From owner-freebsd-ipfw@FreeBSD.ORG  Sun Dec 10 13:26:12 2006
Return-Path: <owner-freebsd-ipfw@FreeBSD.ORG>
X-Original-To: freebsd-ipfw@hub.freebsd.org
Delivered-To: freebsd-ipfw@hub.freebsd.org
Received: from mx1.FreeBSD.org (mx1.freebsd.org [69.147.83.52])
	by hub.freebsd.org (Postfix) with ESMTP id 6AEFF16A403;
	Sun, 10 Dec 2006 13:26:12 +0000 (UTC)
	(envelope-from linimon@FreeBSD.org)
Received: from freefall.freebsd.org (freefall.freebsd.org [69.147.83.40])
	by mx1.FreeBSD.org (Postfix) with ESMTP id DFE5343C9E;
	Sun, 10 Dec 2006 13:25:01 +0000 (GMT)
	(envelope-from linimon@FreeBSD.org)
Received: from freefall.freebsd.org (linimon@localhost [127.0.0.1])
	by freefall.freebsd.org (8.13.4/8.13.4) with ESMTP id kBADQC3N087244;
	Sun, 10 Dec 2006 13:26:12 GMT
	(envelope-from linimon@freefall.freebsd.org)
Received: (from linimon@localhost)
	by freefall.freebsd.org (8.13.4/8.13.4/Submit) id kBADQBlD087240;
	Sun, 10 Dec 2006 13:26:12 GMT (envelope-from linimon)
Date: Sun, 10 Dec 2006 13:26:12 GMT
From: Mark Linimon <linimon@FreeBSD.org>
Message-Id: <200612101326.kBADQBlD087240@freefall.freebsd.org>
To: linimon@FreeBSD.org, freebsd-bugs@FreeBSD.org, freebsd-ipfw@FreeBSD.org
Cc: 
Subject: Re: kern/106534: [panic] ipfw + dummynet
X-BeenThere: freebsd-ipfw@freebsd.org
X-Mailman-Version: 2.1.5
Precedence: list
List-Id: IPFW Technical Discussions <freebsd-ipfw.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-ipfw>,
	<mailto:freebsd-ipfw-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-ipfw>
List-Post: <mailto:freebsd-ipfw@freebsd.org>
List-Help: <mailto:freebsd-ipfw-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-ipfw>,
	<mailto:freebsd-ipfw-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Sun, 10 Dec 2006 13:26:12 -0000

Synopsis: [panic] ipfw + dummynet

Responsible-Changed-From-To: freebsd-bugs->freebsd-ipfw
Responsible-Changed-By: linimon
Responsible-Changed-When: Sun Dec 10 13:25:58 UTC 2006
Responsible-Changed-Why: 
Over to maintainer(s).

