From owner-freebsd-ipfw@FreeBSD.ORG Mon Mar 15 09:06:33 2010 Return-Path: Delivered-To: freebsd-ipfw@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id DAD8F1065672 for ; Mon, 15 Mar 2010 09:06:33 +0000 (UTC) (envelope-from nick@freenet.ru) Received: from raptor.freenet.ru (raptor.freenet.ru [79.137.227.122]) by mx1.freebsd.org (Postfix) with ESMTP id 15D648FC0A for ; Mon, 15 Mar 2010 09:06:32 +0000 (UTC) Received: from conserver.irex.ru (unknown [192.168.2.2]) by raptor.freenet.ru (Postfix) with ESMTP id 99D3EC1517B for ; Mon, 15 Mar 2010 08:52:49 +0300 (MSK) X-Virus-Scanned: amavisd-new at freenet.ru Received: from [192.168.5.132] (unknown [194.6.222.170]) (using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits)) (No client certificate requested) by raptor.freenet.ru (Postfix) with ESMTP id 427B7C1517B for ; Mon, 15 Mar 2010 08:52:49 +0300 (MSK) From: Nick Filimonov To: freebsd-ipfw@freebsd.org Content-Type: text/plain; charset=UTF-8 Organization: NetCare Date: Mon, 15 Mar 2010 11:37:41 +0300 Message-Id: <1268642261.24791.27.camel@kate-laptop> Mime-Version: 1.0 X-Mailer: Evolution 2.22.3.1 Content-Transfer-Encoding: 8bit Subject: Strange crash in dummynet under high load (7.2-RELEASE) X-BeenThere: freebsd-ipfw@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: IPFW Technical Discussions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 15 Mar 2010 09:06:34 -0000 Gentlemen, We're experiencing a kernel panic in dummynet under high load (around 100-110Kpps) in the bridge configuration. It appears that somehow packets with empty mbuf packet header appear on top of the queue - that is they have no tag, pointer to the next packet in the queue is null, etc. Processing such a packet yields null-pointer dereference. The queue itself appear to have some more packets in it (at least it has non-zero length and a valid packet on its tail pointer). I can almost certainly cause this crash by trying to attach dummynet process to a specific CPU with cpuset even under moderate load; contributing factor could be that we use new igb multithreaded drivers that could process more pps simultaneously. I've attempted to debug the issue by means of modifying the code so that it wouldn't crash (discarding such packets, granted it results in mbuf leak from packets remaining in such queues, but it is not that big) and looking closely on the status of queues at the end of dummynet_io; they all look good and no null headers encountered there.. Any input or advice would be much appreciated. Output of kgdb and relevant portions of sysctl.conf is below: net.link.bridge.ipfw=1 net.inet.ip.fw.one_pass=0 net.inet.ip.fw.dyn_max=65535 net.inet.ip.fw.dyn_buckets=2048 kern.ipc.nmbclusters=204800 net.inet.ip.dummynet.io_fast=1 net.inet.ip.dummynet.max_chain_len=32 net.inet.ip.dummynet.hash_size=32768 bridge001# kgdb kernel.debug /var/crash/vmcore.12 GNU gdb 6.1.1 [FreeBSD] Copyright 2004 Free Software Foundation, Inc. GDB is free software, covered by the GNU General Public License, and you are welcome to change it and/or distribute copies of it under certain conditions. Type "show copying" to see the conditions. There is absolutely no warranty for GDB. Type "show warranty" for details. This GDB was configured as "i386-marcel-freebsd"... Unread portion of the kernel message buffer: Fatal trap 12: page fault while in kernel mode cpuid = 7; apic id = 17 fault virtual address = 0x18 fault code = supervisor write, page not present instruction pointer = 0x20:0xc08b7100 stack pointer = 0x28:0xe70dac0c frame pointer = 0x28:0xe70dac18 code segment = base 0x0, limit 0xfffff, type 0x1b = DPL 0, pres 1, def32 1, gran 1 processor eflags = interrupt enabled, resume, IOPL = 0 current process = 89 (dummynet) trap number = 12 panic: page fault cpuid = 7 Uptime: 1h2m23s Physical memory: 3050 MB Dumping 222 MB: 207 191 175 159 143 127 111 95 79 63 47 31 15 Reading symbols from /boot/kernel/acpi.ko...Reading symbols from /boot/kernel/acpi.ko.symbols...done. done. Loaded symbols for /boot/kernel/acpi.ko #0 doadump () at pcpu.h:196 196 __asm __volatile("movl %%fs:0,%0" : "=r" (td)); (kgdb) bt #0 doadump () at pcpu.h:196 #1 0xc07cea47 in boot (howto=260) at /usr/src/sys/kern/kern_shutdown.c:418 #2 0xc07ced19 in panic (fmt=Variable "fmt" is not available. ) at /usr/src/sys/kern/kern_shutdown.c:574 #3 0xc0ac5a4c in trap_fatal (frame=0xe70dabcc, eva=24) at /usr/src/sys/i386/i386/trap.c:939 #4 0xc0ac5cb0 in trap_pfault (frame=0xe70dabcc, usermode=0, eva=24) at /usr/src/sys/i386/i386/trap.c:852 #5 0xc0ac6632 in trap (frame=0xe70dabcc) at /usr/src/sys/i386/i386/trap.c:530 #6 0xc0aab74b in calltrap () at /usr/src/sys/i386/i386/exception.s:159 #7 0xc08b7100 in move_pkt (pkt=0xc6ddb100, q=0xc9274000, p=0xc66be200, len=2048) at /usr/src/sys/netinet/ip_dummynet.c:545 #8 0xc08b7bb0 in ready_event (q=0xc9274000, head=0xe70dac8c, tail=0xe70dac88) at /usr/src/sys/netinet/ip_dummynet.c:593 #9 0xc08b9965 in dummynet_task (context=0x0, pending=1) at /usr/src/sys/netinet/ip_dummynet.c:847 #10 0xc0803cd5 in taskqueue_run (queue=0xc6886400) at /usr/src/sys/kern/subr_taskqueue.c:282 #11 0xc0803ee8 in taskqueue_thread_loop (arg=0xc0ca0068) at /usr/src/sys/kern/subr_taskqueue.c:401 #12 0xc07a89c9 in fork_exit (callout=0xc0803e20 , arg=0xc0ca0068, frame=0xe70dad38) at /usr/src/sys/kern/kern_fork.c:810 #13 0xc0aab7c0 in fork_trampoline () at /usr/src/sys/i386/i386/exception.s:264 (kgdb) up 7 #7 0xc08b7100 in move_pkt (pkt=0xc6ddb100, q=0xc9274000, p=0xc66be200, len=2048) at /usr/src/sys/netinet/ip_dummynet.c:545 545 dt->output_time = curr_time + p->delay ; (kgdb) print *pkt $1 = {m_hdr = {mh_next = 0x0, mh_nextpkt = 0x0, mh_data = 0xc8f8e800 "", mh_len = 2048, mh_flags = 1, mh_type = 1, pad = "\000"}, M_dat = {MH = { MH_pkthdr = {rcvif = 0x0, header = 0x0, len = 2048, csum_flags = 0, csum_data = 0, tso_segsz = 0, ether_vtag = 0, tags = { slh_first = 0x0}}, MH_dat = {MH_ext = {ext_buf = 0xc8f8e800 "", ext_free = 0, ext_args = 0x0, ext_size = 2048, ref_cnt = 0xc8ef715c, ext_type = 1}, MH_databuf = "\000���\000\000\000\000\000\000\000\000\000\b\000 \000\\q��\001\000\000\000\205�\233\022\206��>�+V<�K\024B�4�2�=\233?��� \005�l\224�\f^�\\\2041.W\n�gt\237\001�\022%�\v/kg\210����8\226u\227 \001�U\004�_\"z\226����", '\0' }}, M_databuf = "\000\000\000\000\000\000\000\000\000\b", '\0' , "���\000\000\000\000\000\000\000\000\000\b\000\000\\q��\001 \000\000\000\205�\233\022\206��>�+V<�K\024B�4�2�=\233?���\005�l\224�\f^� \\\2041.W\n�gt\237\001�\022%�\v/kg\210����8\226u\227\001�U\004�_\"z \226����", '\0' }} (kgdb) print *p $2 = {next = {sle_next = 0xc666be00}, pipe_nr = 11, bandwidth = 6000000, delay = 0, head = 0xc8e3f900, tail = 0xc8e3f900, scheduler_heap = {size = 0, elements = 0, offset = 0, p = 0x0}, not_eligible_heap = {size = 0, elements = 0, offset = 0, p = 0x0}, idle_heap = {size = 0, elements = 0, offset = 124, p = 0x0}, V = 0, sum = 0, numbytes = 0, sched_time = 0, if_name = '\0' , ifp = 0x0, ready = 0, fs = {next = { sle_next = 0x0}, fs_nr = 0, flags_fs = 1, pipe = 0xc66be200, parent_nr = 0, weight = 0, qsize = 50, plr = 0, flow_mask = {dst_ip = 0, src_ip = 4294967295, dst_port = 0, src_port = 0, fib = 0 '\0', proto = 0 '\0', flags = 0 '\0', addr_type = 0 '\0', dst_ip6 = { __u6_addr = {__u6_addr8 = '\0' , __u6_addr16 = {0, 0, 0, 0, 0, 0, 0, 0}, __u6_addr32 = {0, 0, 0, 0}}}, src_ip6 = { __u6_addr = {__u6_addr8 = '\0' , __u6_addr16 = {0, 0, 0, 0, 0, 0, 0, 0}, __u6_addr32 = {0, 0, 0, 0}}}, flow_id6 = 0, frag_id6 = 0}, rq_size = 32768, rq_elements = 893, rq = 0xc7c25000, last_expired = 0, backlogged = 0, w_q = 0, max_th = 0, min_th = 0, max_p = 0, c_1 = 0, c_2 = 0, c_3 = 0, c_4 = 0, w_q_lookup = 0x0, lookup_depth = 0, lookup_step = 0, lookup_weight = 0, avg_pkt_size = 0, max_pkt_size = 0}} (kgdb) print *q $3 = {next = 0x0, id = {dst_ip = 0, src_ip = 169950275, dst_port = 0, src_port = 0, fib = 0 '\0', proto = 0 '\0', flags = 0 '\0', addr_type = 4 '\004', dst_ip6 = {__u6_addr = { __u6_addr8 = "\000k���:7�\177�~�\004k��", __u6_addr16 = {27392, 49353, 15068, 50743, 58495, 49278, 27396, 49353}, __u6_addr32 = { 3234425600, 3325508316, 3229541503, 3234425604}}}, src_ip6 = { __u6_addr = {__u6_addr8 = "��c�\004\000\000\000@�g�\004\000\000", __u6_addr16 = {60652, 50787, 4, 0, 49728, 50791, 4, 0}, __u6_addr32 = { 3328437484, 4, 3328688704, 4}}}, flow_id6 = 6400, frag_id6 = 3328688704}, head = 0x0, tail = 0xc72ff200, len = 48, len_bytes = 33276, numbytes = 6560000, tot_pkts = 12726, tot_bytes = 10474176, drops = 1695, hash_slot = 29351, avg = 0, count = 0, random = 0, q_time = 3739317, fs = 0xc66be278, heap_pos = 0, sched_time = 3742254, S = 1, F = 0} From owner-freebsd-ipfw@FreeBSD.ORG Mon Mar 15 11:07:15 2010 Return-Path: Delivered-To: freebsd-ipfw@FreeBSD.