From owner-freebsd-ipfw@FreeBSD.ORG  Thu Nov 13 02:47:19 2003
Return-Path: <owner-freebsd-ipfw@FreeBSD.ORG>
Delivered-To: freebsd-ipfw@freebsd.org
Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125])
	by hub.freebsd.org (Postfix) with ESMTP id B37F716A4CE
	for <freebsd-ipfw@freebsd.org>; Thu, 13 Nov 2003 02:47:19 -0800 (PST)
Received: from mail.evip.pl (mail.evip.com.pl [212.244.157.179])
	by mx1.FreeBSD.org (Postfix) with ESMTP id 323F443FBD
	for <freebsd-ipfw@freebsd.org>; Thu, 13 Nov 2003 02:47:18 -0800 (PST)
	(envelope-from w@evip.pl)
Received: from drwebc by mail.evip.pl with drweb-scanned (Exim 4.22)
	id 1AKF0P-000JK0-Dj
	for freebsd-ipfw@freebsd.org; Thu, 13 Nov 2003 11:47:17 +0100
Received: from w by mail.evip.pl with local (Exim 4.22)
	id 1AKF0P-000JJu-Aq
	for freebsd-ipfw@freebsd.org; Thu, 13 Nov 2003 11:47:17 +0100
Date: Thu, 13 Nov 2003 11:47:17 +0100
From: Wiktor Niesiobedzki <bsd@w.evip.pl>
To: freebsd-ipfw@freebsd.org
Message-ID: <20031113104717.GK231@mail.evip.pl>
Mime-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
User-Agent: Mutt/1.4i
Sender: Wiktor Niesiobedzki <w@evip.pl>
Subject: Uid keyword matches only on loopack interface
X-BeenThere: freebsd-ipfw@freebsd.org
X-Mailman-Version: 2.1.1
Precedence: list
List-Id: IPFW Technical Discussions <freebsd-ipfw.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-ipfw>,
	<mailto:freebsd-ipfw-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-ipfw>
List-Post: <mailto:freebsd-ipfw@freebsd.org>
List-Help: <mailto:freebsd-ipfw-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-ipfw>,
	<mailto:freebsd-ipfw-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Thu, 13 Nov 2003 10:47:19 -0000

Hi,

After setting my firewall I saw that only few packets match the uid keyword.
>From my trival test came out that only loopack traffic can be matched. Is
there some bug lying in here?

The simple rule:
00395      0       0 count log tcp from any to any uid root

Will match only:
Nov 13 11:41:23 portal kernel: ipfw: 395 Count TCP 127.0.0.1:80
127.0.0.1:50780 out via lo0
Nov 13 11:41:23 portal kernel: ipfw: 395 Count TCP 127.0.0.1:50780
127.0.0.1:80 in via lo0
Nov 13 11:41:25 portal kernel: ipfw: 395 Count TCP 127.0.0.1:50780
127.0.0.1:80 out via lo0

That kind of traffic. Any traffic going by other interface is not counted.

uname -a
FreeBSD portal 5.1-CURRENT FreeBSD 5.1-CURRENT #1: Tue Nov 11 10:15:12 CET
2003     root@portal:/home/usr/obj/home/usr/src/sys/PORTAL  i386

/sys/netinet/ip_fw2.c:
     $FreeBSD: src/sys/netinet/ip_fw2.c,v 1.43 2003/11/07 23:26:57 sam Exp $


Cheers,

Wiktor Niesiobedzki