Skip site navigation (1)Skip section navigation (2)
Date:      Wed, 22 Sep 1999 16:53:02 -0400 (EDT)
From:      emoc the phearless <emoc@scr3am.com>
To:        FreeBSD-gnats-submit@freebsd.org
Subject:   conf/13907: rc, dummynet.4 changes
Message-ID:  <Pine.LNX.4.10.9909221649560.8279-100000@ego.scr3am.com>

next in thread | raw e-mail | index | archive | help

>Number:         13907
>Category:       conf
>Synopsis:       dummynet.4 correction, rc addition of
>Confidential:   no
>Severity:       non-critical
>Priority:       low
>Responsible:    freebsd-bugs
>State:          open
>Quarter:        
>Keywords:       
>Date-Required:
>Class:          change-request
>Submitter-Id:   current-users
>Arrival-Date:   Wed Sep 22 13:40:00 PDT 1999
>Closed-Date:
>Last-Modified:
>Originator:     Matthew George
>Release:        FreeBSD 3.3-STABLE i386
>Organization:
<Organization of PR author (multiple lines)>
>Environment:



>Description:

        dummynet.4 has the incorrect sysctl listed to disable one_pass

        rc.firewall and defaults/rc.conf are modified to enable disabling
        one_pass by setting net.inet.ip.fw.one_pass to 0

        one_pass is used with dummynet in order to define whether packets
        are accepted once they match a pipe (this is the default behavior).
        If one_pass is set to 0, the packet is reinjected into the rules
        immediately following the pipe that it matched and will be tested
        against the remainder of the ruleset.

>How-To-Repeat:



>Fix:
        
*** man4/dummynet.4.orig        Tue Sep 21 19:57:15 1999
--- man4/dummynet.4     Tue Sep 21 19:57:47 1999
***************
*** 89,95 ****
  are reinjected into the protocol stack at the same point they came
  from (i.e. ip_input(), ip_output(), bdg_forward() ).
  Depending on the setting of the sysctl variable
!    sys.net.inet.ipfw.one_pass
  Packets coming from a pipe can be either forwarded to their
  destination, or passed again through the
  .Nm ipfw
--- 89,95 ----
  are reinjected into the protocol stack at the same point they came
  from (i.e. ip_input(), ip_output(), bdg_forward() ).
  Depending on the setting of the sysctl variable
!    net.inet.ip.fw.one_pass
  Packets coming from a pipe can be either forwarded to their
  destination, or passed again through the
  .Nm ipfw

*** defaults/rc.conf.orig       Tue Sep 21 19:38:59 1999
--- defaults/rc.conf    Tue Sep 21 19:41:05 1999
***************
*** 35,40 ****
--- 35,41 ----
  firewall_script="/etc/rc.firewall" # Which script to run to set up the firewall
  firewall_type="UNKNOWN"               # Firewall type (see /etc/rc.firewall)
  firewall_quiet="NO"           # Set to YES to suppress rule display
+ firewall_one_pass="YES"               # Set to NO to continue testing packets after matching a pipe (see dummynet(4))
  natd_program="/sbin/natd"     # path to natd, if you want a different one.
  natd_enable="NO"                # Enable natd (if firewall_enable == YES).
  natd_interface="fxp0"           # Public interface or IPaddress to use.

*** rc.firewall.orig    Tue Sep 21 19:44:21 1999
--- rc.firewall Tue Sep 21 19:50:26 1999
***************
*** 49,54 ****
--- 49,60 ----
  fi
  
  ############
+ # Unset one_pass if requested
+ if [ "x$firewall_one_pass" = "xNO" ]; then
+       /sbin/sysctl -w net.inet.ip.fw.one_pass=0
+ fi
+ 
+ ############
  # Set quiet mode if requested
  if [ "x$firewall_quiet" = "xYES" ]; then
        fwcmd="/sbin/ipfw -q"



>Release-Note:
>Audit-Trail:
>Unformatted:
 net.inet.ip.fw.one_pass


To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-bugs" in the body of the message




Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?Pine.LNX.4.10.9909221649560.8279-100000>