http://www.freebsd.org/cgi/query-pr.cgi?pr=106534

From owner-freebsd-ipfw@FreeBSD.ORG  Mon Dec 11 11:14:47 2006
Return-Path: <owner-freebsd-ipfw@FreeBSD.ORG>
X-Original-To: freebsd-ipfw@FreeBSD.org
Delivered-To: freebsd-ipfw@FreeBSD.org
Received: from mx1.FreeBSD.org (mx1.freebsd.org [69.147.83.52])
	by hub.freebsd.org (Postfix) with ESMTP id 672E116A47C
	for <freebsd-ipfw@FreeBSD.org>; Mon, 11 Dec 2006 11:14:47 +0000 (UTC)
	(envelope-from owner-bugmaster@FreeBSD.org)
Received: from freefall.freebsd.org (freefall.freebsd.org [69.147.83.40])
	by mx1.FreeBSD.org (Postfix) with ESMTP id 03F5544067
	for <freebsd-ipfw@FreeBSD.org>; Mon, 11 Dec 2006 11:07:19 +0000 (GMT)
	(envelope-from owner-bugmaster@FreeBSD.org)
Received: from freefall.freebsd.org (linimon@localhost [127.0.0.1])
	by freefall.freebsd.org (8.13.4/8.13.4) with ESMTP id kBBB8Uhb022869
	for <freebsd-ipfw@FreeBSD.org>; Mon, 11 Dec 2006 11:08:30 GMT
	(envelope-from owner-bugmaster@FreeBSD.org)
Received: (from linimon@localhost)
	by freefall.freebsd.org (8.13.4/8.13.4/Submit) id kBBB8Rvf022864
	for freebsd-ipfw@FreeBSD.org; Mon, 11 Dec 2006 11:08:27 GMT
	(envelope-from owner-bugmaster@FreeBSD.org)
Date: Mon, 11 Dec 2006 11:08:27 GMT
Message-Id: <200612111108.kBBB8Rvf022864@freefall.freebsd.org>
X-Authentication-Warning: freefall.freebsd.org: linimon set sender to
	owner-bugmaster@FreeBSD.org using -f
From: FreeBSD bugmaster <bugmaster@FreeBSD.org>
To: freebsd-ipfw@FreeBSD.org
Cc: 
Subject: Current problem reports assigned to you
X-BeenThere: freebsd-ipfw@freebsd.org
X-Mailman-Version: 2.1.5
Precedence: list
List-Id: IPFW Technical Discussions <freebsd-ipfw.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-ipfw>,
	<mailto:freebsd-ipfw-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-ipfw>
List-Post: <mailto:freebsd-ipfw@freebsd.org>
List-Help: <mailto:freebsd-ipfw-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-ipfw>,
	<mailto:freebsd-ipfw-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Mon, 11 Dec 2006 11:14:47 -0000

Current FreeBSD problem reports
Critical problems
Serious problems

S Tracker      Resp.      Description
--------------------------------------------------------------------------------
o kern/51274   ipfw       [ipfw] [patch] ipfw2 create dynamic rules with parent 
o kern/73910   ipfw       [ipfw] serious bug on forwarding of packets after NAT
o kern/74104   ipfw       [ipfw] ipfw2/1 conflict not detected or reported, manp
o conf/78762   ipfw       [ipfw] [patch] /etc/rc.d/ipfw should excecute $firewal
o bin/80913    ipfw       [patch] /sbin/ipfw2 silently discards MAC addr arg wit
o kern/88659   ipfw       [modules] ipfw and ip6fw do not work properly as modul
o kern/93300   ipfw       ipfw pipe lost packets
o kern/95084   ipfw       [ipfw] [patch] IPFW2 ignores "recv/xmit/via any" (IPFW
o kern/97504   ipfw       [ipfw] IPFW Rules bug
o kern/97951   ipfw       [ipfw] [patch] ipfw does not tie interface details to 
o kern/98831   ipfw       [ipfw] ipfw has UDP hickups
o kern/102471  ipfw       [ipfw] [patch] add tos and dscp support
o kern/103454  ipfw       [ipfw] [patch] add a facility to modify DF bit of the 
o kern/106534  ipfw       [ipfw] [panic] ipfw + dummynet

14 problems total.

