Date: Wed, 6 Feb 2013 20:38:24 -0500 (EST) From: Daniel Hagerty <hag@linnaean.org> To: FreeBSD-gnats-submit@freebsd.org Subject: kern/175909: FreeBSD 9.1 ipfw lookup dst-port regression Message-ID: <20130207013824.A2816CEC@perdition.linnaean.org> Resent-Message-ID: <201302070140.r171e1h3072416@freefall.freebsd.org>
next in thread | raw e-mail | index | archive | help
>Number: 175909
>Category: kern
>Synopsis: FreeBSD 9.1 ipfw lookup dst-port regression
>Confidential: no
>Severity: serious
>Priority: medium
>Responsible: freebsd-bugs
>State: open
>Quarter:
>Keywords:
>Date-Required:
>Class: sw-bug
>Submitter-Id: current-users
>Arrival-Date: Thu Feb 07 01:40:00 UTC 2013
>Closed-Date:
>Last-Modified:
>Originator: Daniel Hagerty
>Release: FreeBSD 9.1-RELEASE amd64
>Organization:
I misplaced my organization
>Environment:
System: FreeBSD perdition.linnaean.org 9.1-RELEASE FreeBSD 9.1-RELEASE #0 r243710+9a57fd8: Fri Jan 25 23:38:46 EST 2013 hag@yall.linnaean.org:/sys/amd64/compile/LINNAEAN64 amd64
>Description:
ipfw lookup dst-port rules don't seem to work. Didn't test
similar cases, like src-port.
>How-To-Repeat:
Load these ipfw rules:
table 1 add 22
add 00001 permit log ip4 from any to any proto tcp lookup dst-port 1
add 00010 permit log ip from any to any proto tcp dst-port 22
Observe how on freebsd 9.1, rule 1 will never match port 22
traffic it should, whereas the same rules on 8.3 will hit rule 1, as
expected.
>Fix:
I worked around it for the moment by writing the rule without a
lookup table; don't have time to kernel spelunk.
>Release-Note:
>Audit-Trail:
>Unformatted:
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20130207013824.A2816CEC>