From owner-freebsd-ipfw@FreeBSD.ORG Mon Feb 9 11:06:53 2009 Return-Path: Delivered-To: freebsd-ipfw@FreeBSD.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id C52DE106566C for ; Mon, 9 Feb 2009 11:06:53 +0000 (UTC) (envelope-from owner-bugmaster@FreeBSD.org) Received: from freefall.freebsd.org (freefall.freebsd.org [IPv6:2001:4f8:fff6::28]) by mx1.freebsd.org (Postfix) with ESMTP id B125A8FC25 for ; Mon, 9 Feb 2009 11:06:53 +0000 (UTC) (envelope-from owner-bugmaster@FreeBSD.org) Received: from freefall.freebsd.org (localhost [127.0.0.1]) by freefall.freebsd.org (8.14.3/8.14.3) with ESMTP id n19B6rfa009153 for ; Mon, 9 Feb 2009 11:06:53 GMT (envelope-from owner-bugmaster@FreeBSD.org) Received: (from gnats@localhost) by freefall.freebsd.org (8.14.3/8.14.3/Submit) id n19B6r7f009149 for freebsd-ipfw@FreeBSD.org; Mon, 9 Feb 2009 11:06:53 GMT (envelope-from owner-bugmaster@FreeBSD.org) Date: Mon, 9 Feb 2009 11:06:53 GMT Message-Id: <200902091106.n19B6r7f009149@freefall.freebsd.org> X-Authentication-Warning: freefall.freebsd.org: gnats set sender to owner-bugmaster@FreeBSD.org using -f From: FreeBSD bugmaster To: freebsd-ipfw@FreeBSD.org Cc: Subject: Current problem reports assigned to freebsd-ipfw@FreeBSD.org X-BeenThere: freebsd-ipfw@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: IPFW Technical Discussions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 09 Feb 2009 11:06:54 -0000 Note: to view an individual PR, use: http://www.freebsd.org/cgi/query-pr.cgi?pr=(number). The following is a listing of current problems submitted by FreeBSD users. These represent problem reports covering all versions including experimental development code and obsolete releases. S Tracker Resp. Description -------------------------------------------------------------------------------- o bin/130132 ipfw [patch] ipfw(8): no way to get mask from ipfw pipe sho o kern/129103 ipfw [ipfw] IPFW check state does not work =( o kern/129093 ipfw [ipfw] ipfw nat must not drop packets o kern/129036 ipfw [ipfw] 'ipfw fwd' does not change outgoing interface n o kern/128260 ipfw [ipfw] [patch] ipfw_divert damages IPv6 packets o kern/127230 ipfw [ipfw] [patch] Feature request to add UID and/or GID l o kern/127209 ipfw [ipfw] IPFW table become corrupted after many changes o bin/125370 ipfw [ipfw] [patch] increase a line buffer limit o conf/123119 ipfw [patch] rc script for ipfw does not handle IPv6 o kern/122963 ipfw [ipfw] tcpdump does not show packets redirected by 'ip s kern/121807 ipfw [request] TCP and UDP port_table in ipfw o kern/121382 ipfw [dummynet]: 6.3-RELEASE-p1 page fault in dummynet (cor o kern/121122 ipfw [ipfw] [patch] add support to ToS IP PRECEDENCE fields o kern/118993 ipfw [ipfw] page fault - probably it's a locking problem o kern/117234 ipfw [ipfw] [patch] ipfw send_pkt() and ipfw_tick() don't s o kern/116009 ipfw [ipfw] [patch] Ignore errors when loading ruleset from p kern/115755 ipfw [ipfw] [patch] unify message and add a rule number whe o bin/115172 ipfw [patch] ipfw(8) list show some rules with a wrong form o docs/113803 ipfw [patch] ipfw(8) - don't get bitten by the fwd rule p kern/113388 ipfw [ipfw] [patch] Addition actions with rules within spec o kern/112708 ipfw [ipfw] ipfw is seems to be broken to limit number of c o kern/112561 ipfw [ipfw] ipfw fwd does not work with some TCP packets o kern/107305 ipfw [ipfw] ipfw fwd doesn't seem to work o kern/105330 ipfw [ipfw] [patch] ipfw (dummynet) does not allow to set q o bin/104921 ipfw [patch] ipfw(8) sometimes treats ipv6 input as ipv4 (a o kern/104682 ipfw [ipfw] [patch] Some minor language consistency fixes a o kern/103454 ipfw [ipfw] [patch] [request] add a