From owner-freebsd-ipfw@FreeBSD.ORG Mon Nov 18 11:06:51 2013 Return-Path: Delivered-To: freebsd-ipfw@FreeBSD.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) (using TLSv1 with cipher ADH-AES256-SHA (256/256 bits)) (No client certificate requested) by hub.freebsd.org (Postfix) with ESMTPS id 7AE5AA49 for ; Mon, 18 Nov 2013 11:06:51 +0000 (UTC) Received: from freefall.freebsd.org (freefall.freebsd.org [IPv6:2001:1900:2254:206c::16:87]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by mx1.freebsd.org (Postfix) with ESMTPS id 6A1C72086 for ; Mon, 18 Nov 2013 11:06:51 +0000 (UTC) Received: from freefall.freebsd.org (localhost [127.0.0.1]) by freefall.freebsd.org (8.14.7/8.14.7) with ESMTP id rAIB6pvw009085 for ; Mon, 18 Nov 2013 11:06:51 GMT (envelope-from owner-bugmaster@FreeBSD.org) Received: (from gnats@localhost) by freefall.freebsd.org (8.14.7/8.14.7/Submit) id rAIB6ooP009083 for freebsd-ipfw@FreeBSD.org; Mon, 18 Nov 2013 11:06:50 GMT (envelope-from owner-bugmaster@FreeBSD.org) Date: Mon, 18 Nov 2013 11:06:50 GMT Message-Id: <201311181106.rAIB6ooP009083@freefall.freebsd.org> X-Authentication-Warning: freefall.freebsd.org: gnats set sender to owner-bugmaster@FreeBSD.org using -f From: FreeBSD bugmaster To: freebsd-ipfw@FreeBSD.org Subject: Current problem reports assigned to freebsd-ipfw@FreeBSD.org X-BeenThere: freebsd-ipfw@freebsd.org X-Mailman-Version: 2.1.16 Precedence: list List-Id: IPFW Technical Discussions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 18 Nov 2013 11:06:51 -0000 Note: to view an individual PR, use: http://www.freebsd.org/cgi/query-pr.cgi?pr=(number). The following is a listing of current problems submitted by FreeBSD users. These represent problem reports covering all versions including experimental development code and obsolete releases. S Tracker Resp. Description -------------------------------------------------------------------------------- o kern/180731 ipfw [ipfw] problem with displaying 255.255.255.255 address o kern/180729 ipfw [ipfw] ipfw nat show empty output o kern/178482 ipfw [ipfw] logging problem from vnet jail o kern/178480 ipfw [ipfw] dynamically loaded ipfw with a vimage kernel do o kern/178317 ipfw [ipfw] ipfw options need to specifed in specific order o kern/177948 ipfw [ipfw] ipfw fails to parse port ranges (p1-p2) for udp o kern/176503 ipfw [ipfw] ipfw layer2 problem o conf/167822 ipfw [ipfw] [patch] start script doesn't load firewall_type o kern/166406 ipfw [ipfw] ipfw does not set ALTQ identifier for ipv6 traf o kern/165939 ipfw [ipfw] bug: incomplete firewall rules loaded if tables o kern/165190 ipfw [ipfw] [lo] [patch] loopback interface is not marking o kern/158066 ipfw [ipfw] ipfw + netgraph + multicast = multicast packets o kern/157689 ipfw [ipfw] ipfw nat config does not accept nonexistent int f kern/155927 ipfw [ipfw] ipfw stops to check packets for compliance with o bin/153252 ipfw [ipfw][patch] ipfw lockdown system in subsequent call o kern/153161 ipfw [ipfw] does not support specifying rules with ICMP cod o kern/148827 ipfw [ipfw] divert broken with in-kernel ipfw o kern/148430 ipfw [ipfw] IPFW schedule delete broken. o kern/148091 ipfw [ipfw] ipfw ipv6 handling broken. f kern/143973 ipfw [ipfw] [panic] ipfw forward option causes kernel reboo o kern/143621 ipfw [ipfw] [dummynet] [patch] dummynet and vnet use result o kern/137346 ipfw [ipfw] ipfw nat redirect_proto is broken o kern/137232 ipfw [ipfw] parser troubles o kern/129036 ipfw [ipfw] 'ipfw fwd' does not change outgoing interface n o kern/127230 ipfw [ipfw] [patch] Feature request to add UID and/or GID l f kern/122963 ipfw [ipfw] tcpdump does not show packets redirected by 'ip s kern/121807 ipfw [request] TCP and UDP port_table in ipfw o kern/116009 ipfw [ipfw] [patch] Ignore errors when loading ruleset from o kern/104682 ipfw [ipfw] [patch] Some minor language consistency fixes a o kern/103454 ipfw [ipfw] [patch] [request] add a facility to modify DF b o kern/103328 ipfw [ipfw] [request] sugestions about ipfw table o kern/97951 ipfw [ipfw] [patch] ipfw does not tie interface details to o kern/95084 ipfw [ipfw] [regression] [patch] IPFW2 ignores "recv/xmit/v o kern/86957 ipfw [ipfw] [patch] ipfw mac logging o bin/83046 ipfw [ipfw] ipfw2 error: "setup" is allowed for icmp, but s o kern/82724 ipfw [ipfw] [patch] [request] Add setnexthop and defaultrou o bin/78785 ipfw [patch] ipfw(8) verbosity locks machine if /etc/rc.fir o kern/60719 ipfw [ipfw] Headerless fragments generate cryptic error mes s kern/55984 ipfw [ipfw] [patch] time based firewalling support for ipfw o kern/48172 ipfw [ipfw] [patch] ipfw does not log size and flags o kern/46159 ipfw [ipfw] [patch] [request] ipfw dynamic rules lifetime f a kern/26534 ipfw [ipfw] Add an option to ipfw to log gid/uid of who cau 42 problems total. From owner-freebsd-ipfw@FreeBSD.ORG Tue Nov 19 19:55:58 2013 Return-Path: Delivered-To: freebsd-ipfw@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) (using TLSv1 with cipher ADH-AES256-SHA (256/256 bits)) (No client certificate requested) by hub.freebsd.org (Postfix) with ESMTPS id 649A3FC3; Tue, 19 Nov 2013 19:55:58 +0000 (UTC) Received: from mail-we0-x22d.google.com (mail-we0-x22d.google.com [IPv6:2a00:1450:400c:c03::22d]) (using TLSv1 with cipher ECDHE-RSA-RC4-SHA (128/128 bits)) (No client certificate requested) by mx1.freebsd.org (Postfix) with ESMTPS id D3C1627D5; Tue, 19 Nov 2013 19:55:57 +0000 (UTC) Received: by mail-we0-f173.google.com with SMTP id t61so1573439wes.32 for ; Tue, 19 Nov 2013 11:55:56 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=mime-version:date:message-id:subject:from:to:content-type; bh=zo6qLo1jImxMi8EDH1WF/h9RhBjvFW3nPF3Ri1T6w5w=; b=FQ3sq//MLJh6zM1ZpT2xbKiUomYdvIUB5CqW9J8SxFdAc+XPZ7evm8JMBpV1JF/3Y4 3F0GBYoEajSPN0bgDm7SJ9ttjmpkpKxDVlTTppjvWYg0j8XFwTqH++zmYpmIB6C/ftAE GdqLk2+bq9yL+VgqvSc7ilt6ddSRAs1X0e9ukSCjIgWV7lrZTnwvMl3pq4YnKHtuN70q XnH45hl+3CijGeD2sP1xfS4nz/YADwjGOBNHiw1xhaMPdXiG5s4ojssYilfNgQ5xjZY5 qVhz8lb7EW5It5O8tmF9VX7hW2wSHoKdZRLdbXibYZfJnKDs+jXmRdX7V+avNDuUsPkX yHqA== MIME-Version: 1.0 X-Received: by 10.194.71.72 with SMTP id s8mr2749168wju.52.1384890956379; Tue, 19 Nov 2013 11:55:56 -0800 (PST) Received: by 10.216.91.144 with HTTP; Tue, 19 Nov 2013 11:55:56 -0800 (PST) Date: Tue, 19 Nov 2013 21:55:56 +0200 Message-ID: Subject: ipfw table add problem From: =?ISO-8859-1?Q?