipfw@freebsd.org Subject: Re: [patch] ipfw packet tagging X-BeenThere: freebsd-ipfw@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: IPFW Technical Discussions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 12 May 2006 13:32:39 -0000 Vadim Goncharov wrote: > Hi, All! > > I've tried Andrey Elsukov's ipfw "tag/tagged" patches from: > http://butcher.heavennet.ru/patches/kernel/ipfw_tags/ > > Tested on 5.5-PRERELEASE production server with moderate > load - rock stable [I've also looked through the code - patch > is small, so it simply can't be any bugs there ;)]. > > Personally I very like the idea from original Andrey's letter I have tested on 6.1 and works fine too. Hope it gets commited. Very useful for altq/dummynet flexibility too. -- Patrick Tracanelli From owner-freebsd-ipfw@FreeBSD.ORG Fri May 12 13:53:30 2006 Return-Path: X-Original-To: freebsd-ipfw@freebsd.org Delivered-To: freebsd-ipfw@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id C44DB16A4C1; Fri, 12 May 2006 13:53:30 +0000 (UTC) (envelope-from rizzo@icir.org) Received: from xorpc.icir.org (xorpc.icir.org [192.150.187.68]) by mx1.FreeBSD.org (Postfix) with ESMTP id 7007C43D73; Fri, 12 May 2006 13:53:30 +0000 (GMT) (envelope-from rizzo@icir.org) Received: from xorpc.icir.org (localhost [127.0.0.1]) by xorpc.icir.org (8.12.11/8.12.11) with ESMTP id k4CDrS8L016557; Fri, 12 May 2006 06:53:28 -0700 (PDT) (envelope-from rizzo@xorpc.icir.org) Received: (from rizzo@localhost) by xorpc.icir.org (8.12.11/8.12.3/Submit) id k4CDrR8Z016556; Fri, 12 May 2006 06:53:27 -0700 (PDT) (envelope-from rizzo) Date: Fri, 12 May 2006 06:53:27 -0700 From: Luigi Rizzo To: Patrick Tracanelli Message-ID: <20060512065327.B16302@xorpc.icir.org> References: <44648E66.6010800@freebsdbrasil.com.br> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline User-Agent: Mutt/1.2.5.1i In-Reply-To: <44648E66.6010800@freebsdbrasil.com.br>; from eksffa@freebsdbrasil.com.br on Fri, May 12, 2006 at 10:32:22AM -0300 Cc: Vadim Goncharov , freebsd-net@freebsd.org, freebsd-ipfw@freebsd.org Subject: Re: [patch] ipfw packet tagging X-BeenThere: freebsd-ipfw@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: IPFW Technical Discussions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 12 May 2006 13:53:31 -0000 On Fri, May 12, 2006 at 10:32:22AM -0300, Patrick Tracanelli wrote: > Vadim Goncharov wrote: > > Hi, All! > > > > I've tried Andrey Elsukov's ipfw "tag/tagged" patches from: > > http://butcher.heavennet.ru/patches/kernel/ipfw_tags/ > > > > Tested on 5.5-PRERELEASE production server with moderate > > load - rock stable [I've also looked through the code - patch > > is small, so it simply can't be any bugs there ;)]. > > > > Personally I very like the idea from original Andrey's letter > > I have tested on 6.1 and works fine too. > > Hope it gets commited. Very useful for altq/dummynet flexibility too. i would, however, like to have a bit more documentation in the patch, in particular: - a manpage patch describing how to use the thing, and also the behaviour in in odd situations (e.g. what happens when we try to tag a packet multiple times ? does the tag survive between the 'input' and 'output' path of ipfw for routed packets, etc ?). I can look this up in the code, but the average user cannot, and the patch does not contain a single line of comment, plus we generally want to have some textual description of the behaviour (so we can RTFM), not just an implementation without comments. - more comments in the code, per the above. cheers luigi From owner-freebsd-ipfw@FreeBSD.ORG Fri May 12 15:19:51 2006 Return-Path: X-Original-To: freebsd-ipfw@freebsd.org Delivered-To: freebsd-ipfw@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 2913416A71D; Fri, 12 May 2006 15:19:51 +0000 (UTC) (envelope-from vadimnuclight@tpu.ru) Received: from relay1.tpu.ru (relay1.tpu.ru [213.183.112.102]) by mx1.FreeBSD.org (Postfix) with ESMTP id 27FCD43D49; Fri, 12 May 2006 15:19:49 +0000 (GMT) (envelope-from vadimnuclight@tpu.ru) Received: by relay1.tpu.ru (Postfix, from userid 501) id 006CF10C47F; Fri, 12 May 2006 22:19:46 +0700 (NOVST) Received: from mail.main.tpu.ru (mail.main.tpu.ru [10.0.0.3]) by relay1.tpu.ru (Postfix) with ESMTP id D971410C47C; Fri, 12 May 2006 22:19:46 +0700 (NOVST) Received: from mail.tpu.ru ([213.183.112.105]) by mail.main.tpu.ru with Microsoft SMTPSVC(6.0.3790.1830); Fri, 12 May 2006 22:19:46 +0700 Received: from nuclight.avtf.net ([82.117.64.107]) by mail.tpu.ru over TLS secured channel with Microsoft SMTPSVC(6.0.3790.1830); Fri, 12 May 2006 22:19:46 +0700 To: "Luigi Rizzo" References: <44648E66.6010800@freebsdbrasil.com.br> <20060512065327.B16302@xorpc.icir.org> Message-ID: Date: Fri, 12 May 2006 22:18:43 +0700 From: "Vadim Goncharov" Organization: AVTF TPU Hostel Content-Type: text/plain; format=flowed; delsp=yes; charset=koi8-r MIME-Version: 1.0 Content-Transfer-Encoding: 8bit In-Reply-To: <20060512065327.B16302@xorpc.icir.org> User-Agent: Opera M2/7.54 (Win32, build 3865) X-OriginalArrivalTime: 12 May 2006 15:19:46.0499 (UTC) FILETIME=[80BDF930:01C675D7] Cc: freebsd-net@freebsd.org, freebsd-ipfw@freebsd.org Subject: Re: [patch] ipfw packet tagging X-BeenThere: freebsd-ipfw@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: IPFW Technical Discussions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 12 May 2006 15:19:52 -0000 12.05.06 в 20:53 Luigi Rizzo wrote: >> > I've tried Andrey Elsukov's ipfw "tag/tagged" patches from: >> > http://butcher.heavennet.ru/patches/kernel/ipfw_tags/ >> > >> > Tested on 5.5-PRERELEASE production server with moderate >> > load - rock stable [I've also looked through the code - patch >> > is small, so it simply can't be any bugs there ;)]. >> > >> > Personally I very like the idea from original Andrey's letter >> >> I have tested on 6.1 and works fine too. >> >> Hope it gets commited. Very useful for altq/dummynet flexibility too. > > i would, however, like to have a bit more documentation in the patch, > in particular: > > - a manpage patch describing how to use the thing, and also the > behaviour in in odd situations (e.g. what happens when we try to tag > a packet multiple times ? does the tag survive between the 'input' > and 'output' path of ipfw for routed packets, etc ?). > I can look this up in the code, but the average user cannot, I think it will always survive, but not sure, may be it is better for your to review the code and correct description. > and the patch does not contain a single line of comment, > plus we generally want to have some textual description of the > behaviour (so we can RTFM), not just an implementation > without comments. OK, Andrey currently comments the code and implements untag action, and here is my patch for manpage describing all this stuff: --- ipfw.8.orig Fri May 12 21:09:14 2006 +++ ipfw.8 Fri May 12 22:08:42 2006 @@ -563,6 +563,30 @@ Note: logging is done after all other packet matching conditions have been successfully verified, and before performing the final action (accept, deny, etc.) on the packet. +.It Cm tag Ar number +When a packet matches a rule with the +.Cm tag +keyword, the numeric tag for the given +.Ar number +in the range 0..65535 will be attached to the packet. +The tag acts as an internal marker (it is not sent out over +the wire) that can be used to identify these packets later on. +This can be used, for example, to provide trust between interfaces +and to start doing policy-based filtering. +A packet can have mutiple tags at the same time. +Tags are "sticky", meaning once a tag is applied to a packet by a +matching rule it exists everywhere while packet is still in kernel +until explicit removal or sending packet out to the network. +To check for previously applied tags, use the +.Cm tagged +rule option. +.It Cm untag Ar number +When a packet matches a rule with the +.Cm untag +keyword, the tag with the number +.Ar number +is searched in the set of tags attached to +this packet and, if found, removed from this set. .It Cm altq Ar queue When a packet matches a rule with the .Cm altq @@ -1257,6 +1281,15 @@ .It Cm src-port Ar ports Matches IP packets whose source port is one of the port(s) specified as argument. +.It Cm tagged Ar number +Match if packet has a tag with number +.Ar number . +Tags can be applied to the packet using +.Cm tag +rule action parameter or set somewhere in another part of the kernel +network subsytem using +.Xr mbuf_tags 9 +facility. .It Cm tcpack Ar ack TCP packets only. Match if the TCP header acknowledgment number field is set to -- WBR, Vadim Goncharov From owner-freebsd-ipfw@FreeBSD.ORG Fri May 12 15:51:19 2006 Return-Path: X-Original-To: freebsd-ipfw@freebsd.org Delivered-To: freebsd-ipfw@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 84FAB16A689; Fri, 12 May 2006 15:51:19 +0000 (UTC) (envelope-from vadimnuclight@tpu.ru) Received: from relay1.tpu.ru (relay1.tpu.ru [213.183.112.102]) by mx1.FreeBSD.org (Postfix) with ESMTP id EA55B43D46; Fri, 12 May 2006 15:51:18 +0000 (GMT) (envelope-from vadimnuclight@tpu.ru) Received: by relay1.tpu.ru (Postfix, from userid 501) id 3589B10C482; Fri, 12 May 2006 22:51:15 +0700 (NOVST) Received: from mail.main.tpu.ru (mail.main.tpu.ru [10.0.0.3]) by relay1.tpu.ru (Postfix) with ESMTP id 1A85E10C47C; Fri, 12 May 2006 22:51:15 +0700 (NOVST) Received: from mail.tpu.ru ([213.183.112.105]) by mail.main.tpu.ru with Microsoft SMTPSVC(6.0.3790.1830); Fri, 12 May 2006 22:51:15 +0700 Received: from nuclight.avtf.net ([82.117.64.107]) by mail.tpu.ru over TLS secured channel with Microsoft SMTPSVC(6.0.3790.1830); Fri, 12 May 2006 22:51:14 +0700 Date: Fri, 12 May 2006 22:50:10 +0700 To: "Luigi Rizzo" , "Patrick Tracanelli" References: <44648E66.6010800@freebsdbrasil.com.br> <20060512065327.B16302@xorpc.icir.org> From: "Vadim Goncharov" Organization: AVTF TPU Hostel Content-Type: text/plain; format=flowed; delsp=yes; charset=koi8-r MIME-Version: 1.0 Content-Transfer-Encoding: 8bit Message-ID: In-Reply-To: <20060512065327.B16302@xorpc.icir.org> User-Agent: Opera M2/7.54 (Win32, build 3865) X-OriginalArrivalTime: 12 May 2006 15:51:14.0666 (UTC) FILETIME=[E62D64A0:01C675DB] Cc: freebsd-net@freebsd.org, freebsd-ipfw@freebsd.org Subject: Re: [patch] ipfw packet tagging X-BeenThere: freebsd-ipfw@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: IPFW Technical Discussions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 12 May 2006 15:51:20 -0000 12.05.06 в 20:53 Luigi Rizzo в своём письме писал(а): >> > I've tried Andrey Elsukov's ipfw "tag/tagged" patches from: >> > http://butcher.heavennet.ru/patches/kernel/ipfw_tags/ >> > >> > Tested on 5.5-PRERELEASE production server with moderate >> > load - rock stable [I've also looked through the code - patch >> > is small, so it simply can't be any bugs there ;)]. >> > >> > Personally I very like the idea from original Andrey's letter >> >> I have tested on 6.1 and works fine too. >> >> Hope it gets commited. Very useful for altq/dummynet flexibility too. > > i would, however, like to have a bit more documentation in the patch, > in particular: > > - a manpage patch describing how to use the thing, and also the > behaviour in in odd situations (e.g. what happens when we try to tag > a packet multiple times ? does the tag survive between the 'input' > and 'output' path of ipfw for routed packets, etc ?). A question about features: is it worth adding functionality of matching range of tags? For example: ipfw add pass ip from any to any tagged 1-5,10,20 -- WBR, Vadim Goncharov From owner-freebsd-ipfw@FreeBSD.ORG Fri May 12 15:56:32 2006 Return-Path: X-Original-To: freebsd-ipfw@freebsd.org Delivered-To: freebsd-ipfw@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 38B3116A486; Fri, 12 May 2006 15:56:32 +0000 (UTC) (envelope-from rizzo@icir.org) Received: from xorpc.icir.org (xorpc.icir.org [192.150.187.68]) by mx1.FreeBSD.org (Postfix) with ESMTP id ECD8443D46; Fri, 12 May 2006 15:56:31 +0000 (GMT) (envelope-from rizzo@icir.org) Received: from xorpc.icir.org (localhost [127.0.0.1]) by xorpc.icir.org (8.12.11/8.12.11) with ESMTP id k4CFuV9U019529; Fri, 12 May 2006 08:56:31 -0700 (PDT) (envelope-from rizzo@xorpc.icir.org) Received: (from rizzo@localhost) by xorpc.icir.org (8.12.11/8.12.3/Submit) id k4CFuVQm019528; Fri, 12 May 2006 08:56:31 -0700 (PDT) (envelope-from rizzo) Date: Fri, 12 May 2006 08:56:31 -0700 From: Luigi Rizzo To: Vadim Goncharov Message-ID: <20060512085631.A19484@xorpc.icir.org> References: <44648E66.6010800@freebsdbrasil.com.br> <20060512065327.B16302@xorpc.icir.org> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline User-Agent: Mutt/1.2.5.1i In-Reply-To: ; from vadimnuclight@tpu.ru on Fri, May 12, 2006 at 10:50:10PM +0700 Cc: freebsd-net@freebsd.org, freebsd-ipfw@freebsd.org Subject: Re: [patch] ipfw packet tagging X-BeenThere: freebsd-ipfw@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: IPFW Technical Discussions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 12 May 2006 15:56:32 -0000 On Fri, May 12, 2006 at 10:50:10PM +0700, Vadim Goncharov wrote: > A question about features: is it worth adding functionality of matching > range of tags? For example: > > ipfw add pass ip from any to any tagged 1-5,10,20 i think it is a useful feature, and if you reuse the existing code for matching port ranges etc to implement it, performance should be reasonably good. cheers luigi From owner-freebsd-ipfw@FreeBSD.ORG Fri May 12 21:27:44 2006 Return-Path: X-Original-To: freebsd-ipfw@freebsd.org Delivered-To: freebsd-ipfw@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id A085516B1AB for ; Fri, 12 May 2006 21:27:44 +0000 (UTC) (envelope-from max@love2party.net) Received: from moutng.kundenserver.de (moutng.kundenserver.de [212.227.126.187]) by mx1.FreeBSD.org (Postfix) with ESMTP id 70FFD43D7B for ; Fri, 12 May 2006 21:27:34 +0000 (GMT) (envelope-from max@love2party.net) Received: from [88.64.183.129] (helo=vampire.homelinux.org) by mrelayeu.kundenserver.de (node=mrelayeu0) with ESMTP (Nemesis), id 0MKwh2-1FefAb2S4n-0001cU; Fri, 12 May 2006 23:27:33 +0200 Received: (qmail 36431 invoked from network); 12 May 2006 21:27:57 -0000 Received: from localhost (HELO mail.abi01.homeunix.org) (192.168.4.64) by localhost with SMTP; 12 May 2006 21:27:57 -0000 Received: from 192.168.4.1 (SquirrelMail authenticated user mlaier) by mail.abi01.homeunix.org with HTTP; Fri, 12 May 2006 23:27:33 +0200 (CEST) Message-ID: <54963.192.168.4.1.1147469253.squirrel@mail.abi01.homeunix.org> Date: Fri, 12 May 2006 23:27:33 +0200 (CEST) From: "Max Laier" To: freebsd-current@freebsd.org User-Agent: SquirrelMail/1.4.6 MIME-Version: 1.0 Content-Type: text/plain;charset=iso-8859-1 Content-Transfer-Encoding: 8bit X-Priority: 3 (Normal) Importance: Normal X-Provags-ID: kundenserver.de abuse@kundenserver.de login:61c499deaeeba3ba5be80f48ecc83056 Cc: freebsd-ipfw@freebsd.org Subject: HEADSUP: IP6FW removed X-BeenThere: freebsd-ipfw@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: IPFW Technical Discussions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 12 May 2006 21:27:54 -0000 Hi, FYI: mlaier 2006-05-12 20:39:23 UTC FreeBSD src repository Modified files: sbin Makefile sys/conf files options sys/modules Makefile sys/net net_osdep.h sys/netinet ip_fw2.c sys/netinet6 ip6_forward.c ip6_input.c ip6_output.c Removed files: sbin/ip6fw Makefile ip6fw.8 ip6fw.c sample.sh sys/modules/ip6fw Makefile sys/netinet6 ip6_fw.c ip6_fw.h Log: Remove ip6fw. Since ipfw has full functional IPv6 support now and - in contrast to ip6fw - is properly locked, it is time to retire ip6fw. Known issues: - ipfw2 is *not* a perfect in-place replacement for ip6fw. Rules might need slight rewriting to work. You can use the changes in rc.firewall6 as a reference. Now that IPv4 and v6 are integrated one should be able to write much more elegant rulesets to manage both IPv4 and v6. - rc.firewall6 will flush rules from rc.firewall. I am still looking for a clever way how to integrate rc.firewall and rc.firewall6 - patches welcome! If there are still missing/broken things in ipfw2's IPv6 support, please let me know. -- /"\ Best regards, | mlaier@freebsd.org \ / Max Laier | ICQ #67774661 X http://pf4freebsd.love2party.net/ | mlaier@EFnet / \ ASCII Ribbon Campaign | Against HTML Mail and News From owner-freebsd-ipfw@FreeBSD.ORG Fri May 12 22:21:01 2006 Return-Path: X-Original-To: freebsd-ipfw@freebsd.org Delivered-To: freebsd-ipfw@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 17D9316A536 for ; Fri, 12 May 2006 22:21:01 +0000 (UTC) (envelope-from regisr@pobox.com) Received: from proof.pobox.com (proof.pobox.com [207.106.133.28]) by mx1.FreeBSD.org (Postfix) with ESMTP id BC91043D48 for ; Fri, 12 May 2006 22:21:00 +0000 (GMT) (envelope-from regisr@pobox.com) Received: from proof (localhost [127.0.0.1]) by proof.pobox.com (Postfix) with ESMTP id 94D5828D88 for ; Fri, 12 May 2006 18:20:59 -0400 (EDT) Received: from crocoite.regix.info (regisr.net1.nerim.net [62.212.109.60]) by proof.sasl.smtp.pobox.com (Postfix) with ESMTP id 1009F46415 for ; Fri, 12 May 2006 18:20:58 -0400 (EDT) Date: Sat, 13 May 2006 00:20:57 +0200 From: regisr To: freebsd-ipfw@freebsd.org Message-Id: <20060513002057.ad19b4a7.regisr@pobox.com> In-Reply-To: <54963.192.168.4.1.1147469253.squirrel@mail.abi01.homeunix.org> References: <54963.192.168.4.1.1147469253.squirrel@mail.abi01.homeunix.org> X-Mailer: Sylpheed version 2.2.4 (GTK+ 2.8.17; i386-portbld-freebsd6.1) Mime-Version: 1.0 Content-Type: text/plain; charset=ISO-8859-1 Content-Transfer-Encoding: quoted-printable Subject: Re: [OK freebsd] HEADSUP: IP6FW removed X-BeenThere: freebsd-ipfw@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: IPFW Technical Discussions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 12 May 2006 22:21:01 -0000 On Fri, 12 May 2006 23:27:33 +0200 (CEST) "Max Laier" a =E9crit: > If there are still missing/broken things in ipfw2's IPv6 support, please > let me know. For my use two problems: kern/88664: [ipfw] ipfw stateful firewalling broken with IPv6 (see the post from Joost Bekkers (Thu, 11 May 2006 17:20:15 GMT) and=20 bin/91245 : [patch] ipfw(8) sometimes treat ipv6 input as ipv4 With the fix in the PR the rules with IPv6 addresses are accepted. --=20 photographies http://www.regisr.com/ site web http://www.regix.com/ From owner-freebsd-ipfw@FreeBSD.ORG Sat May 13 01:27:32 2006 Return-Path: X-Original-To: freebsd-ipfw@freebsd.org Delivered-To: freebsd-ipfw@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id D2BFE16A40D; Sat, 13 May 2006 01:27:32 +0000 (UTC) (envelope-from brdavis@odin.ac.hmc.edu) Received: from odin.ac.hmc.edu (Odin.AC.HMC.Edu [134.173.32.75]) by mx1.FreeBSD.org (Postfix) with ESMTP id 7CA0B43D45; Sat, 13 May 2006 01:27:32 +0000 (GMT) (envelope-from brdavis@odin.ac.hmc.edu) Received: from odin.ac.hmc.edu (localhost.localdomain [127.0.0.1]) by odin.ac.hmc.edu (8.13.0/8.13.0) with ESMTP id k4D1RVSm013613; Fri, 12 May 2006 18:27:31 -0700 Received: (from brdavis@localhost) by odin.ac.hmc.edu (8.13.0/8.13.0/Submit) id k4D1RVLQ013612; Fri, 12 May 2006 18:27:31 -0700 Date: Fri, 12 May 2006 18:27:31 -0700 From: Brooks Davis To: Max Laier Message-ID: <20060513012731.GA13091@odin.ac.hmc.edu> References: <54963.192.168.4.1.1147469253.squirrel@mail.abi01.homeunix.org> Mime-Version: 1.0 Content-Type: multipart/signed; micalg=pgp-sha1; protocol="application/pgp-signature"; boundary="mP3DRpeJDSE+ciuQ" Content-Disposition: inline In-Reply-To: <54963.192.168.4.1.1147469253.squirrel@mail.abi01.homeunix.org> User-Agent: Mutt/1.4.1i X-Virus-Scanned: by amavisd-new X-Spam-Status: No, hits=0.0 required=8.0 tests=none autolearn=no version=2.63 X-Spam-Checker-Version: SpamAssassin 2.63 (2004-01-11) on odin.ac.hmc.edu Cc: freebsd-ipfw@freebsd.org, freebsd-current@freebsd.org Subject: Re: HEADSUP: IP6FW removed X-BeenThere: freebsd-ipfw@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: IPFW Technical Discussions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sat, 13 May 2006 01:27:32 -0000 --mP3DRpeJDSE+ciuQ Content-Type: text/plain; charset=us-ascii Content-Disposition: inline Content-Transfer-Encoding: quoted-printable On Fri, May 12, 2006 at 11:27:33PM +0200, Max Laier wrote: > Hi, >=20 > FYI: >=20 > mlaier 2006-05-12 20:39:23 UTC >=20 > FreeBSD src repository >=20 > Modified files: > sbin Makefile > sys/conf files options > sys/modules Makefile > sys/net net_osdep.h > sys/netinet ip_fw2.c > sys/netinet6 ip6_forward.c ip6_input.c ip6_output.c > Removed files: > sbin/ip6fw Makefile ip6fw.8 ip6fw.c sample.sh > sys/modules/ip6fw Makefile > sys/netinet6 ip6_fw.c ip6_fw.h > Log: > Remove ip6fw. Since ipfw has full functional IPv6 support now and - in > contrast to ip6fw - is properly locked, it is time to retire ip6fw. >=20 > Known issues: > - ipfw2 is *not* a perfect in-place replacement for ip6fw. Rules might > need slight rewriting to work. You can use the changes in rc.firewall6 > as a reference. Now that IPv4 and v6 are integrated one should be able > to write much more elegant rulesets to manage both IPv4 and v6. > - rc.firewall6 will flush rules from rc.firewall. I am still looking for > a clever way how to integrate rc.firewall and rc.firewall6 - patches > welcome! Thanks for you all your work on this! -- Brooks --=20 Any statement of the form "X is the one, true Y" is FALSE. PGP fingerprint 655D 519C 26A7 82E7 2529 9BF0 5D8E 8BE9 F238 1AD4 --mP3DRpeJDSE+ciuQ Content-Type: application/pgp-signature Content-Disposition: inline -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.1 (GNU/Linux) iD8DBQFEZTYCXY6L6fI4GtQRAhNQAJ98OAjjXdkjBZDB24w0ZSn++Mi4rgCfRlpN NcpbzTozIoInnVhR9s8x2w4= =jwn7 -----END PGP SIGNATURE----- --mP3DRpeJDSE+ciuQ-- From owner-freebsd-ipfw@FreeBSD.ORG Sat May 13 09:32:35 2006 Return-Path: X-Original-To: freebsd-ipfw@freebsd.org Delivered-To: freebsd-ipfw@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id B503516A401; Sat, 13 May 2006 09:32:35 +0000 (UTC) (envelope-from vadimnuclight@tpu.ru) Received: from relay1.tpu.ru (relay1.tpu.ru [213.183.112.102]) by mx1.FreeBSD.org (Postfix) with ESMTP id D2BC543D48; Sat, 13 May 2006 09:32:34 +0000 (GMT) (envelope-from vadimnuclight@tpu.ru) Received: by relay1.tpu.ru (Postfix, from userid 501) id 045091059EF; Sat, 13 May 2006 16:32:33 +0700 (NOVST) Received: from mail.main.tpu.ru (mail.main.tpu.ru [10.0.0.3]) by relay1.tpu.ru (Postfix) with ESMTP id DF2451059EC; Sat, 13 May 2006 16:32:32 +0700 (NOVST) Received: from mail.tpu.ru ([213.183.112.105]) by mail.main.tpu.ru with Microsoft SMTPSVC(6.0.3790.1830); Sat, 13 May 2006 16:32:32 +0700 Received: from nuclight.avtf.net ([82.117.64.107]) by mail.tpu.ru over TLS secured channel with Microsoft SMTPSVC(6.0.3790.1830); Sat, 13 May 2006 16:32:32 +0700 To: "Luigi Rizzo" References: <44648E66.6010800@freebsdbrasil.com.br> <20060512065327.B16302@xorpc.icir.org> <20060512085631.A19484@xorpc.icir.org> Message-ID: Date: Sat, 13 May 2006 16:31:27 +0700 From: "Vadim Goncharov" Organization: AVTF TPU Hostel Content-Type: text/plain; format=flowed; delsp=yes; charset=koi8-r MIME-Version: 1.0 