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id B596D1065679 for ; Mon, 15 Mar 2010 11:07:15 +0000 (UTC) (envelope-from owner-bugmaster@FreeBSD.org) Received: from freefall.freebsd.org (freefall.freebsd.org [IPv6:2001:4f8:fff6::28]) by mx1.freebsd.org (Postfix) with ESMTP id 98C948FC1B for ; Mon, 15 Mar 2010 11:07:15 +0000 (UTC) Received: from freefall.freebsd.org (localhost [127.0.0.1]) by freefall.freebsd.org (8.14.4/8.14.4) with ESMTP id o2FB7FTC026909 for ; Mon, 15 Mar 2010 11:07:15 GMT (envelope-from owner-bugmaster@FreeBSD.org) Received: (from gnats@localhost) by freefall.freebsd.org (8.14.4/8.14.4/Submit) id o2FB7E6u026905 for freebsd-ipfw@FreeBSD.org; Mon, 15 Mar 2010 11:07:14 GMT (envelope-from owner-bugmaster@FreeBSD.org) Date: Mon, 15 Mar 2010 11:07:14 GMT Message-Id: <201003151107.o2FB7E6u026905@freefall.freebsd.org> X-Authentication-Warning: freefall.freebsd.org: gnats set sender to owner-bugmaster@FreeBSD.org using -f From: FreeBSD bugmaster To: freebsd-ipfw@FreeBSD.org Cc: Subject: Current problem reports assigned to freebsd-ipfw@FreeBSD.org X-BeenThere: freebsd-ipfw@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: IPFW Technical Discussions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 15 Mar 2010 11:07:15 -0000 Note: to view an individual PR, use: http://www.freebsd.org/cgi/query-pr.cgi?pr=(number). The following is a listing of current problems submitted by FreeBSD users. These represent problem reports covering all versions including experimental development code and obsolete releases. S Tracker Resp. Description -------------------------------------------------------------------------------- o kern/144269 ipfw [ipfw] problem with ipfw tables o kern/144187 ipfw [ipfw] deadlock using multiple ipfw nat and multiple l o kern/143973 ipfw [ipfw] [panic] ipfw forward option causes kernel reboo o kern/143653 ipfw [ipfw] [patch] ipfw nat redirect_port "buf is too smal o kern/143621 ipfw [ipfw] [dummynet] [patch] dummynet and vnet use result o kern/143474 ipfw [ipfw] ipfw table contains the same address o kern/139581 ipfw [ipfw] "ipfw pipe" not limiting bandwidth o kern/139226 ipfw [ipfw] install_state: entry already present, done o kern/137346 ipfw [ipfw] ipfw nat redirect_proto is broken o kern/137232 ipfw [ipfw] parser troubles o kern/136695 ipfw [ipfw] [patch] fwd reached after skipto in dynamic rul o kern/135476 ipfw [ipfw] IPFW table breaks after adding a large number o o bin/134975 ipfw [patch] ipfw(8) can't work with set in rule file. o kern/132553 ipfw [ipfw] ipfw doesn't understand ftp-data port o kern/131817 ipfw [ipfw] blocks layer2 packets that should not be blocke o kern/131601 ipfw [ipfw] [panic] 7-STABLE panic in nat_finalise (tcp=0) o kern/131558 ipfw [ipfw] Inconsistent "via" ipfw behavior o bin/130132 ipfw [patch] ipfw(8): no way to get mask from ipfw pipe sho o kern/129103 ipfw [ipfw] IPFW check state does not work =( o kern/129093 ipfw [ipfw] ipfw nat must not drop packets o kern/129036 ipfw [ipfw] 'ipfw fwd' does not change outgoing interface n o kern/128260 ipfw [ipfw] [patch] ipfw_divert damages IPv6 packets o kern/127230 ipfw [ipfw] [patch] Feature request to add UID and/or GID l o kern/127209 ipfw [ipfw] IPFW table become corrupted after many changes o bin/125370 ipfw [ipfw] [patch] increase a line buffer limit o conf/123119 ipfw [patch] rc script for ipfw does not handle IPv6 o kern/122963 ipfw [ipfw] tcpdump does not show packets redirected by 'ip s kern/121807 ipfw [request] TCP and UDP port_table in ipfw o kern/121382 ipfw [dummynet]: 6.3-RELEASE-p1 page fault in dummynet (cor o kern/121122 ipfw [ipfw] [patch] add support to ToS IP PRECEDENCE fields o kern/118993 ipfw [ipfw] page fault - probably it's a locking problem o bin/117214 ipfw ipfw(8) fwd with IPv6 treats input as IPv4 o kern/116009 ipfw [ipfw] [patch] Ignore errors when loading ruleset from o bin/115172 ipfw [patch] ipfw(8) list show some rules with a wrong form o docs/113803 ipfw [patch] ipfw(8) - don't get bitten by the fwd rule p kern/113388 ipfw [ipfw] [patch] Addition actions with rules within spec o kern/112561 ipfw [ipfw] ipfw fwd does not work with some TCP packets o kern/105330 ipfw [ipfw] [patch] ipfw (dummynet) does not allow to set q o bin/104921 ipfw [patch] ipfw(8) sometimes treats ipv6 input as ipv4 (a o kern/104682 ipfw [ipfw] [patch] Some minor language consistency fixes a o kern/103454 ipfw [ipfw] [patch] [request] add a facility to modify DF b o kern/103328 ipfw [ipfw] [request] sugestions about ipfw table o kern/102471 ipfw [ipfw] [patch] add tos and dscp support o kern/98831 ipfw [ipfw] ipfw has UDP hickups o kern/97951 ipfw [ipfw] [patch] ipfw does not tie interface details to o kern/97504 ipfw [ipfw] IPFW Rules bug o kern/95084 ipfw [ipfw] [regression] [patch] IPFW2 ignores "recv/xmit/v o kern/93300 ipfw [ipfw] ipfw pipe lost packets o kern/91847 ipfw [ipfw] ipfw with vlanX as the device o kern/88659 ipfw [modules] ipfw and ip6fw do not work properly as modul o kern/87032 ipfw [ipfw] [patch] ipfw ioctl interface implementation o kern/86957 ipfw [ipfw] [patch] ipfw mac logging o kern/82724 ipfw [ipfw] [patch] [request] Add setnexthop and defaultrou s kern/80642 ipfw [ipfw] [patch] ipfw small patch - new RULE OPTION o bin/78785 ipfw [patch] ipfw(8) verbosity locks machine if /etc/rc.fir o kern/74104 ipfw [ipfw] ipfw2/1 