=D6zkan_KIRIK?= To: freebsd-stable , freebsd-ipfw , Luigi Rizzo Content-Type: text/plain; charset=ISO-8859-1 X-Content-Filtered-By: Mailman/MimeDel 2.1.16 X-BeenThere: freebsd-ipfw@freebsd.org X-Mailman-Version: 2.1.16 Precedence: list List-Id: IPFW Technical Discussions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 19 Nov 2013 19:55:58 -0000 Hi, I'm using kernel FreeBSD 10.0-BETA3 #2 r257635 kernel. I am trying to add port number to ipfw tables. But there is something strange : Problem is easily repeatable. #ipfw table 1 flush #ipfw table 1 add 4899 #ipfw table 1 list ::/0 0 #ipfw table 1 flush #ipfw table 1 add 10.2.3.01 ( not 10.0.0.1, the last 1 has 0 as prefix ) #ipfw table 1 list ::/0 0 #ipfw table 1 delete ::/0 ipfw: setsockopt(IP_FW_TABLE_XDEL): No such process I guess that, this problem is related to radix mask calculation problem/fix. Is there a quick solution for this. Best, regards, From owner-freebsd-ipfw@FreeBSD.ORG Tue Nov 19 20:22:23 2013 Return-Path: Delivered-To: freebsd-ipfw@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) (using TLSv1 with cipher ADH-AES256-SHA (256/256 bits)) (No client certificate requested) by hub.freebsd.org (Postfix) with ESMTPS id A24D488E; Tue, 19 Nov 2013 20:22:23 +0000 (UTC) Received: from mail-ob0-x22d.google.com (mail-ob0-x22d.google.com [IPv6:2607:f8b0:4003:c01::22d]) (using TLSv1 with cipher ECDHE-RSA-RC4-SHA (128/128 bits)) (No client certificate requested) by mx1.freebsd.org (Postfix) with ESMTPS id 5F28629A3; Tue, 19 Nov 2013 20:22:23 +0000 (UTC) Received: by mail-ob0-f173.google.com with SMTP id gq1so4146484obb.32 for ; Tue, 19 Nov 2013 12:22:22 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=mime-version:in-reply-to:references:date:message-id:subject:from:to :cc:content-type; bh=9fMG7J2TzWib9FLjAOg/mCkiFVgMsBVbtWSXaoBHpus=; b=OWzCW5iIugTDwWPvoPt0NLlOWVcBXuD0hDOnwL+SenGuDx56J+Vm0wxrWLE3ZVG78Y jFnGc6L8pAs384Nk7vu36Z2SvJkYtiDEEIO3qI3j3WzVHfcRc0NdK0y/bTKDU4o47QP6 EBzHQiyYW2GTcisK0eM4XevJ/SQ2CwctSNhRQVljDk9hp4InF8msAWeLYCqm3aPmac4Z kDNkI+Q+LwhgpBuQxfH3HecE/tu3Wz9BBHisH1Joem68THVk1lVYUXhpuNrXZawLEt9w gMqdNw30rds44dkl5AN1Bvxs1e7D6Hjv18wpu27aRhmJf2l42PTK5PbFQJ9Pnpm5oc6t KHWA== MIME-Version: 1.0 X-Received: by 10.182.87.42 with SMTP id u10mr26720115obz.22.1384892542355; Tue, 19 Nov 2013 12:22:22 -0800 (PST) Received: by 10.76.177.234 with HTTP; Tue, 19 Nov 2013 12:22:22 -0800 (PST) In-Reply-To: References: Date: Tue, 19 Nov 2013 21:22:22 +0100 Message-ID: Subject: Re: ipfw table add problem From: Andreas Nilsson To: =?ISO-8859-1?Q?=D6zkan_KIRIK?= Content-Type: text/plain; charset=ISO-8859-1 Content-Transfer-Encoding: quoted-printable X-Content-Filtered-By: Mailman/MimeDel 2.1.16 Cc: freebsd-ipfw , freebsd-stable , Luigi Rizzo X-BeenThere: freebsd-ipfw@freebsd.org X-Mailman-Version: 2.1.16 Precedence: list List-Id: IPFW Technical Discussions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 19 Nov 2013 20:22:23 -0000 On Tue, Nov 19, 2013 at 8:55 PM, =D6zkan KIRIK wrot= e: > Hi, > > I'm using kernel FreeBSD 10.0-BETA3 #2 r257635 kernel. > I am trying to add port number to ipfw tables. But there is something > strange : > Problem is easily repeatable. > > #ipfw table 1 flush > #ipfw table 1 add 4899 > #ipfw table 1 list > ::/0 0 > Works with ipfw table 1 add 0 4899 > > #ipfw table 1 flush > #ipfw table 1 add 10.2.3.01 ( not 10.0.0.1, the last 1 has 0 as > prefix ) > #ipfw table 1 list > ::/0 0 > Did you mean ipfw table 1 add 10.2.3.0 1 ? That works for me. > > #ipfw table 1 delete ::/0 > ipfw: setsockopt(IP_FW_TABLE_XDEL): No such process > However ipfw table 1 delete 0.0.0.0/0 does. > > > I guess that, this problem is related to radix mask calculation > problem/fix. > > Is there a quick solution for this. > Best, regards, Best regards Andreas From owner-freebsd-ipfw@FreeBSD.ORG Tue Nov 19 20:36:45 2013 Return-Path: Delivered-To: freebsd-ipfw@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [8.8.178.115]) (using TLSv1 with cipher ADH-AES256-SHA (256/256 bits)) (No client certificate requested) by hub.freebsd.org (Postfix) with ESMTPS id B6915D58; Tue, 19 Nov 2013 20:36:45 +0000 (UTC) Received: from mail-we0-x231.google.com (mail-we0-x231.google.com [IPv6:2a00:1450:400c:c03::231]) (using TLSv1 with cipher ECDHE-RSA-RC4-SHA (128/128 bits)) (No client certificate requested) by mx1.freebsd.org (Postfix) with ESMTPS id 2EE332A7B; Tue, 19 Nov 2013 20:36:45 +0000 (UTC) Received: by mail-we0-f177.google.com with SMTP id p61so3545935wes.22 for ; Tue, 19 Nov 2013 12:36:43 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=mime-version:in-reply-to:references:date:message-id:subject:from:to :cc:content-type; bh=h3G8NjPQUZTP24TzVKuMC5JhRoIuOo8pTtwKdE7t+3g=; b=06hTKn9MkblFUaM3Uaa7Kd2DTZLzyoqtM6jm2OxZr8i3200Arpu0DVKxAa56MMC+cy xwa9kKC1RJ8a6Aa25RZ/bkd0mcH31kaGmJB3jfGNOD9990j5gIAAakInJLoUq9wlMXPq PWwoJykfyMOtJzUMnhEA8toqGqPHzHGq9emzRLV49ghWtWaW/0uq8ySxNE0eCbjQrcOk p41HuxRt9qSEV++e0iPigXP0Wca7+UpslKzpsn0StvO+rCvNn72THwqfKRNgTl1SHEes xq6ieOvESsmHF2X032pzO6c6hPX9EMb5lrEFMhqHVrsUwRXbg+Hb5e86jMBXzL6oXaNm GGNQ== MIME-Version: 1.0 X-Received: by 10.180.185.242 with SMTP id ff18mr22676243wic.44.1384893403424; Tue, 19 Nov 2013 12:36:43 -0800 (PST) Received: by 10.216.91.144 with HTTP; Tue, 19 Nov 2013 12:36:43 -0800 (PST) In-Reply-To: References: Date: Tue, 19 Nov 2013 22:36:43 +0200 Message-ID: Subject: Re: ipfw table add problem From: =?ISO-8859-1?Q?