From owner-freebsd-ipfw@FreeBSD.ORG Mon Jun 2 04:27:21 2003 Return-Path: Delivered-To: freebsd-ipfw@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 8156337B401; Mon, 2 Jun 2003 04:27:21 -0700 (PDT) Received: from freefall.freebsd.org (freefall.freebsd.org [216.136.204.21]) by mx1.FreeBSD.org (Postfix) with ESMTP id 1E71C43F93; Mon, 2 Jun 2003 04:27:21 -0700 (PDT) (envelope-from maxim@FreeBSD.org) Received: from freefall.freebsd.org (maxim@localhost [127.0.0.1]) by freefall.freebsd.org (8.12.9/8.12.9) with ESMTP id h52BRLUp051986; Mon, 2 Jun 2003 04:27:21 -0700 (PDT) (envelope-from maxim@freefall.freebsd.org) Received: (from maxim@localhost) by freefall.freebsd.org (8.12.9/8.12.9/Submit) id h52BRK3a051982; Mon, 2 Jun 2003 04:27:20 -0700 (PDT) Date: Mon, 2 Jun 2003 04:27:20 -0700 (PDT) From: Maxim Konovalov Message-Id: <200306021127.h52BRK3a051982@freefall.freebsd.org> To: eric@beta.MIT.EDU, maxim@FreeBSD.org, ipfw@FreeBSD.org Subject: Re: kern/51485: "Fatal trap 12" from bridge code with ipfw enabled, when passing a traceroute. X-BeenThere: freebsd-ipfw@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: IPFW Technical Discussions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 02 Jun 2003 11:27:21 -0000 Synopsis: "Fatal trap 12" from bridge code with ipfw enabled, when passing a traceroute. State-Changed-From-To: patched->closed State-Changed-By: maxim State-Changed-When: Mon Jun 2 04:26:07 PDT 2003 State-Changed-Why: -STABLE does not consist a vulnerable code. http://www.freebsd.org/cgi/query-pr.cgi?pr=51485 From owner-freebsd-ipfw@FreeBSD.ORG Mon Jun 2 11:01:31 2003 Return-Path: Delivered-To: freebsd-ipfw@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id C249437B405 for ; Mon, 2 Jun 2003 11:01:30 -0700 (PDT) Received: from freefall.freebsd.org (freefall.freebsd.org [216.136.204.21]) by mx1.FreeBSD.org (Postfix) with ESMTP id 86BC043FAF for ; Mon, 2 Jun 2003 11:01:27 -0700 (PDT) (envelope-from owner-bugmaster@freebsd.org) Received: from freefall.freebsd.org (peter@localhost [127.0.0.1]) by freefall.freebsd.org (8.12.9/8.12.9) with ESMTP id h52I1RUp080584 for ; Mon, 2 Jun 2003 11:01:27 -0700 (PDT) (envelope-from owner-bugmaster@freebsd.org) Received: (from peter@localhost) by freefall.freebsd.org (8.12.9/8.12.9/Submit) id h52I1QXb080578 for ipfw@freebsd.org; Mon, 2 Jun 2003 11:01:26 -0700 (PDT) Date: Mon, 2 Jun 2003 11:01:26 -0700 (PDT) Message-Id: <200306021801.h52I1QXb080578@freefall.freebsd.org> X-Authentication-Warning: freefall.freebsd.org: peter set sender to owner-bugmaster@freebsd.org using -f From: FreeBSD bugmaster To: ipfw@FreeBSD.org Subject: Current problem reports assigned to you X-BeenThere: freebsd-ipfw@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: IPFW Technical Discussions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 02 Jun 2003 18:01:31 -0000 Current FreeBSD problem reports Critical problems S Submitted Tracker Resp. Description ------------------------------------------------------------------------------- o [2003/01/26] kern/47529 ipfw natd/ipfw lose TCP packets for firewalled o [2003/03/23] kern/50216 ipfw kernel panic on 5.0-current when use ipfw 2 problems total. Serious problems S Submitted Tracker Resp. Description ------------------------------------------------------------------------------- o [2002/12/27] kern/46557 ipfw ipfw pipe show fails with lots of queues o [2003/04/18] kern/51132 ipfw kernel part of ipfw1 processes 'to not me o [2003/04/22] kern/51274 ipfw ipfw2 create dynamic rules with parent nu o [2003/04/24] kern/51341 ipfw ipfw