conflict not detected or reported, manp o kern/73910 ipfw [ipfw] serious bug on forwarding of packets after NAT o kern/72987 ipfw [ipfw] ipfw/dummynet pipe/queue 'queue [BYTES]KBytes ( o kern/71366 ipfw [ipfw] "ipfw fwd" sometimes rewrites destination mac a o kern/69963 ipfw [ipfw] install_state warning about already existing en o kern/60719 ipfw [ipfw] Headerless fragments generate cryptic error mes o kern/55984 ipfw [ipfw] [patch] time based firewalling support for ipfw o kern/51274 ipfw [ipfw] [patch] ipfw2 create dynamic rules with parent o kern/48172 ipfw [ipfw] [patch] ipfw does not log size and flags o kern/46159 ipfw [ipfw] [patch] [request] ipfw dynamic rules lifetime f a kern/26534 ipfw [ipfw] Add an option to ipfw to log gid/uid of who cau 66 problems total. From owner-freebsd-ipfw@FreeBSD.ORG Mon Mar 15 18:21:51 2010 Return-Path: Delivered-To: freebsd-ipfw@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 570EE106564A for ; Mon, 15 Mar 2010 18:21:51 +0000 (UTC) (envelope-from luigi@onelab2.iet.unipi.it) Received: from onelab2.iet.unipi.it (onelab2.iet.unipi.it [131.114.59.238]) by mx1.freebsd.org (Postfix) with ESMTP id 1E0D58FC0C for ; Mon, 15 Mar 2010 18:21:50 +0000 (UTC) Received: by onelab2.iet.unipi.it (Postfix, from userid 275) id C4D3773106; Mon, 15 Mar 2010 19:31:32 +0100 (CET) Date: Mon, 15 Mar 2010 19:31:32 +0100 From: Luigi Rizzo To: Oliver Fromme Message-ID: <20100315183132.GA94552@onelab2.iet.unipi.it> References: <201003091436.o29EaFQi048887@lurza.secnetix.de> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <201003091436.o29EaFQi048887@lurza.secnetix.de> User-Agent: Mutt/1.4.2.3i Cc: freebsd-ipfw@freebsd.org Subject: Re: Small problem with "ipfw list" X-BeenThere: freebsd-ipfw@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: IPFW Technical Discussions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 15 Mar 2010 18:21:51 -0000 On Tue, Mar 09, 2010 at 03:36:15PM +0100, Oliver Fromme wrote: > Hi, > > Just a question: Is the output from "ipfw list" supposed > to be in the same rule format that is accepted as input? > If that's the case, then there is a small bug: > > # ipfw add 100 allow ip from any to '{' 1.1.1.1 or 2.2.2.2 '}' > 00100 allow ip from any to '{' 1.1.1.1 or dst-ip 2.2.2.2 '}' ok this should be fixed now in head (revision 205179) cheers luigi From owner-freebsd-ipfw@FreeBSD.ORG Mon Mar 15 18:57:42 2010 Return-Path: Delivered-To: freebsd-ipfw@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 766B3106566C for ; Mon, 15 Mar 2010 18:57:42 +0000 (UTC) (envelope-from olli@lurza.secnetix.de) Received: from lurza.secnetix.de (lurza.secnetix.de [IPv6:2a01:170:102f::2]) by mx1.freebsd.org (Postfix) with ESMTP id F32E78FC19 for ; Mon, 15 Mar 2010 18:57:41 +0000 (UTC) Received: from lurza.secnetix.de (localhost [127.0.0.1]) by lurza.secnetix.de (8.14.3/8.14.3) with ESMTP id o2FIvOQG081357; Mon, 15 Mar 2010 19:57:39 +0100 (CET) (envelope-from oliver.fromme@secnetix.de) Received: (from olli@localhost) by lurza.secnetix.de (8.14.3/8.14.3/Submit) id o2FIvOCW081355; Mon, 15 Mar 2010 19:57:24 +0100 (CET) (envelope-from olli) From: Oliver Fromme Message-Id: <201003151857.o2FIvOCW081355@lurza.secnetix.de> To: rizzo@iet.unipi.it (Luigi Rizzo) Date: Mon, 15 Mar 2010 19:57:24 +0100 (CET) In-Reply-To: <20100315183132.GA94552@onelab2.iet.unipi.it> X-Mailer: ELM [version 2.5 PL8] MIME-Version: 1.0 Content-Type: text/plain; charset=ISO-8859-1 Content-Transfer-Encoding: 8bit X-Greylist: Sender IP whitelisted, not delayed by milter-greylist-2.1.2 (lurza.secnetix.de [127.0.0.1]); Mon, 15 Mar 2010 19:57:39 +0100 (CET) Cc: freebsd-ipfw@freebsd.org Subject: Re: Small problem with "ipfw list" X-BeenThere: freebsd-ipfw@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: IPFW Technical Discussions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 15 Mar 2010 18:57:42 -0000 Luigi Rizzo wrote: > On Tue, Mar 09, 2010 at 03:36:15PM +0100, Oliver Fromme wrote: > > Hi, > > > > Just a question: Is the output from "ipfw list" supposed > > to be in the same rule format that is accepted as input? > > If that's the case, then there is a small bug: > > > > # ipfw add 100 allow ip from any to '{' 1.1.1.1 or 2.2.2.2 '}' > > 00100 allow ip from any to '{' 1.1.1.1 or dst-ip 2.2.2.2 '}' > > ok this should be fixed now in head (revision 205179) Great, thank you very much for doing this! Do you think this could be merged to stable/8 and stable/7? Best regards Oliver -- Oliver Fromme, secnetix GmbH & Co. KG, Marktplatz 29, 85567 Grafing b. M. Handelsregister: Registergericht Muenchen, HRA 74606, Geschäftsfuehrung: secnetix Verwaltungsgesellsch. mbH, Handelsregister: Registergericht Mün- chen, HRB 125758, Geschäftsführer: Maik Bachmann, Olaf Erb, Ralf Gebhart FreeBSD-Dienstleistungen, -Produkte und mehr: http://www.secnetix.de/bsd "C++ is to C as Lung Cancer is to Lung." -- Thomas Funke From owner-freebsd-ipfw@FreeBSD.ORG Mon Mar 15 19:02:28 2010 Return-Path: Delivered-To: freebsd-ipfw@hub.