=D6zkan_KIRIK?= To: Andreas Nilsson Content-Type: text/plain; charset=ISO-8859-1 Content-Transfer-Encoding: quoted-printable X-Content-Filtered-By: Mailman/MimeDel 2.1.16 Cc: freebsd-ipfw , freebsd-stable , Luigi Rizzo X-BeenThere: freebsd-ipfw@freebsd.org X-Mailman-Version: 2.1.16 Precedence: list List-Id: IPFW Technical Discussions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 19 Nov 2013 20:36:45 -0000 Hi, On Tue, Nov 19, 2013 at 10:22 PM, Andreas Nilsson wrote= : > > > > On Tue, Nov 19, 2013 at 8:55 PM, =D6zkan KIRIK wro= te: > >> Hi, >> >> I'm using kernel FreeBSD 10.0-BETA3 #2 r257635 kernel. >> I am trying to add port number to ipfw tables. But there is something >> strange : >> Problem is easily repeatable. >> >> #ipfw table 1 flush >> #ipfw table 1 add 4899 >> #ipfw table 1 list >> ::/0 0 >> > Works with ipfw table 1 add 0 4899 > No, i want to use this table as port list ( to use with "lookup src-port 1" ) . If you add like this, you cannot match against ports. Am I wrong? > >> #ipfw table 1 flush >> #ipfw table 1 add 10.2.3.01 ( not 10.0.0.1, the last 1 has 0 as >> prefix ) >> #ipfw table 1 list >> ::/0 0 >> > Did you mean ipfw table 1 add 10.2.3.0 1 ? That works for me. > Please dont leave spaces between 0 and 1. > >> #ipfw table 1 delete ::/0 >> ipfw: setsockopt(IP_FW_TABLE_XDEL): No such process >> > However ipfw table 1 delete 0.0.0.0/0 does. > Thank you > >> >> I guess that, this problem is related to radix mask calculation >> problem/fix. >> >> Is there a quick solution for this. >> Best, regards, > > > Best regards > Andreas > Best regards, Ozkan. From owner-freebsd-ipfw@FreeBSD.ORG Tue Nov 19 21:21:47 2013 Return-Path: Delivered-To: freebsd-ipfw@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) (using TLSv1 with cipher ADH-AES256-SHA (256/256 bits)) (No client certificate requested) by hub.freebsd.org (Postfix) with ESMTPS id 85E196A1; Tue, 19 Nov 2013 21:21:47 +0000 (UTC) Received: from mail-ob0-x235.google.com (mail-ob0-x235.google.com [IPv6:2607:f8b0:4003:c01::235]) (using TLSv1 with cipher ECDHE-RSA-RC4-SHA (128/128 bits)) (No client certificate requested) by mx1.freebsd.org (Postfix) with ESMTPS id 43B7B2D5A; Tue, 19 Nov 2013 21:21:47 +0000 (UTC) Received: by mail-ob0-f181.google.com with SMTP id uy5so1217520obc.40 for ; Tue, 19 Nov 2013 13:21:46 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=mime-version:in-reply-to:references:date:message-id:subject:from:to :cc:content-type; bh=Y936zrRXVQzkFHjnwi3FBy+CUSQLW9Axo/9ajfXdtA8=; b=FMoxHpNbovvgFB+qi1/9XQUI9G0khkzumF0BqEdyqBftq7b2cNnUBagtut/U581XFe VkekaVKZuls+vN2N42Dkte6W/YZ5ZEiaMxtG4pOpSzC5rAUJ1epzZ/9ym0H5Ta2EpRiE W8zyX8ooXVQ2mOmrHGeuNiHMJ5sgC/Ol/qC7BQ5PExK+F4ZJWb24F3SHQOAcjnd2HqgX kuO94WJ4+2tlB+YoafWpX8wHBhUeskNERtIGzSpGeYOmV+AZGJEkYDGMBngyZRh2AsQV dpHLobehvdgKoFNHIcsy6IWhL8HT5dISY5p4ieddN78GRwKQriWFUoUAEaLtHrMMSRkM CfTA== MIME-Version: 1.0 X-Received: by 10.182.220.225 with SMTP id pz1mr3350897obc.51.1384896106351; Tue, 19 Nov 2013 13:21:46 -0800 (PST) Received: by 10.76.177.234 with HTTP; Tue, 19 Nov 2013 13:21:46 -0800 (PST) In-Reply-To: References: Date: Tue, 19 Nov 2013 22:21:46 +0100 Message-ID: Subject: Re: ipfw table add problem From: Andreas Nilsson To: =?ISO-8859-1?Q?=D6zkan_KIRIK?= Content-Type: text/plain; charset=ISO-8859-1 Content-Transfer-Encoding: quoted-printable X-Content-Filtered-By: Mailman/MimeDel 2.1.16 Cc: freebsd-ipfw , freebsd-stable , Luigi Rizzo X-BeenThere: freebsd-ipfw@freebsd.org X-Mailman-Version: 2.1.16 Precedence: list List-Id: IPFW Technical Discussions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 19 Nov 2013 21:21:47 -0000 On Tue, Nov 19, 2013 at 9:36 PM, =D6zkan KIRIK wrot= e: > Hi, > > > > On Tue, Nov 19, 2013 at 10:22 PM, Andreas Nilsson wro= te: > >> >> >> >> On Tue, Nov 19, 2013 at 8:55 PM, =D6zkan KIRIK wr= ote: >> >>> Hi, >>> >>> I'm using kernel FreeBSD 10.0-BETA3 #2 r257635 kernel. >>> I am trying to add port number to ipfw tables. But there is something >>> strange : >>> Problem is easily repeatable. >>> >>> #ipfw table 1 flush >>> #ipfw table 1 add 4899 >>> #ipfw table 1 list >>> ::/0 0 >>> >> Works with ipfw table 1 add 0 4899 >> > No, i want to use this table as port list ( to use with "lookup src-port > 1" ) . If you add like this, you cannot match against ports. Am I wrong? > No, that should be possible. > > >> >>> #ipfw table 1 flush >>> #ipfw table 1 add 10.2.3.01 ( not 10.0.0.1, the last 1 has 0 as >>> prefix ) >>> #ipfw table 1 list >>> ::/0 0 >>> >> Did you mean ipfw table 1 add 10.2.3.0 1 ? That works for me. >> > Please dont leave spaces between 0 and 1. > Ok. any specific reason to type it as 10.2.3.01 instead 0f 10.2.3.1 ? > > >> >>> #ipfw table 1 delete ::/0 >>> ipfw: setsockopt(IP_FW_TABLE_XDEL): No such process >>> >> However ipfw table 1 delete 0.0.0.0/0 does. >> > Thank you > >> >>> >>> I guess that, this problem is related to radix mask calculation >>> problem/fix. >>> >>> Is there a quick solution for this. >>> Best, regards, >> >> >> Best regards >> Andreas >> > > Best regards, > Ozkan. > > Best regards Andreas From owner-freebsd-ipfw@FreeBSD.ORG Tue Nov 19 21:22:37 2013 Return-Path: Delivered-To: freebsd-ipfw@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [8.8.178.115]) (using TLSv1 with cipher ADH-AES256-SHA (256/256 bits)) (No client certificate requested) by hub.freebsd.org (Postfix) with ESMTPS id 1B49E7EE for ; Tue, 19 Nov 2013 21:22:37 +0000 (UTC) Received: from mail-wg0-x234.google.com (mail-wg0-x234.google.com [IPv6:2a00:1450:400c:c00::234]) (using TLSv1 with cipher ECDHE-RSA-RC4-SHA (128/128 bits)) (No client certificate requested) by mx1.freebsd.org (Postfix) with ESMTPS id 9C2822D81 for ; Tue, 19 Nov 