Non-critical problems

S Tracker      Resp.      Description
--------------------------------------------------------------------------------
a kern/26534   ipfw       [ipfw] Add an option to ipfw to log gid/uid of who cau
o kern/46159   ipfw       [ipfw] [patch] ipfw dynamic rules lifetime feature
o kern/48172   ipfw       [ipfw] [patch] ipfw does not log size and flags
o bin/50749    ipfw       [ipfw] [patch] ipfw2 incorrectly parses ports and port
o kern/55984   ipfw       [ipfw] [patch] time based firewalling support for ipfw
o kern/60719   ipfw       [ipfw] Headerless fragments generate cryptic error mes
o kern/69963   ipfw       [ipfw] install_state warning about already existing en
o kern/71366   ipfw       [ipfw] "ipfw fwd" sometimes rewrites destination mac a
o kern/72987   ipfw       [ipfw] ipfw/dummynet pipe/queue 'queue [BYTES]KBytes (
o kern/73276   ipfw       [ipfw] [patch] ipfw2 vulnerability (parser error)
o bin/78785    ipfw       [ipfw] [patch] ipfw verbosity locks machine if /etc/rc
o kern/80642   ipfw       [ipfw] [patch] ipfw small patch - new RULE OPTION
o kern/82724   ipfw       [ipfw] [patch] Add setnexthop and defaultroute feature
o kern/86957   ipfw       [ipfw] [patch] ipfw mac logging
o kern/87032   ipfw       [ipfw] [patch] ipfw ioctl interface implementation
o kern/91847   ipfw       [ipfw] ipfw with vlanX as the device
o kern/103328  ipfw       sugestions about ipfw table
o kern/104682  ipfw       [ipfw] [patch] Some minor language consistency fixes a
o bin/104921   ipfw       [patch] ipfw(8) sometimes treats ipv6 input as ipv4 (a
o kern/105330  ipfw       [ipfw] [patch] ipfw (dummynet) does not allow to set q

20 problems total.


From owner-freebsd-ipfw@FreeBSD.ORG  Mon Dec 11 16:10:35 2006
Return-Path: <owner-freebsd-ipfw@FreeBSD.ORG>
X-Original-To: freebsd-ipfw@hub.freebsd.org
Delivered-To: freebsd-ipfw@hub.freebsd.org
Received: from mx1.FreeBSD.org (mx1.freebsd.org [69.147.83.52])
	by hub.freebsd.org (Postfix) with ESMTP id 93EF916A403
	for <freebsd-ipfw@hub.freebsd.org>;
	Mon, 11 Dec 2006 16:10:35 +0000 (UTC)
	(envelope-from gnats@FreeBSD.org)
Received: from freefall.freebsd.org (freefall.freebsd.org [69.147.83.40])
	by mx1.FreeBSD.org (Postfix) with ESMTP id B61AA43CA4
	for <freebsd-ipfw@hub.freebsd.org>;
	Mon, 11 Dec 2006 16:09:13 +0000 (GMT)
	(envelope-from gnats@FreeBSD.org)
Received: from freefall.freebsd.org (gnats@localhost [127.0.0.1])
	by freefall.freebsd.org (8.13.4/8.13.4) with ESMTP id kBBGAQqs070963
	for <freebsd-ipfw@freefall.freebsd.org>; Mon, 11 Dec 2006 16:10:26 GMT
	(envelope-from gnats@freefall.freebsd.org)
Received: (from gnats@localhost)
	by freefall.freebsd.org (8.13.4/8.13.4/Submit) id kBBGAQVX070962;
	Mon, 11 Dec 2006 16:10:26 GMT (envelope-from gnats)
Date: Mon, 11 Dec 2006 16:10:26 GMT
Message-Id: <200612111610.kBBGAQVX070962@freefall.freebsd.org>
To: freebsd-ipfw@FreeBSD.org
From: Andrej Zverev <andrey.zverev@electro-com.ru>
Cc: 
Subject: Re: kern/106534: [ipfw] [panic] ipfw + dummynet
X-BeenThere: freebsd-ipfw@freebsd.org
X-Mailman-Version: 2.1.5
Precedence: list
Reply-To: Andrej Zverev <andrey.zverev@electro-com.ru>
List-Id: IPFW Technical Discussions <freebsd-ipfw.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-ipfw>,
	<mailto:freebsd-ipfw-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-ipfw>
List-Post: <mailto:freebsd-ipfw@freebsd.org>
List-Help: <mailto:freebsd-ipfw-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-ipfw>,
	<mailto:freebsd-ipfw-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Mon, 11 Dec 2006 16:10:35 -0000

The following reply was made to PR kern/106534; it has been noted by GNATS.

