From owner-freebsd-ipfw@FreeBSD.ORG Mon Apr 9 11:10:25 2007 Return-Path: X-Original-To: freebsd-ipfw@FreeBSD.org Delivered-To: freebsd-ipfw@FreeBSD.org Received: from mx1.freebsd.org (mx1.freebsd.org [69.147.83.52]) by hub.freebsd.org (Postfix) with ESMTP id C56F216A413 for ; Mon, 9 Apr 2007 11:10:25 +0000 (UTC) (envelope-from owner-bugmaster@FreeBSD.org) Received: from freefall.freebsd.org (freefall.freebsd.org [69.147.83.40]) by mx1.freebsd.org (Postfix) with ESMTP id 9D2EC13C44B for ; Mon, 9 Apr 2007 11:10:25 +0000 (UTC) (envelope-from owner-bugmaster@FreeBSD.org) Received: from freefall.freebsd.org (linimon@localhost [127.0.0.1]) by freefall.freebsd.org (8.13.4/8.13.4) with ESMTP id l39BAPuk058186 for ; Mon, 9 Apr 2007 11:10:25 GMT (envelope-from owner-bugmaster@FreeBSD.org) Received: (from linimon@localhost) by freefall.freebsd.org (8.13.4/8.13.4/Submit) id l39BAMlg057787 for freebsd-ipfw@FreeBSD.org; Mon, 9 Apr 2007 11:10:22 GMT (envelope-from owner-bugmaster@FreeBSD.org) Date: Mon, 9 Apr 2007 11:10:22 GMT Message-Id: <200704091110.l39BAMlg057787@freefall.freebsd.org> X-Authentication-Warning: freefall.freebsd.org: linimon set sender to owner-bugmaster@FreeBSD.org using -f From: FreeBSD bugmaster To: freebsd-ipfw@FreeBSD.org Cc: Subject: Current problem reports assigned to you X-BeenThere: freebsd-ipfw@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: IPFW Technical Discussions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 09 Apr 2007 11:10:25 -0000 Current FreeBSD problem reports Critical problems Serious problems S Tracker Resp. Description -------------------------------------------------------------------------------- o kern/51274 ipfw [ipfw] [patch] ipfw2 create dynamic rules with parent o kern/73910 ipfw [ipfw] serious bug on forwarding of packets after NAT o kern/74104 ipfw [ipfw] ipfw2/1 conflict not detected or reported, manp p conf/78762 ipfw [ipfw] [patch] /etc/rc.d/ipfw should excecute $firewal o bin/80913 ipfw [patch] /sbin/ipfw2 silently discards MAC addr arg wit o kern/88659 ipfw [modules] ipfw and ip6fw do not work properly as modul o kern/93300 ipfw ipfw pipe lost packets o kern/95084 ipfw [ipfw] [patch] IPFW2 ignores "recv/xmit/via any" (IPFW o kern/97504 ipfw [ipfw] IPFW Rules bug o kern/97951 ipfw [ipfw] [patch] ipfw does not tie interface details to o kern/98831 ipfw [ipfw] ipfw has UDP hickups o kern/102471 ipfw [ipfw] [patch] add tos and dscp support o kern/103454 ipfw [ipfw] [patch] add a facility to modify DF bit of the o kern/106534 ipfw [ipfw] [panic] ipfw + dummynet 14 problems total. Non-critical problems S Tracker Resp. Description -------------------------------------------------------------------------------- a kern/26534 ipfw [ipfw] Add an option to ipfw to log gid/uid of who cau o kern/46159 ipfw [ipfw] [patch] ipfw dynamic rules lifetime feature o kern/48172 ipfw [ipfw] [patch] ipfw does not log size and flags o bin/50749 ipfw [ipfw] [patch] ipfw2 incorrectly parses ports