Skip site navigation (1)Skip section navigation (2) 
Date:      Fri, 2 Jan 2009 08:38:48 GMT
From:      Eugen Konkov <kes@kes.net.ua>
To:        freebsd-gnats-submit@FreeBSD.org
Subject:   misc/130109: Can not set fib for packets originated from local host
Message-ID:  <200901020838.n028cmP3028828@www.freebsd.org>
Resent-Message-ID: <200901020840.n028e4fr046027@freefall.freebsd.org>
next in thread | raw e-mail | index | archive | help 

>Number:         130109
>Category:       misc
>Synopsis:       Can not set fib for packets originated from local host
>Confidential:   no
>Severity:       non-critical
>Priority:       low
>Responsible:    freebsd-bugs
>State:          open
>Quarter:        
>Keywords:       
>Date-Required:
>Class:          sw-bug
>Submitter-Id:   current-users
>Arrival-Date:   Fri Jan 02 08:40:03 UTC 2009
>Closed-Date:
>Last-Modified:
>Originator:     Eugen Konkov
>Release:        7.1-PRERELEASE
>Organization:
ISP Konkov
>Environment:
kes# uname -a
FreeBSD kes.net.ua 7.1-PRERELEASE FreeBSD 7.1-PRERELEASE #: Sun Nov 23 17:19:12 EET 2008     kes@home.kes.net.ua:/usr/obj/usr/src/sys/KES_KERN_v7  i386

>Description:
Packets originated from localhost are goes out with FIB 0 and can not be changed.
by having two routing tables and rl0, rl1 external, rl2 internal
you can:
ipfw add 3 setfib 1 from any to any in recv rl2
so packet originated from LAN (rl2) will out with rl1 interface.
But packet originated from localhost (from router itself) has FIB = 0.
and rule:
ipfw add 2 setfib 1 from any to any out xmit rl0
has no effect =(
>How-To-Repeat:
setfib 0 route add default G.A.T.E1
setfib 1 route add default G.A.T.E2
ipfw add 2 setfib 1 from any to any out xmit rl0
ipfw add 3 setfib 1 from any to any in recv rl2

Packets originated from LAN (rl2) will out with rl1 because of FIB =1. (NOTICE ipfw rule 3)
But packets originated from router itself will out with rl0, because of FIB=0.
and ipfw rule 2 has no any effect because of packet already routed
>Fix:
I suggest that packet is routed and then it put into ipfw. If so you must reroute packet if it have been changed its FIB. 

You must not put packet to ipfw again, because of this will result next problem: packet will never leave router:
ipfw add 1 setfib 1 from any to any out xmit rl0
ipfw add 2 setfib 0 from any to any out xmit rl1


>Release-Note:
>Audit-Trail:
>Unformatted:

Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?200901020838.n028cmP3028828>