Date: Thu, 13 Aug 2015 17:21:24 +0200 From: Luigi Rizzo <rizzo@iet.unipi.it> To: Julian Elischer <julian@freebsd.org> Cc: Ian Smith <smithi@nimnet.asn.au>, "freebsd-ipfw@freebsd.org" <freebsd-ipfw@freebsd.org>, "Alexander V. Chernikov" <melifaro@ipfw.ru> Subject: Re: ipfw delete 100-300 Message-ID: <CA%2BhQ2%2Bi1qiE883yrSbZowg9WvtKB67TTgNp7pqT9ib60Nuri0w@mail.gmail.com> In-Reply-To: <55CCB543.20504@freebsd.org> References: <55BF368A.60004@elischer.org> <20150803234952.O17327@sola.nimnet.asn.au> <925201438613458@web7h.yandex.ru> <55BFC7A7.2000907@freebsd.org> <252361438673995@web5h.yandex.ru> <55CC1BFF.5090800@freebsd.org> <20150813233624.P8515@sola.nimnet.asn.au> <CA%2BhQ2%2Bg-kU9U1nK-EOiuoEkBF=SAaX=RBETW69K%2BNrLAcQK1Ew@mail.gmail.com> <20150814003533.I8515@sola.nimnet.asn.au> <55CCB543.20504@freebsd.org>
next in thread | previous in thread | raw e-mail | index | archive | help
On Thu, Aug 13, 2015 at 5:18 PM, Julian Elischer <julian@freebsd.org> wrote: > On 8/13/15 10:41 PM, Ian Smith wrote: >> >> On Thu, 13 Aug 2015 16:30:15 +0200, Luigi Rizzo wrote: >> > On Thu, Aug 13, 2015 at 4:00 PM, Ian Smith <smithi@nimnet.asn.au> >> wrote: >> > > On Thu, 13 Aug 2015 12:24:31 +0800, Julian Elischer wrote: >> > > > BTW, any ideas as to what causes this? >> > > > # ipfw show >> > > > [...] >> > > > 00400 0 0 deny ip from 10.12.1.0/24 to >> any in recv >> > > > xn0 >> > > > 00500 0 16045693110842147038 deny ip from 204.109.63.0/25 to >> any in recv >> > > > xn1 >> > > > 00600 0 0 allow ip from any to any in >> recv xn1 >> > > > [...] >> > > > 65535 8251 16045693110842147290 deny ip from any to any >> > > > >> > > > >> > > > -current as of the 5th of august >> > > > FreeBSD vps1.elischer.org 11.0-CURRENT FreeBSD 11.0-CURRENT #1 >> r286304: Wed >> > > > Aug 5 14:31:10 PDT 2015 >> > > > root@vps1.elischer.org:/usr/obj/usr/src-current/sys/VPS1 i386 >> > > > >> > > > note i386, not amd64. >> > > >> > > Assuming all digits were shown, on a wild hunch: >> > > >> > > t23% echo 'scale=20; 2^64 - 16045693110842147038' | bc >> > > 2401050962867404578 >> > > t23% echo 'scale=20; 2^63 - 16045693110842147038' | bc >> > > -6822321073987371230 >> > > >> > >> > bc >> > obase=16 >> > 16045693110842147038 >> > DEADC0DEDEADC0DE >> > >> > so... somehow pointing in a bad place. >> >> Ah, quite so .. and rule 65535 looks like a slightly worse place. >> >> t23% echo 'obase=16; 16045693110842147290' | bc >> DEADC0DEDEADC1DA > > that's deadcode when it's had some packets added to it :-) > > I think our friend Mr Chernikov may have tripped up over something.. looks more like the "counter" API. The old counters were inline in the rules. cheers luigi > > > >> >> thanks, Ian >> > > _______________________________________________ > freebsd-ipfw@freebsd.org mailing list > https://lists.freebsd.org/mailman/listinfo/freebsd-ipfw > To unsubscribe, send any mail to "freebsd-ipfw-unsubscribe@freebsd.org" -- -----------------------------------------+------------------------------- Prof. Luigi RIZZO, rizzo@iet.unipi.it . Dip. di Ing. dell'Informazione http://www.iet.unipi.it/~luigi/ . Universita` di Pisa TEL +39-050-2217533 . via Diotisalvi 2 Mobile +39-338-6809875 . 56122 PISA (Italy) -----------------------------------------+-------------------------------
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?CA%2BhQ2%2Bi1qiE883yrSbZowg9WvtKB67TTgNp7pqT9ib60Nuri0w>