2013 21:22:36 +0000 (UTC) Received: by mail-wg0-f52.google.com with SMTP id z12so8358663wgg.7 for ; Tue, 19 Nov 2013 13:22:35 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=mime-version:in-reply-to:references:date:message-id:subject:from:cc :content-type; bh=3b/5WXEE+wJepsNBCVNQVFYHdjyIoALfYRk9+7j+Wk0=; b=ijNfkLBP2aMqodi5trdcIKUvI0fYIzHFEYdfHzKAJz6xJpi3JPYKtZiQuNrVdXZbD5 QA3gd3D+iarL1K9yTfEznBD4dSGL/7nUMRXZFCNKRaSLmy9Qf4hv8mNmdggeJsWz5Yrc aVH3IQxvFRtPi/4x36/rjZXIh/Mk+XTFn2Y5l7xIKaCJw030TfToITWlAlnLvoGb6tmJ mq6rkQRVUi+7A0l+5QJR7diFaxupYExIH3Md5sVwMH/DUwRi8VUN1+VJmGpE4oRL0pQd /c5RzyVmy+Zphs6aRpK4II13KF+kJorwGVu12NLp4/AGfL+MhDibwD7hYX4Ixn/JHeyN gdrg== MIME-Version: 1.0 X-Received: by 10.194.48.115 with SMTP id k19mt3512536wjn.47.1384896155031; Tue, 19 Nov 2013 13:22:35 -0800 (PST) Received: by 10.216.91.144 with HTTP; Tue, 19 Nov 2013 13:22:34 -0800 (PST) In-Reply-To: References: Date: Tue, 19 Nov 2013 23:22:34 +0200 Message-ID: Subject: Re: ipfw table add problem From: =?ISO-8859-1?Q?=D6zkan_KIRIK?= Content-Type: text/plain; charset=ISO-8859-1 Content-Transfer-Encoding: quoted-printable X-Content-Filtered-By: Mailman/MimeDel 2.1.16 Cc: freebsd-ipfw , freebsd-stable X-BeenThere: freebsd-ipfw@freebsd.org X-Mailman-Version: 2.1.16 Precedence: list List-Id: IPFW Technical Discussions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 19 Nov 2013 21:22:37 -0000 "ipfw table 1 add 4899" command works, on FreeBSD 8.2 and 8.4. I am using port lookup tables on FreeBSD 8.4. For example : "ipfw add allow all from any to any lookup src-port 1" Lookup section from the MAN page of ipfw : lookup {dst-ip | dst-port | src-ip | src-port | uid | jail} N Search an entry in lookup table N that matches the field speci- fied as argument. If not found, the match fails. Otherwise, the match succeeds and tablearg is set to the value extracted from the table. On Tue, Nov 19, 2013 at 10:36 PM, =D6zkan KIRIK wro= te: > Hi, > > > > On Tue, Nov 19, 2013 at 10:22 PM, Andreas Nilsson wro= te: > >> >> >> >> On Tue, Nov 19, 2013 at 8:55 PM, =D6zkan KIRIK wr= ote: >> >>> Hi, >>> >>> I'm using kernel FreeBSD 10.0-BETA3 #2 r257635 kernel. >>> I am trying to add port number to ipfw tables. But there is something >>> strange : >>> Problem is easily repeatable. >>> >>> #ipfw table 1 flush >>> #ipfw table 1 add 4899 >>> #ipfw table 1 list >>> ::/0 0 >>> >> Works with ipfw table 1 add 0 4899 >> > No, i want to use this table as port list ( to use with "lookup src-port > 1" ) . If you add like this, you cannot match against ports. Am I wrong? > > >> >>> #ipfw table 1 flush >>> #ipfw table 1 add 10.2.3.01 ( not 10.0.0.1, the last 1 has 0 as >>> prefix ) >>> #ipfw table 1 list >>> ::/0 0 >>> >> Did you mean ipfw table 1 add 10.2.3.0 1 ? That works for me. >> > Please dont leave spaces between 0 and 1. > > >> >>> #ipfw table 1 delete ::/0 >>> ipfw: setsockopt(IP_FW_TABLE_XDEL): No such process >>> >> However ipfw table 1 delete 0.0.0.0/0 does. >> > Thank you > >> >>> >>> I guess that, this problem is related to radix mask calculation >>> problem/fix. >>> >>> Is there a quick solution for this. >>> Best, regards, >> >> >> Best regards >> Andreas >> > > Best regards, > Ozkan. > > From owner-freebsd-ipfw@FreeBSD.ORG Tue Nov 19 21:26:21 2013 Return-Path: Delivered-To: freebsd-ipfw@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) (using TLSv1 with cipher ADH-AES256-SHA (256/256 bits)) (No client certificate requested) by hub.freebsd.org (Postfix) with ESMTPS id 189A7977; Tue, 19 Nov 2013 21:26:21 +0000 (UTC) Received: from mail-we0-x22a.google.com (mail-we0-x22a.google.com [IPv6:2a00:1450:400c:c03::22a]) (using TLSv1 with cipher ECDHE-RSA-RC4-SHA (128/128 bits)) (No client certificate requested) by mx1.freebsd.org (Postfix) with ESMTPS id 766792DC2; Tue, 19 Nov 2013 21:26:20 +0000 (UTC) Received: by mail-we0-f170.google.com with SMTP id w61so4692170wes.1 for ; Tue, 19 Nov 2013 13:26:18 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=mime-version:in-reply-to:references:date:message-id:subject:from:to :cc:content-type; bh=bJBzYRjo5MS8/n+Ca5FKRON0oQMwBG1wQ4RyK1HEtIA=; b=UDhgCRke6i/xnd0qO+lr8d5MNo8su6oPNbETHEQo6tsziK7sN+bZtyCJ8vhcbthvnJ ZkvG5TOpEPG6zqECkPCMRWQU65RmQvjsJ8rVjHct8W0Z6+s1Qdk5E/2TrhL4kdbWhM26 pmTJtYwtgnaoQwWrfpBqC8yEC79bwe5ja4O1gleD9x4bWA27cY+fS8MvvrIDL1j9msbK MH9J2Y7Orv8th8El2LGwd16D9K1t5Pc/EJPFfrkoErTt9t4EZ9ieemg5RYn9gtkdscw2 Eh7Svdq3Q4IbO/b5xWvauclQRqW/vlcIWs6tZy3i1fJLpQGK1j7sLjD8fu27FfBVTSU+ C9Ow== MIME-Version: 1.0 X-Received: by 10.194.48.115 with SMTP id k19mr3139371wjn.47.1384896378876; Tue, 19 Nov 2013 13:26:18 -0800 (PST) Received: by 10.216.91.144 with HTTP; Tue, 19 Nov 2013 13:26:18 -0800 (PST) In-Reply-To: References: Date: Tue, 19 Nov 2013 23:26:18 +0200 Message-ID: Subject: Re: ipfw table add problem From: =?ISO-8859-1?Q?=D6zkan_KIRIK?= To: Andreas Nilsson Content-Type: text/plain; charset=ISO-8859-1 Content-Transfer-Encoding: quoted-printable X-Content-Filtered-By: Mailman/MimeDel 2.1.16 Cc: freebsd-ipfw , freebsd-stable , Luigi Rizzo X-BeenThere: freebsd-ipfw@freebsd.org X-Mailman-Version: 2.1.16 Precedence: list List-Id: IPFW Technical Discussions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 19 Nov 2013 21:26:21 -0000 On Tue, Nov 19, 2013 at 11:21 PM, Andreas Nilsson wrote= : > > > > On Tue, Nov 19, 2013 at 9:36 PM, =D6zkan KIRIK wro= te: > >> Hi, >> >> >> >> On Tue, Nov 19, 2013 at 10:22 PM, Andreas Nilsson wr= ote: >> >>> >>> >>> >>> On Tue, Nov 19, 2013 at 8:55 PM, =D6zkan KIRIK w= rote: >>> >>>> Hi, >>>> >>>> I'm using kernel FreeBSD 10.0-BETA3 #2 r257635 kernel. >>>> I am trying to add port number to ipfw tables. But there is something >>>> strange : >>>> Problem is easily repeatable. >>>> >>>> #ipfw table 1 flush >>>> #ipfw table 1 add 4899 >>>> #ipfw table 1 list >>>> ::/0 0 >>>> >>> Works with ipfw