Skip site navigation (1)Skip section navigation (2)
Date:      Mon, 14 Nov 2016 13:43:15 +0000
From:      wo0x <>
Subject:   [Bug 214419] ipfw coredump when try to add rule with table of IPv6 addresses
Message-ID:  <>

Next in thread | Raw E-Mail | Index | Archive | Help
Hi there,

   I just subscribed to this list due to the subjected bug--and I am quite
happy to find this trouble has yet been noted by others:

# fwcmd=/sbin/ipfw
# ${fwcmd} -f table dnssrv flush
# ${fwcmd}    table dnssrv create type addr
# ${fwcmd}    table dnssrv add 2a02:e00:fffd:139::9
added: 2a02:e00:fffd:139::9/128 0
# ${fwcmd}    table dnssrv add 2001:41D0:A:0028::1
added: 2001:41d0:a:28::1/128 0
# ${fwcmd}    table dnssrv add 2001:4860:4860::8844
added: 2001:4860:4860::8844/128 0
# ${fwcmd} add 20020 allow ip6 from any to "table(dnssrv)" out via gif0
setup keep-state
Segmentation fault (core dumped)
# uname -v
FreeBSD 11.0-STABLE #0 r308635: Mon Nov 14 08:55:15 UTC 2016

When doing "ipfw list" all rules are with numbers lower to 20020 are listed
correctly. Then again SegFault is notified and processing of further rules
is interrupted, more precisely: The mandatory "65535 deny ip from any to
any" is also missing.

This is from within a VNET jail using a cloned "gif  interface. If
connection is relevant: The jails "external" interface has the same MAC
address like the host system. Involved is a netgraph utilizing ng_etf, that
filters ethertypes ipv4 (0x0800) and arp (0x0806) to the affected jails

If I can help with any input, please let me know. I am just lacking
knowledge to debug or analyze dumps.


Want to link to this message? Use this URL: <>