From: Andrej Zverev <andrey.zverev@electro-com.ru>
To: bug-followup@FreeBSD.org,  az@freebsd.org,  wpaul@freebsd.org
Cc:  
Subject: Re: kern/106534: [ipfw] [panic] ipfw + dummynet
Date: Mon, 11 Dec 2006 19:08:25 +0300

 Little notice about it.
 
 Chaging network card from ste(4) to em(4) helps, so it's might me
 problem in ste(4) driver.
 
 Maybe wpaul@ can look at this situation ?
 
 
 WBR,
 Andrej Zverev
 
 
 
 
 

From owner-freebsd-ipfw@FreeBSD.ORG  Mon Dec 11 22:14:22 2006
Return-Path: <owner-freebsd-ipfw@FreeBSD.ORG>
X-Original-To: freebsd-ipfw@hub.freebsd.org
Delivered-To: freebsd-ipfw@hub.freebsd.org
Received: from mx1.FreeBSD.org (mx1.freebsd.org [69.147.83.52])
	by hub.freebsd.org (Postfix) with ESMTP id C10FA16A4C9
	for <freebsd-ipfw@hub.freebsd.org>;
	Mon, 11 Dec 2006 22:14:22 +0000 (UTC)
	(envelope-from gnats@FreeBSD.org)
Received: from freefall.freebsd.org (freefall.freebsd.org [69.147.83.40])
	by mx1.FreeBSD.org (Postfix) with ESMTP id 2254C43CC6
	for <freebsd-ipfw@hub.freebsd.org>;
	Mon, 11 Dec 2006 21:59:41 +0000 (GMT)
	(envelope-from gnats@FreeBSD.org)
Received: from freefall.freebsd.org (gnats@localhost [127.0.0.1])
	by freefall.freebsd.org (8.13.4/8.13.4) with ESMTP id kBBM0TNU020687
	for <freebsd-ipfw@freefall.freebsd.org>; Mon, 11 Dec 2006 22:00:29 GMT
	(envelope-from gnats@freefall.freebsd.org)
Received: (from gnats@localhost)
	by freefall.freebsd.org (8.13.4/8.13.4/Submit) id kBBM0TQw020685;
	Mon, 11 Dec 2006 22:00:29 GMT (envelope-from gnats)
Date: Mon, 11 Dec 2006 22:00:29 GMT
Message-Id: <200612112200.kBBM0TQw020685@freefall.freebsd.org>
To: freebsd-ipfw@FreeBSD.org
From: wpaul@FreeBSD.ORG (Bill Paul)
Cc: 
Subject: Re: kern/106534: [ipfw] [panic] ipfw + dummynet
X-BeenThere: freebsd-ipfw@freebsd.org
X-Mailman-Version: 2.1.5
Precedence: list
Reply-To: Bill Paul <wpaul@FreeBSD.ORG>
List-Id: IPFW Technical Discussions <freebsd-ipfw.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-ipfw>,
	<mailto:freebsd-ipfw-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-ipfw>
List-Post: <mailto:freebsd-ipfw@freebsd.org>
List-Help: <mailto:freebsd-ipfw-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-ipfw>,
	<mailto:freebsd-ipfw-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Mon, 11 Dec 2006 22:14:22 -0000

The following reply was made to PR kern/106534; it has been noted by GNATS.

From: wpaul@FreeBSD.ORG (Bill Paul)
To: andrey.zverev@electro-com.ru (Andrej Zverev)
Cc: bug-followup@FreeBSD.org, az@freebsd.org
Subject: Re: kern/106534: [ipfw] [panic] ipfw + dummynet
Date: Mon, 11 Dec 2006 21:53:22 +0000 (GMT)

 > Little notice about it.
 > 
 > Chaging network card from ste(4) to em(4) helps, so it's might me
 > problem in ste(4) driver.
 > 
 > Maybe wpaul@ can look at this situation ?
 
 Absolutely not.
 