Content-Transfer-Encoding: 8bit In-Reply-To: <20060512085631.A19484@xorpc.icir.org> User-Agent: Opera M2/7.54 (Win32, build 3865) X-OriginalArrivalTime: 13 May 2006 09:32:32.0305 (UTC) FILETIME=[29020210:01C67670] Cc: freebsd-net@freebsd.org, freebsd-ipfw@freebsd.org Subject: Re: [patch] ipfw packet tagging X-BeenThere: freebsd-ipfw@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: IPFW Technical Discussions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sat, 13 May 2006 09:32:35 -0000 12.05.06 22:56 Luigi Rizzo wrote: >> A question about features: is it worth adding functionality of matching >> range of tags? For example: >> >> ipfw add pass ip from any to any tagged 1-5,10,20 > > i think it is a useful feature, and if you reuse the existing code > for matching port ranges etc to implement it, performance should > be reasonably good. OK, Andrey made new version of patches available: http://butcher.heavennet.ru/patches/kernel/ipfw_tags/ Manpage patch is integrated as well as new untag/tagged range functionality, based on existing port ranges matching code. Short test shown that it works. -- WBR, Vadim Goncharov From owner-freebsd-ipfw@FreeBSD.ORG Sat May 13 09:38:01 2006 Return-Path: X-Original-To: freebsd-ipfw@freebsd.org Delivered-To: freebsd-ipfw@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 87F9016A400; Sat, 13 May 2006 09:38:01 +0000 (UTC) (envelope-from julian@elischer.org) Received: from a50.ironport.com (a50.ironport.com [63.251.108.112]) by mx1.FreeBSD.org (Postfix) with ESMTP id 488CA43D48; Sat, 13 May 2006 09:38:01 +0000 (GMT) (envelope-from julian@elischer.org) Received: from unknown (HELO [192.168.2.2]) ([10.251.60.46]) by a50.ironport.com with ESMTP; 13 May 2006 02:38:01 -0700 Message-ID: <4465A8F8.2020601@elischer.org> Date: Sat, 13 May 2006 02:38:00 -0700 From: Julian Elischer User-Agent: Mozilla/5.0 (Macintosh; U; PPC Mac OS X Mach-O; en-US; rv:1.7.13) Gecko/20060414 X-Accept-Language: en-us, en MIME-Version: 1.0 To: Vadim Goncharov References: <44648E66.6010800@freebsdbrasil.com.br> <20060512065327.B16302@xorpc.icir.org> <20060512085631.A19484@xorpc.icir.org> In-Reply-To: Content-Type: text/plain; charset=KOI8-R; format=flowed Content-Transfer-Encoding: 7bit Cc: Luigi Rizzo , freebsd-ipfw@freebsd.org, freebsd-net@freebsd.org Subject: Re: [patch] ipfw packet tagging X-BeenThere: freebsd-ipfw@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: IPFW Technical Discussions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sat, 13 May 2006 09:38:01 -0000 Vadim Goncharov wrote: > 12.05.06 22:56 Luigi Rizzo wrote: > >>> A question about features: is it worth adding functionality of matching >>> range of tags? For example: >>> >>> ipfw add pass ip from any to any tagged 1-5,10,20 >> >> >> i think it is a useful feature, and if you reuse the existing code >> for matching port ranges etc to implement it, performance should >> be reasonably good. > > > OK, Andrey made new version of patches available: > http://butcher.heavennet.ru/patches/kernel/ipfw_tags/ > > Manpage patch is integrated as well as new untag/tagged range > functionality, > based on existing port ranges matching code. Short test shown that it > works. I might suggest that the new 'tablearg' keyword be useable in a tag command allowing a table to contain entries that give different tags. (I don't think it is in 5 but it may be in 6.. (not sure)) would be cool however. From owner-freebsd-ipfw@FreeBSD.ORG Sat May 13 10:09:12 2006 Return-Path: X-Original-To: freebsd-ipfw@freebsd.org Delivered-To: freebsd-ipfw@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 2FF6116A471; Sat, 13 May 2006 10:09:12 +0000 (UTC) (envelope-from vadimnuclight@tpu.ru) Received: from relay1.tpu.ru (relay1.tpu.ru [213.183.112.102]) by mx1.FreeBSD.org (Postfix) with ESMTP id 90E0743D46; Sat, 13 May 2006 10:09:11 +0000 (GMT) (envelope-from vadimnuclight@tpu.ru) Received: by relay1.tpu.ru (Postfix, from userid 501) id E46891059EA; Sat, 13 May 2006 17:09:09 +0700 (NOVST) Received: from mail.main.tpu.ru (mail.main.tpu.ru [10.0.0.3]) by relay1.tpu.ru (Postfix) with ESMTP id CB05210584E; Sat, 13 May 2006 17:09:09 +0700 (NOVST) Received: from mail.tpu.ru ([213.183.112.105]) by mail.main.tpu.ru with Microsoft SMTPSVC(6.0.3790.1830); Sat, 13 May 2006 17:09:09 +0700 Received: from nuclight.avtf.net ([82.117.64.107]) by mail.tpu.ru over TLS secured channel with Microsoft SMTPSVC(6.0.3790.1830); Sat, 13 May 2006 17:09:09 +0700 To: "Julian Elischer" References: <44648E66.6010800@freebsdbrasil.com.br> <20060512065327.B16302@xorpc.icir.org> <20060512085631.A19484@xorpc.icir.org> <4465A8F8.2020601@elischer.org> Message-ID: Date: Sat, 13 May 2006 17:08:03 +0700 From: "Vadim Goncharov" Organization: AVTF TPU Hostel Content-Type: text/plain; format=flowed; delsp=yes; charset=koi8-r MIME-Version: 1.0 Content-Transfer-Encoding: 8bit In-Reply-To: <4465A8F8.2020601@elischer.org> User-Agent: Opera M2/7.54 (Win32, build 3865) X-OriginalArrivalTime: 13 May 2006 10:09:09.0373 (UTC) FILETIME=[468FFAD0:01C67675] Cc: freebsd-net@freebsd.org, freebsd-ipfw@freebsd.org Subject: Re: [patch] ipfw packet tagging X-BeenThere: freebsd-ipfw@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: IPFW Technical Discussions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sat, 13 May 2006 10:09:12 -0000 13.05.06 @ 16:38 Julian Elischer wrote: >>>> A question about features: is it worth adding functionality of >>>> matching >>>> range of tags? For example: >>>> >>>> ipfw add pass ip from any to any tagged 1-5,10,20 >>> >>> >>> i think it is a useful feature, and if you reuse the existing code >>> for matching port ranges etc to implement it, performance should >>> be reasonably good. >> >> >> OK, Andrey made new version of patches available: >> http://butcher.heavennet.ru/patches/kernel/ipfw_tags/ >> >> Manpage patch is integrated as well as new untag/tagged range >> functionality, >> based on existing port ranges matching code. Short test shown that it >> works. > > > I might suggest that the new 'tablearg' keyword be useable in a tag > command allowing a table to contain entries that give different tags. > (I don't think it is in 5 but it may be in 6.. (not sure)) > > would be cool however. May be, but I can't imagine a real situation where it can be useful, as tables already contain IP adresses. Can you give a real-life example where it helps ? -- WBR, Vadim Goncharov From owner-freebsd-ipfw@FreeBSD.ORG Sat May 13 14:07:45 2006 Return-Path: X-Original-To: freebsd-ipfw@hub.freebsd.org Delivered-To: freebsd-ipfw@hub.freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 4656016A46C; Sat, 13 May 2006 14:07:45 +0000 (UTC) (envelope-from linimon@FreeBSD.org) Received: from freefall.freebsd.org (freefall.freebsd.org [216.136.204.21]) by mx1.FreeBSD.org (Postfix) with ESMTP id 006F143D60; Sat, 13 May 2006 14:07:44 +0000 (GMT) (envelope-from linimon@FreeBSD.org) Received: from freefall.freebsd.org (linimon@localhost [127.0.0.1]) by freefall.freebsd.org (8.13.4/8.13.4) with ESMTP id k4DE7ix9086395; Sat, 13 May 2006 14:07:44 GMT (envelope-from linimon@freefall.freebsd.org) Received: (from linimon@localhost) by freefall.freebsd.org (8.13.4/8.13.4/Submit) id k4DE7i7n086391; Sat, 13 May 2006 14:07:44 GMT (envelope-from linimon) Date: Sat, 13 May 2006 14:07:44 GMT From: Mark Linimon Message-Id: <200605131407.k4DE7i7n086391@freefall.freebsd.org> To: linimon@FreeBSD.org, freebsd-bugs@FreeBSD.org, freebsd-ipfw@FreeBSD.org Cc: Subject: Re: bin/97194: [patch] [ipfw] ipfw does not correctly list dynamic IPv6 rules X-BeenThere: freebsd-ipfw@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: IPFW Technical Discussions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sat, 13 May 2006 14:07:49 -0000 Synopsis: [patch] [ipfw] ipfw does not correctly list dynamic IPv6 rules Responsible-Changed-From-To: freebsd-bugs->freebsd-ipfw Responsible-Changed-By: linimon Responsible-Changed-When: Sat May 13 14:07:31 UTC 2006 Responsible-Changed-Why: Over to maintainer(s). http://www.freebsd.org/cgi/query-pr.cgi?pr=97194 From owner-freebsd-ipfw@FreeBSD.ORG Sat May 13 14:18:15 2006 Return-Path: X-Original-To: freebsd-ipfw@freebsd.org Delivered-To: freebsd-ipfw@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id AD27316A401 for ; Sat, 13 May 2006 14:18:15 +0000 (UTC) (envelope-from regisr@pobox.com) Received: from proof.pobox.com (proof.pobox.com [207.106.133.28]) by mx1.FreeBSD.org (Postfix) with ESMTP id 58D4043D45 for ; Sat, 13 May 2006 14:18:15 +0000 (GMT) (envelope-from regisr@pobox.com) Received: from proof (localhost [127.0.0.1]) by proof.pobox.com (Postfix) with ESMTP id B858E24C32 for ; Sat, 13 May 2006 10:18:14 -0400 (EDT) Received: from crocoite.regix.info (regisr.net1.nerim.net [62.212.109.60]) by proof.sasl.smtp.pobox.com (Postfix) with ESMTP id 3208F4699B for ; Sat, 13 May 2006 10:18:13 -0400 (EDT) Date: Sat, 13 May 2006 16:18:12 +0200 From: regisr To: freebsd-ipfw@freebsd.org Message-Id: <20060513161812.1ca90687.regisr@pobox.com> In-Reply-To: <20060513002057.ad19b4a7.regisr@pobox.com> References: <54963.192.168.4.1.1147469253.squirrel@mail.abi01.homeunix.org> <20060513002057.ad19b4a7.regisr@pobox.com> X-Mailer: Sylpheed version 2.2.4 (GTK+ 2.8.17; i386-portbld-freebsd6.1) Mime-Version: 