From owner-freebsd-ipfw@FreeBSD.ORG Mon Jan 1 11:08:44 2007 Return-Path: X-Original-To: freebsd-ipfw@FreeBSD.org Delivered-To: freebsd-ipfw@FreeBSD.org Received: from mx1.freebsd.org (mx1.freebsd.org [69.147.83.52]) by hub.freebsd.org (Postfix) with ESMTP id EA7AE16A416 for ; Mon, 1 Jan 2007 11:08:44 +0000 (UTC) (envelope-from owner-bugmaster@FreeBSD.org) Received: from freefall.freebsd.org (freefall.freebsd.org [69.147.83.40]) by mx1.freebsd.org (Postfix) with ESMTP id B325D13C4C6 for ; Mon, 1 Jan 2007 11:08:44 +0000 (UTC) (envelope-from owner-bugmaster@FreeBSD.org) Received: from freefall.freebsd.org (linimon@localhost [127.0.0.1]) by freefall.freebsd.org (8.13.4/8.13.4) with ESMTP id l01B8i2M048892 for ; Mon, 1 Jan 2007 11:08:44 GMT (envelope-from owner-bugmaster@FreeBSD.org) Received: (from linimon@localhost) by freefall.freebsd.org (8.13.4/8.13.4/Submit) id l01B8h1n048888 for freebsd-ipfw@FreeBSD.org; Mon, 1 Jan 2007 11:08:43 GMT (envelope-from owner-bugmaster@FreeBSD.org) Date: Mon, 1 Jan 2007 11:08:43 GMT Message-Id: <200701011108.l01B8h1n048888@freefall.freebsd.org> X-Authentication-Warning: freefall.freebsd.org: linimon set sender to owner-bugmaster@FreeBSD.org using -f From: FreeBSD bugmaster To: freebsd-ipfw@FreeBSD.org Cc: Subject: Current problem reports assigned to you X-BeenThere: freebsd-ipfw@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: IPFW Technical Discussions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 01 Jan 2007 11:08:45 -0000 Current FreeBSD problem reports Critical problems Serious problems S Tracker Resp. Description -------------------------------------------------------------------------------- o kern/51274 ipfw [ipfw] [patch] ipfw2 create dynamic rules with parent o kern/73910 ipfw [ipfw] serious bug on forwarding of packets after NAT o kern/74104 ipfw [ipfw] ipfw2/1 conflict not detected or reported, manp o conf/78762 ipfw [ipfw] [patch] /etc/rc.d/ipfw should excecute $firewal o bin/80913 ipfw [patch] /sbin/ipfw2 silently discards MAC addr arg wit o kern/88659 ipfw [modules] ipfw and ip6fw do not work properly as modul o kern/93300 ipfw ipfw pipe lost packets o kern/95084 ipfw [ipfw] [patch] IPFW2 ignores "recv/xmit/via any" (IPFW o kern/97504 ipfw [ipfw] IPFW Rules bug o kern/97951 ipfw [ipfw] [patch] ipfw does not tie interface details to o kern/98831 ipfw [ipfw] ipfw has UDP hickups o kern/102471 ipfw [ipfw] [patch] add tos and dscp support o kern/103454 ipfw [ipfw] [patch] add a facility to modify DF bit of the o kern/106534 ipfw [ipfw] [panic] ipfw + dummynet 14 problems total. Non-critical problems S Tracker Resp. Description -------------------------------------------------------------------------------- a kern/26534 ipfw [ipfw] Add an option to ipfw to log gid/uid of who cau o kern/46159 ipfw [ipfw] [patch] ipfw dynamic rules lifetime feature o kern/48172 ipfw [ipfw] [patch] ipfw does not log size and flags o bin/50749 ipfw [ipfw] [patch] ipfw2 incorrectly parses ports and port o kern/55984 ipfw [ipfw] [patch] time based firewalling support for ipfw o kern/60719 ipfw [ipfw] Headerless fragments generate cryptic error mes o kern/69963 ipfw [ipfw] install_state warning about already existing en o kern/71366 ipfw [ipfw] "ipfw fwd" sometimes rewrites destination mac a o kern/72987 ipfw [ipfw] ipfw/dummynet pipe/queue 'queue [BYTES]KBytes ( o kern/73276 ipfw [ipfw] [patch] ipfw2 vulnerability (parser error) o bin/78785 ipfw [ipfw] [patch] ipfw verbosity locks machine if /etc/rc o kern/80642 ipfw [ipfw] [patch] ipfw small patch - new RULE OPTION o kern/82724 ipfw [ipfw] [patch] Add setnexthop and defaultroute feature o kern/86957 ipfw [ipfw] [patch] ipfw mac logging o kern/87032 ipfw [ipfw] [patch] ipfw ioctl interface implementation o kern/91847 ipfw [ipfw] ipfw with vlanX as the device o kern/103328 ipfw sugestions about ipfw table o kern/104682 ipfw [ipfw] [patch] Some minor language consistency fixes a o bin/104921 ipfw [patch] ipfw(8) sometimes treats ipv6 input as ipv4 (a o kern/105330 ipfw [ipfw] [patch] ipfw (dummynet) does not allow to set q 20 problems total. From owner-freebsd-ipfw@FreeBSD.ORG Mon Jan 1 17:42:28 2007 Return-Path: X-Original-To: freebsd-ipfw@freebsd.org Delivered-To: freebsd-ipfw@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [69.147.83.52]) by hub.freebsd.org (Postfix) with ESMTP id 3A01716A403 for ; Mon, 1 Jan 2007 17:42:26 +0000 (UTC) (envelope-from user@dhp.com) Received: from shell.dhp.com (shell.dhp.com [199.4.150.5]) by mx1.freebsd.org (Postfix) with ESMTP id 2E50B13C458 for ; Mon, 1 Jan 2007 17:42:25 +0000 (UTC) (envelope-from user@dhp.com) Received: by shell.dhp.com (Postfix, from userid 896) id 020EA26374; Mon, 1 Jan 2007 12:21:30 -0500 (EST) Date: Mon, 1 Jan 2007 12:21:30 -0500 (EST) From: Ensel Sharon To: freebsd-ipfw@freebsd.org Message-ID: MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Subject: Do we still care about HZ=1000 with dummynet ? X-BeenThere: freebsd-ipfw@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: IPFW Technical Discussions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 01 Jan 2007 17:42:28 -0000 I see in the dummynet man page: Generally, the following options are required: options IPFIREWALL options DUMMYNET options HZ=1000 # strongly recommended But all of the NOTES and other documentation only mention setting the HZ value in conjunction with DEVICE_POLLING. The man page for dummynet is dated October 2002. So the question is: circa 6.1, does it matter anymore to set an HZ value if you aren't using DEVICE_POLLING ? If so, why ? I understand the benefit when used with DEVICE_POLLING, but not for dummynet ... Thanks! From owner-freebsd-ipfw@FreeBSD.ORG Tue Jan 2 00:56:00 2007 Return-Path: X-Original-To: freebsd-ipfw@freebsd.org Delivered-To: freebsd-ipfw@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [69.147.83.52]) by hub.freebsd.org (Postfix) with ESMTP id 9B5AD16A40F for ; Tue, 2 Jan 2007 00:56:00 +0000 (UTC) (envelope-from user@dhp.com) Received: from shell.dhp.com (shell.dhp.com [199.4.150.5]) by mx1.freebsd.org (Postfix) with ESMTP id 76BCD13C448 for ; Tue, 2 Jan 2007 00:56:00 +0000 (UTC) (envelope-from user@dhp.com) Received: by shell.dhp.com (Postfix, from userid 896) id 513D0263D1; Mon, 1 Jan 2007 19:55:57 -0500 (EST) Date: Mon, 1 Jan 2007 19:55:57 -0500 (EST) From: Ensel Sharon To: freebsd-ipfw@freebsd.org Message-ID: MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Subject: lowercase 'm' with dummynet rate limiting ? Known issue ? X-BeenThere: freebsd-ipfw@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: IPFW Technical Discussions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 02 Jan 2007 00:56:00 -0000 Newly installed 6.1-RELEASE system with dummynet and hz=1000 built into the kernel. I ran this succession of commands: ipfw pipe 1 config bw 10Kbit/s ipfw add 00005 pipe 1 all from any to any Great. It works. Things are damned slow, which proves it is doing what I want it to. I also want to pass the packets through after the pipe to a few other ipfw rules, so I then did this: sysctl -w net.inet.ip.fw.one_pass=0 Everything still working great. Now, I want to just adjust the rate to the bandwidth I _really_ want, not 10 Kbit/s. So I run this command: ipfw pipe 1 config bw 10mbit/s Oops. After about 5 minutes, the prompt returns, so it's not like a normal accidental-ipfw-lockout (when those happen you never see the prompt again). But it might as well be, because that was the last response I got out of that system - can't ping it, can't connect, and both ssh sessions timed out trying to get a prompt back. So what did I do wrong ? I see that the man page calls for a uppercase M (10Mbits/s) whereas I typed a lowercase 'm'. Was that the problem ? Or was I supposed to remove the first pipe completely before reissuing the 'ipfw pipe 1 config' command again ? Any idea why that command took it off line ? From owner-freebsd-ipfw@FreeBSD.ORG Tue Jan 2 01:25:11 2007 Return-Path: X-Original-To: freebsd-ipfw@freebsd.org Delivered-To: freebsd-ipfw@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [69.147.83.52]) by hub.freebsd.org (Postfix) with ESMTP id 76DF016A403 for ; Tue, 2 Jan 2007 01:25:11 +0000 (UTC) (envelope-from tobias@netconsultoria.com.br) Received: from srv1.netconsultoria.com.br (srv1.netconsultoria.com.br [200.230.201.252]) by mx1.freebsd.org (Postfix) with ESMTP id EC3D013C459 for ; Tue, 2 Jan 2007 01:25:10 +0000 (UTC) (envelope-from tobias@netconsultoria.com.br) Received: from [192.168.0.99] (mailgw.netconsultoria.com.br [200.230.201.249]) (authenticated bits=0) by srv1.netconsultoria.com.br (8.13.8/8.13.3) with ESMTP id l0217KZl002448; Mon, 1 Jan 2007 23:07:26 -0200 (BRST) (envelope-from tobias@netconsultoria.com.br) Message-ID: <4599B00B.8000307@netconsultoria.com.br> Date: Mon, 01 Jan 2007 23:06:19 -0200 From: "Tobias P. Santos" User-Agent: Thunderbird 1.5.0.9 (Windows/20061207) MIME-Version: 1.0 To: Ensel Sharon References: In-Reply-To: Content-Type: text/plain; charset=ISO-8859-1; format=flowed Content-Transfer-Encoding: 7bit X-Virus-Scanned: ClamAV 0.88.7/2403/Mon Jan 1 20:35:09 2007 on srv1.netconsultoria.com.br X-Virus-Status: Clean Cc: freebsd-ipfw@freebsd.org Subject: Re: lowercase 'm' with dummynet rate limiting ? Known issue ? X-BeenThere: freebsd-ipfw@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: IPFW Technical Discussions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 02 Jan 2007 01:25:11 -0000 Ensel Sharon escreveu: [...] > ipfw pipe 1 config bw 10mbit/s > > Oops. After about 5 minutes, the prompt returns, so it's not like a > normal accidental-ipfw-lockout (when those happen you never see the prompt > again). But it might as well be, because that was the last response I got > out of that system - can't ping it, can't connect, and both ssh sessions > timed out trying to get a prompt back. > > So what did I do wrong ? I see that the man page calls for a uppercase M > (10Mbits/s) whereas I typed a lowercase 'm'. Was that the problem ? Or > was I supposed to remove the first pipe completely before reissuing the > 'ipfw pipe 1 config' command again ? > > Any idea why that command took it off line ? Similar issue: http://lists.freebsd.org/pipermail/freebsd-net/2006-November/012566.html Regards, Tobias. From owner-freebsd-ipfw@FreeBSD.ORG Tue Jan 2 01:45:17 2007 Return-Path: X-Original-To: freebsd-ipfw@freebsd.org Delivered-To: freebsd-ipfw@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [69.147.83.52]) by hub.freebsd.org (Postfix) with ESMTP id CB08816A407 for ; Tue, 2 Jan 2007 01:45:17 +0000 (UTC) (envelope-from user@dhp.com) Received: from shell.dhp.com (shell.dhp.com [199.4.150.5]) by mx1.freebsd.org (Postfix) with ESMTP id A556913C441 for ; Tue, 2 Jan 2007 01:45:17 +0000 (UTC) (envelope-from user@dhp.com) Received: by shell.dhp.com (Postfix, from userid 896) id E42C6263D1; Mon, 1 Jan 2007 20:45:12 -0500 (EST) Date: Mon, 1 Jan 2007 20:45:12 -0500 (EST) From: Ensel Sharon To: "Tobias P. Santos" In-Reply-To: <4599B00B.8000307@netconsultoria.com.br> Message-ID: MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Cc: freebsd-ipfw@freebsd.org Subject: Re: lowercase 'm' with dummynet rate limiting ? Known issue ? X-BeenThere: freebsd-ipfw@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: IPFW Technical Discussions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 02 Jan 2007 01:45:17 -0000 On Mon, 1 Jan 2007, Tobias P. Santos wrote: > Ensel Sharon escreveu: > [...] > > ipfw pipe 1 config bw 10mbit/s > > > > Oops. After about 5 minutes, the prompt returns, so it's not like a > > normal accidental-ipfw-lockout (when those happen you never see the prompt > > again). But it might as well be, because that was the last response I got > > out of that system - can't ping it, can't connect, and both ssh sessions > > timed out trying to get a prompt back. > > > > So what did I do wrong ? I see that the man page calls for a uppercase M > > (10Mbits/s) whereas I typed a lowercase 'm'. Was that the problem ? Or > > was I supposed to remove the first pipe completely before reissuing the > > 'ipfw pipe 1 config' command again ? > > > > Any idea why that command took it off line ? > > Similar issue: > http://lists.freebsd.org/pipermail/freebsd-net/2006-November/012566.html Ahh... so unless I am missing something, it would appear that when you put a lowercase-m in place, it is just skipped, and: ipfw pipe 1 config bw 10mbit/s becomes: ipfw pipe 1 config bw 10bit/s Does that look like an accurate interpretation of what is happening ? So here's a follow-up question: I now have a (remote) system that is now set to 10bit/s rate limiting ... now that is awfully slow, but are there any conceivable tcp/ip settings that I could apply on a local system here that would allow me to ssh into it ? As it stands now, I cannot ssh into it - the session times out. Any ideas ? All I need to do is login and "ipfw delete ..." :) From owner-freebsd-ipfw@FreeBSD.ORG Tue Jan 2 10:57:19 2007 Return-Path: X-Original-To: freebsd-ipfw@freebsd.org Delivered-To: freebsd-ipfw@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [69.147.83.52]) by hub.freebsd.org (Postfix) with ESMTP id BE26A16A40F for ; Tue, 2 Jan 2007 10:57:19 +0000 (UTC) (envelope-from tobias@netconsultoria.com.br) Received: from srv1.netconsultoria.com.br (srv1.netconsultoria.com.br [200.230.201.252]) by mx1.freebsd.org (Postfix) with ESMTP id 0C15013C448 for ; Tue, 2 Jan 2007 10:57:18 +0000 (UTC) (envelope-from tobias@netconsultoria.com.br) Received: from [172.16.16.100] (mailgw.netconsultoria.com.br [200.230.201.249]) (authenticated bits=0) by srv1.netconsultoria.com.br (8.13.8/8.13.3) with ESMTP id l02AvDOn080797; Tue, 2 Jan 2007 08:57:13 -0200 (BRST) (envelope-from tobias@netconsultoria.com.br) Message-ID: <459A3A88.40400@netconsultoria.com.br> Date: Tue, 02 Jan 2007 08:57:12 -0200 From: "Tobias P. Santos" User-Agent: Thunderbird 1.5.0.9 (X11/20061206) MIME-Version: 1.0 To: Ensel Sharon References: In-Reply-To: Content-Type: text/plain; charset=ISO-8859-1; format=flowed Content-Transfer-Encoding: 7bit X-Virus-Scanned: ClamAV 0.88.7/2405/Tue Jan 2 06:39:39 2007 on srv1.netconsultoria.com.br X-Virus-Status: Clean Cc: freebsd-ipfw@freebsd.org Subject: Re: lowercase 'm' with dummynet rate limiting ? Known issue ? X-BeenThere: freebsd-ipfw@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: IPFW Technical Discussions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 02 Jan 2007 10:57:19 -0000 Ensel Sharon wrote: > Ahh... so unless I am missing something, it would appear that when you put > a lowercase-m in place, it is just skipped, and: > > ipfw pipe 1 config bw 10mbit/s > > becomes: > > ipfw pipe 1 config bw 10bit/s > > Does that look like an accurate interpretation of what is happening ? > Looks like. To be sure you should read the source code. > So here's a follow-up question: > > I now have a (remote) system that is now set to 10bit/s rate limiting > ... now that is awfully slow, but are there any conceivable tcp/ip > settings that I could apply on a local system here that would allow me to > ssh into it ? As it stands now, I cannot ssh into it - the session times > out. Any ideas ? > > All I need to do is login and "ipfw delete ..." :) > You'll probably have to get console access on this box. There are some tricks you can use next time. From ipfw man page: To test a ruleset and disable it and regain control if something goes wrong: ipfw set disable 18 ipfw add NN set 18 ... # repeat as needed ipfw set enable 18; echo done; sleep 30 && ipfw set disable 18 Here if everything goes well, you press control-C before the "sleep" ter- minates, and your ruleset will be left active. Otherwise, e.g. if you cannot access your box, the ruleset will be disabled after the sleep ter- minates thus restoring the previous situation. Good luck, Tobias. From owner-freebsd-ipfw@FreeBSD.ORG Tue Jan 2 18:22:31 2007 Return-Path: X-Original-To: freebsd-ipfw@freebsd.org Delivered-To: freebsd-ipfw@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [69.147.83.52]) by hub.freebsd.org (Postfix) with ESMTP id C79AA16A407 for ; Tue, 2 Jan 2007 18:22:31 +0000 (UTC) (envelope-from adcox_jim@emc.com) Received: from mexforward.lss.emc.com (mexforward.lss.emc.com [128.222.32.20]) by mx1.freebsd.org (Postfix) with ESMTP id 84FFE13C45A for ; Tue, 2 Jan 2007 18:22:31 +0000 (UTC) (envelope-from adcox_jim@emc.com) Received: from mailhub.lss.emc.com (sesha.lss.emc.com [10.254.144.12]) by mexforward.lss.emc.com (Switch-3.1.8/Switch-3.1.7) with ESMTP id l02HnMGq021522 for ; Tue, 2 Jan 2007 12:49:22 -0500 (EST) Received: from corpussmtp4.corp.emc.com (corpussmtp4.corp.emc.com [10.254.64.54]) by mailhub.lss.emc.com (Switch-3.1.8/Switch-3.1.7) with ESMTP id l02HnLaI022815 for ; Tue, 2 Jan 2007 12:49:21 -0500 (EST) From: adcox_jim@emc.com Received: from CORPUSMX20B.corp.emc.com ([128.221.62.11]) by corpussmtp4.corp.emc.com with Microsoft SMTPSVC(6.0.3790.1830); Tue, 2 Jan 2007 12:49:21 -0500 X-MimeOLE: Produced By Microsoft Exchange V6.5 Content-class: urn:content-classes:message MIME-Version: 1.0 Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: quoted-printable Date: Tue, 2 Jan 2007 12:49:20 -0500 Message-ID: X-MS-Has-Attach: X-MS-TNEF-Correlator: Thread-Topic: Dummynet boot disk failure Thread-Index: AccullSi3EzkVcc1SxeCH7JkACe7hw== To: X-OriginalArrivalTime: 02 Jan 2007 17:49:21.0299 (UTC) FILETIME=[55370630:01C72E96] X-PMX-Version: 4.7.1.128075, Antispam-Engine: 2.5.0.283055, Antispam-Data: 2007.1.2.92933 X-PerlMx-Spam: Gauge=, SPAM=0%, Reason='EMC_BODY_1+ -3, EMC_FROM_0+ -2, NO_REAL_NAME 0, __C230066_P5 0, __CT 0, __CTE 0, __CTYPE_CHARSET_QUOTED 0, __CT_TEXT_PLAIN 0, __HAS_MSGID 0, __IMS_MSGID 0, __MIME_TEXT_ONLY 0, __MIME_VERSION 0, __SANE_MSGID 0' Subject: Dummynet boot disk failure X-BeenThere: freebsd-ipfw@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: IPFW Technical Discussions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 02 Jan 2007 18:22:31 -0000 Folks, I have made several attempts at using the boot disk version of dummynet. No matter what system I try to boot it on, I get the same error, at the = same point of the boot. Right after the: Load -t mfs_root fs.PICOBSD zf_read: fill error Any ideas at to what causes this? Jim Adcox Practice Manager, Replication and Data Migration TS Applied Technologies EMC Technology Solutions Office / Cell : 719 332 4722 From owner-freebsd-ipfw@FreeBSD.ORG Wed Jan 3 16:32:17 2007 Return-Path: X-Original-To: freebsd-ipfw@freebsd.org Delivered-To: freebsd-ipfw@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [69.147.83.52]) by hub.freebsd.org (Postfix) with ESMTP id 3046416A417 for ; Wed, 3 Jan 2007 16:32:17 +0000 (UTC) (envelope-from lists@wm-access.no) Received: from lakepoint.domeneshop.no (smtp01.domeneshop.no [194.63.248.15]) by mx1.freebsd.org (Postfix) with ESMTP id A585613C4A6 for ; Wed, 3 Jan 2007 16:32:16 +0000 (UTC) (envelope-from lists@wm-access.no) Received: from [192.168.0.100] (225.0.33.65.cfl.res.rr.com [65.33.0.225]) (authenticated bits=0) by lakepoint.domeneshop.no (8.13.8/8.13.8) with ESMTP id l03FtIpr026108 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=NOT); Wed, 3 Jan 2007 16:55:20 +0100 Message-ID: <459BD1E4.1020201@wm-access.no> Date: Wed, 03 Jan 2007 10:55:16 -0500 From: =?ISO-8859-1?Q?Sten_Daniel_S=F8rsdal?= User-Agent: Thunderbird 1.5.0.9 (Windows/20061207) MIME-Version: 1.0 To: Ensel Sharon References: In-Reply-To: Content-Type: text/plain; charset=ISO-8859-1 Content-Transfer-Encoding: quoted-printable Cc: freebsd-ipfw@freebsd.org Subject: Re: Do we still care about HZ=1000 with dummynet ? X-BeenThere: freebsd-ipfw@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: IPFW Technical Discussions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 03 Jan 2007 16:32:17 -0000 Ensel Sharon wrote: > I see in the dummynet man page: >=20 > Generally, the following options are required: >=20 > options IPFIREWALL > options DUMMYNET > options HZ=3D1000 # strongly recommended >=20 > But all of the NOTES and other documentation only mention setting the H= Z > value in conjunction with DEVICE_POLLING. >=20 > The man page for dummynet is dated October 2002. >=20 > So the question is: circa 6.1, does it matter anymore to set an HZ valu= e > if you aren't using DEVICE_POLLING ? >=20 > If so, why ? I understand the benefit when used with DEVICE_POLLING, b= ut > not for dummynet ... Every HZ (or divisor?) the dummynet pipes/queues are reprocessed and recalculated to see whether a packet should leave the dummynet pipes/queu= es. --=20 Sten Daniel S=F8rsdal From owner-freebsd-ipfw@FreeBSD.ORG Wed Jan 3 23:01:38 2007 Return-Path: X-Original-To: freebsd-ipfw@freebsd.org Delivered-To: freebsd-ipfw@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [69.147.83.52]) by hub.freebsd.org (Postfix) with ESMTP id 4488616A407 for ; Wed, 3 Jan 2007 23:01:38 +0000 (UTC) (envelope-from adam.egan@gmail.com) Received: from ug-out-1314.google.com (ug-out-1314.google.com [66.249.92.175]) by mx1.freebsd.org (Postfix) with ESMTP id D752F13C43E for ; Wed, 3 Jan 2007 23:01:37 +0000 (UTC) (envelope-from adam.egan@gmail.com) Received: by ug-out-1314.google.com with SMTP id o2so4703396uge for ; Wed, 03 Jan 2007 15:01:36 -0800 (PST) DomainKey-Signature: a=rsa-sha1; q=dns; c=nofws; s=beta; d=gmail.com; h=received:message-id:date:from:to:subject:mime-version:content-type:content-transfer-encoding:content-disposition; b=BIkh2ma1MGZ1WSGSsnfi6e7a4OO4W2e+f8K/BwyKU30LGaYS2uYQdnReKhWSkRvEfYHz9SjW4VmKv/2UShu6Tpr7oL9gvLKOih5HDVz/22cPWrX2+h/GD3Af2j4WMk4Vvrsh4H1XgcDQMRCt8y9nIceEXgSIvsiOJHNUnWLBrhc= Received: by 10.78.204.7 with SMTP id b7mr2369671hug.1167863783257; Wed, 03 Jan 2007 14:36:23 -0800 (PST) Received: by 10.78.165.3 with HTTP; Wed, 3 Jan 2007 14:36:23 -0800 (PST) Message-ID: <28745bbf0701031436r3457c0edr88d8fc50ea3e50b5@mail.gmail.com> Date: Wed, 3 Jan 2007 22:36:23 +0000 From: "Adam Egan" To: freebsd-ipfw@freebsd.org MIME-Version: 1.0 Content-Type: text/plain; charset=ISO-8859-1; format=flowed Content-Transfer-Encoding: 7bit Content-Disposition: inline Subject: problems with port forwarding X-BeenThere: freebsd-ipfw@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: IPFW Technical Discussions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 03 Jan 2007 23:01:38 -0000 Ok having some problems with port forwarding here, wondered if anyone could tell me if they see anything wrong, or have any ideas? /* ipfw rules for natd */ add 01005 divert natd all from any to any in via sis0 add 01010 check-state /* Allow for access to web server (unless specified like this, packets are denied) */ add 01015 allow tcp from any to 192.168.0.0/24 dst-port 80 in via sis0 setup keep-state /* Port redirect line in natd.conf */ redirect_port tcp 192.168.0.5:80 80 when I do ipfw show.. the figures next to the apache ipfw rule change.. so i think it does activate that rule, as packet numbers change.. but when i try to access my web server, the connection times out. There are no entries into the apache-access/error logs. Thanks in advance! Adam From owner-freebsd-ipfw@FreeBSD.ORG Fri Jan 5 14:53:07 2007 Return-Path: X-Original-To: freebsd-ipfw@hub.freebsd.org Delivered-To: freebsd-ipfw@hub.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [69.147.83.52]) by hub.freebsd.org (Postfix) with ESMTP id 0BCED16A500; Fri, 5 Jan 2007 14:53:07 +0000 (UTC) (envelope-from remko@FreeBSD.org) Received: from freefall.freebsd.org (freefall.freebsd.org [69.147.83.40]) by mx1.freebsd.org (Postfix) with ESMTP id D7C1B13C467; Fri, 5 Jan 2007 14:53:06 +0000 (UTC) (envelope-from remko@FreeBSD.org) Received: from freefall.freebsd.org (remko@localhost [127.0.0.1]) by freefall.freebsd.org (8.13.4/8.13.4) with ESMTP id l05Er6dd093158; Fri, 5 Jan 2007 14:53:06 GMT (envelope-from remko@freefall.freebsd.org) Received: (from remko@localhost) by freefall.freebsd.org (8.13.4/8.13.4/Submit) id l05Er6X4093154; Fri, 5 Jan 2007 14:53:06 GMT (envelope-from remko) Date: Fri, 5 Jan 2007 14:53:06 GMT From: Remko Lodder Message-Id: <200701051453.l05Er6X4093154@freefall.freebsd.org> To: remko@FreeBSD.org, freebsd-bugs@FreeBSD.org, freebsd-ipfw@FreeBSD.org Cc: Subject: Re: kern/107565: input string parsing mistake X-BeenThere: freebsd-ipfw@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: IPFW Technical Discussions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 05 Jan 2007 14:53:07 -0000 Synopsis: input string parsing mistake Responsible-Changed-From-To: freebsd-bugs->freebsd-ipfw Responsible-Changed-By: remko Responsible-Changed-When: Fri Jan 5 14:52:39 UTC 2007 Responsible-Changed-Why: Reassign to ipfw team http://www.freebsd.org/cgi/query-pr.cgi?pr=107565 From owner-freebsd-ipfw@FreeBSD.ORG Fri Jan 5 16:30:22 2007 Return-Path: X-Original-To: freebsd-ipfw@hub.freebsd.org Delivered-To: freebsd-ipfw@hub.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [69.147.83.52]) by hub.freebsd.org (Postfix) with ESMTP id CB95116A417 for ; Fri, 5 Jan 2007 16:30:22 +0000 (UTC) (envelope-from gnats@FreeBSD.org) Received: from freefall.freebsd.org (freefall.freebsd.org [69.147.83.40]) by mx1.freebsd.org (Postfix) with ESMTP id B95BC13C45E for ; Fri, 5 Jan 2007 16:30:22 +0000 (UTC) (envelope-from gnats@FreeBSD.org) Received: from freefall.freebsd.org (gnats@localhost [127.0.0.1]) by freefall.freebsd.org (8.13.4/8.13.4) with ESMTP id l05GUMJb002726 for ; Fri, 5 Jan 2007 16:30:22 GMT (envelope-from gnats@freefall.freebsd.org) Received: (from gnats@localhost) by freefall.freebsd.org (8.13.4/8.13.4/Submit) id l05GUMGZ002722; Fri, 5 Jan 2007 16:30:22 GMT (envelope-from gnats) Date: Fri, 5 Jan 2007 16:30:22 GMT Message-Id: <200701051630.l05GUMGZ002722@freefall.freebsd.org> To: freebsd-ipfw@FreeBSD.org From: "Anishchuk, Igor" Cc: Subject: Re: kern/107565: input string parsing mistake X-BeenThere: freebsd-ipfw@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list Reply-To: "Anishchuk, Igor" List-Id: IPFW Technical Discussions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 05 Jan 2007 16:30:22 -0000 The following reply was made to PR kern/107565; it has been noted by GNATS. From: "Anishchuk, Igor" To: , "Anishchuk, Igor" Cc: Subject: Re: kern/107565: input string parsing mistake Date: Fri, 5 Jan 2007 17:53:27 +0200 This is a multi-part message in MIME format. ------_=_NextPart_001_01C730E1.AA867EB0 Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: quoted-printable Hello! =20 I've found a little mistake in my workaround. The line for(ti=3D0; ti<16 && p[ti] !=3D 0; ti++){ should be for (ti=3D0; ti<16 && p && p[ti] !=3D 0; ti++){ =20 Please change is ASAP otherwise segmentation fault will happen in some conditions. =20 The complete, tested patch is: =20 --- /usr/src/sbin/ipfw/ipfw2.c Fri Jan 5 17:43:25 2007 *************** *** 2720,2725 **** --- 2720,2733 ---- char *p =3D strpbrk(av, "/:,{"); int masklen; char md; + char t[15]; + int ti; + + for (ti=3D0; ti<16 && p && p[ti] !=3D 0; ti++){ + t[ti]=3Dp[ti+1]; + if(t[ti] !=3D '.' && (t[ti] < '0' || t[ti] > '9')) + t[ti] =3D '\0'; + } =20 if (p) { md =3D *p; *************** *** 2731,2741 **** errx(EX_NOHOST, "hostname ``%s'' unknown", av); switch (md) { case ':': ! if (!inet_aton(p, (struct in_addr *)&d[1])) errx(EX_DATAERR, "bad netmask ``%s''", p); break; case '/': ! masklen =3D atoi(p); if (masklen =3D=3D 0) d[1] =3D htonl(0); /* mask */ else if (masklen > 32) --- 2739,2749 ---- errx(EX_NOHOST, "hostname ``%s'' unknown", av); switch (md) { case ':': ! if (!inet_aton(t, (struct in_addr *)&d[1])) errx(EX_DATAERR, "bad netmask ``%s''", p); break; case '/': ! masklen =3D atoi(t); if (masklen =3D=3D 0) d[1] =3D htonl(0); /* mask */ else if (masklen > 32) =20 Thanks! -- Igor Anishchuk, F-Secure Corporation, Senior Systems Architect tel: +358 925205734, mobile: +358 408393620, fax: +358 925205015 mailto:igor.anishchuk@f-secure.com = , WWW: http://www.f-secure.com =20 BE SURE. =20 ------_=_NextPart_001_01C730E1.AA867EB0 Content-Type: text/html; charset="us-ascii" Content-Transfer-Encoding: quoted-printable

Hello!

 

I’ve found a little mistake in my = workaround. The line

for(ti=3D0; ti<16 && p[ti] !=3D 0; = ti++){

should be

for (ti=3D0; ti<16 && p && p[ti] = !=3D 0; ti++){

 

Please change is ASAP otherwise segmentation = fault will happen in some conditions.

 

The complete, tested patch = is:

 

--- /usr/src/sbin/ipfw/ipfw2.c  Fri Jan  5 = 17:43:25 2007

***************

*** 2720,2725 ****

--- 2720,2733 ----

        char *p =3D strpbrk(av, "/:,{");

        int = masklen;

        char = md;

+         char = t[15];

+         int = ti;

+

+         for = (ti=3D0; ti<16 && p && p[ti] !=3D 0; = ti++){

+         =         t[ti]=3Dp[ti+1];

+         =         if(t[ti] !=3D '.' && (t[ti] < '0' || t[ti] > = '9'))

+         =             &= nbsp;   t[ti] =3D '\0';

+         = }

 

        if (p) = {

         &= nbsp;      md =3D *p;

***************

*** 2731,2741 ****

         &= nbsp;      errx(EX_NOHOST, "hostname ``%s'' unknown", = av);

        switch (md) = {

        case = ':':

!         =       if (!inet_aton(p, (struct in_addr = *)&d[1]))

         &= nbsp;           &n= bsp;  errx(EX_DATAERR, "bad netmask ``%s''", = p);

         &= nbsp;      break;

        case = '/':

!         =       masklen =3D atoi(p);

         &= nbsp;      if (masklen =3D=3D 0)

         &= nbsp;           &n= bsp;  d[1] =3D htonl(0);        /* mask = */

         &= nbsp;      else if (masklen > 32)

--- 2739,2749 ----

         &= nbsp;      errx(EX_NOHOST, "hostname ``%s'' unknown", = av);

        switch (md) = {

        case = ':':

!         =       if (!inet_aton(t, (struct in_addr = *)&d[1]))

         &= nbsp;           &n= bsp;  errx(EX_DATAERR, "bad netmask ``%s''", = p);

         &= nbsp;      break;

        case = '/':

!         =       masklen =3D atoi(t);

         &= nbsp;      if (masklen =3D=3D 0)

         &= nbsp;           &n= bsp;  d[1] =3D htonl(0);        /* mask = */

         &= nbsp;      else if (masklen > 32)

 

Thanks!

--
Igor Anishchuk,  F-Secure Corporation,  Senior Systems = Architect
tel: +358 925205734, mobile: +358 408393620, fax: +358 925205015
mailto:igor.anishchuk@f-secure.com, WWW: http://www.f-secure.com
BE = SURE.

 

------_=_NextPart_001_01C730E1.AA867EB0-- From owner-freebsd-ipfw@FreeBSD.ORG Fri Jan 5 17:01:45 2007 Return-Path: X-Original-To: freebsd-ipfw@hub.freebsd.org Delivered-To: freebsd-ipfw@hub.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [69.147.83.52]) by hub.freebsd.org (Postfix) with ESMTP id 8805316A412; Fri, 5 Jan 2007 17:01:45 +0000 (UTC) (envelope-from linimon@FreeBSD.org) Received: from freefall.freebsd.org (freefall.freebsd.org [69.147.83.40]) by mx1.freebsd.org (Postfix) with ESMTP id 5E9A113C45D; Fri, 5 Jan 2007 17:01:45 +0000 (UTC) (envelope-from linimon@FreeBSD.org) Received: from freefall.freebsd.org (linimon@localhost [127.0.0.1]) by freefall.freebsd.org (8.13.4/8.13.4) with ESMTP id l05H1j39007185; Fri, 5 Jan 2007 17:01:45 GMT (envelope-from linimon@freefall.freebsd.org) Received: (from linimon@localhost) by freefall.freebsd.org (8.13.4/8.13.4/Submit) id l05H1jbP007181; Fri, 5 Jan 2007 17:01:45 GMT (envelope-from linimon) Date: Fri, 5 Jan 2007 17:01:45 GMT From: Mark Linimon Message-Id: <200701051701.l05H1jbP007181@freefall.freebsd.org> To: igor.anishchuk@f-secure.com, linimon@FreeBSD.org, freebsd-ipfw@FreeBSD.org Cc: Subject: Re: kern/107565: [ipfw] [patch] input string parsing mistake X-BeenThere: freebsd-ipfw@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: IPFW Technical Discussions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 05 Jan 2007 17:01:45 -0000 Synopsis: [ipfw] [patch] input string parsing mistake State-Changed-From-To: open->feedback State-Changed-By: linimon State-Changed-When: Fri Jan 5 17:00:32 UTC 2007 State-Changed-Why: Unfortunately, you used quoted-printable to include your updated patch, rendering it useless to GNATS. Can you please resend it (preferably also without the HTML cruft? Often that is flagged as spam.) Thanks http://www.freebsd.org/cgi/query-pr.cgi?pr=107565 From owner-freebsd-ipfw@FreeBSD.ORG Fri Jan 5 20:40:26 2007 Return-Path: X-Original-To: freebsd-ipfw@hub.freebsd.org Delivered-To: freebsd-ipfw@hub.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [69.147.83.52]) by hub.freebsd.org (Postfix) with ESMTP id C1E7216A407 for ; Fri, 5 Jan 2007 20:40:26 +0000 (UTC) (envelope-from gnats@FreeBSD.org) Received: from freefall.freebsd.org (freefall.freebsd.org [69.147.83.40]) by mx1.freebsd.org (Postfix) with ESMTP id 9A02813C458 for ; Fri, 5 Jan 2007 20:40:26 +0000 (UTC) (envelope-from gnats@FreeBSD.org) Received: from freefall.freebsd.org (gnats@localhost [127.0.0.1]) by freefall.freebsd.org (8.13.4/8.13.4) with ESMTP id l05KeQ8k028114 for ; Fri, 5 Jan 2007 20:40:26 GMT (envelope-from gnats@freefall.freebsd.org) Received: (from gnats@localhost) by freefall.freebsd.org (8.13.4/8.13.4/Submit) id l05KeQII028113; Fri, 5 Jan 2007 20:40:26 GMT (envelope-from gnats) Date: Fri, 5 Jan 2007 20:40:26 GMT Message-Id: <200701052040.l05KeQII028113@freefall.freebsd.org> To: freebsd-ipfw@FreeBSD.org From: "Anishchuk, Igor" Cc: Subject: Re: kern/107565: [ipfw] [patch] input string parsing mistake X-BeenThere: freebsd-ipfw@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list Reply-To: "Anishchuk, Igor" List-Id: IPFW Technical Discussions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 05 Jan 2007 20:40:26 -0000 The following reply was made to PR kern/107565; it has been noted by GNATS. From: "Anishchuk, Igor" To: , "Anishchuk, Igor" Cc: Subject: Re: kern/107565: [ipfw] [patch] input string parsing mistake Date: Fri, 5 Jan 2007 22:36:40 +0200 Hello! I've found a little mistake in my workaround. The line for(ti=3D0; ti<16 && p[ti] !=3D 0; ti++){ should be for (ti=3D0; ti<16 && p && p[ti] !=3D 0; ti++){ Please change is ASAP otherwise segmentation fault will happen in some conditions. The complete, tested patch is: --- /usr/src/sbin/ipfw/ipfw2.c Fri Jan 5 17:43:25 2007 *************** *** 2720,2725 **** --- 2720,2733 ---- char *p =3D strpbrk(av, "/:,{"); int masklen; char md; + char t[15]; + int ti; + + for (ti=3D0; ti<16 && p && p[ti] !=3D 0; ti++){ + t[ti]=3Dp[ti+1]; + if(t[ti] !=3D '.' && (t[ti] < '0' || t[ti] > '9')) + t[ti] =3D '\0'; + } if (p) { md =3D *p; *************** *** 2731,2741 **** errx(EX_NOHOST, "hostname ``%s'' unknown", av); switch (md) { case ':': ! if (!inet_aton(p, (struct in_addr *)&d[1])) errx(EX_DATAERR, "bad netmask ``%s''", p); break; case '/': ! masklen =3D atoi(p); if (masklen =3D=3D 0) d[1] =3D htonl(0); /* mask */ else if (masklen > 32) --- 2739,2749 ---- errx(EX_NOHOST, "hostname ``%s'' unknown", av); switch (md) { case ':': ! if (!inet_aton(t, (struct in_addr *)&d[1])) errx(EX_DATAERR, "bad netmask ``%s''", p); break; case '/': ! masklen =3D atoi(t); if (masklen =3D=3D 0) d[1] =3D htonl(0); /* mask */ else if (masklen > 32) Thanks! --=20 Igor Anishchuk From owner-freebsd-ipfw@FreeBSD.ORG Fri Jan 5 21:08:54 2007 Return-Path: X-Original-To: freebsd-ipfw@FreeBSD.org Delivered-To: freebsd-ipfw@FreeBSD.org Received: from mx1.freebsd.org (mx1.freebsd.org [69.147.83.52]) by hub.freebsd.org (Postfix) with ESMTP id BE8BC16A403; Fri, 5 Jan 2007 21:08:54 +0000 (UTC) (envelope-from igor.anishchuk@f-secure.com) Received: from fsmail-out.f-secure.com (fsmail-out.f-secure.com [193.110.109.20]) by mx1.freebsd.org (Postfix) with ESMTP id 79BCA13C45D; Fri, 5 Jan 2007 21:08:54 +0000 (UTC) (envelope-from igor.anishchuk@f-secure.com) Received: from fsav4im2 (fsav4im2.f-secure.com [193.110.108.82]) by fsmail-out.f-secure.com (Postfix) with SMTP id 9138B5B8B4; Fri, 5 Jan 2007 22:40:10 +0200 (EET) Received: from fsintra.f-secure.com (unknown [10.128.128.79]) by fsav4im2 ([193.110.108.82]:25) (F-Secure Anti-Virus for Internet Mail 6.60.36 Release) with SMTP; Fri, 5 Jan 2007 20:38:31 -0000 (envelope-from ) Received: from fsfimail6.FI.F-Secure.com (fsfimail6.fi.f-secure.com [10.128.128.43]) by fsintra.f-secure.com (Postfix) with ESMTP id 15B505BD22; Fri, 5 Jan 2007 22:40:08 +0200 (EET) X-MimeOLE: Produced By Microsoft Exchange V6.5 Content-class: urn:content-classes:message MIME-Version: 1.0 Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: quoted-printable Date: Fri, 5 Jan 2007 22:39:55 +0200 Message-ID: <8589D0AD450A0D4CB6CC66ED3AF4FF6C03508060@fsfimail6.FI.F-Secure.com> In-reply-to: <200701051701.l05H1jbP007181@freefall.freebsd.org> X-MS-Has-Attach: X-MS-TNEF-Correlator: Thread-Topic: kern/107565: [ipfw] [patch] input string parsing mistake Thread-Index: Accw6zJaqN1dk+vbSzGJr5DOLQ2HEwAHgjXg From: "Anishchuk, Igor" To: "Mark Linimon" , Cc: Subject: RE: kern/107565: [ipfw] [patch] input string parsing mistake X-BeenThere: freebsd-ipfw@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: IPFW Technical Discussions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 05 Jan 2007 21:08:54 -0000 Hello! I've resent my last message. Could you please clean up the PR. Is it = possible to clean out my personal data from it? I mean my direct e-mail address, = at least. Thanks. -- Igor Anishchuk -----Original Message----- From: Mark Linimon [mailto:linimon@FreeBSD.org]=20 Sent: Friday, January 05, 2007 7:02 PM To: Anishchuk, Igor; linimon@FreeBSD.org; freebsd-ipfw@FreeBSD.org Subject: Re: kern/107565: [ipfw] [patch] input string parsing mistake Synopsis: [ipfw] [patch] input string parsing mistake State-Changed-From-To: open->feedback State-Changed-By: linimon State-Changed-When: Fri Jan 5 17:00:32 UTC 2007 State-Changed-Why:=20 Unfortunately, you used quoted-printable to include your updated patch, rendering it useless to GNATS. Can you please resend it (preferably also without the HTML cruft? Often that is flagged as spam.) Thanks http://www.freebsd.org/cgi/query-pr.cgi?pr=3D107565 From owner-freebsd-ipfw@FreeBSD.ORG Fri Jan 5 22:00:40 2007 Return-Path: X-Original-To: freebsd-ipfw@hub.freebsd.org Delivered-To: freebsd-ipfw@hub.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [69.147.83.52]) by hub.freebsd.org (Postfix) with ESMTP id A161F16A407 for ; Fri, 5 Jan 2007 22:00:40 +0000 (UTC) (envelope-from gnats@FreeBSD.org) Received: from freefall.freebsd.org (freefall.freebsd.org [69.147.83.40]) by mx1.freebsd.org (Postfix) with ESMTP id 93A6613C44C for ; Fri, 5 Jan 2007 22:00:40 +0000 (UTC) (envelope-from gnats@FreeBSD.org) Received: from freefall.freebsd.org (gnats@localhost [127.0.0.1]) by freefall.freebsd.org (8.13.4/8.13.4) with ESMTP id l05M0eoM035772 for ; Fri, 5 Jan 2007 22:00:40 GMT (envelope-from gnats@freefall.freebsd.org) Received: (from gnats@localhost) by freefall.freebsd.org (8.13.4/8.13.4/Submit) id l05M0eAX035771; Fri, 5 Jan 2007 22:00:40 GMT (envelope-from gnats) Date: Fri, 5 Jan 2007 22:00:40 GMT Message-Id: <200701052200.l05M0eAX035771@freefall.freebsd.org> To: freebsd-ipfw@FreeBSD.org From: Igor Anishchuk Cc: Subject: Re: kern/107565: [ipfw] [patch] input string parsing mistake X-BeenThere: freebsd-ipfw@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list Reply-To: Igor Anishchuk List-Id: IPFW Technical Discussions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 05 Jan 2007 22:00:40 -0000 The following reply was made to PR kern/107565; it has been noted by GNATS. From: Igor Anishchuk To: bug-followup@FreeBSD.org, igor.anishchuk@f-secure.com Cc: Subject: Re: kern/107565: [ipfw] [patch] input string parsing mistake Date: Fri, 5 Jan 2007 22:55:46 +0200 Quoted-printable suxx! 3rd turn. Excuse me. Could anybody remove and edit these messages? --- /usr/src/sbin/ipfw/ipfw2.c Fri Jan 5 17:43:25 2007 *************** *** 2720,2725 **** --- 2720,2733 ---- char *p = strpbrk(av, "/:,{"); int masklen; char md; + char t[15]; + int ti; + + for (ti=0; ti<16 && p && p[ti] != 0; ti++){ + t[ti]=p[ti+1]; + if(t[ti] != '.' && (t[ti] < '0' || t[ti] > '9')) + t[ti] = '\0'; + } if (p) { md = *p; *************** *** 2731,2741 **** errx(EX_NOHOST, "hostname ``%s'' unknown", av); switch (md) { case ':': ! if (!inet_aton(p, (struct in_addr *)&d[1])) errx(EX_DATAERR, "bad netmask ``%s''", p); break; case '/': ! masklen = atoi(p); if (masklen == 0) d[1] = htonl(0); /* mask */ else if (masklen > 32) --- 2739,2749 ---- errx(EX_NOHOST, "hostname ``%s'' unknown", av); switch (md) { case ':': ! if (!inet_aton(t, (struct in_addr *)&d[1])) errx(EX_DATAERR, "bad netmask ``%s''", p); break; case '/': ! masklen = atoi(t); if (masklen == 0) d[1] = htonl(0); /* mask */ else if (masklen > 32) From owner-freebsd-ipfw@FreeBSD.ORG Fri Jan 5 23:00:43 2007 Return-Path: X-Original-To: freebsd-ipfw@hub.freebsd.org Delivered-To: freebsd-ipfw@hub.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [69.147.83.52]) by hub.freebsd.org (Postfix) with ESMTP id F284F16A4AB for ; Fri, 5 Jan 2007 23:00:43 +0000 (UTC) (envelope-from gnats@FreeBSD.org) Received: from freefall.freebsd.org (freefall.freebsd.org [69.147.83.40]) by mx1.freebsd.org (Postfix) with ESMTP id E5AB113C457 for ; Fri, 5 Jan 2007 23:00:43 +0000 (UTC) (envelope-from gnats@FreeBSD.org) Received: from freefall.freebsd.org (gnats@localhost [127.0.0.1]) by freefall.freebsd.org (8.13.4/8.13.4) with ESMTP id l05N0hmV042027 for ; Fri, 5 Jan 2007 23:00:43 GMT (envelope-from gnats@freefall.freebsd.org) Received: (from gnats@localhost) by freefall.freebsd.org (8.13.4/8.13.4/Submit) id l05N0ht1042026; Fri, 5 Jan 2007 23:00:43 GMT (envelope-from gnats) Date: Fri, 5 Jan 2007 23:00:43 GMT Message-Id: <200701052300.l05N0ht1042026@freefall.freebsd.org> To: freebsd-ipfw@FreeBSD.org From: Igor Anishchuk Cc: Subject: Re: kern/107565: [ipfw] [patch] input string parsing mistake X-BeenThere: freebsd-ipfw@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list Reply-To: Igor Anishchuk List-Id: IPFW Technical Discussions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 05 Jan 2007 23:00:44 -0000 The following reply was made to PR kern/107565; it has been noted by GNATS. From: Igor Anishchuk To: bug-followup@FreeBSD.org, igor.anishchuk@f-secure.com Cc: Subject: Re: kern/107565: [ipfw] [patch] input string parsing mistake Date: Fri, 5 Jan 2007 23:44:02 +0200 Quoted-printable suxx! 3rd turn. Excuse me. Could anybody remove or edit these messages? --- /usr/src/sbin/ipfw/ipfw2.c Fri Jan 5 17:43:25 2007 *************** *** 2720,2725 **** --- 2720,2733 ---- char *p = strpbrk(av, "/:,{"); int masklen; char md; + char t[15]; + int ti; + + for (ti=0; ti<16 && p && p[ti] != 0; ti++){ + t[ti]=p[ti+1]; + if(t[ti] != '.' && (t[ti] < '0' || t[ti] > '9')) + t[ti] = '\0'; + } if (p) { md = *p; *************** *** 2731,2741 **** errx(EX_NOHOST, "hostname ``%s'' unknown", av); switch (md) { case ':': ! if (!inet_aton(p, (struct in_addr *)&d[1])) errx(EX_DATAERR, "bad netmask ``%s''", p); break; case '/': ! masklen = atoi(p); if (masklen == 0) d[1] = htonl(0); /* mask */ else if (masklen > 32) --- 2739,2749 ---- errx(EX_NOHOST, "hostname ``%s'' unknown", av); switch (md) { case ':': ! if (!inet_aton(t, (struct in_addr *)&d[1])) errx(EX_DATAERR, "bad netmask ``%s''", p); break; case '/': ! masklen = atoi(t); if (masklen == 0) d[1] = htonl(0); /* mask */ else if (masklen > 32) From owner-freebsd-ipfw@FreeBSD.ORG Sat Jan 6 12:43:29 2007 Return-Path: X-Original-To: freebsd-ipfw@hub.freebsd.org Delivered-To: freebsd-ipfw@hub.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [69.147.83.52]) by hub.freebsd.org (Postfix) with ESMTP id E197F16A407; Sat, 6 Jan 2007 12:43:29 +0000 (UTC) (envelope-from linimon@FreeBSD.org) Received: from freefall.freebsd.org (freefall.freebsd.org [69.147.83.40]) by mx1.freebsd.org (Postfix) with ESMTP id BA26B13C459; Sat, 6 Jan 2007 12:43:29 +0000 (UTC) (envelope-from linimon@FreeBSD.org) Received: from freefall.freebsd.org (linimon@localhost [127.0.0.1]) by freefall.freebsd.org (8.13.4/8.13.4) with ESMTP id l06ChT4X023534; Sat, 6 Jan 2007 12:43:29 GMT (envelope-from linimon@freefall.freebsd.org) Received: (from linimon@localhost) by freefall.freebsd.org (8.13.4/8.13.4/Submit) id l06ChTUd023530; Sat, 6 Jan 2007 12:43:29 GMT (envelope-from linimon) Date: Sat, 6 Jan 2007 12:43:29 GMT From: Mark Linimon Message-Id: <200701061243.l06ChTUd023530@freefall.freebsd.org> To: igor.anishchuk@f-secure.com, linimon@FreeBSD.org, freebsd-ipfw@FreeBSD.org Cc: Subject: Re: kern/107565: [ipfw] [patch] input string parsing mistake X-BeenThere: freebsd-ipfw@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: IPFW Technical Discussions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sat, 06 Jan 2007 12:43:30 -0000 Synopsis: [ipfw] [patch] input string parsing mistake State-Changed-From-To: feedback->open State-Changed-By: linimon State-Changed-When: Sat Jan 6 12:38:14 UTC 2007 State-Changed-Why: Feedback received. http://www.freebsd.org/cgi/query-pr.cgi?pr=107565 From owner-freebsd-ipfw@FreeBSD.ORG Sat Jan 6 18:53:21 2007 Return-Path: X-Original-To: freebsd-ipfw@hub.freebsd.org Delivered-To: freebsd-ipfw@hub.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [69.147.83.52]) by hub.freebsd.org (Postfix) with ESMTP id DB2FB16A403; Sat, 6 Jan 2007 18:53:21 +0000 (UTC) (envelope-from mlaier@FreeBSD.org) Received: from freefall.freebsd.org (freefall.freebsd.org [69.147.83.40]) by mx1.freebsd.org (Postfix) with ESMTP id B1BAA13C448; Sat, 6 Jan 2007 18:53:21 +0000 (UTC) (envelope-from mlaier@FreeBSD.org) Received: from freefall.freebsd.org (mlaier@localhost [127.0.0.1]) by freefall.freebsd.org (8.13.4/8.13.4) with ESMTP id l06IrLdq058463; Sat, 6 Jan 2007 18:53:21 GMT (envelope-from mlaier@freefall.freebsd.org) Received: (from mlaier@localhost) by freefall.freebsd.org (8.13.4/8.13.4/Submit) id l06IrLCW058459; Sat, 6 Jan 2007 18:53:21 GMT (envelope-from mlaier) Date: Sat, 6 Jan 2007 18:53:21 GMT From: Max Laier Message-Id: <200701061853.l06IrLCW058459@freefall.freebsd.org> To: mlaier@FreeBSD.org, freebsd-ipfw@FreeBSD.org, mlaier@FreeBSD.org Cc: Subject: Re: kern/107565: [ipfw] [patch] input string parsing mistake X-BeenThere: freebsd-ipfw@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: IPFW Technical Discussions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sat, 06 Jan 2007 18:53:21 -0000 Synopsis: [ipfw] [patch] input string parsing mistake Responsible-Changed-From-To: freebsd-ipfw->mlaier Responsible-Changed-By: mlaier Responsible-Changed-When: Sat Jan 6 18:53:01 UTC 2007 Responsible-Changed-Why: I'll take it. http://www.freebsd.org/cgi/query-pr.cgi?pr=107565