rule 'deny icmp from any to any icmp 4 problems total. Non-critical problems S Submitted Tracker Resp. Description ------------------------------------------------------------------------------- a [2001/04/13] kern/26534 ipfw Add an option to ipfw to log gid/uid of w f [2002/01/11] kern/33804 ipfw ipfw bug/problem o [2002/12/07] kern/46080 ipfw [PATCH] logamount in ipfw2 does not defau o [2002/12/10] kern/46159 ipfw ipfw dynamic rules lifetime feature o [2002/12/27] kern/46564 ipfw IPFilter and IPFW processing order is not o [2003/01/05] bin/46785 ipfw [patch] add sets information to ipfw2 -h o [2003/01/15] bin/47120 ipfw [patch] Sanity check in ipfw(8) o [2003/02/06] bin/48015 ipfw make ipfw2 work with iplen ranges o [2003/02/11] kern/48172 ipfw ipfw does not log size and flags o [2003/03/10] kern/49086 ipfw [patch] Make ipfw2 log to different syslo o [2003/03/12] bin/49959 ipfw ipfw tee port rule skips parsing next rul o [2003/04/09] bin/50749 ipfw ipfw2 incorrectly parses ports and port r o [2003/04/20] kern/51182 ipfw ipfw2. -d list shows couters for dynamic o [2003/05/04] bin/51750 ipfw ipfw2.c typos 14 problems total. From owner-freebsd-ipfw@FreeBSD.ORG Tue Jun 3 01:44:04 2003 Return-Path: Delivered-To: freebsd-ipfw@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 8EAE337B401 for ; Tue, 3 Jun 2003 01:44:04 -0700 (PDT) Received: from outmta.abv.bg (gw.netinfo.bg [194.153.145.125]) by mx1.FreeBSD.org (Postfix) with SMTP id 1C27643FA3 for ; Tue, 3 Jun 2003 01:44:02 -0700 (PDT) (envelope-from eivanov@abv.bg) Received: (qmail 6937 invoked from network); 3 Jun 2003 08:43:58 -0000 Received: from storage.ni.bg (HELO webmail.gyuvetch.bg) (192.168.151.33) by 0 with SMTP; 3 Jun 2003 08:43:58 -0000 Received: (qmail 6848 invoked from network); 3 Jun 2003 08:43:56 -0000 Received: from storage.ni.bg (192.168.151.33) by 0 with SMTP; 3 Jun 2003 08:43:56 -0000 Message-ID: <546303870.1054629836663.JavaMail.nobody@storage.ni.bg> Date: Tue, 3 Jun 2003 11:43:56 +0300 (EEST) From: Evgeny Ivanov To: freebsd-ipfw@freebsd.org Mime-Version: 1.0 Content-Type: text/plain; charset="windows-1251" Content-Transfer-Encoding: 7bit X-Mailer: abvmail X-Originating-IP: 212.116.151.18 Subject: IPFW + DUMMYNET X-BeenThere: freebsd-ipfw@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: IPFW Technical Discussions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 03 Jun 2003 08:44:04 -0000 Hello there . :)) The last week I am trying to create a traffic shaping rules on my FBSD BOX . The goal of the rules is to set 2 different type of flows for 2 groups of networks . Example I want to set incoming ( to my local subnet ) speed for { 1.2.3.4 or 2.3.4.5 or 3.4.5.6 } to be up to 256Kbit/s and for all other networks the incoming speed to be 64Kbit/s . The rules looks like that : ipdw add skipto 1000 pipe 1 all from any to mylocalnet in ipfw add pipe 1 all from { 1.2.3.4 or 2.3.4.5 or 3.4.5.6 } to any in ipfw add pipe 2 all from any to mylocalnet in ipfw pipe 1 config ipfw pipe 2 config . But the thing is not working . Can you please give me some advice - where the hell I am wrong . :)) Thanks in advance . Regards Evgeny ----------------------------------------------------------------- http://kino.GBG.bg - ÍÀ×ÀËÎ | ÊÈÍÎ ÏÐÅÌÈÅÐÈ | ÏÐÎÃÐÀÌÀÒÀ | ÍÎÂÈÍÈ | DVD È ÂÈÄÅÎ | ÊÈÍÎ ÈÑÒÎÐÈß From owner-freebsd-ipfw@FreeBSD.ORG Thu Jun 5 03:13:18 2003 Return-Path: Delivered-To: freebsd-ipfw@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 1EB1C37B401 for ; Thu, 5 Jun 2003 03:13:18 -0700 (PDT) Received: from smtp.hotbox.ru (smtp.hotbox.ru [80.68.244.50]) by mx1.FreeBSD.org (Postfix) with ESMTP id C110843FA3 for ; Thu, 5 Jun 2003 03:13:16 -0700 (PDT) (envelope-from nev@hotbox.ru) Received: from builder.site2you.loc ([193.220.59.72]) (authenticated bits=0) by smtp.hotbox.ru (8.12.9/8.12.9) with ESMTP id h55A2VLs091228 for ; Thu, 5 Jun 2003 14:02:36 +0400 (MSD) (envelope-from nev@hotbox.ru) Date: Thu, 5 Jun 2003 13:15:43 +0300 From: Andrew B To: freebsd-ipfw Message-Id: <20030605131543.266dfaba.nev@hotbox.ru> Organization: s2y X-Mailer: Sylpheed version 0.8.6 (GTK+ 1.2.10; i386-portbld-freebsd5.0) Mime-Version: 1.0 Content-Type: text/plain; charset=US-ASCII Content-Transfer-Encoding: 7bit Subject: IPFW OUCH! cannot remove rule, count 1 X-BeenThere: freebsd-ipfw@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: IPFW Technical Discussions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 05 Jun 2003 10:13:18 -0000 Hello. I have FreeBSD 4.7-RELEASE and I use ipfw to limit connections to my web server. The rules are: allow tcp from any to me 80 limit src-addr 50 in recv em0 allow tcp from me 80 to any out xmit em0 But it seems that dynamic rules are not removing cleanly so i can see thess messages: Jun 5 05:53:29 www /kernel: OUCH! cannot remove rule, count 1 Jun 5 05:53:29 www /kernel: OUCH! cannot remove rule, count 2 I found this in ip_fw.c: if (pass == 1) /* should not happen */ printf("OUCH! cannot remove rule, count %d\n", So this never should happen. Could anyone help me with my problem? Best Regards. From owner-freebsd-ipfw@FreeBSD.ORG Thu Jun 5 04:10:20 2003 Return-Path: Delivered-To: freebsd-ipfw@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id D89E137B404 for ; Thu, 5 Jun 2003 04:10:20 -0700 (PDT) Received: from genua.rfc-networks.ie (genua.rfc-networks.ie [62.77.182.178]) by mx1.FreeBSD.org (Postfix) with ESMTP id EF3CC43FA3 for ; Thu, 5 Jun 2003 04:10:19 -0700 (PDT) (envelope-from philip.reynolds@rfc-networks.ie) Received: from tear.domain (unknown [10.0.1.254]) by genua.rfc-networks.ie (Postfix) with ESMTP id 81B6A54872 for ; Thu, 5 Jun 2003 12:10:17 +0100 (IST) Received: by tear.domain (Postfix, from userid 1000) id EC2BF21150; Thu, 5 Jun 2003 11:10:17 +0000 (GMT) Date: Thu, 5 Jun 2003 11:10:17 +0000 From: Philip Reynolds To: freebsd-ipfw@freebsd.org Message-ID: <20030605111017.GB64530@rfc-networks.ie> References: <20030605131543.266dfaba.nev@hotbox.ru> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <20030605131543.266dfaba.nev@hotbox.ru> X-Operating-System: FreeBSD 4.7-STABLE X-URL: http://www.rfc-networks.ie Subject: Re: IPFW OUCH! cannot remove rule, count 1 X-BeenThere: freebsd-ipfw@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list Reply-To: philip.reynolds@rfc-networks.ie List-Id: IPFW Technical Discussions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 05 Jun 2003 11:10:21 -0000 Andrew B 31 lines of wisdom included: > allow tcp from any to me 80 limit src-addr 50 in recv em0 > allow tcp from me 80 to any out xmit em0 > > But it seems that dynamic rules are not removing cleanly so > i can see thess messages: > > Jun 5 05:53:29 www /kernel: OUCH! cannot remove rule, count 1 > Jun 5 05:53:29 www /kernel: OUCH! cannot remove rule, count 2 > > > I found this in ip_fw.c: > > if (pass == 1) /* should not happen */ > printf("OUCH! cannot remove rule, count %d\n", Can you CVSup, there were problems with limit in previous releases, newer versions fix this IIRC. Phil. -- Philip Reynolds | RFC Networks Ltd. philip.reynolds@rfc-networks.ie | +353 (0)1 8832063 http://people.rfc-networks.ie/~phil | www.rfc-networks.ie