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id BA00A106566C; Mon, 15 Mar 2010 19:02:28 +0000 (UTC) (envelope-from sem@FreeBSD.org) Received: from freefall.freebsd.org (freefall.freebsd.org [IPv6:2001:4f8:fff6::28]) by mx1.freebsd.org (Postfix) with ESMTP id 914C48FC1B; Mon, 15 Mar 2010 19:02:28 +0000 (UTC) Received: from freefall.freebsd.org (localhost [127.0.0.1]) by freefall.freebsd.org (8.14.4/8.14.4) with ESMTP id o2FJ2SJ7041469; Mon, 15 Mar 2010 19:02:28 GMT (envelope-from sem@freefall.freebsd.org) Received: (from sem@localhost) by freefall.freebsd.org (8.14.4/8.14.4/Submit) id o2FJ2SmH041465; Mon, 15 Mar 2010 19:02:28 GMT (envelope-from sem) Date: Mon, 15 Mar 2010 19:02:28 GMT Message-Id: <201003151902.o2FJ2SmH041465@freefall.freebsd.org> To: sem@FreeBSD.org, sem@FreeBSD.org, freebsd-ipfw@FreeBSD.org From: sem@FreeBSD.org Cc: Subject: Re: bin/115172: [patch] ipfw(8) list show some rules with a wrong format X-BeenThere: freebsd-ipfw@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: IPFW Technical Discussions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 15 Mar 2010 19:02:28 -0000 Synopsis: [patch] ipfw(8) list show some rules with a wrong format State-Changed-From-To: open->closed State-Changed-By: sem State-Changed-When: Mon Mar 15 19:02:28 UTC 2010 State-Changed-Why: Fixed with r205179 http://www.freebsd.org/cgi/query-pr.cgi?pr=115172 From owner-freebsd-ipfw@FreeBSD.ORG Mon Mar 15 21:03:52 2010 Return-Path: Delivered-To: freebsd-ipfw@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 71C1A106564A for ; Mon, 15 Mar 2010 21:03:52 +0000 (UTC) (envelope-from luigi@onelab2.iet.unipi.it) Received: from onelab2.iet.unipi.it (onelab2.iet.unipi.it [131.114.59.238]) by mx1.freebsd.org (Postfix) with ESMTP id 389758FC1F for ; Mon, 15 Mar 2010 21:03:52 +0000 (UTC) Received: by onelab2.iet.unipi.it (Postfix, from userid 275) id 59E74730A1; Mon, 15 Mar 2010 22:13:34 +0100 (CET) Date: Mon, 15 Mar 2010 22:13:34 +0100 From: Luigi Rizzo To: Oliver Fromme Message-ID: <20100315211334.GB95605@onelab2.iet.unipi.it> References: <20100315183132.GA94552@onelab2.iet.unipi.it> <201003151857.o2FIvOCW081355@lurza.secnetix.de> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <201003151857.o2FIvOCW081355@lurza.secnetix.de> User-Agent: Mutt/1.4.2.3i Cc: freebsd-ipfw@freebsd.org Subject: Re: Small problem with "ipfw list" X-BeenThere: freebsd-ipfw@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: IPFW Technical Discussions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 15 Mar 2010 21:03:52 -0000 On Mon, Mar 15, 2010 at 07:57:24PM +0100, Oliver Fromme wrote: > > Luigi Rizzo wrote: > > On Tue, Mar 09, 2010 at 03:36:15PM +0100, Oliver Fromme wrote: > > > Hi, > > > > > > Just a question: Is the output from "ipfw list" supposed > > > to be in the same rule format that is accepted as input? > > > If that's the case, then there is a small bug: > > > > > > # ipfw add 100 allow ip from any to '{' 1.1.1.1 or 2.2.2.2 '}' > > > 00100 allow ip from any to '{' 1.1.1.1 or dst-ip 2.2.2.2 '}' > > > > ok this should be fixed now in head (revision 205179) > > Great, thank you very much for doing this! > > Do you think this could be merged to stable/8 and stable/7? it's a trivial change to the userland program so whoever wants to do the merge is welcome. I should be able to merge to stable/8 perhaps next monday, whereas for stable/7 perhaps we should wait for the code freeze to end ? cheers luigi From owner-freebsd-ipfw@FreeBSD.ORG Mon Mar 15 21:24:14 2010 Return-Path: Delivered-To: freebsd-ipfw@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 568AB106566B for ; Mon, 15 Mar 2010 21:24:14 +0000 (UTC) (envelope-from olli@lurza.secnetix.de) Received: from lurza.secnetix.de (lurza.secnetix.de [IPv6:2a01:170:102f::2]) by mx1.freebsd.org (Postfix) with ESMTP id D38158FC14 for ; Mon, 15 Mar 2010 21:24:13 +0000 (UTC) Received: from lurza.secnetix.de (localhost [127.0.0.1]) by lurza.secnetix.de (8.14.3/8.14.3) with ESMTP id o2FLNvhF087309; Mon, 15 Mar 2010 22:24:12 +0100 (CET) (envelope-from oliver.fromme@secnetix.de) Received: (from olli@localhost) by lurza.secnetix.de (8.14.3/8.14.3/Submit) id o2FLNvke087307; Mon, 15 Mar 2010 22:23:57 +0100 (CET) (envelope-from olli) From: Oliver Fromme Message-Id: <201003152123.o2FLNvke087307@lurza.secnetix.de> To: rizzo@iet.unipi.it (Luigi Rizzo) Date: Mon, 15 Mar 2010 22:23:57 +0100 (CET) In-Reply-To: <20100315211334.GB95605@onelab2.iet.unipi.it> X-Mailer: ELM [version 2.5 PL8] MIME-Version: 1.0 Content-Type: text/plain; charset=ISO-8859-1 Content-Transfer-Encoding: 8bit X-Greylist: Sender IP whitelisted, not delayed by milter-greylist-2.1.2 (lurza.secnetix.de [127.0.0.1]); Mon, 15 Mar 2010 22:24:12 +0100 (CET) Cc: freebsd-ipfw@freebsd.org Subject: Re: Small problem with "ipfw list" X-BeenThere: freebsd-ipfw@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: IPFW Technical Discussions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 15 Mar 2010 21:24:14 -0000 Luigi Rizzo wrote: > On Mon, Mar 15, 2010 at 07:57:24PM +0100, Oliver Fromme wrote: > > Do you think this could be merged to stable/8 and stable/7? > > it's a trivial change to the userland program so whoever wants > to do the merge is welcome. I should be able to merge to stable/8 > perhaps next monday, whereas for stable/7 perhaps we should wait for the > code freeze to end ? Yes, I agree. This is not a "critical" issue, so it can wait for the code freeze to end. Best regards Oliver -- Oliver Fromme, secnetix GmbH & Co. KG, Marktplatz 29, 85567 Grafing b. M. Handelsregister: Registergericht Muenchen, HRA 74606, Geschäftsfuehrung: secnetix Verwaltungsgesellsch. mbH, Handelsregister: Registergericht Mün- chen, HRB 125758, Geschäftsführer: Maik Bachmann, Olaf Erb, Ralf Gebhart FreeBSD-Dienstleistungen, -Produkte und mehr: http://www.secnetix.de/bsd "That's what I love about GUIs: They make simple tasks easier, and complex tasks impossible." -- John William Chambless From owner-freebsd-ipfw@FreeBSD.ORG Tue Mar 16 22:22:27 2010 Return-Path: Delivered-To: freebsd-ipfw@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id AF50B1065677 for ; Tue, 16 Mar 2010 22:22:27 +0000 (UTC) (envelope-from nino80@gmail.com) Received: from mail-fx0-f215.google.com (mail-fx0-f215.google.com [209.85.220.215]) by mx1.freebsd.org (Postfix) with ESMTP id 449038FC15 for ; Tue, 16 Mar 2010 22:22:27 +0000 (UTC) Received: by fxm7 with SMTP id 7so487254fxm.3 for ; Tue, 16 Mar 2010 15:22:26 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=gamma; h=domainkey-signature:mime-version:received:in-reply-to:references :from:date:message-id:subject:to:content-type; bh=Zrqh+bpUiHtzsszv1OMYSIEEIUTKbJBGSp8Uk9nx9G4=; b=g8JWTlgzmi6i8yYeiBSNZN7ntnC+YDjLkfy2kx7og0w96Yujt3H3Ry1t576Qce/Nzi J3pI7h01CkLti25UzUOE9D1HwPeui4ifpT95+r5nEavZtlqiH3F05fKKl9U/9no3EtlG 9LfFY4nQ0FLs7GZvW9aIdIKKlfCDmF8+cn/aY= DomainKey-Signature: a=rsa-sha1; c=nofws; d=gmail.com; s=gamma; h=mime-version:in-reply-to:references:from:date:message-id:subject:to :content-type; b=jJ/rBmwXJDiBRV7Odr9Scm3oYyLI+KKKtegIlUSS63GVMkj2/LuadVHmL2QBMlvwqc uD5ywqaJUuH7adklkfe/fZgKIZIrGBp0XbzUBahKWg6jxNJieG00I4Kr8xaQ1tBPil9T +JfAAhJlb1zCciSmVzJpdC7aU04jSeWwXlKRA= MIME-Version: 1.0 Received: by 10.103.80.24 with SMTP id h24mr6680958mul.113.1268778146284; Tue, 16 Mar 2010 15:22:26 -0700 (PDT) In-Reply-To: <4B992EE8.30309@elischer.org> References: <92bcbda51003100912k25facb5cxc9047105c91a4022@mail.gmail.com> <4B97E412.1050506@elischer.org> <4B981FE5.5090905@smartt.com> <4B9828B2.2010903@elischer.org> <92bcbda51003110047s717bed1bq8bb3eb787eab47f7@mail.gmail.com> <4B992EE8.30309@elischer.org> From: n j Date: Tue, 16 Mar 2010 23:22:06 +0100 Message-ID: <92bcbda51003161522j2b8081a6x9978b27416c8665c@mail.gmail.com> To: freebsd-ipfw@freebsd.org Content-Type: text/plain; charset=ISO-8859-1 Subject: Re: IPFIREWALL_FORWARD X-BeenThere: freebsd-ipfw@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: IPFW Technical Discussions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 16 Mar 2010 22:22:27 -0000 > it's needed for the functionality. > you need to slightly change the behaviour or the existing stack in quite a > number of places to handle a forwarded packet. Sorry for catching up with the thread so late, I was without Internet connection for the last couple of days. Thanks for all the replies so far, I've got just one more question: is it correct that pf (as loadable module) has this forward (aka route-to) functionality without needing the kernel recompile? If so, it might be that final push for me to switch from ipfw to pf. Regards, -- Nino From owner-freebsd-ipfw@FreeBSD.ORG Tue Mar 16 23:06:07 2010 Return-Path: Delivered-To: freebsd-ipfw@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 21564106566C for ; Tue, 16 Mar 2010 23:06:07 +0000 (UTC) (envelope-from julian@elischer.org) Received: from out-0.mx.aerioconnect.net (out-0-25.mx.aerioconnect.net [216.240.47.85]) by mx1.freebsd.org (Postfix) with ESMTP id 01E8D8FC0C for ; Tue, 16 Mar 2010 23:06:06 +0000 (UTC) Received: from idiom.com (postfix@mx0.idiom.com [216.240.32.160]) by out-0.mx.aerioconnect.net (8.13.8/8.13.8) with ESMTP id o2GN66gc002046; Tue, 16 Mar 2010 16:06:06 -0700 X-Client-Authorized: MaGic Cook1e X-Client-Authorized: MaGic Cook1e Received: from julian-mac.elischer.org (h-67-100-89-137.snfccasy.static.covad.net [67.100.89.137]) by idiom.com (Postfix) with ESMTP id 098D12D601E; Tue, 16 Mar 2010 16:06:05 -0700 (PDT) Message-ID: <4BA00EDD.1010200@elischer.org> Date: Tue, 16 Mar 2010 16:06:05 -0700 From: Julian Elischer User-Agent: Thunderbird 2.0.0.23 (Macintosh/20090812) MIME-Version: 1.0 To: n j References: <92bcbda51003100912k25facb5cxc9047105c91a4022@mail.gmail.com> <4B97E412.1050506@elischer.org> <4B981FE5.5090905@smartt.com> <4B9828B2.2010903@elischer.org> <92bcbda51003110047s717bed1bq8bb3eb787eab47f7@mail.gmail.com> <4B992EE8.30309@elischer.org> <92bcbda51003161522j2b8081a6x9978b27416c8665c@mail.gmail.com> In-Reply-To: <92bcbda51003161522j2b8081a6x9978b27416c8665c@mail.gmail.com> Content-Type: text/plain; charset=ISO-8859-1; format=flowed Content-Transfer-Encoding: 7bit X-Scanned-By: MIMEDefang 2.67 on 216.240.47.51 Cc: freebsd-ipfw@freebsd.org Subject: Re: IPFIREWALL_FORWARD X-BeenThere: freebsd-ipfw@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: IPFW Technical Discussions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 16 Mar 2010 23:06:07 -0000 n j wrote: >> it's needed for the functionality. >> you need to slightly change the behaviour or the existing stack in quite a >> number of places to handle a forwarded packet. > > Sorry for catching up with the thread so late, I was without Internet > connection for the last couple of days. > > Thanks for all the replies so far, I've got just one more question: is > it correct that pf (as loadable module) has this forward (aka > route-to) functionality without needing the kernel recompile? If so, > it might be that final push for me to switch from ipfw to pf. > > Regards, I can't answer for pf.. this is the ipfw mailing list. :-) If they do have the same functionality then they will need the same changes. If they do something different (e.g. changing the packet) then they may be able to do a subset of the same thing. From owner-freebsd-ipfw@FreeBSD.ORG Thu Mar 18 07:58:57 2010 Return-Path: Delivered-To: freebsd-ipfw@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 0A525106564A for ; Thu, 18 Mar 2010 07:58:57 +0000 (UTC) (envelope-from szvyag@gmail.com) Received: from mail-wy0-f196.google.com (mail-wy0-f196.google.com [74.125.82.196]) by mx1.freebsd.org (Postfix) with ESMTP id 9B4828FC0A for ; Thu, 18 Mar 2010 07:58:56 +0000 (UTC) Received: by wya21 with SMTP id 21so235805wya.7 for ; Thu, 18 Mar 2010 00:58:55 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=gamma; h=domainkey-signature:mime-version:received:date:message-id:subject :from:to:content-type; bh=jVNr378XnGJuRmnPBcCBzWYqsIgORe9YSpyhLc+DPnE=; b=Ad7rYOTPkpmLbYIYU3ZW5douXWlPlaPdlQqNjvnnsQfNEeHZol0GBeqSZuPCTrsNey /7SK3C/kXDTHcBg8ggaf+Xx8CKoYtcKl+b6bVlkg02WlBcN0OHGY6zpVbGN7lnTlP+fc DihPNFY1KP5kjc27XOkQ2aeTjwP51j+DWiWjw= DomainKey-Signature: a=rsa-sha1; c=nofws; d=gmail.com; s=gamma; h=mime-version:date:message-id:subject:from:to:content-type; b=nQLZ7Hs+LPtvPeCFRHWJQf61nqaNNsv2sD+UarZuxUA83S5E/5/WlHgLA+hyk/bkON epKIjhyasU9xzlqnm0HcnvpRcJTTL8KFjcDDS4F1P/lc2vayD7L2H8G8tZqS81twZgas KP7+yUXjaX4BRkSc6pQkiHgiktUZxXlDadDNc= MIME-Version: 1.0 Received: by 10.216.89.84 with SMTP id b62mr934457wef.226.1268898351699; Thu, 18 Mar 2010 00:45:51 -0700 (PDT) Date: Thu, 18 Mar 2010 10:45:51 +0300 Message-ID: <8aca93011003180045y49ff6795s72646f5ca84901eb@mail.gmail.com> From: Sergey Zvyagintsev To: freebsd-ipfw@freebsd.org Content-Type: text/plain; charset=ISO-8859-1 Subject: Loosing packets with stateful rules X-BeenThere: freebsd-ipfw@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: IPFW Technical Discussions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 18 Mar 2010 07:58:57 -0000 Hi, I experience that single packets are not processed by ipfw ruleset with stateful rules on FreeBSD-7.2 with GENERIC kernel. The ipfw configuration (pretty match the same as in Handbook): 00002 allow ip from any to any via vr0 00003 allow ip from any to any via lo0 00100 divert 8668 ip from any to any in via vr1 00101 check-state 00125 skipto 500 ip from 172.16.10.0 to any out via vr1 limit src-addr 10 00130 allow ip from me to any out via vr1 keep-state 00420 allow tcp from 172.16.10.0 to me dst-port 22 in via vr0 keep-state 00430 allow icmp from any to me 00450 deny log logamount 5 ip from any to any 00500 divert 8668 ip from any to any out via vr1 00501 allow ip from any to any 65535 deny ip from any to any rc.conf: ifconfig_vr0="inet 172.16.0.3 netmask 0xffff0000" ifconfig_vr1="inet 