table 1 add 0 4899 >>> >> No, i want to use this table as port list ( to use with "lookup src-port >> 1" ) . If you add like this, you cannot match against ports. Am I wrong? >> > No, that should be possible. > >> >> >>> >>>> #ipfw table 1 flush >>>> #ipfw table 1 add 10.2.3.01 ( not 10.0.0.1, the last 1 has 0 a= s >>>> prefix ) >>>> #ipfw table 1 list >>>> ::/0 0 >>>> >>> Did you mean ipfw table 1 add 10.2.3.0 1 ? That works for me. >>> >> Please dont leave spaces between 0 and 1. >> > Ok. any specific reason to type it as 10.2.3.01 instead 0f 10.2.3.1 ? > There is no specific reason, but both 10.2.3.01 and 10.2.3.1 are has true syntax. The problem is, ipfw doesnt throw any errors, but record added as 0.0.0.0/0( all the IPv4 network ). This behaviour is really dangerous. FreeBSD 8.2 and 8.4 doesnt have this problem. >> >>> >>>> #ipfw table 1 delete ::/0 >>>> ipfw: setsockopt(IP_FW_TABLE_XDEL): No such process >>>> >>> However ipfw table 1 delete 0.0.0.0/0 does. >>> >> Thank you >> >>> >>>> >>>> I guess that, this problem is related to radix mask calculation >>>> problem/fix. >>>> >>>> Is there a quick solution for this. >>>> Best, regards, >>> >>> >>> Best regards >>> Andreas >>> >> >> Best regards, >> Ozkan. >> >> > > Best regards > Andreas > From owner-freebsd-ipfw@FreeBSD.ORG Thu Nov 21 08:43:43 2013 Return-Path: Delivered-To: freebsd-ipfw@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) (using TLSv1 with cipher ADH-AES256-SHA (256/256 bits)) (No client certificate requested) by hub.freebsd.org (Postfix) with ESMTPS id 0C62F870; Thu, 21 Nov 2013 08:43:43 +0000 (UTC) Received: from eg.sd.rdtc.ru (eg.sd.rdtc.ru [IPv6:2a03:3100:c:13::5]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by mx1.freebsd.org (Postfix) with ESMTPS id 668B220DE; Thu, 21 Nov 2013 08:43:42 +0000 (UTC) X-Envelope-From: eugen@grosbein.net X-Envelope-To: freebsd-ipfw@freebsd.org Received: from eg.sd.rdtc.ru (eugen@localhost [127.0.0.1]) by eg.sd.rdtc.ru (8.14.7/8.14.7) with ESMTP id rAL8hXFq047668; Thu, 21 Nov 2013 15:43:33 +0700 (NOVT) (envelope-from eugen@grosbein.net) Message-ID: <528DC7B5.8020601@grosbein.net> Date: Thu, 21 Nov 2013 15:43:33 +0700 From: Eugene Grosbein User-Agent: Mozilla/5.0 (X11; FreeBSD amd64; rv:17.0) Gecko/20130415 Thunderbird/17.0.5 MIME-Version: 1.0 To: =?UTF-8?B?w5Z6a2FuIEtJUklL?= Subject: Re: ipfw table add problem References: In-Reply-To: Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit X-Spam-Status: No, score=-0.3 required=5.0 tests=ALL_TRUSTED,BAYES_00, LOCAL_FROM autolearn=no version=3.3.2 X-Spam-Report: * -1.0 ALL_TRUSTED Passed through trusted hosts only via SMTP * -1.9 BAYES_00 BODY: Bayes spam probability is 0 to 1% * [score: 0.0000] * 2.6 LOCAL_FROM From my domains X-Spam-Checker-Version: SpamAssassin 3.3.2 (2011-06-06) on eg.sd.rdtc.ru Cc: freebsd-ipfw , freebsd-stable , Luigi Rizzo X-BeenThere: freebsd-ipfw@freebsd.org X-Mailman-Version: 2.1.16 Precedence: list List-Id: IPFW Technical Discussions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 21 Nov 2013 08:43:43 -0000 On 20.11.2013 02:55, Özkan KIRIK wrote: > Hi, > > I'm using kernel FreeBSD 10.0-BETA3 #2 r257635 kernel. > I am trying to add port number to ipfw tables. But there is something > strange : > Problem is easily repeatable. > > #ipfw table 1 flush > #ipfw table 1 add 4899 > #ipfw table 1 list > ::/0 0 Have you tried "ipfw -i table 1 list" ? From owner-freebsd-ipfw@FreeBSD.ORG Thu Nov 21 08:45:49 2013 Return-Path: Delivered-To: freebsd-ipfw@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [8.8.178.115]) (using TLSv1 with cipher ADH-AES256-SHA (256/256 bits)) (No client certificate requested) by hub.freebsd.org (Postfix) with ESMTPS id 46F49BA9; Thu, 21 Nov 2013 08:45:49 +0000 (UTC) Received: from mail-we0-x235.google.com (mail-we0-x235.google.com [IPv6:2a00:1450:400c:c03::235]) (using TLSv1 with cipher ECDHE-RSA-RC4-SHA (128/128 bits)) (No client certificate requested) by mx1.freebsd.org (Postfix) with ESMTPS id B78B42121; Thu, 21 Nov 2013 08:45:48 +0000 (UTC) Received: by mail-we0-f181.google.com with SMTP id x55so6800286wes.12 for ; Thu, 21 Nov 2013 00:45:47 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=mime-version:in-reply-to:references:date:message-id:subject:from:to :cc:content-type; bh=vGvi3oBMF91DPI09920jjYozmPG832DfOXDyrMRHC38=; b=k/lh5/2ZSt2tMusFmWC59c0RNLo/hEQdIKv98bDzXe6PvzAqH0cHG7V9Z9NW4fLBG7 Z44DJ0g0GUvw4hfi97MC0r5xluRryV7ibgaTT9tKt/RkBZ+jCNjnfjJRDVjpQLq9lV/Z 53XIqc1oX02erxYBMYny2vdy/LIq+d39bZrrXOWHujy7vtwBW5AAOU2GL514zSHLleDK FHX2GnOo4ci/aO+5qXH48lbsCByjtltcVuglvVQxAK+k+cA5VCLvE+95x/4Nr4sXUnzm 17Ug1slO9C5bnSDlUWf6jHXGVtA3+BdRAFKGZVAXv24tda9atRVvzramqE9xUVn6T4ky 1vTQ== MIME-Version: 1.0 X-Received: by 10.180.187.175 with SMTP id ft15mr4916485wic.20.1385023547064; Thu, 21 Nov 2013 00:45:47 -0800 (PST) Received: by 10.216.91.144 with HTTP; Thu, 21 Nov 2013 00:45:47 -0800 (PST) In-Reply-To: <528DC7B5.8020601@grosbein.net> References: <528DC7B5.8020601@grosbein.net> Date: Thu, 21 Nov 2013 10:45:47 +0200 Message-ID: Subject: Re: ipfw table add problem From: =?ISO-8859-1?Q?=D6zkan_KIRIK?