and port o kern/55984 ipfw [ipfw] [patch] time based firewalling support for ipfw o kern/60719 ipfw [ipfw] Headerless fragments generate cryptic error mes o kern/69963 ipfw [ipfw] install_state warning about already existing en o kern/71366 ipfw [ipfw] "ipfw fwd" sometimes rewrites destination mac a o kern/72987 ipfw [ipfw] ipfw/dummynet pipe/queue 'queue [BYTES]KBytes ( o kern/73276 ipfw [ipfw] [patch] ipfw2 vulnerability (parser error) o bin/78785 ipfw [ipfw] [patch] ipfw verbosity locks machine if /etc/rc o kern/80642 ipfw [ipfw] [patch] ipfw small patch - new RULE OPTION o kern/82724 ipfw [ipfw] [patch] Add setnexthop and defaultroute feature o kern/86957 ipfw [ipfw] [patch] ipfw mac logging o kern/87032 ipfw [ipfw] [patch] ipfw ioctl interface implementation o kern/91847 ipfw [ipfw] ipfw with vlanX as the device o kern/103328 ipfw sugestions about ipfw table o kern/104682 ipfw [ipfw] [patch] Some minor language consistency fixes a o bin/104921 ipfw [patch] ipfw(8) sometimes treats ipv6 input as ipv4 (a o kern/105330 ipfw [ipfw] [patch] ipfw (dummynet) does not allow to set q 20 problems total. From owner-freebsd-ipfw@FreeBSD.ORG Tue Apr 10 07:13:05 2007 Return-Path: X-Original-To: freebsd-ipfw@freebsd.org Delivered-To: freebsd-ipfw@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [69.147.83.52]) by hub.freebsd.org (Postfix) with ESMTP id 0BF2216A40D for ; Tue, 10 Apr 2007 07:13:05 +0000 (UTC) (envelope-from arjunbadarinath@gmail.com) Received: from py-out-1112.google.com (py-out-1112.google.com [64.233.166.179]) by mx1.freebsd.org (Postfix) with ESMTP id C677A13C458 for ; Tue, 10 Apr 2007 07:13:04 +0000 (UTC) (envelope-from arjunbadarinath@gmail.com) Received: by py-out-1112.google.com with SMTP id f31so1195114pyh for ; Tue, 10 Apr 2007 00:13:04 -0700 (PDT) DKIM-Signature: a=rsa-sha1; c=relaxed/relaxed; d=gmail.com; s=beta; h=domainkey-signature:received:received:message-id:date:from:to:subject:mime-version:content-type; b=YnQQ8dXOL+KMpozU0397gRwy4fj9KVbbuRkbFcWrPtmR/qUcDk4Zvj6IVhfxMPnlOasWesTgYigsoWSP7EGrWU0VeRYzMwS27+Dqe1va6fF9fC3H3NpnbzBTyvZ+RN92EXOPOQ595cqGHl9CVOS5IGWrfAg+w3PmkOJZe/kx1OI= DomainKey-Signature: a=rsa-sha1; c=nofws; d=gmail.com; s=beta; h=received:message-id:date:from:to:subject:mime-version:content-type; b=D6+xjC9hj1uBlSMT7VWmQRyX1k9rVEC/EJUALEGTQ1rXsGLuShBJjIkZYO4GVNSC0r5g3Q8JK1/zZTp1G5JwwysiPpaQ03rSL/2ucuu/31EAZ2q40JXiZnAidL5cjhGqPLDn6b3ToSL8J+lCUcyYKn2F40bc8Z2rwiIBZBQHK/k= Received: by 10.65.241.20 with SMTP id t20mr13538186qbr.1176189184306; Tue, 10 Apr 2007 00:13:04 -0700 (PDT) Received: by 10.64.28.18 with HTTP; Tue, 10 Apr 2007 00:13:04 -0700 (PDT) Message-ID: <4cc04d3d0704100013n533f6a25v8eed939c8864f521@mail.gmail.com> Date: Tue, 10 Apr 2007 12:43:04 +0530 From: "arjun badarinath" To: freebsd-ipfw@freebsd.org MIME-Version: 1.0 Content-Type: text/plain; charset=ISO-8859-1; format=flowed Content-Transfer-Encoding: 7bit Content-Disposition: inline X-Content-Filtered-By: Mailman/MimeDel 2.1.5 