From owner-freebsd-ipfw@FreeBSD.ORG Mon Dec 8 11:06:57 2008 Return-Path: Delivered-To: freebsd-ipfw@FreeBSD.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id DD03B1065679 for ; Mon, 8 Dec 2008 11:06:57 +0000 (UTC) (envelope-from owner-bugmaster@FreeBSD.org) Received: from freefall.freebsd.org (freefall.freebsd.org [IPv6:2001:4f8:fff6::28]) by mx1.freebsd.org (Postfix) with ESMTP id CA45F8FC26 for ; Mon, 8 Dec 2008 11:06:57 +0000 (UTC) (envelope-from owner-bugmaster@FreeBSD.org) Received: from freefall.freebsd.org (localhost [127.0.0.1]) by freefall.freebsd.org (8.14.3/8.14.3) with ESMTP id mB8B6vHv014295 for ; Mon, 8 Dec 2008 11:06:57 GMT (envelope-from owner-bugmaster@FreeBSD.org) Received: (from gnats@localhost) by freefall.freebsd.org (8.14.3/8.14.3/Submit) id mB8B6vKj014291 for freebsd-ipfw@FreeBSD.org; Mon, 8 Dec 2008 11:06:57 GMT (envelope-from owner-bugmaster@FreeBSD.org) Date: Mon, 8 Dec 2008 11:06:57 GMT Message-Id: <200812081106.mB8B6vKj014291@freefall.freebsd.org> X-Authentication-Warning: freefall.freebsd.org: gnats set sender to owner-bugmaster@FreeBSD.org using -f From: FreeBSD bugmaster To: freebsd-ipfw@FreeBSD.org Cc: Subject: Current problem reports assigned to freebsd-ipfw@FreeBSD.org X-BeenThere: freebsd-ipfw@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: IPFW Technical Discussions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 08 Dec 2008 11:06:57 -0000 Note: to view an individual PR, use: http://www.freebsd.org/cgi/query-pr.cgi?pr=(number). The following is a listing of current problems submitted by FreeBSD users. These represent problem reports covering all versions including experimental development code and obsolete releases. S Tracker Resp. Description -------------------------------------------------------------------------------- o kern/129103 ipfw [ipfw] IPFW check state does not work =( o kern/129093 ipfw [ipfw] ipfw nat must not drop packets o kern/129036 ipfw [ipfw] 'ipfw fwd' does not change outgoing interface n o kern/128260 ipfw [ipfw] [patch] ipfw_divert damages IPv6 packets o kern/127230 ipfw [ipfw] [patch] Feature request to add UID and/or GID l o kern/127209 ipfw [ipfw] IPFW table become corrupted after many changes o bin/125370 ipfw [ipfw] [patch] increase a line buffer limit o conf/123119 ipfw [patch] rc script for ipfw does not handle IPv6 o kern/122963 ipfw [ipfw] tcpdump does not show packets redirected by 'ip s kern/121807 ipfw [request] TCP and UDP port_table in ipfw o kern/121382 ipfw [dummynet]: 6.3-RELEASE-p1 page fault in dummynet (cor o kern/121122 ipfw [ipfw] [patch] add support to ToS IP PRECEDENCE fields o kern/118993 ipfw [ipfw] page fault - probably it's a locking problem o kern/117234 ipfw [ipfw] [patch] ipfw send_pkt() and ipfw_tick() don't s o kern/116009 ipfw [ipfw] [patch] Ignore errors when loading ruleset from p kern/115755 ipfw [ipfw][patch] unify message and add a rule number wher o bin/115172 ipfw [patch] ipfw(8) list show some rules with a wrong form o docs/113803 ipfw [patch] ipfw(8) - don't get bitten by the fwd rule p kern/113388 ipfw [ipfw][patch] Addition actions with rules within speci o kern/112708 ipfw [ipfw] ipfw is seems to be broken to limit number of c o kern/112561 ipfw [ipfw] ipfw fwd does not work with some TCP packets o kern/107305 ipfw [ipfw] ipfw fwd doesn't seem to work o kern/105330 ipfw [ipfw] [patch] ipfw (dummynet) does not allow to set q o bin/104921 ipfw [patch] ipfw(8) sometimes treats ipv6 input as ipv4 (a o kern/104682 ipfw [ipfw] [patch] Some minor language consistency fixes a o kern/103454 ipfw [ipfw] [patch] [request] add a facility to modify DF b o kern/103328 ipfw [ipfw] [request] sugestions about ipfw table o kern/102471 ipfw [ipfw] [patch] add tos and dscp support o kern/98831 ipfw [ipfw] ipfw has UDP hickups o kern/97951 ipfw [ipfw] [patch] ipfw does not tie interface details to o kern/97504 ipfw [ipfw] IPFW Rules bug o kern/95084 ipfw [ipfw] [regression] [patch] IPFW2 ignores "recv/xmit/v o kern/93300 ipfw [ipfw] ipfw pipe lost packets o kern/91847 ipfw [ipfw] ipfw with vlanX as the device o kern/88659 ipfw [modules] ipfw and ip6fw do not work properly as modul o kern/87032 ipfw [ipfw] [patch] ipfw ioctl interface implementation o kern/86957 ipfw [ipfw] [patch] ipfw mac logging o kern/82724 ipfw [ipfw] [patch] [request] Add setnexthop and defaultrou s kern/80642 ipfw [ipfw] [patch] ipfw small patch - new RULE OPTION o bin/78785 ipfw [patch] ipfw(8) verbosity locks machine if /etc/rc.fir o kern/74104 ipfw [ipfw] ipfw2/1 conflict not detected or reported, manp o kern/73910 ipfw [ipfw] serious bug on forwarding of packets after NAT o kern/72987 ipfw [ipfw] ipfw/dummynet pipe/queue 'queue [BYTES]KBytes ( o kern/71366 ipfw [ipfw] "ipfw fwd" sometimes rewrites destination mac a o kern/69963 ipfw [ipfw] install_state warning about already existing en o kern/60719 ipfw [ipfw] Headerless fragments generate cryptic error mes o kern/55984 ipfw [ipfw] [patch] time based firewalling support for ipfw o kern/51274 ipfw [ipfw] [patch] ipfw2 create dynamic rules with parent o kern/48172 ipfw [ipfw] [patch] ipfw does not log size and flags o kern/46159 ipfw [ipfw] [patch] [request] ipfw dynamic rules lifetime f a kern/26534 ipfw [ipfw] Add an option to ipfw to log gid/uid of who cau 51 problems total. From owner-freebsd-ipfw@FreeBSD.ORG Mon Dec 8 12:05:30 2008 Return-Path: Delivered-To: freebsd-ipfw@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id CC02C106564A for ; Mon, 8 Dec 2008 12:05:30 +0000 (UTC) (envelope-from avg@icyb.net.ua) Received: from citadel.icyb.net.ua (citadel.icyb.net.ua [212.40.38.140]) by mx1.freebsd.org (Postfix) with ESMTP id D978F8FC22 for ; Mon, 8 Dec 2008 12:05:29 +0000 (UTC) (envelope-from avg@icyb.net.ua) Received: from odyssey.starpoint.kiev.ua (alpha-e.starpoint.kiev.ua [212.40.38.101]) by citadel.icyb.net.ua (8.8.8p3/ICyb-2.3exp) with ESMTP id NAA07006; Mon, 08 Dec 2008 13:52:10 +0200 (EET) (envelope-from avg@icyb.net.ua) Message-ID: <493D0A6A.7060102@icyb.net.ua> Date: Mon, 08 Dec 2008 13:52:10 +0200 From: Andriy Gapon User-Agent: Thunderbird 2.0.0.18 (X11/20081124) MIME-Version: 1.0 To: FreeBSD Stable , freebsd-ipfw@freebsd.org References: <4937B194.1020606@icyb.net.ua> In-Reply-To: <4937B194.1020606@icyb.net.ua> Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 7bit Cc: Subject: Re: rc.firewall: default loopback rules are set up even for custom file X-BeenThere: freebsd-ipfw@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: IPFW Technical Discussions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 08 Dec 2008 12:05:30 -0000 on 04/12/2008 12:31 Andriy Gapon said the following: > I've just realized that I see in releng/7 something that I did not see > in releng/6 - even if I use a file with custom rules in firewall_type I > still get default loopback rules installed. > I think that this is not correct, I am using custom rules exactly > because I want to control *everything* (e.g. all deny rules come with > log logamount xxx). > Comments? -- Andriy Gapon From owner-freebsd-ipfw@FreeBSD.ORG Mon Dec 8 21:45:52 2008 Return-Path: Delivered-To: freebsd-ipfw@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 7C3361065670 for ; Mon, 8 Dec 2008 21:45:52 +0000 (UTC) (envelope-from dado@cnt.korolev-net.ru) Received: from cnt.korolev-net.ru (mail.korolev-net.ru [89.222.185.1]) by mx1.freebsd.org (Postfix) with ESMTP id 3944C8FC1F for ; Mon, 8 Dec 2008 21:45:51 +0000 (UTC) (envelope-from dado@cnt.korolev-net.ru) Received: by cnt.korolev-net.ru (Postfix, from userid 100) id CC3732ABA3F; Tue, 9 Dec 2008 00:20:24 +0300 (MSK) Date: Tue, 9 Dec 2008 00:20:24 +0300 From: Evgenii Davidov To: freebsd-ipfw@freebsd.org Message-ID: <20081208212024.GD87800@korolev-net.ru> Mime-Version: 1.0 Content-Type: text/plain; charset=koi8-r Content-Disposition: inline User-Agent: Mutt/1.4.2.1i Subject: kernel nat memory usage? X-BeenThere: freebsd-ipfw@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: IPFW Technical Discussions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 08 Dec 2008 21:45:52 -0000 tell me please: does kernel nat in ipfw have a memory leak like ng_nat+libalias: http://www.freebsd.org/cgi/query-pr.cgi?pr=kern/115526 ? i haven't tested it yet thank you -- Evgenii V Davidov From owner-freebsd-ipfw@FreeBSD.ORG Tue Dec 9 21:43:46 2008 Return-Path: Delivered-To: freebsd-ipfw@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id DCF1A1065675 for ; Tue, 9 Dec 2008 21:43:46 +0000 (UTC) (envelope-from p.pisati@oltrelinux.com) Received: from jack.mail.tiscali.it (jack.mail.tiscali.it [213.205.33.53]) by mx1.freebsd.org (Postfix) with ESMTP id 9C8008FC12 for ; Tue, 9 Dec 2008 21:43:46 +0000 (UTC) (envelope-from p.pisati@oltrelinux.com) Received: from newluxor.wired.org (94.36.90.120) by jack.mail.tiscali.it (8.0.022) id 48F7481002B6D80B; Tue, 9 Dec 2008 22:32:27 +0100 Message-ID: <493EE3EA.7090500@oltrelinux.com> Date: Tue, 09 Dec 2008 22:32:26 +0100 From: Paolo Pisati User-Agent: Thunderbird 2.0.0.17 (X11/20081115) MIME-Version: 1.0 To: Evgenii Davidov References: <20081208212024.GD87800@korolev-net.ru> In-Reply-To: <20081208212024.GD87800@korolev-net.ru> Content-Type: text/plain; charset=KOI8-R; format=flowed Content-Transfer-Encoding: 7bit Cc: freebsd-ipfw@freebsd.org Subject: Re: kernel nat memory usage? X-BeenThere: freebsd-ipfw@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: IPFW Technical Discussions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 09 Dec 2008 21:43:46 -0000 Evgenii Davidov wrote: > tell me please: > > does kernel nat in ipfw have a memory leak like ng_nat+libalias: > http://www.freebsd.org/cgi/query-pr.cgi?pr=kern/115526 > ? > i haven't tested it yet > i've never been able to reproduce that bug: i resemble there was a memory leak/a resource was never returned in libalias, but it was plugged months ago. could you update that box (7.x or HEAD) and try again? bye, P.