 The manual for this chip is here:
 
 http://www.freebsd.org/~wpaul/Sundance/st201.pdf
 
 Feel free to investigate the problem and fix it yourself.
 
 -Bill 
 

From owner-freebsd-ipfw@FreeBSD.ORG  Wed Dec 13 05:59:24 2006
Return-Path: <owner-freebsd-ipfw@FreeBSD.ORG>
X-Original-To: freebsd-ipfw@freebsd.org
Delivered-To: freebsd-ipfw@freebsd.org
Received: from mx1.FreeBSD.org (mx1.freebsd.org [69.147.83.52])
	by hub.freebsd.org (Postfix) with ESMTP id 7119116A403
	for <freebsd-ipfw@freebsd.org>; Wed, 13 Dec 2006 05:59:24 +0000 (UTC)
	(envelope-from jhay@meraka.csir.co.za)
Received: from zibbi.meraka.csir.co.za (zibbi.meraka.csir.co.za [146.64.24.58])
	by mx1.FreeBSD.org (Postfix) with ESMTP id E93F443C9D
	for <freebsd-ipfw@freebsd.org>; Wed, 13 Dec 2006 05:57:56 +0000 (GMT)
	(envelope-from jhay@meraka.csir.co.za)
Received: by zibbi.meraka.csir.co.za (Postfix, from userid 3973)
	id 2D27B33CBE; Wed, 13 Dec 2006 07:59:21 +0200 (SAST)
Date: Wed, 13 Dec 2006 07:59:21 +0200
From: John Hay <jhay@meraka.org.za>
To: freebsd-ipfw@freebsd.org
Message-ID: <20061213055921.GA41325@zibbi.meraka.csir.co.za>
Mime-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
User-Agent: Mutt/1.4.2.1i
Subject: ipfw handling of ipv6 fragments
X-BeenThere: freebsd-ipfw@freebsd.org
X-Mailman-Version: 2.1.5
Precedence: list
List-Id: IPFW Technical Discussions <freebsd-ipfw.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-ipfw>,
	<mailto:freebsd-ipfw-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-ipfw>
List-Post: <mailto:freebsd-ipfw@freebsd.org>
List-Help: <mailto:freebsd-ipfw-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-ipfw>,
	<mailto:freebsd-ipfw-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Wed, 13 Dec 2006 05:59:24 -0000

Hi,

We are trying out nat-pt here and it triggers lots of "IPFW2: IPV6 -
Invalid Fragment Header" messages. Our ipfw code seems to think that
one cannot have a fragment header on a packet that does not need to
be fragmented. Is there a reason for it? RFC2765 section 3 does say
one MUST use such a fragment header on all packets that go through
nat-pt and does not have the DF bit set.

So I have been running with that check removed. Does anyone have an
objection to me committing this?

Index: netinet/ip_fw2.c
===================================================================
RCS file: /home/ncvs/src/sys/netinet/ip_fw2.c,v
retrieving revision 1.106.2.23
diff -u -r1.106.2.23 ip_fw2.c
--- netinet/ip_fw2.c	20 Nov 2006 15:19:10 -0000	1.106.2.23
+++ netinet/ip_fw2.c	13 Dec 2006 05:40:36 -0000
@@ -2295,13 +2295,7 @@
 				 * fragment to be != 0. */
 				offset |= ((struct ip6_frag *)ulp)->ip6f_offlg &
 					IP6F_MORE_FRAG;
-				if (offset == 0) {
-					printf("IPFW2: IPV6 - Invalid Fragment "
-					    "Header\n");
-					if (fw_deny_unknown_exthdrs)
-					    return (IP_FW_DENY);
-					break;
-				}
+				/* According to RFC2765 3.1 offset can be 0 */
 				args->f_id.frag_id6 =
 				    ntohl(((struct ip6_frag *)ulp)->ip6f_ident);
 				ulp = NULL;

John
-- 
John Hay -- John.Hay@meraka.csir.co.za / jhay@FreeBSD.org