= To: Eugene Grosbein Content-Type: text/plain; charset=ISO-8859-1 Content-Transfer-Encoding: quoted-printable X-Content-Filtered-By: Mailman/MimeDel 2.1.16 Cc: freebsd-ipfw , freebsd-stable , Luigi Rizzo X-BeenThere: freebsd-ipfw@freebsd.org X-Mailman-Version: 2.1.16 Precedence: list List-Id: IPFW Technical Discussions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 21 Nov 2013 08:45:49 -0000 Hi, # ipfw -i table 1 list ::/0 0.0.0.0 On Thu, Nov 21, 2013 at 10:43 AM, Eugene Grosbein wrote= : > On 20.11.2013 02:55, =D6zkan KIRIK wrote: > > Hi, > > > > I'm using kernel FreeBSD 10.0-BETA3 #2 r257635 kernel. > > I am trying to add port number to ipfw tables. But there is something > > strange : > > Problem is easily repeatable. > > > > #ipfw table 1 flush > > #ipfw table 1 add 4899 > > #ipfw table 1 list > > ::/0 0 > > Have you tried "ipfw -i table 1 list" ? > > > From owner-freebsd-ipfw@FreeBSD.ORG Thu Nov 21 14:50:48 2013 Return-Path: Delivered-To: freebsd-ipfw@FreeBSD.org Received: from mx1.freebsd.org (mx1.freebsd.org [8.8.178.115]) (using TLSv1 with cipher ADH-AES256-SHA (256/256 bits)) (No client certificate requested) by hub.freebsd.org (Postfix) with ESMTPS id 063ED74E; Thu, 21 Nov 2013 14:50:48 +0000 (UTC) Received: from mho-02-ewr.mailhop.org (mho-02-ewr.mailhop.org [204.13.248.72]) (using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits)) (No client certificate requested) by mx1.freebsd.org (Postfix) with ESMTPS id CEE542C9E; Thu, 21 Nov 2013 14:50:47 +0000 (UTC) Received: from c-24-8-230-52.hsd1.co.comcast.net ([24.8.230.52] helo=damnhippie.dyndns.org) by mho-02-ewr.mailhop.org with esmtpsa (TLSv1:AES256-SHA:256) (Exim 4.72) (envelope-from ) id 1VjVag-000A5G-UE; Thu, 21 Nov 2013 14:50:47 +0000 Received: from [172.22.42.240] (revolution.hippie.lan [172.22.42.240]) by damnhippie.dyndns.org (8.14.3/8.14.3) with ESMTP id rALEohiC082595; Thu, 21 Nov 2013 07:50:43 -0700 (MST) (envelope-from ian@FreeBSD.org) X-Mail-Handler: Dyn Standard SMTP by Dyn X-Originating-IP: 24.8.230.52 X-Report-Abuse-To: abuse@dyndns.com (see http://www.dyndns.com/services/sendlabs/outbound_abuse.html for abuse reporting information) X-MHO-User: U2FsdGVkX199xY+OQvRhOcfpw9jqqrLn Subject: Re: ipfw table add problem From: Ian Lepore To: =?ISO-8859-1?Q?=D6zkan?= KIRIK In-Reply-To: References: Content-Type: text/plain; charset="ISO-8859-1" Date: Thu, 21 Nov 2013 07:50:42 -0700 Message-ID: <1385045442.31172.549.camel@revolution.hippie.lan> Mime-Version: 1.0 X-Mailer: Evolution 2.32.1 FreeBSD GNOME Team Port Content-Transfer-Encoding: quoted-printable X-MIME-Autoconverted: from 8bit to quoted-printable by damnhippie.dyndns.org id rALEohiC082595 Cc: freebsd-ipfw , freebsd-stable , Luigi Rizzo , Andreas Nilsson X-BeenThere: freebsd-ipfw@freebsd.org X-Mailman-Version: 2.1.16 Precedence: list List-Id: IPFW Technical Discussions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 21 Nov 2013 14:50:48 -0000 On Tue, 2013-11-19 at 23:26 +0200, =D6zkan KIRIK wrote: > On Tue, Nov 19, 2013 at 11:21 PM, Andreas Nilsson w= rote: >=20 > > > > > > > > On Tue, Nov 19, 2013 at 9:36 PM, =D6zkan KIRIK wrote: > > > >> Hi, > >> > >> > >> > >> On Tue, Nov 19, 2013 at 10:22 PM, Andreas Nilsson wrote: > >> > >>> > >>> > >>> > >>> On Tue, Nov 19, 2013 at 8:55 PM, =D6zkan KIRIK wrote: > >>> > >>>> Hi, > >>>> > >>>> I'm using kernel FreeBSD 10.0-BETA3 #2 r257635 kernel. > >>>> I am trying to add port number to ipfw tables. But there is someth= ing > >>>> strange : > >>>> Problem is easily repeatable. > >>>> > >>>> #ipfw table 1 flush > >>>> #ipfw table 1 add 4899 > >>>> #ipfw table 1 list > >>>> ::/0 0 > >>>> > >>> Works with ipfw table 1 add 0 4899 > >>> > >> No, i want to use this table as port list ( to use with "lookup src-= port > >> 1" ) . If you add like this, you cannot match against ports. Am I wr= ong? > >> > > No, that should be possible. > > > >> > >> > >>> > >>>> #ipfw table 1 flush > >>>> #ipfw table 1 add 10.2.3.01 ( not 10.0.0.1, the last 1 has= 0 as > >>>> prefix ) > >>>> #ipfw table 1 list > >>>> ::/0 0 > >>>> > >>> Did you mean ipfw table 1 add 10.2.3.0 1 ? That works for me. > >>> > >> Please dont leave spaces between 0 and 1. > >> > > Ok. any specific reason to type it as 10.2.3.01 instead 0f 10.2.3.1 ? > > > There is no specific reason, but both 10.2.3.01 and 10.2.3.1 are has tr= ue > syntax. > The problem is, ipfw doesnt throw any errors, but record added as > 0.0.0.0/0( all the IPv4 network ). This behaviour is really dangerous. >=20 > FreeBSD 8.2 and 8.4 doesnt have this problem. For this, I wonder if ipfw was recently changed from using inet_aton() to inet_pton() to parse addresses? Our implementation of inet_pton() does not match the manpage -- it's supposed to accept decimal, octal, or hex numbers for each of the dotted IP comonents, but it accepts decimal only. 10.2.3.01 appears to cause it to return 0 as the address. Our inet_aton() handles oct/dec/hex. -- Ian From owner-freebsd-ipfw@FreeBSD.ORG Fri Nov 22 00:36:05 2013 Return-Path: Delivered-To: freebsd-ipfw@FreeBSD.org Received: from mx1.freebsd.org (mx1.freebsd.org [8.8.178.115]) (using TLSv1 with cipher ADH-AES256-SHA (256/256 bits)) (No client certificate requested) by hub.freebsd.org (Postfix) with ESMTPS id 810F1394; Fri, 22 Nov 2013 00:36:05 +0000 (UTC) Received: from mx.ams1.isc.org (mx.ams1.isc.org [199.6.1.65]) (using TLSv1 with cipher ADH-CAMELLIA256-SHA (256/256 bits)) (No client certificate requested) by mx1.freebsd.org (Postfix) with ESMTPS id 12EDA2571; Fri, 22 Nov 2013 00:36:04 +0000 (UTC) Received: from zmx1.isc.org (zmx1.isc.org [149.20.0.20]) by mx.ams1.isc.org (Postfix) with ESMTP id 80F6523839C; Fri, 22 Nov 2013 00:35:44 +0000 (UTC) (envelope-from marka@isc.org) Received: from zmx1.isc.org (localhost [127.0.0.1]) by zmx1.isc.org (Postfix) with ESMTP id 9717916042E; Fri, 22 Nov 2013 00:42:38 +0000 (UTC) Received: from rock.dv.isc.org (c211-30-183-50.carlnfd1.nsw.optusnet.com.au [211.30.183.50]) by zmx1.isc.org (Postfix) with ESMTPSA id DF5F51603E9; Fri, 22 Nov 2013 00:42:37 +0000 (UTC) Received: from rock.dv.isc.org (localhost [IPv6:::1]) by rock.dv.isc.org (Postfix) with ESMTP id 8D5B8AB6EA6; Fri, 22 Nov 2013 11:35:38 +1100 (EST) To: Ian Lepore From: Mark Andrews References: <1385045442.31172.549.camel@revolution.hippie.lan> Subject: Re: ipfw table add problem In-reply-to: Your message of "Thu, 21 Nov 2013 07:50:42 -0700." <1385045442.31172.549.camel@revolution.hippie.lan> Date: Fri, 22 Nov 2013 11:35:38 +1100 Message-Id: <20131122003538.8D5B8AB6EA6@rock.dv.isc.org> X-Spam-Status: No, score=-1.9 required=5.0 tests=BAYES_00,RP_MATCHES_RCVD autolearn=ham version=3.3.2 X-Spam-Checker-Version: SpamAssassin 3.3.2 (2011-06-06) on mx.ams1.isc.org Cc: freebsd-ipfw , Luigi Rizzo , freebsd-stable , Andreas Nilsson X-BeenThere: freebsd-ipfw@freebsd.org X-Mailman-Version: 2.1.16 Precedence: list List-Id: IPFW Technical Discussions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 22 Nov 2013 00:36:05 -0000 In message <1385045442.31172.549.camel@revolution.hippie.lan>, Ian Lepore writes: > On Tue, 2013-11-19 at 23:26 +0200, =D6zkan KIRIK wrote: > > On Tue, Nov 19, 2013 at 11:21 PM, Andreas Nilsson wro= > te: > > = > > > > > > > > > > > > > On Tue, Nov 19, 2013 at 9:36 PM, =D6zkan KIRIK w= > rote: > > > > > >> Hi, > > >> > > >> > > >> > > >> On Tue, Nov 19, 2013 at 10:22 PM, Andreas Nilsson = > wrote: > > >> > > >>> > > >>> > > >>> > > >>> On Tue, Nov 19, 2013 at 8:55 PM, =D6zkan KIRIK >wrote: > > >>> > > >>>> Hi, > > >>>> > > >>>> I'm using kernel FreeBSD 10.0-BETA3 #2 r257635 kernel. > > >>>> I am trying to add port number to ipfw tables. But there is something > > >>>> strange : > > >>>> Problem is easily repeatable. > > >>>> > > >>>> #ipfw table 1 flush > > >>>> #ipfw table 1 add 4899 > > >>>> #ipfw table 1 list > > >>>> ::/0 0 > > >>>> > > >>> Works with ipfw table 1 add 0 4899 > > >>> > > >> No, i want to use this table as port list ( to use with "lookup src-po= > rt > > >> 1" ) . If you add like this, you cannot match against ports. Am I wron= > g? > > >> > > > No, that should be possible. > > > > > >> > > >> > > >>> > > >>>> #ipfw table 1 flush > > >>>> #ipfw table 1 add 10.2.3.01 ( not 10.0.0.1, the last 1 has 0= > as > > >>>> prefix ) > > >>>> #ipfw table 1 list > > >>>> ::/0 0 > > >>>> > > >>> Did you mean ipfw table 1 add 10.2.3.0 1 ? That works for me. > > >>> > > >> Please dont leave spaces between 0 and 1. > > >> > > > Ok. any specific reason to type it as 10.2.3.01 instead 0f 10.2.3.1 ? > > > > > There is no specific reason, but both 10.2.3.01 and 10.2.3.1 are has true > > syntax. > > The problem is, ipfw doesnt throw any errors, but record added as > > 0.0.0.0/0( all the IPv4 network ). This behaviour is really dangerous. > > = > > > FreeBSD 8.2 and 8.4 doesnt have this problem. > > For this, I wonder if ipfw was recently changed from using inet_aton() > to inet_pton() to parse addresses? Our implementation of inet_pton() > does not match the manpage -- it's supposed to accept decimal, octal, or > hex numbers for each of the dotted IP comonents, but it accepts decimal > only. 10.2.3.01 appears to cause it to return 0 as the address. Our > inet_aton() handles oct/dec/hex. The man page is wrong. RFC 3493 states inet_pton *only* takes dotted decimal. This was the same in RFC 2553. The implementation Paul Vixie and I wrote back in 199[89] for BIND only accepts dotted decimal with no leading zeros. Mark > -- Ian > > > _______________________________________________ > freebsd-stable@freebsd.org mailing list > http://lists.freebsd.org/mailman/listinfo/freebsd-stable > To unsubscribe, send any mail to "freebsd-stable-unsubscribe@freebsd.org" -- Mark Andrews, ISC 1 Seymour St., Dundas Valley, NSW 2117, Australia PHONE: +61 2 9871 4742 INTERNET: marka@isc.org From owner-freebsd-ipfw@FreeBSD.ORG Fri Nov 22 22:09:45 2013 Return-Path: Delivered-To: freebsd-ipfw@FreeBSD.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) (using TLSv1 with cipher ADH-AES256-SHA (256/256 bits)) (No client certificate requested) by hub.freebsd.org (Postfix) with ESMTPS id 8627352B; Fri, 22 Nov 2013 22:09:45 +0000 (UTC) Received: from mho-01-ewr.mailhop.org (mho-03-ewr.mailhop.org [204.13.248.66]) (using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits)) (No client certificate requested) by mx1.freebsd.org (Postfix) with ESMTPS id 5ACE1215A; Fri, 22 Nov 2013 22:09:44 +0000 (UTC) Received: from c-24-8-230-52.hsd1.co.comcast.net ([24.8.230.52] helo=damnhippie.dyndns.org) by mho-01-ewr.mailhop.org with esmtpsa (TLSv1:AES256-SHA:256) (Exim 4.72) (envelope-from ) id 1Vjyv1-000L0J-Or; Fri, 22 Nov 2013 22:09:43 +0000 Received: from [172.22.42.240] (revolution.hippie.lan [172.22.42.240]) by damnhippie.dyndns.org (8.14.3/8.14.3) with ESMTP id rAMM9bMw084230; Fri, 22 Nov 2013 15:09:37 -0700 (MST) (envelope-from ian@FreeBSD.org) X-Mail-Handler: Dyn Standard SMTP by Dyn X-Originating-IP: 24.8.230.52 X-Report-Abuse-To: abuse@dyndns.com (see http://www.dyndns.com/services/sendlabs/outbound_abuse.html for abuse reporting information) X-MHO-User: U2FsdGVkX19iY4S/soVVRAjpUyhwwrSc Subject: Re: ipfw table add problem From: Ian Lepore To: Mark Andrews In-Reply-To: <20131122003538.8D5B8AB6EA6@rock.dv.isc.org> References: <1385045442.31172.549.camel@revolution.hippie.lan> <20131122003538.8D5B8AB6EA6@rock.dv.isc.org> Content-Type: text/plain; charset="us-ascii" Date: Fri, 22 Nov 2013 15:09:37 -0700 Message-ID: <1385158177.31172.562.camel@revolution.hippie.lan> Mime-Version: 1.0 X-Mailer: Evolution 2.32.1 FreeBSD GNOME Team Port Content-Transfer-Encoding: 7bit Cc: freebsd-ipfw , Andreas Nilsson , Luigi Rizzo , freebsd-stable X-BeenThere: freebsd-ipfw@freebsd.org X-Mailman-Version: 2.1.16 Precedence: list List-Id: IPFW Technical Discussions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 22 Nov 2013 22:09:45 -0000 On Fri, 2013-11-22 at 11:35 +1100, Mark Andrews wrote: > In message <1385045442.31172.549.camel@revolution.hippie.lan>, Ian Lepore writes: > > On Tue, 2013-11-19 at 23:26 +0200, =D6zkan KIRIK wrote: > > > On Tue, Nov 19, 2013 at 11:21 PM, Andreas Nilsson wro= > > te: > > > = > > > > > > > > > > > > > > > > > > On Tue, Nov 19, 2013 at 9:36 PM, =D6zkan KIRIK w= > > rote: > > > > > > > >> Hi, > > > >> > > > >> > > > >> > > > >> On Tue, Nov 19, 2013 at 10:22 PM, Andreas Nilsson = > > wrote: > > > >> > > > >>> > > > >>> > > > >>> > > > >>> On Tue, Nov 19, 2013 at 8:55 PM, =D6zkan KIRIK > >wrote: > > > >>> > > > >>>> Hi, > > > >>>> > > > >>>> I'm using kernel FreeBSD 10.0-BETA3 #2 r257635 kernel. > > > >>>> I am trying to add port number to ipfw tables. But there is something > > > >>>> strange : > > > >>>> Problem is easily repeatable. > > > >>>> > > > >>>> #ipfw table 1 flush > > > >>>> #ipfw table 1 add 4899 > > > >>>> #ipfw table 1 list > > > >>>> ::/0 0 > > > >>>> > > > >>> Works with ipfw table 1 add 0 4899 > > > >>> > > > >> No, i want to use this table as port list ( to use with "lookup src-po= > > rt > > > >> 1" ) . If you add like this, you cannot match against ports. Am I wron= > > g? > > > >> > > > > No, that should be possible. > > > > > > > >> > > > >> > > > >>> > > > >>>> #ipfw table 1 flush > > > >>>> #ipfw table 1 add 10.2.3.01 ( not 10.0.0.1, the last 1 has 0= > > as > > > >>>> prefix ) > > > >>>> #ipfw table 1 list > > > >>>> ::/0 0 > > > >>>> > > > >>> Did you mean ipfw table 1 add 10.2.3.0 1 ? That works for me. > > > >>> > > > >> Please dont leave spaces between 0 and 1. > > > >> > > > > Ok. any specific reason to type it as 10.2.3.01 instead 0f 10.2.3.1 ? > > > > > > > There is no specific reason, but both 10.2.3.01 and 10.2.3.1 are has true > > > syntax. > > > The problem is, ipfw doesnt throw any errors, but record added as > > > 0.0.0.0/0( all the IPv4 network ). This behaviour is really dangerous. > > > = > > > > > FreeBSD 8.2 and 8.4 doesnt have this problem. > > > > For this, I wonder if ipfw was recently changed from using inet_aton() > > to inet_pton() to parse addresses? Our implementation of inet_pton() > > does not match the manpage -- it's supposed to accept decimal, octal, or > > hex numbers for each of the dotted IP comonents, but it accepts decimal > > only. 10.2.3.01 appears to cause it to return 0 as the address. Our > > inet_aton() handles oct/dec/hex. > > The man page is wrong. > > RFC 3493 states inet_pton *only* takes dotted decimal. This was > the same in RFC 2553. The implementation Paul Vixie and I wrote > back in 199[89] for BIND only accepts dotted decimal with no leading > zeros. Actually, it was me that was wrong... the man page does mention the differences between inet_aton() and inet_pton(), I just didn't read all the way to the end. -- Ian From owner-freebsd-ipfw@FreeBSD.ORG Sat Nov 23 21:10:09 2013 Return-Path: Delivered-To: freebsd-ipfw@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) (using TLSv1 with cipher ADH-AES256-SHA (256/256 bits)) (No client certificate requested) by hub.freebsd.org (Postfix) with ESMTPS id 7372441F; Sat, 23 Nov 2013 21:10:09 +0000 (UTC) Received: from mail.ipfw.ru (mail.ipfw.ru [IPv6:2a01:4f8:120:6141::2]) (using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits)) (No client certificate requested) by mx1.freebsd.org (Postfix) with ESMTPS id 36ADA2B2B; Sat, 23 Nov 2013 21:10:09 +0000 (UTC) Received: from secured.by.ipfw.ru ([95.143.220.47] helo=ws.su29.net) by mail.ipfw.ru with esmtpsa (TLSv1:CAMELLIA256-SHA:256) (Exim 4.76 (FreeBSD)) (envelope-from ) id 1VkGf2-000MqO-Vk; Sat, 23 Nov 2013 21:06:25 +0400 Message-ID: <52911993.8010108@ipfw.ru> Date: Sun, 24 Nov 2013 01:09:39 +0400 From: "Alexander V. Chernikov" User-Agent: Mozilla/5.0 (X11; FreeBSD amd64; rv:17.0) Gecko/20130728 Thunderbird/17.0.7 MIME-Version: 1.0 To: =?UTF-8?B?w5Z6a2FuIEtJUklL?= Subject: Re: ipfw table add problem References: In-Reply-To: X-Enigmail-Version: 1.5.1 Content-Type: multipart/mixed; boundary="------------050901040506010603050506" Cc: freebsd-ipfw , freebsd-stable , Luigi Rizzo X-BeenThere: freebsd-ipfw@freebsd.org X-Mailman-Version: 2.1.16 Precedence: list List-Id: IPFW Technical Discussions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sat, 23 Nov 2013 21:10:09 -0000 This is a multi-part message in MIME format. --------------050901040506010603050506 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 On 19.11.2013 23:55, ᅱzkan KIRIK wrote: > Hi, > > I'm using kernel FreeBSD 10.0-BETA3 #2 r257635 kernel. I am trying > to add port number to ipfw tables. But there is something strange > : Problem is easily repeatable. > > #ipfw table 1 flush #ipfw table 1 add 4899 #ipfw table 1 list ::/0 > 0 > > #ipfw table 1 flush #ipfw table 1 add 10.2.3.01 ( not > 10.0.0.1, the last 1 has 0 as prefix ) #ipfw table 1 list ::/0 0 > > #ipfw table 1 delete ::/0 ipfw: setsockopt(IP_FW_TABLE_XDEL): No > such process > > > I guess that, this problem is related to radix mask calculation > problem/fix. Hello. I'm sorry, it seems that key lookups were broken for quite a long time. Can you apply attached patch, rebuild ipfw(8) binary and see if this helps? > > Is there a quick solution for this. Best, regards, > _______________________________________________ > freebsd-ipfw@freebsd.org mailing list > http://lists.freebsd.org/mailman/listinfo/freebsd-ipfw To > unsubscribe, send any mail to > "freebsd-ipfw-unsubscribe@freebsd.org" > -----BEGIN PGP SIGNATURE----- Version: GnuPG v2.0.20 (FreeBSD) Comment: Using GnuPG with Thunderbird - http://www.enigmail.net/ iEYEARECAAYFAlKRGZIACgkQwcJ4iSZ1q2n0hgCgkiqRewC61LptUaG4ejvHIg0q PawAoID3nfNxh3sTOVE/iKNtfjHpl9u0 =6GdO -----END PGP SIGNATURE----- --------------050901040506010603050506 Content-Type: text/x-patch; name="ipfw_lookup.diff" Content-Transfer-Encoding: 7bit Content-Disposition: attachment; filename="ipfw_lookup.diff" Index: sbin/ipfw/ipfw2.c =================================================================== --- sbin/ipfw/ipfw2.c (revision 258494) +++ sbin/ipfw/ipfw2.c (working copy) @@ -4281,6 +4281,7 @@ table_fill_xentry(char *arg, ipfw_table_xentry *xe *pkey = htonl(key); type = IPFW_TABLE_CIDR; addrlen = sizeof(uint32_t); + masklen = 32; } } } --------------050901040506010603050506--