Subject: Pf X-BeenThere: freebsd-ipfw@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: IPFW Technical Discussions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 10 Apr 2007 07:13:05 -0000 Hey all , Can u plz give the link where i can find the make file for the packet filtering function pf (pf.c) . Can u guys please tell me the entry point in pf .c . i need to include that in my make file . Regards Arjun From owner-freebsd-ipfw@FreeBSD.ORG Wed Apr 11 05:16:06 2007 Return-Path: X-Original-To: freebsd-ipfw@freebsd.org Delivered-To: freebsd-ipfw@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [69.147.83.52]) by hub.freebsd.org (Postfix) with ESMTP id D0CD516A400 for ; Wed, 11 Apr 2007 05:16:06 +0000 (UTC) (envelope-from arjunbadarinath@gmail.com) Received: from py-out-1112.google.com (py-out-1112.google.com [64.233.166.176]) by mx1.freebsd.org (Postfix) with ESMTP id 91FA813C46E for ; Wed, 11 Apr 2007 05:16:06 +0000 (UTC) (envelope-from arjunbadarinath@gmail.com) Received: by py-out-1112.google.com with SMTP id f31so62145pyh for ; Tue, 10 Apr 2007 22:16:06 -0700 (PDT) DKIM-Signature: a=rsa-sha1; c=relaxed/relaxed; d=gmail.com; s=beta; h=domainkey-signature:received:received:message-id:date:from:to:subject:mime-version:content-type; b=QW2ALpSI18SyF9As/ZEIFHGxcIVZDU1pBUOASEWg+0r69tnxl9ay4FiNhh2XrI7Pj/PF8SirLnissD+EiRXUKcYrYEfyfaaC8tZd4QxNYzeESAsTz3eTLaIJ9wooThH7edGiVTUJdMDMQMfn4inGyaU9b6jM59LoktQPWl7MxyE= DomainKey-Signature: a=rsa-sha1; c=nofws; d=gmail.com; s=beta; h=received:message-id:date:from:to:subject:mime-version:content-type; b=t+7OdYeyNv0aLOUSMkroG5tL/sP55J2uqVl26rSYexES54eXFMJhwKM+qogp7BI0aC+HV1XmPBbZWmFPtv6WN0FyzhxCDmRbxJXwgKkmBKMI3QW5+p2tOZR+bKOdTMRNorHGN2rPZAlnpV6qa+B/Br/SmHL9HCXRAAgCsKRCdhE= Received: by 10.65.160.7 with SMTP id m7mr542815qbo.1176268565326; Tue, 10 Apr 2007 22:16:05 -0700 (PDT) Received: by 10.64.28.18 with HTTP; Tue, 10 Apr 2007 22:16:05 -0700 (PDT) Message-ID: <4cc04d3d0704102216n5286c43ao186fe88e15323495@mail.gmail.com> Date: Wed, 11 Apr 2007 10:46:05 +0530 From: "arjun badarinath" To: freebsd-ipfw@freebsd.org MIME-Version: 1.0 Content-Type: text/plain; charset=ISO-8859-1; format=flowed Content-Transfer-Encoding: 7bit Content-Disposition: inline X-Content-Filtered-By: Mailman/MimeDel 2.1.5 Subject: (no subject) X-BeenThere: freebsd-ipfw@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: IPFW Technical Discussions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 11 Apr 2007 05:16:06 -0000 Hey all , I need a help in the paket filtering (pf.c) . I'm trying to build somethign on this and i need to mention the entrypoint in the make file So can anyone tell me where exactly the entry point is . Thanks and Regards Arjun From owner-freebsd-ipfw@FreeBSD.ORG Wed Apr 11 06:46:02 2007 Return-Path: X-Original-To: freebsd-ipfw@freebsd.org Delivered-To: freebsd-ipfw@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [69.147.83.52]) by hub.freebsd.org (Postfix) with ESMTP id BD00E16A404 for ; Wed, 11 Apr 2007 06:46:02 +0000 (UTC) (envelope-from ilya@po4ta.com) Received: from jerry.kiev.farlep.net (jerry.kiev.farlep.net [213.130.24.8]) by mx1.freebsd.org (Postfix) with ESMTP id 7852F13C45B for ; Wed, 11 Apr 2007 06:46:02 +0000 (UTC) (envelope-from ilya@po4ta.com) Received: from ilya.kiev.farlep.net ([62.221.47.37] helo=[10.0.0.3]) by jerry.kiev.farlep.net with esmtps (TLSv1:AES256-SHA:256) (Exim 4.62 (FreeBSD)) (envelope-from ) id 1HbVpW-000ISc-RK; Wed, 11 Apr 2007 08:57:18 +0300 Message-ID: <461C78A9.5080506@po4ta.com> Date: Wed, 11 Apr 2007 08:56:57 +0300 From: Ilya Bobir User-Agent: Thunderbird 1.5.0.10 (Windows/20070221) MIME-Version: 1.0 To: arjun badarinath References: <4cc04d3d0704102216n5286c43ao186fe88e15323495@mail.gmail.com> In-Reply-To: <4cc04d3d0704102216n5286c43ao186fe88e15323495@mail.gmail.com> Content-Type: text/plain; charset=ISO-8859-1; format=flowed Content-Transfer-Encoding: 7bit Cc: freebsd-ipfw@freebsd.org Subject: Re: pf.c entrypoint X-BeenThere: freebsd-ipfw@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: IPFW Technical Discussions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 11 Apr 2007 06:46:02 -0000 arjun badarinath wrote: > Hey all , > I need a help in the paket filtering (pf.c) . I'm trying to > build somethign on this and i need to mention the entrypoint in the make > file > So can anyone tell me where exactly the entry point is . > > Thanks and Regards > Arjun pf is a kernel module. In /usr/src/sys/contrib/pf/net/pf_ioctl.c you can find a module definition, at the bottom of the file. pf_modevent is defined to be a module event handling function. From owner-freebsd-ipfw@FreeBSD.ORG Wed Apr 11 12:42:14 2007 Return-Path: X-Original-To: freebsd-ipfw@freebsd.org Delivered-To: freebsd-ipfw@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [69.147.83.52]) by hub.freebsd.org (Postfix) with ESMTP id 66C4916A401 for ; Wed, 11 Apr 2007 12:42:14 +0000 (UTC) (envelope-from dhersin@gmail.com) Received: from ug-out-1314.google.com (ug-out-1314.google.com [66.249.92.175]) by mx1.freebsd.org (Postfix) with ESMTP id EA6BB13C44B for ; Wed, 11 Apr 2007 12:42:13 +0000 (UTC) (envelope-from dhersin@gmail.com) Received: by ug-out-1314.google.com with SMTP id 71so103699ugh for ; Wed, 11 Apr 2007 05:42:12 -0700 (PDT) DKIM-Signature: a=rsa-sha1; c=relaxed/relaxed; d=gmail.com; s=beta; h=domainkey-signature:received:received:message-id:date:from:to:subject:mime-version:content-type:content-transfer-encoding:content-disposition; b=MuNJsyE6cLBUD2VCuR9mXlxTzD96I98WoCa0cQkDXSpJytRSetz1eWNZE10LQiYxgecNRGbWZQaBjIk6+v+B+0TJUs8zsqNIJLoQCyl1v8JBuqUEvblebqKa9drh1ELLWrI+pNZK53ZAZFXRGWoKb+bVotTlCZbLyPwoAkFY1gM= DomainKey-Signature: a=rsa-sha1; c=nofws; d=gmail.com; s=beta; h=received:message-id:date:from:to:subject:mime-version:content-type:content-transfer-encoding:content-disposition; b=lObTDURHk6PTQEFU07A79aqA/ll7usdKq7mSRD8giHy5reOZChF1KzTXev7MH9evDSoEchUWfjkonIPYGaWYzGg6wvBpJyK4eolnZ64h9ZQX3npOQTAo09wYUFy1OoMMiV/No+rHZVL1DA7rPFtwb5kqb4j0YU2LFto+hjerunY= Received: by 10.67.28.4 with SMTP id f4mr409392ugj.1176293729643; Wed, 11 Apr 2007 05:15:29 -0700 (PDT) Received: by 10.66.233.18 with HTTP; Wed, 11 Apr 2007 05:15:29 -0700 (PDT) Message-ID: <2e25cc380704110515r44257b55va78d23d4a298121a@mail.gmail.com> Date: Wed, 11 Apr 2007 14:15:29 +0200 From: "Julien DHERSIN" To: freebsd-ipfw@freebsd.org MIME-Version: 1.0 Content-Type: text/plain; charset=ISO-8859-1; format=flowed Content-Transfer-Encoding: 7bit Content-Disposition: inline Subject: IPFW + Divert and multicast IPv6 X-BeenThere: freebsd-ipfw@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: IPFW Technical Discussions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 11 Apr 2007 12:42:14 -0000 Hi, I would like to know if anyone has already tried to divert multicast IPv6 packets and to reinject them in the IPv6 stack ? The idea is to filter the multicast IPv6 packets (UDP:54321) according to the option data in the header. My IPFW script is quite short : #!/bin/sh /sbin/ipfw -q flush /sbin/ipfw add divert 1234 udp from any to any 54321 I found the following code in a mini howto but it is not working : #include #include #include #include #include #include #include #include #include #include #include #ifdef IPSEC #include #endif /*IPSEC*/ #include #include #include #include #include #include #include #include #include #include #include #include #define BUFSIZE 65535 int main(int argc, char **argv) { int fd, rawfd, fdfw, ret, n; int on = 1; struct sockaddr_in6 bindPort, sin; int sinlen; int port_nb; struct ip6_hdr *hdr; unsigned char packet[BUFSIZE]; struct in6_addr addr; int i, direction; struct ip_mreq mreq; if (argc != 2) { fprintf(stderr, "Usage: %s \n", argv[0]); exit(1); } bindPort.sin6_family = AF_INET6; bindPort.sin6_port = htons(atol(argv[1])); bindPort.sin6_addr = in6addr_any; fprintf(stderr, "%s:Creating a socket\n", argv[0]); /* open a divert socket */ fd = socket(AF_INET6, SOCK_RAW, IPPROTO_DIVERT); if (fd == -1) { fprintf(stderr, "%s:We could not open a divert socket\n", argv[0]); exit(1); } fprintf(stderr, "%s:Binding a socket\n", argv[0]); ret = bind(fd, (struct sockaddr6*)&bindPort, sizeof(struct sockaddr_in6)); if (ret != 0) { close(fd); fprintf(stderr, "%s: Error bind(): %s", argv[0], strerror(ret)); exit(2); } printf("%s: Waiting for data...\n", argv[0]); /* read data in */ sinlen = sizeof(struct sockaddr_in); while (1) { n = recvfrom(fd, packet, BUFSIZE, 0, (struct sockaddr6*)&sin, &sinlen); hdr = (struct ip6_hdr *) packet; printf("%s: The packet looks like this:\n", argv[0]); for (i = 0; i < 80; i++) { printf("%02x ", (int)*(packet + i)); if (!((i + 1) % 16)) printf("\n"); }; printf("\n"); printf("%s Reinjecting DIVERT %i bytes\n", argv[0], n); n=sendto(fd, packet, n ,0, &sin, sinlen); printf("%s: %i bytes reinjected.\n", argv[0], n); if (n<=0) printf("%s: Oops: errno = %i\n", argv[0], errno); } } Thanks for your help. Regards, Julien