facility to modify DF b o kern/103328 ipfw [ipfw] [request] sugestions about ipfw table o kern/102471 ipfw [ipfw] [patch] add tos and dscp support o kern/98831 ipfw [ipfw] ipfw has UDP hickups o kern/97951 ipfw [ipfw] [patch] ipfw does not tie interface details to o kern/97504 ipfw [ipfw] IPFW Rules bug o kern/95084 ipfw [ipfw] [regression] [patch] IPFW2 ignores "recv/xmit/v o kern/93300 ipfw [ipfw] ipfw pipe lost packets o kern/91847 ipfw [ipfw] ipfw with vlanX as the device o kern/88659 ipfw [modules] ipfw and ip6fw do not work properly as modul o kern/87032 ipfw [ipfw] [patch] ipfw ioctl interface implementation o kern/86957 ipfw [ipfw] [patch] ipfw mac logging o kern/82724 ipfw [ipfw] [patch] [request] Add setnexthop and defaultrou s kern/80642 ipfw [ipfw] [patch] ipfw small patch - new RULE OPTION o bin/78785 ipfw [patch] ipfw(8) verbosity locks machine if /etc/rc.fir o kern/74104 ipfw [ipfw] ipfw2/1 conflict not detected or reported, manp o kern/73910 ipfw [ipfw] serious bug on forwarding of packets after NAT o kern/72987 ipfw [ipfw] ipfw/dummynet pipe/queue 'queue [BYTES]KBytes ( o kern/71366 ipfw [ipfw] "ipfw fwd" sometimes rewrites destination mac a o kern/69963 ipfw [ipfw] install_state warning about already existing en o kern/60719 ipfw [ipfw] Headerless fragments generate cryptic error mes o kern/55984 ipfw [ipfw] [patch] time based firewalling support for ipfw o kern/51274 ipfw [ipfw] [patch] ipfw2 create dynamic rules with parent o kern/48172 ipfw [ipfw] [patch] ipfw does not log size and flags o kern/46159 ipfw [ipfw] [patch] [request] ipfw dynamic rules lifetime f a kern/26534 ipfw [ipfw] Add an option to ipfw to log gid/uid of who cau 52 problems total. From owner-freebsd-ipfw@FreeBSD.ORG Tue Feb 10 13:46:25 2009 Return-Path: Delivered-To: freebsd-ipfw@hub.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 79370106566B; Tue, 10 Feb 2009 13:46:25 +0000 (UTC) (envelope-from gavin@FreeBSD.org) Received: from freefall.freebsd.org (freefall.freebsd.org [IPv6:2001:4f8:fff6::28]) by mx1.freebsd.org (Postfix) with ESMTP id 4F2D38FC1E; Tue, 10 Feb 2009 13:46:25 +0000 (UTC) (envelope-from gavin@FreeBSD.org) Received: from freefall.freebsd.org (gavin@localhost [127.0.0.1]) by freefall.freebsd.org (8.14.3/8.14.3) with ESMTP id n1ADkPT1066382; Tue, 10 Feb 2009 13:46:25 GMT (envelope-from gavin@freefall.freebsd.org) Received: (from gavin@localhost) by freefall.freebsd.org (8.14.3/8.14.3/Submit) id n1ADkPX9066378; Tue, 10 Feb 2009 13:46:25 GMT (envelope-from gavin) Date: Tue, 10 Feb 2009 13:46:25 GMT Message-Id: <200902101346.n1ADkPX9066378@freefall.freebsd.org> To: gavin@FreeBSD.org, freebsd-bugs@FreeBSD.org, freebsd-ipfw@FreeBSD.org From: gavin@FreeBSD.org Cc: Subject: Re: kern/131558: [ipfw] Inconsistent "via" ipfw behavior X-BeenThere: freebsd-ipfw@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: IPFW Technical Discussions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 10 Feb 2009 13:46:25 -0000 Old Synopsis: Inconsistent "via" ipfw behavior New Synopsis: [ipfw] Inconsistent "via" ipfw behavior Responsible-Changed-From-To: freebsd-bugs->freebsd-ipfw Responsible-Changed-By: gavin Responsible-Changed-When: Tue Feb 10 13:44:03 UTC 2009 Responsible-Changed-Why: Over to maintainer(s). I get the feeling this may be a kernel bug rather than a userspace bug, reclassify. http://www.freebsd.org/cgi/query-pr.cgi?pr=131558 From owner-freebsd-ipfw@FreeBSD.ORG Wed Feb 11 14:24:32 2009 Return-Path: Delivered-To: freebsd-ipfw@FreeBSD.ORG Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 7EEE9106564A for ; Wed, 11 Feb 2009 14:24:32 +0000 (UTC) (envelope-from olli@lurza.secnetix.de) Received: from lurza.secnetix.de (unknown [IPv6:2a01:170:102f::2]) by mx1.freebsd.org (Postfix) with ESMTP id 02B498FC0A for ; Wed, 11 Feb 2009 14:24:31 +0000 (UTC) (envelope-from olli@lurza.secnetix.de) Received: from lurza.secnetix.de (localhost [127.0.0.1]) by lurza.secnetix.de (8.14.3/8.14.3) with ESMTP id n1BEOUNn012806; Wed, 11 Feb 2009 15:24:30 +0100 (CET) (envelope-from oliver.fromme@secnetix.de) Received: (from olli@localhost) by lurza.secnetix.de (8.14.3/8.14.3/Submit) id n1BEOU3N012805; Wed, 11 Feb 2009 15:24:30 +0100 (CET) (envelope-from olli) Date: Wed, 11 Feb 2009 15:24:30 +0100 (CET) Message-Id: <200902111424.n1BEOU3N012805@lurza.secnetix.de> From: Oliver Fromme To: freebsd-ipfw@FreeBSD.ORG X-Newsgroups: list.freebsd-ipfw User-Agent: tin/1.8.3-20070201 ("Scotasay") (UNIX) (FreeBSD/6.4-PRERELEASE-20080904 (i386)) MIME-Version: 1.0 Content-Type: text/plain; charset=ISO-8859-1 Content-Transfer-Encoding: 8bit X-Greylist: Sender IP whitelisted, not delayed by milter-greylist-2.1.2 (lurza.secnetix.de [127.0.0.1]); Wed, 11 Feb 2009 15:24:30 +0100 (CET) Cc: Subject: IPFW performance on SMP (vs. PF) X-BeenThere: freebsd-ipfw@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: IPFW Technical Discussions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 11 Feb 2009 14:24:32 -0000 Hi, I'll have to implement a packet filter on machines with several cores (4 to 8). Which one of the available filters (IPFW, IPF, PF) will provide the best performance on such SMP machines? I heard that PF doesn't support SMP hardware very well -- is that true? Will IPFW be better? Thanks for any insights. Best regards Oliver -- Oliver Fromme, secnetix GmbH & Co. KG, Marktplatz 29, 85567 Grafing b. M. Handelsregister: Registergericht Muenchen, HRA 74606, Geschäftsfuehrung: secnetix Verwaltungsgesellsch. mbH, Handelsregister: Registergericht Mün- chen, HRB 125758, Geschäftsführer: Maik Bachmann, Olaf Erb, Ralf Gebhart FreeBSD-Dienstleistungen, -Produkte und mehr: http://www.secnetix.de/bsd "If Java had true garbage collection, most programs would delete themselves upon execution." -- Robert Sewell From owner-freebsd-ipfw@FreeBSD.ORG Wed Feb 11 23:04:28 2009 Return-Path: Delivered-To: freebsd-ipfw@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 31064106566C; Wed, 11 Feb 2009 23:04:28 +0000 (UTC) (envelope-from raffaele.delorenzo@libero.it) Received: from cp-out11.libero.it (cp-out11.libero.it [212.52.84.111]) by mx1.freebsd.org (Postfix) with ESMTP id B8AA08FC08; Wed, 11 Feb 2009 23:04:27 +0000 (UTC) (envelope-from raffaele.delorenzo@libero.it) Received: from [10.0.0.1] (151.49.47.10) by cp-out11.libero.it (8.5.016.1) id 492C05960A5DA3D7; Wed, 11 Feb 2009 23:53:15 +0100 Message-Id: <48EED655-AD6F-4C37-8182-86715F417011@libero.it> From: Raffaele De Lorenzo To: Kevin Oberman In-Reply-To: <20090211223416.5550A1CC0B@ptavv.es.net> Content-Type: text/plain; charset=US-ASCII; format=flowed; delsp=yes Content-Transfer-Encoding: 7bit Mime-Version: 1.0 (Apple Message framework v930.3) Date: Wed, 11 Feb 2009 23:50:34 +0100 References: <20090211223416.5550A1CC0B@ptavv.es.net> X-Mailer: Apple Mail (2.930.3) Cc: freebsd-net@freebsd.org, freebsd-ipfw@freebsd.org Subject: Re: Support for IPv6 tables in ipfw? X-BeenThere: freebsd-ipfw@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: IPFW Technical Discussions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 11 Feb 2009 23:04:28 -0000 Hi, I developed with Luigi (as mentor) and Mariano Tortoriello the first release of ipfw with ipv6 extension. If you and the FreeBSD Community think that the tables functional is a good feature i can develop it for IPv6 protocol. Ciao Raffaele On 11/feb/09, at 23:34, Kevin Oberman wrote: > With all of Luigi's excellent work on ipfw, I'd like to request that > someone familiar with the code look at implementing support for tables > for IPv6. While the IPv6 support in IPFW is generally a bit less > mature > than IPv4, the one functional thing that is completely missing is > tables. Having them would make my life quite a bit easier. It's the > one > thing that I have been unable to work around in my dual-stack > firewalls. > -- > R. Kevin Oberman, Network Engineer > Energy Sciences Network (ESnet) > Ernest O. Lawrence Berkeley National Laboratory (Berkeley Lab) > E-mail: oberman@es.net Phone: +1 510 486-8634 > Key fingerprint:059B 2DDF 031C 9BA3 14A4 EADA 927D EBB3 987B 3751 > _______________________________________________ > freebsd-net@freebsd.org mailing list > http://lists.freebsd.org/mailman/listinfo/freebsd-net > To unsubscribe, send any mail to "freebsd-net-unsubscribe@freebsd.org" From owner-freebsd-ipfw@FreeBSD.ORG Thu Feb 12 00:42:24 2009 Return-Path: Delivered-To: freebsd-ipfw@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 0A92A106566B; Thu, 12 Feb 2009 00:42:24 +0000 (UTC) (envelope-from oberman@es.net) Received: from mailgw.es.net (mail1.es.net [IPv6:2001:400:201:1::2]) by mx1.freebsd.org (Postfix) with ESMTP id 909148FC15; Thu, 12 Feb 2009 00:42:23 +0000 (UTC) (envelope-from oberman@es.net) Received: from postal1.es.net (postal3.es.net [198.128.3.207]) by mailgw.es.net (8.14.3/8.14.3) with ESMTP id n1C0gMXr020831 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=NOT); Wed, 11 Feb 2009 16:42:22 -0800 Received: from ptavv.es.net (ptavv.es.net [198.128.4.29]) by postal3.es.net (Postal Node 3) with ESMTP (SSL) id TCC29422; Wed, 11 Feb 2009 16:42:22 -0800 Received: from ptavv.es.net (ptavv.es.net [127.0.0.1]) by ptavv.es.net (Tachyon Server) with ESMTP id 028CF1CC0B; Wed, 11 Feb 2009 16:42:22 -0800 (PST) To: Raffaele De Lorenzo In-reply-to: Your message of "Wed, 11 Feb 2009 23:50:34 +0100." <48EED655-AD6F-4C37-8182-86715F417011@libero.it> Date: Wed, 11 Feb 2009 16:42:22 -0800 From: "Kevin Oberman" Message-Id: <20090212004222.028CF1CC0B@ptavv.es.net> X-SPF-Result: pass X-SPF-Record: v=spf1 mx a:mail1.es.net a:mail2.es.net a:mail3.es.net a:mail4.es.net a:mail.es.net a:mailgw.es.net a:postal1.es.net a:postal2.es.net a:postal3.es.net ~all X-Proofpoint-Virus-Version: vendor=fsecure engine=1.12.7400:2.4.4, 1.2.40, 4.0.166 definitions=2009-02-12_02:2009-02-10, 2009-02-12, 2009-02-11 signatures=0 Cc: freebsd-net@freebsd.org, freebsd-ipfw@freebsd.org Subject: Re: Support for IPv6 tables in ipfw? X-BeenThere: freebsd-ipfw@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: IPFW Technical Discussions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 12 Feb 2009 00:42:24 -0000 > From: Raffaele De Lorenzo > Date: Wed, 11 Feb 2009 23:50:34 +0100 > > Hi, > I developed with Luigi (as mentor) and Mariano Tortoriello the first > release of ipfw with ipv6 extension. If you and the FreeBSD Community > think that the tables functional is a good feature i can develop it > for IPv6 protocol. Tables are invaluable for several functions. The most important to me is the ability to create a 'block' list that can be easily updated from a program or script. With a table you just need: add 00500 unreach port ip from table 86 to any in your standard configuration and then a script can do: table 22 add 2001:400:14:23::45 to add a system to the list. To do it without tables means finding an available rule and inserting the rule in the main table. I can do it without tables, but it works much better with them. -- R. Kevin Oberman, Network Engineer Energy Sciences Network (ESnet) Ernest O. Lawrence Berkeley National Laboratory (Berkeley Lab) E-mail: oberman@es.net Phone: +1 510 486-8634 Key fingerprint:059B 2DDF 031C 9BA3 14A4 EADA 927D EBB3 987B 3751 From owner-freebsd-ipfw@FreeBSD.ORG Thu Feb 12 14:50:37 2009 Return-Path: Delivered-To: freebsd-ipfw@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 977071065678 for ; Thu, 12 Feb 2009 14:50:37 +0000 (UTC) (envelope-from steve@ibctech.ca) Received: from ibctech.ca (v6.ibctech.ca [IPv6:2607:f118::b6]) by mx1.freebsd.org (Postfix) with SMTP id 3143E8FC24 for ; Thu, 12 Feb 2009 14:50:37 +0000 (UTC) (envelope-from steve@ibctech.ca) Received: (qmail 36755 invoked by uid 89); 12 Feb 2009 14:51:33 -0000 Received: from unknown (HELO ?IPv6:2607:f118::5?) (steve@ibctech.ca@2607:f118::5) by v6.ibctech.ca with ESMTPA; 12 Feb 2009 14:51:33 -0000 Message-ID: <49943732.1060803@ibctech.ca> Date: Thu, 12 Feb 2009 09:50:26 -0500 From: Steve Bertrand User-Agent: Thunderbird 2.0.0.17 (Windows/20080914) MIME-Version: 1.0 To: Raffaele De Lorenzo References: <20090211223416.5550A1CC0B@ptavv.es.net> <48EED655-AD6F-4C37-8182-86715F417011@libero.it> In-Reply-To: <48EED655-AD6F-4C37-8182-86715F417011@libero.it> X-Enigmail-Version: 0.95.7 Content-Type: text/plain; charset=ISO-8859-1 Content-Transfer-Encoding: 7bit Cc: freebsd-net@freebsd.org, freebsd-ipfw@freebsd.org, Kevin Oberman Subject: Re: Support for IPv6 tables in ipfw? X-BeenThere: freebsd-ipfw@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: IPFW Technical Discussions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 12 Feb 2009 14:50:38 -0000 Raffaele De Lorenzo wrote: > Hi, > I developed with Luigi (as mentor) and Mariano Tortoriello the first > release of ipfw with ipv6 extension. If you and the FreeBSD Community > think that the tables functional is a good feature i can develop it for > IPv6 protocol. I think that tables are extremely functional and valuable, and will test any patches as soon as they are available if you are inclined to implement them for IPv6. Steve From owner-freebsd-ipfw@FreeBSD.ORG Fri Feb 13 14:30:15 2009 Return-Path: Delivered-To: freebsd-ipfw@hub.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 4549D106571E; Fri, 13 Feb 2009 14:30:15 +0000 (UTC) (envelope-from linimon@FreeBSD.org) Received: from freefall.freebsd.org (freefall.freebsd.org [IPv6:2001:4f8:fff6::28]) by mx1.freebsd.org (Postfix) with ESMTP id 1389F8FC2A; Fri, 13 Feb 2009 14:30:15 +0000 (UTC) (envelope-from linimon@FreeBSD.org) Received: from freefall.freebsd.org (linimon@localhost [127.0.0.1]) by freefall.freebsd.org (8.14.3/8.14.3) with ESMTP id n1DEUEKu040540; Fri, 13 Feb 2009 14:30:14 GMT (envelope-from linimon@freefall.freebsd.org) Received: (from linimon@localhost) by freefall.freebsd.org (8.14.3/8.14.3/Submit) id n1DEUED7040530; Fri, 13 Feb 2009 14:30:14 GMT (envelope-from linimon) Date: Fri, 13 Feb 2009 14:30:14 GMT Message-Id: <200902131430.n1DEUED7040530@freefall.freebsd.org> To: linimon@FreeBSD.org, freebsd-net@FreeBSD.org, freebsd-ipfw@FreeBSD.org From: linimon@FreeBSD.org Cc: Subject: Re: kern/131601: [ipfw] [panic] 7-STABLE panic in nat_finalise (tcp=0) X-BeenThere: freebsd-ipfw@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: IPFW Technical Discussions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 13 Feb 2009 14:30:19 -0000 Old Synopsis: 7-STABLE panic in nat_finalise (tcp=0) New Synopsis: [ipfw] [panic] 7-STABLE panic in nat_finalise (tcp=0) Responsible-Changed-From-To: freebsd-net->freebsd-ipfw Responsible-Changed-By: linimon Responsible-Changed-When: Fri Feb 13 14:30:00 UTC 2009 Responsible-Changed-Why: Over to maintainer(s). http://www.freebsd.org/cgi/query-pr.cgi?pr=131601