1.0 Content-Type: text/plain; charset=ISO-8859-1 Content-Transfer-Encoding: quoted-printable Subject: Re: [OK freebsd] Re: [OK freebsd] HEADSUP: IP6FW removed X-BeenThere: freebsd-ipfw@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: IPFW Technical Discussions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sat, 13 May 2006 14:18:15 -0000 On Sat, 13 May 2006 00:20:57 +0200 regisr a =E9crit: > bin/91245 : [patch] ipfw(8) sometimes treat ipv6 input as ipv4 > With the fix in the PR the rules with IPv6 addresses are accepted. The patch which is in the PR with new lines numbers ... --- sbin/ipfw/ipfw2.c.orig Sat May 13 15:55:14 2006 +++ sbin/ipfw/ipfw2.c Sat May 13 15:57:24 2006 @@ -3697,7 +3697,8 @@ struct in6_addr a; =20 if (proto =3D=3D IPPROTO_IPV6 || strcmp(av, "me6") =3D=3D 0 || - inet_pton(AF_INET6, av, &a)) + inet_pton(AF_INET6, av, &a) || + strchr(av, ':') !=3D strrchr(av, ':')) return add_srcip6(cmd, av); /* XXX: should check for IPv4, not !IPv6 */ if (proto =3D=3D IPPROTO_IP || strcmp(av, "me") =3D=3D 0 || @@ -3715,7 +3716,8 @@ struct in6_addr a; =20 if (proto =3D=3D IPPROTO_IPV6 || strcmp(av, "me6") =3D=3D 0 || - inet_pton(AF_INET6, av, &a)) + inet_pton(AF_INET6, av, &a) || + strchr(av, ':') !=3D strrchr(av, ':')) return add_dstip6(cmd, av); /* XXX: should check for IPv4, not !IPv6 */ if (proto =3D=3D IPPROTO_IP || strcmp(av, "me") =3D=3D 0 || --=20 =20 From owner-freebsd-ipfw@FreeBSD.ORG Sat May 13 15:48:52 2006 Return-Path: X-Original-To: freebsd-ipfw@hub.freebsd.org Delivered-To: freebsd-ipfw@hub.freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 516C016A400; Sat, 13 May 2006 15:48:52 +0000 (UTC) (envelope-from mlaier@FreeBSD.org) Received: from freefall.freebsd.org (freefall.freebsd.org [216.136.204.21]) by mx1.FreeBSD.org (Postfix) with ESMTP id 0E8B043D45; Sat, 13 May 2006 15:48:52 +0000 (GMT) (envelope-from mlaier@FreeBSD.org) Received: from freefall.freebsd.org (mlaier@localhost [127.0.0.1]) by freefall.freebsd.org (8.13.4/8.13.4) with ESMTP id k4DFmpkY092629; Sat, 13 May 2006 15:48:51 GMT (envelope-from mlaier@freefall.freebsd.org) Received: (from mlaier@localhost) by freefall.freebsd.org (8.13.4/8.13.4/Submit) id k4DFmpAB092625; Sat, 13 May 2006 15:48:51 GMT (envelope-from mlaier) Date: Sat, 13 May 2006 15:48:51 GMT From: Max Laier Message-Id: <200605131548.k4DFmpAB092625@freefall.freebsd.org> To: mlaier@FreeBSD.org, freebsd-ipfw@FreeBSD.org, mlaier@FreeBSD.org Cc: Subject: Re: kern/88664: [ipfw] ipfw stateful firewalling broken with IPv6 X-BeenThere: freebsd-ipfw@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: IPFW Technical Discussions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sat, 13 May 2006 15:48:52 -0000 Synopsis: [ipfw] ipfw stateful firewalling broken with IPv6 Responsible-Changed-From-To: freebsd-ipfw->mlaier Responsible-Changed-By: mlaier Responsible-Changed-When: Sat May 13 15:48:14 UTC 2006 Responsible-Changed-Why: I'll look at this. http://www.freebsd.org/cgi/query-pr.cgi?pr=88664 From owner-freebsd-ipfw@FreeBSD.ORG Sat May 13 15:51:18 2006 Return-Path: X-Original-To: freebsd-ipfw@hub.freebsd.org Delivered-To: freebsd-ipfw@hub.freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 8CF7B16A406; Sat, 13 May 2006 15:51:18 +0000 (UTC) (envelope-from mlaier@FreeBSD.org) Received: from freefall.freebsd.org (freefall.freebsd.org [216.136.204.21]) by mx1.FreeBSD.org (Postfix) with ESMTP id A0CA943D5A; Sat, 13 May 2006 15:51:16 +0000 (GMT) (envelope-from mlaier@FreeBSD.org) Received: from freefall.freebsd.org (mlaier@localhost [127.0.0.1]) by freefall.freebsd.org (8.13.4/8.13.4) with ESMTP id k4DFpG3Z092908; Sat, 13 May 2006 15:51:16 GMT (envelope-from mlaier@freefall.freebsd.org) Received: (from mlaier@localhost) by freefall.freebsd.org (8.13.4/8.13.4/Submit) id k4DFpGmn092904; Sat, 13 May 2006 15:51:16 GMT (envelope-from mlaier) Date: Sat, 13 May 2006 15:51:16 GMT From: Max Laier Message-Id: <200605131551.k4DFpGmn092904@freefall.freebsd.org> To: mlaier@FreeBSD.org, freebsd-ipfw@FreeBSD.org, mlaier@FreeBSD.org Cc: Subject: Re: bin/91245: [patch] ipfw(8) sometimes treat ipv6 input as ipv4 X-BeenThere: freebsd-ipfw@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: IPFW Technical Discussions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sat, 13 May 2006 15:51:19 -0000 Synopsis: [patch] ipfw(8) sometimes treat ipv6 input as ipv4 Responsible-Changed-From-To: freebsd-ipfw->mlaier Responsible-Changed-By: mlaier Responsible-Changed-When: Sat May 13 15:50:52 UTC 2006 Responsible-Changed-Why: I'll take care of this. http://www.freebsd.org/cgi/query-pr.cgi?pr=91245