From owner-freebsd-ipfw@FreeBSD.ORG Sun Aug 23 14:06:03 2009 Return-Path: Delivered-To: freebsd-ipfw@FreeBSD.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id C760D106564A for ; Sun, 23 Aug 2009 14:06:03 +0000 (UTC) (envelope-from lars.eggert@nokia.com) Received: from mail.fit.nokia.com (mail.fit.nokia.com [195.148.124.195]) by mx1.freebsd.org (Postfix) with ESMTP id 513D88FC0A for ; Sun, 23 Aug 2009 14:06:02 +0000 (UTC) Received: from [IPv6:2001:14b8:18f::225:ff:fe45:eccf] ([IPv6:2001:14b8:18f:0:225:ff:fe45:eccf]) (authenticated bits=0) by mail.fit.nokia.com (8.14.3/8.14.3) with ESMTP id n7NDrei6054966 (version=TLSv1/SSLv3 cipher=AES128-SHA bits=128 verify=NOT); Sun, 23 Aug 2009 16:53:42 +0300 (EEST) (envelope-from lars.eggert@nokia.com) Message-Id: <67526C6C-7C00-4D0F-A987-B9AA42868E59@nokia.com> From: Lars Eggert To: Willem Jan Withagen In-Reply-To: <4A8FD99F.1050406@digiware.nl> Content-Type: multipart/signed; boundary=Apple-Mail-7--2008002; micalg=sha1; protocol="application/pkcs7-signature" Mime-Version: 1.0 (Apple Message framework v936) Date: Sun, 23 Aug 2009 16:53:35 +0300 References: <200908220010.n7M0A419071352@freefall.freebsd.org> <4A8FD99F.1050406@digiware.nl> X-Mailer: Apple Mail (2.936) X-Spam-Status: No, score=-102.6 required=5.0 tests=AWL,BAYES_00,NO_RELAYS, TW_PF,USER_IN_WHITELIST autolearn=ham version=3.2.5 X-Spam-Checker-Version: SpamAssassin 3.2.5 (2008-06-10) on fit.nokia.com X-Content-Filtered-By: Mailman/MimeDel 2.1.5 Cc: "freebsd-ipfw@FreeBSD.org" Subject: Re: bin/117214: ipfw(8) fwd with IPv6 treats input as IPv4 X-BeenThere: freebsd-ipfw@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: IPFW Technical Discussions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sun, 23 Aug 2009 14:06:03 -0000 --Apple-Mail-7--2008002 Content-Type: text/plain; charset=US-ASCII; format=flowed; delsp=yes Content-Transfer-Encoding: 7bit Well, one pretty simple (and not always correct) fix would be to assume that if an address has more than 1 colon, it's IPv6. The correct fix is to generate a small flex parser. Lars On 2009-8-22, at 14:42, Willem Jan Withagen wrote: > Lars Eggert wrote: >> The following reply was made to PR bin/117214; it has been noted by >> GNATS. >> >> From: Lars Eggert >> To: bug-followup@FreeBSD.org, fabian@wenks.ch >> Cc: >> Subject: Re: bin/117214: ipfw(8) fwd with IPv6 treats input as IPv4 >> Date: Sat, 22 Aug 2009 02:27:44 +0300 >> >> I still see this on 7.2-STABLE: >> >> [root@fit: ~] uname -a >> FreeBSD fit.nokia.com 7.2-STABLE FreeBSD 7.2-STABLE #18: Fri Jun 26 >> 15:43:17 EEST 2009 root@fit.nokia.com:/usr/obj/usr/src/sys/FIT >> i386 >> >> [root@fit: ~] ipfw add 64010 fwd 2001:2060:40:1::1 ip6 from >> 2001:2060:40:1::123,2001:2060:40:1::124 to not >> 2001:0708:0040:fff2::1/64 out >> 64010 fwd 0.0.7.209,2060 ip6 from >> 2001:2060:40:1::123,2001:2060:40:1::124 to not >> 2001:708:40:fff2::/64 out >> >> [root@fit: ~] ipfw show 64010 >> 64010 0 0 fwd 0.0.7.209,2060 ip6 from >> 2001:2060:40:1::123,2001:2060:40:1::124 to not >> 2001:708:40:fff2::/64 out > > The trouble is with the :'s and the fact that parsing doen't really > take > care of multiple :'s. > What I considering is changing it in such a way that one is allowed to > specify ipv6 adresses as [a:bc::d] just like it works in firefox (and > other places) > > Question then is do we use [a:bc::d]/48:53 or [a:bc::d/48]:53? > > --WjW --Apple-Mail-7--2008002-- From owner-freebsd-ipfw@FreeBSD.ORG Sun Aug 23 20:25:52 2009 Return-Path: Delivered-To: freebsd-ipfw@FreeBSD.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 5E2D7106568C for ; Sun, 23 Aug 2009 20:25:52 +0000 (UTC) (envelope-from wjw@digiware.nl) Received: from mail.digiware.nl (unknown [IPv6:2001:4cb8:1:106::2]) by mx1.freebsd.org (Postfix) with ESMTP id E783C8FC18 for ; Sun, 23 Aug 2009 20:25:51 +0000 (UTC) Received: from localhost (localhost.digiware.nl [127.0.0.1]) by mail.digiware.nl (Postfix) with ESMTP id 5E491153435; Sun, 23 Aug 2009 22:25:50 +0200 (CEST) X-Virus-Scanned: amavisd-new at digiware.nl Received: from mail.digiware.nl ([127.0.0.1]) by localhost (rack1.digiware.nl [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id Mq7uB0EeDey1; Sun, 23 Aug 2009 22:25:48 +0200 (CEST) Received: from [192.168.10.242] (vaio [192.168.10.242]) by mail.digiware.nl (Postfix) with ESMTP id 96846153434; Sun, 23 Aug 2009 22:25:48 +0200 (CEST) Message-ID: <4A91A5CD.1010901@digiware.nl> Date: Sun, 23 Aug 2009 22:25:49 +0200 From: Willem Jan Withagen Organization: Digiware Management User-Agent: Thunderbird 2.0.0.23 (Windows/20090812) MIME-Version: 1.0 To: Lars Eggert References: <200908220010.n7M0A419071352@freefall.freebsd.org> <4A8FD99F.1050406@digiware.nl> <67526C6C-7C00-4D0F-A987-B9AA42868E59@nokia.com> In-Reply-To: <67526C6C-7C00-4D0F-A987-B9AA42868E59@nokia.com> Content-Type: text/plain; charset=ISO-8859-1; format=flowed Content-Transfer-Encoding: 7bit Cc: "freebsd-ipfw@FreeBSD.org" Subject: Re: bin/117214: ipfw(8) fwd with IPv6 treats input as IPv4 X-BeenThere: freebsd-ipfw@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: IPFW Technical Discussions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sun, 23 Aug 2009 20:25:52 -0000 Lars Eggert wrote: > Well, one pretty simple (and not always correct) fix would be to assume > that if an address has more than 1 colon, it's IPv6. > > The correct fix is to generate a small flex parser. Which will require to spec an real grammar for the tokens. In itself of course a "good thing(tm)" --WjW From owner-freebsd-ipfw@FreeBSD.ORG Mon Aug 24 11:06:58 2009 Return-Path: Delivered-To: freebsd-ipfw@FreeBSD.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 6AA591065694 for ; Mon, 24 Aug 2009 11:06:58 +0000 (UTC) (envelope-from owner-bugmaster@FreeBSD.org) Received: from freefall.freebsd.org (freefall.freebsd.org [IPv6:2001:4f8:fff6::28]) by mx1.freebsd.org (Postfix) with ESMTP id 592B88FC2E for ; Mon, 24 Aug 2009 11:06:58 +0000 (UTC) Received: from freefall.freebsd.org (localhost [127.0.0.1]) by freefall.freebsd.org (8.14.3/8.14.3) with ESMTP id n7OB6whD048627 for ; Mon, 24 Aug 2009 11:06:58 GMT (envelope-from owner-bugmaster@FreeBSD.org) Received: (from gnats@localhost) by freefall.freebsd.org (8.14.3/8.14.3/Submit) id n7OB6vPm048623 for freebsd-ipfw@FreeBSD.org; Mon, 24 Aug 2009 11:06:57 GMT (envelope-from owner-bugmaster@FreeBSD.org) Date: Mon, 24 Aug 2009 11:06:57 GMT Message-Id: <200908241106.n7OB6vPm048623@freefall.freebsd.org> X-Authentication-Warning: freefall.freebsd.org: gnats set sender to owner-bugmaster@FreeBSD.org using -f From: FreeBSD bugmaster To: freebsd-ipfw@FreeBSD.org Cc: Subject: Current problem reports assigned to freebsd-ipfw@FreeBSD.org X-BeenThere: freebsd-ipfw@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: IPFW Technical Discussions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 24 Aug 2009 11:06:58 -0000 Note: to view an individual PR, use: http://www.freebsd.org/cgi/query-pr.cgi?pr=(number). The following is a listing of current problems submitted by FreeBSD users. These represent problem reports covering all versions including experimental development code and obsolete releases. S Tracker Resp. Description -------------------------------------------------------------------------------- o kern/137346 ipfw [ipfw] ipfw nat redirect_proto is broken o kern/137232 ipfw [ipfw] parser troubles o kern/136695 ipfw [ipfw] [patch] fwd reached after skipto in dynamic rul o kern/135476 ipfw [ipfw] IPFW table breaks after adding a large number o o bin/134975 ipfw [patch] ipfw(8) can't work with set in rule file. o kern/132553 ipfw [ipfw] ipfw doesn't understand ftp-data port o kern/131817 ipfw [ipfw] blocks layer2 packets that should not be blocke o kern/131601 ipfw [ipfw] [panic] 7-STABLE panic in nat_finalise (tcp=0) o kern/131558 ipfw [ipfw] Inconsistent "via" ipfw behavior o bin/130132 ipfw [patch] ipfw(8): no way to get mask from ipfw pipe sho o kern/129103 ipfw [ipfw] IPFW check state does not work =( o kern/129093 ipfw [ipfw] ipfw nat must not drop packets o kern/129036 ipfw [ipfw] 'ipfw fwd' does not change outgoing interface n o kern/128260 ipfw [ipfw] [patch] ipfw_divert damages IPv6 packets o kern/127230 ipfw [ipfw] [patch] Feature request to add UID and/or GID l o kern/127209 ipfw [ipfw] IPFW table become corrupted after many changes o bin/125370 ipfw [ipfw] [patch] increase a line buffer limit o conf/123119 ipfw [patch] rc script for ipfw does not handle IPv6 o kern/122963 ipfw [ipfw] tcpdump does not show packets redirected by 'ip s kern/121807 ipfw [request] TCP and UDP port_table in ipfw o kern/121382 ipfw [dummynet]: 6.3-RELEASE-p1 page fault in dummynet (cor o kern/121122 ipfw [ipfw] [patch] add support to ToS IP PRECEDENCE fields o kern/118993 ipfw [ipfw] page fault - probably it's a locking problem o kern/117234 ipfw [ipfw] [patch] ipfw send_pkt() and ipfw_tick() don't s o bin/117214 ipfw ipfw(8) fwd with IPv6 treats input as IPv4 o kern/116009 ipfw [ipfw] [patch] Ignore errors when loading ruleset from p kern/115755 ipfw [ipfw] [patch] unify message and add a rule number whe o bin/115172 ipfw [patch] ipfw(8) list show some rules with a wrong form o docs/113803 ipfw [patch] ipfw(8) - don't get bitten by the fwd rule p kern/113388 ipfw [ipfw] [patch] Addition actions with rules within spec o kern/112708 ipfw [ipfw] ipfw is seems to be broken to limit number of c o kern/112561 ipfw [ipfw] ipfw fwd does not work with some TCP packets o kern/107305 ipfw [ipfw] ipfw fwd doesn't seem to work o kern/105330 ipfw [ipfw] [patch] ipfw (dummynet) does not allow to set q o bin/104921 ipfw [patch] ipfw(8) sometimes treats ipv6 input as ipv4 (a o kern/104682 ipfw [ipfw] [patch] Some minor language consistency fixes a o kern/103454 ipfw [ipfw] [patch] [request] add a facility to modify DF b o kern/103328 ipfw [ipfw] [request] sugestions about ipfw table o kern/102471 ipfw [ipfw] [patch] add tos and dscp support o kern/98831 ipfw [ipfw] ipfw has UDP hickups o kern/97951 ipfw [ipfw] [patch] ipfw does not tie interface details to o kern/97504 ipfw [ipfw] IPFW Rules bug o kern/95084 ipfw [ipfw] [regression] [patch] IPFW2 ignores "recv/xmit/v o kern/93300 ipfw [ipfw] ipfw pipe lost packets o kern/91847 ipfw [ipfw] ipfw with vlanX as the device o kern/88659 ipfw [modules] ipfw and ip6fw do not work properly as modul o kern/87032 ipfw [ipfw] [patch] ipfw ioctl interface implementation o kern/86957 ipfw [ipfw] [patch] ipfw mac logging o kern/82724 ipfw [ipfw] [patch] [request] Add setnexthop and defaultrou s kern/80642 ipfw [ipfw] [patch] ipfw small patch - new RULE OPTION o bin/78785 ipfw [patch] ipfw(8) verbosity locks machine if /etc/rc.fir o kern/74104 ipfw [ipfw] ipfw2/1 conflict not detected or reported, manp o kern/73910 ipfw [ipfw] serious bug on forwarding of packets after NAT o kern/72987 ipfw [ipfw] ipfw/dummynet pipe/queue 'queue [BYTES]KBytes ( o kern/71366 ipfw [ipfw] "ipfw fwd" sometimes rewrites destination mac a o kern/69963 ipfw [ipfw] install_state warning about already existing en o kern/60719 ipfw [ipfw] Headerless fragments generate cryptic error mes o kern/55984 ipfw [ipfw] [patch] time based firewalling support for ipfw o kern/51274 ipfw [ipfw] [patch] ipfw2 create dynamic rules with parent o kern/48172 ipfw [ipfw] [patch] ipfw does not log size and flags o kern/46159 ipfw [ipfw] [patch] [request] ipfw dynamic rules lifetime f a kern/26534 ipfw [ipfw] Add an option to ipfw to log gid/uid of who cau 62 problems total.