192.168.1.108 netmask 0xffffff00" defaultrouter="192.168.1.8" firewall_enable="YES" firewall_script="/etc/ipfw.rules" natd_enable="YES" natd_interface="vr1" natd_flags="-dynamic -m" When I start P2P-client on host 172.16.10.0 to generate some traffic, everything works fine. But tcpdump shows single packets that are not NAT'ed and sent to default gateway with real IP-address: test# tcpdump -n -i vr1 host 172.16.10.0 tcpdump: verbose output suppressed, use -v or -vv for full protocol decode listening on vr1, link-type EN10MB (Ethernet), capture size 96 bytes 15:04:30.678021 IP 172.16.10.0.61972 > 77.195.187.79.49945: . ack 3659396937 win 0 15:04:30.678032 IP 172.16.10.0.61835 > 24.215.1.215.6892: . ack 1812223920 win 0 15:04:30.678083 IP 172.16.10.0.30501 > 178.161.128.26.7307: . ack 638704704 win 0 15:04:30.678174 IP 172.16.10.0.30410 > 96.255.209.125.6979: . ack 3538407393 win 0 15:04:35.677946 IP 172.16.10.0.30695 > 195.131.4.167.80: . ack 3863695978 win 0 15:04:35.677957 IP 172.16.10.0.30696 > 217.30.200.20.6688: . ack 4205907280 win 0 15:04:40.677866 IP 172.16.10.0.30712 > 24.215.1.215.8082: . ack 3863870641 win 0 15:04:40.677877 IP 172.16.10.0.30731 > 195.131.4.167.80: . ack 3878559558 win 0 ... CPU and memory usage are quite low. Removing limit option from rule 00125 completely solves the problem. Is this normal behavior for ipfw? Best regards, Sergey Zvyagintsev From owner-freebsd-ipfw@FreeBSD.ORG Fri Mar 19 23:51:54 2010 Return-Path: Delivered-To: freebsd-ipfw@hub.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 232F1106567C; Fri, 19 Mar 2010 23:51:54 +0000 (UTC) (envelope-from linimon@FreeBSD.org) Received: from freefall.freebsd.org (freefall.freebsd.org [IPv6:2001:4f8:fff6::28]) by mx1.freebsd.org (Postfix) with ESMTP id ED4948FC28; Fri, 19 Mar 2010 23:51:53 +0000 (UTC) Received: from freefall.freebsd.org (localhost [127.0.0.1]) by freefall.freebsd.org (8.14.4/8.14.4) with ESMTP id o2JNprcf051638; Fri, 19 Mar 2010 23:51:53 GMT (envelope-from linimon@freefall.freebsd.org) Received: (from linimon@localhost) by freefall.freebsd.org (8.14.4/8.14.4/Submit) id o2JNprIP051634; Fri, 19 Mar 2010 23:51:53 GMT (envelope-from linimon) Date: Fri, 19 Mar 2010 23:51:53 GMT Message-Id: <201003192351.o2JNprIP051634@freefall.freebsd.org> To: linimon@FreeBSD.org, freebsd-bugs@FreeBSD.org, freebsd-ipfw@FreeBSD.org From: linimon@FreeBSD.org Cc: Subject: Re: kern/144869: [ipfw] [panic] Instant kernel panic when adding NAT rules using ipfw on em interfaces X-BeenThere: freebsd-ipfw@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: IPFW Technical Discussions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 19 Mar 2010 23:51:54 -0000 Old Synopsis: Instant kernel panic when adding NAT rules using ipfw on em interfaces New Synopsis: [ipfw] [panic] Instant kernel panic when adding NAT rules using ipfw on em interfaces Responsible-Changed-From-To: freebsd-bugs->freebsd-ipfw Responsible-Changed-By: linimon Responsible-Changed-When: Fri Mar 19 23:51:40 UTC 2010 Responsible-Changed-Why: Over to maintainer(s). http://www.freebsd.org/cgi/query-pr.cgi?pr=144869 From owner-freebsd-ipfw@FreeBSD.ORG Sat Mar 20 14:37:29 2010 Return-Path: Delivered-To: freebsd-ipfw@hub.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id AB1361065676; Sat, 20 Mar 2010 14:37:29 +0000 (UTC) (envelope-from gavin@FreeBSD.org) Received: from freefall.freebsd.org (freefall.freebsd.org [IPv6:2001:4f8:fff6::28]) by mx1.freebsd.org (Postfix) with ESMTP id 80B7E8FC0A; Sat, 20 Mar 2010 14:37:29 +0000 (UTC) Received: from freefall.freebsd.org (localhost [127.0.0.1]) by freefall.freebsd.org (8.14.4/8.14.4) with ESMTP id o2KEbTIu041491; Sat, 20 Mar 2010 14:37:29 GMT (envelope-from gavin@freefall.freebsd.org) Received: (from gavin@localhost) by freefall.freebsd.org (8.14.4/8.14.4/Submit) id o2KEbTig041487; Sat, 20 Mar 2010 14:37:29 GMT (envelope-from gavin) Date: Sat, 20 Mar 2010 14:37:29 GMT Message-Id: <201003201437.o2KEbTig041487@freefall.freebsd.org> To: gavin@FreeBSD.org, freebsd-bugs@FreeBSD.org, freebsd-ipfw@FreeBSD.org From: gavin@FreeBSD.org Cc: Subject: Re: bin/83046: ipfw2 error: "setup" is allowed for icmp, but shouldn't be X-BeenThere: freebsd-ipfw@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: IPFW Technical Discussions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sat, 20 Mar 2010 14:37:29 -0000 Old Synopsis: ipfw2 error New Synopsis: ipfw2 error: "setup" is allowed for icmp, but shouldn't be Responsible-Changed-From-To: freebsd-bugs->freebsd-ipfw Responsible-Changed-By: gavin Responsible-Changed-When: Sat Mar 20 14:36:50 UTC 2010 Responsible-Changed-Why: Over to maintainer(s) http://www.freebsd.org/cgi/query-pr.cgi?pr=83046