From owner-freebsd-bugs@FreeBSD.ORG Sat Jan 3 12:20:03 2009 Return-Path: Delivered-To: freebsd-bugs@hub.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 0E0CB1065673 for ; Sat, 3 Jan 2009 12:20:03 +0000 (UTC) (envelope-from gnats@FreeBSD.org) Received: from freefall.freebsd.org (freefall.freebsd.org [IPv6:2001:4f8:fff6::28]) by mx1.freebsd.org (Postfix) with ESMTP id DE1308FC1B for ; Sat, 3 Jan 2009 12:20:02 +0000 (UTC) (envelope-from gnats@FreeBSD.org) Received: from freefall.freebsd.org (gnats@localhost [127.0.0.1]) by freefall.freebsd.org (8.14.3/8.14.3) with ESMTP id n03CK2Oh016136 for ; Sat, 3 Jan 2009 12:20:02 GMT (envelope-from gnats@freefall.freebsd.org) Received: (from gnats@localhost) by freefall.freebsd.org (8.14.3/8.14.3/Submit) id n03CK2n5016135; Sat, 3 Jan 2009 12:20:02 GMT (envelope-from gnats) Resent-Date: Sat, 3 Jan 2009 12:20:02 GMT Resent-Message-Id: <200901031220.n03CK2n5016135@freefall.freebsd.org> Resent-From: FreeBSD-gnats-submit@FreeBSD.org (GNATS Filer) Resent-To: freebsd-bugs@FreeBSD.org Resent-Reply-To: FreeBSD-gnats-submit@FreeBSD.org, Mike Yurlov Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id D2D0A1065672 for ; Sat, 3 Jan 2009 12:12:25 +0000 (UTC) (envelope-from nobody@FreeBSD.org) Received: from www.freebsd.org (www.freebsd.org [IPv6:2001:4f8:fff6::21]) by mx1.freebsd.org (Postfix) with ESMTP id C04FA8FC12 for ; Sat, 3 Jan 2009 12:12:25 +0000 (UTC) (envelope-from nobody@FreeBSD.org) Received: from www.freebsd.org (localhost [127.0.0.1]) by www.freebsd.org (8.14.3/8.14.3) with ESMTP id n03CCOLv024047 for ; Sat, 3 Jan 2009 12:12:24 GMT (envelope-from nobody@www.freebsd.org) Received: (from nobody@localhost) by www.freebsd.org (8.14.3/8.14.3/Submit) id n03CCONr024046; Sat, 3 Jan 2009 12:12:24 GMT (envelope-from nobody) Message-Id: <200901031212.n03CCONr024046@www.freebsd.org> Date: Sat, 3 Jan 2009 12:12:24 GMT From: Mike Yurlov To: freebsd-gnats-submit@FreeBSD.org X-Send-Pr-Version: www-3.1 Cc: Subject: bin/130132: no way to get mask from ipfw pipe show/list for some pipes X-BeenThere: freebsd-bugs@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: Bug reports List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sat, 03 Jan 2009 12:20:03 -0000 >Number: 130132 >Category: bin >Synopsis: no way to get mask from ipfw pipe show/list for some pipes >Confidential: no >Severity: serious >Priority: medium >Responsible: freebsd-bugs >State: open >Quarter: >Keywords: >Date-Required: >Class: change-request >Submitter-Id: current-users >Arrival-Date: Sat Jan 03 12:20:02 UTC 2009 >Closed-Date: >Last-Modified: >Originator: Mike Yurlov >Release: 6.x, 7.x >Organization: >Environment: FreeBSD xxx.kaluga.net 6.3-RELEASE FreeBSD 6.3-RELEASE #2: Wed Dec 24 19:59:28 MSK 2008 root@xxx.kaluga.net:/usr/src/sys/i386/compile/xxx i386 >Description: Commands "ipfw pipe show" and "ipfw pipe list"(equivalent in ipfw2.c code) do not print mask parameters for pipes which have no traffic since 6.0-RELEASE (to all 6.x/7.x/8.x). Also, perhaps it breaks for queues which have no traffic and pipes/queues with expired/removed associated flows too. Moreover, it is now no way at all to find mask parameters for some pipes (as stated above) throught native ipfw tool, so this change reduce ipfw tool functionlity, cause user confision and breaks existing applications. No one other method to get current pipe/queue mask parameters via any native tool are known, so this functionality lost at all. This change breaks POLA and should be corrected. >How-To-Repeat: # ipfw pipe 1 config bw 1024Kbit/s mask dst-ip 0xffffffff # ipfw pipe 2 config bw 1024Kbit/s mask src-ip 0xfffffff7 # ipfw pipe list 00001: 1.024 Mbit/s 0 ms 50 sl. 0 queues (64 buckets) droptail 00002: 1.024 Mbit/s 0 ms 50 sl. 0 queues (64 buckets) droptail # ipfw pipe show 00001: 1.024 Mbit/s 0 ms 50 sl. 0 queues (64 buckets) droptail 00002: 1.024 Mbit/s 0 ms 50 sl. 0 queues (64 buckets) droptail As listed above we have no way to differ pipes parameters at all >Fix: I proposed move back printf(mask-index) and printf(BKT-index) ipv4/ipv6 code in ipfw2.c: list_queues() function from print flows cycle to function top like RELENG_4/5, remove if(!index_printed) parts and associated variables. For example like that (just copy/paste for 6.2-RELEASE source, also I don't know is using q[0] in IS_IP6_FLOW_ID(&(q[0].id)) are correct) --- ipfw2.orig Sat Oct 21 19:59:19 2006 +++ ipfw2.c Sat Jan 3 05:57:23 2009 @@ -2089,18 +2089,46 @@ list_queues(struct dn_flow_set *fs, struct dn_flow_queue *q) { int l; - int index_printed, indexes = 0; char buff[255]; struct protoent *pe; + if (!IS_IP6_FLOW_ID(&(q[0].id))) { + printf(" " + "mask: 0x%02x 0x%08x/0x%04x -> 0x%08x/0x%04x\n", + fs->flow_mask.proto, + fs->flow_mask.src_ip, fs->flow_mask.src_port, + fs->flow_mask.dst_ip, fs->flow_mask.dst_port); + } else if (IS_IP6_FLOW_ID(&(q[0].id))) { + printf("\n mask: proto: 0x%02x, flow_id: 0x%08x, ", + fs->flow_mask.proto, fs->flow_mask.flow_id6); + inet_ntop(AF_INET6, &(fs->flow_mask.src_ip6), + buff, sizeof(buff)); + printf("%s/0x%04x -> ", buff, fs->flow_mask.src_port); + inet_ntop( AF_INET6, &(fs->flow_mask.dst_ip6), + buff, sizeof(buff) ); + printf("%s/0x%04x\n", buff, fs->flow_mask.dst_port); + } + if (fs->rq_elements == 0) return; + if (!IS_IP6_FLOW_ID(&(q[0].id))) { + printf("BKT Prot ___Source IP/port____ " + "____Dest. IP/port____ " + "Tot_pkt/bytes Pkt/Byte Drp\n"); + + } else if (IS_IP6_FLOW_ID(&(q[0].id))) { + printf("BKT ___Prot___ _flow-id_ " + "______________Source IPv6/port_______________ " + "_______________Dest. IPv6/port_______________ " + "Tot_pkt/bytes Pkt/Byte Drp\n"); + + } + if (do_sort != 0) heapsort(q, fs->rq_elements, sizeof *q, sort_q); /* Print IPv4 flows */ - index_printed = 0; for (l = 0; l < fs->rq_elements; l++) { struct in_addr ina; @@ -2108,22 +2136,6 @@ if (IS_IP6_FLOW_ID(&(q[l].id))) continue; - if (!index_printed) { - index_printed = 1; - if (indexes > 0) /* currently a no-op */ - printf("\n"); - indexes++; - printf(" " - "mask: 0x%02x 0x%08x/0x%04x -> 0x%08x/0x%04x\n", - fs->flow_mask.proto, - fs->flow_mask.src_ip, fs->flow_mask.src_port, - fs->flow_mask.dst_ip, fs->flow_mask.dst_port); - - printf("BKT Prot ___Source IP/port____ " - "____Dest. IP/port____ " - "Tot_pkt/bytes Pkt/Byte Drp\n"); - } - printf("%3d ", q[l].hash_slot); pe = getprotobynumber(q[l].id.proto); if (pe) @@ -2145,30 +2157,10 @@ } /* Print IPv6 flows */ - index_printed = 0; for (l = 0; l < fs->rq_elements; l++) { if (!IS_IP6_FLOW_ID(&(q[l].id))) continue; - if (!index_printed) { - index_printed = 1; - if (indexes > 0) - printf("\n"); - indexes++; - printf("\n mask: proto: 0x%02x, flow_id: 0x%08x, ", - fs->flow_mask.proto, fs->flow_mask.flow_id6); - inet_ntop(AF_INET6, &(fs->flow_mask.src_ip6), - buff, sizeof(buff)); - printf("%s/0x%04x -> ", buff, fs->flow_mask.src_port); - inet_ntop( AF_INET6, &(fs->flow_mask.dst_ip6), - buff, sizeof(buff) ); - printf("%s/0x%04x\n", buff, fs->flow_mask.dst_port); - - printf("BKT ___Prot___ _flow-id_ " - "______________Source IPv6/port_______________ " - "_______________Dest. IPv6/port_______________ " - "Tot_pkt/bytes Pkt/Byte Drp\n"); - } printf("%3d ", q[l].hash_slot); pe = getprotobynumber(q[l].id.proto); if (pe != NULL) >Release-Note: >Audit-Trail: >Unformatted: