From owner-freebsd-bugs@FreeBSD.ORG Fri Apr 18 10:10:15 2003 Return-Path: Delivered-To: freebsd-bugs@hub.freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 3460D37B401 for ; Fri, 18 Apr 2003 10:10:15 -0700 (PDT) Received: from freefall.freebsd.org (freefall.freebsd.org [216.136.204.21]) by mx1.FreeBSD.org (Postfix) with ESMTP id 06FD243FE5 for ; Fri, 18 Apr 2003 10:10:14 -0700 (PDT) (envelope-from gnats@FreeBSD.org) Received: from freefall.freebsd.org (gnats@localhost [127.0.0.1]) by freefall.freebsd.org (8.12.9/8.12.9) with ESMTP id h3IHADUp072071 for ; Fri, 18 Apr 2003 10:10:13 -0700 (PDT) (envelope-from gnats@freefall.freebsd.org) Received: (from gnats@localhost) by freefall.freebsd.org (8.12.9/8.12.9/Submit) id h3IHADeT072070; Fri, 18 Apr 2003 10:10:13 -0700 (PDT) Resent-Date: Fri, 18 Apr 2003 10:10:13 -0700 (PDT) Resent-Message-Id: <200304181710.h3IHADeT072070@freefall.freebsd.org> Resent-From: FreeBSD-gnats-submit@FreeBSD.org (GNATS Filer) Resent-To: freebsd-bugs@FreeBSD.org Resent-Reply-To: FreeBSD-gnats-submit@FreeBSD.org, Eugene Grosbein Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 670F337B401 for ; Fri, 18 Apr 2003 10:05:12 -0700 (PDT) Received: from grosbein.pp.ru (D00015.dialonly.kemerovo.su [213.184.66.105]) by mx1.FreeBSD.org (Postfix) with ESMTP id 6236743F93 for ; Fri, 18 Apr 2003 10:03:48 -0700 (PDT) (envelope-from eugen@grosbein.pp.ru) Received: from grosbein.pp.ru (smmsp@localhost [127.0.0.1]) by grosbein.pp.ru (8.12.9/8.12.7) with ESMTP id h3IH3Xo6002448 for ; Sat, 19 Apr 2003 01:03:33 +0800 (KRAST) (envelope-from eugen@grosbein.pp.ru) Received: (from eugen@localhost) by grosbein.pp.ru (8.12.9/8.12.9/Submit) id h3IH04O1002397; Sat, 19 Apr 2003 01:00:04 +0800 (KRAST) Message-Id: <200304181700.h3IH04O1002397@grosbein.pp.ru> Date: Sat, 19 Apr 2003 01:00:04 +0800 (KRAST) From: Eugene Grosbein To: FreeBSD-gnats-submit@FreeBSD.org X-Send-Pr-Version: 3.113 Subject: kern/51132: kernel part of ipfw1 processes 'to not me in recv rl0' incorrectly X-BeenThere: freebsd-bugs@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Bug reports List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 18 Apr 2003 17:10:15 -0000 >Number: 51132 >Category: kern >Synopsis: kernel part of ipfw1 processes 'to not me in recv rl0' incorrectly >Confidential: no >Severity: serious >Priority: high >Responsible: freebsd-bugs >State: open >Quarter: >Keywords: >Date-Required: >Class: sw-bug >Submitter-Id: current-users >Arrival-Date: Fri Apr 18 10:10:13 PDT 2003 >Closed-Date: >Last-Modified: >Originator: Eugene Grosbein >Release: FreeBSD 4.8-RC i386 >Organization: Svyaz Service JSC >Environment: System: FreeBSD gw3.svzserv.kemerovo.su 4.8-RC FreeBSD 4.8-RC #0: Wed Apr 2 12:05:11 KRAST 2003 sa@gw3.svzserv.kemerovo.su:/home/obj/usr/src/sys/GW3 i386 ipfw1 >Description: One of my routers has gif tunnel with another FreeBSD 4.8-RC system. The gif0 has 'inet 172.20.15.14' and works nice. The other side of the tunnel has 'inet 172.20.15.13' Now I'm trying to implement policy routing and direct all transit traffic coming from rl0 into the tunnel. So I use ipfw add 2000 fwd 172.20.15.13 ip from any to not me via rl0 in. It does NOT match any packet while 'to any via rl0 in' does. The workaround is to avoid using 'to not me' here. Let's see ipfw show and look at bad things: 01990 20 940 deny ip from any to me 01993 0 0 count ip from any to me in recv rl0 01995 0 0 fwd 172.20.15.13 ip from any to not me in recv rl0 02000 109658 5813420 fwd 172.20.15.13 ip from any to any in recv rl0 65000 295571 40747130 allow ip from any to any The rule 1990 blocks 'to me' packets via rl0. The rule 1995 is the one that should match other packets, it does not. The rule 2000 is here as workaround. >How-To-Repeat: See above. >Fix: Unknown to me. The workaroung is not to use 'to not me' in such cases. Eugene Grosbein >Release-Note: >Audit-Trail: >Unformatted: