date:20170228

[Bug 217391] [ipfw] [panic] erroneous ipfw rule triggers KASSERT

2017-02-28 Thread bugzilla-noreply

https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=217391

Mark Linimon  changed:

   What|Removed |Added

   Assignee|freebsd-b...@freebsd.org|freebsd-ipfw@FreeBSD.org

-- 
You are receiving this mail because:
You are the assignee for the bug.
___
freebsd-ipfw@freebsd.org mailing list
https://lists.freebsd.org/mailman/listinfo/freebsd-ipfw
To unsubscribe, send any mail to "freebsd-ipfw-unsubscr...@freebsd.org"

Re: dummynet loses ports mask bits

2017-02-28 Thread Julian Elischer


On 1/3/17 1:54 am, Julian Elischer wrote:

On 1/3/17 1:46 am, Luigi Rizzo wrote:
On Tue, Feb 28, 2017 at 9:27 AM, Julian Elischer 
 wrote:
In the following example it appears that the mask bits for the 
port number

are lost.
before I raise a bug.. is there anyone who can see that I am doing 
anything

wrong?

I'm not sure what the q131053 stuff is about either, but..

q131053 is the internal name for the queue associated with the pipe
(pipe# + 0x1).
I am not sure if the mask supports ip/port notation (dst-ip covers
only the address part).
Of course the real bug is that the parser should be more strict and 
complain
about extra/ignored fields. But the ipfw parser is full of these 
things.


cheers
luigi


my error is I should have used dst-port 0x000f  not /0x000f
 seems to be working now



--
FreeBSD fb10-cc03.kumo.com 10.3-RELEASE-p16 : Wed Feb 22 14:40:53 
UTC 2017

amd64

fb10-cc03# ipfw pipe 11 config mask dst-ip 0x00ff/0x0fff bw 
200Kbit/s


fb10-cc03# ipfw pipe show
00011: 200.000 Kbit/s0 ms burst 0
q131083  50 sl. 0 flows (1 buckets) sched 65547 weight 0 lmax 0 pri 0
droptail
  sched 65547 type FIFO flags 0x1 64 buckets 0 active
 mask:  0x00 0x/0x -> 0x00ff/0x





btw ipfw pipe show
only shows queues currently active. is there a way to see 'queues 
active in the last few seconds"?




___
freebsd-ipfw@freebsd.org mailing list
https://lists.freebsd.org/mailman/listinfo/freebsd-ipfw
To unsubscribe, send any mail to "freebsd-ipfw-unsubscr...@freebsd.org"



___
freebsd-ipfw@freebsd.org mailing list
https://lists.freebsd.org/mailman/listinfo/freebsd-ipfw
To unsubscribe, send any mail to "freebsd-ipfw-unsubscr...@freebsd.org"

Re: dummynet loses ports mask bits

2017-02-28 Thread Julian Elischer


On 1/3/17 1:46 am, Luigi Rizzo wrote:

On Tue, Feb 28, 2017 at 9:27 AM, Julian Elischer  wrote:

In the following example it appears that the mask bits for the port number
are lost.
before I raise a bug.. is there anyone who can see that I am doing anything
wrong?

I'm not sure what the q131053 stuff is about either, but..

q131053 is the internal name for the queue associated with the pipe
(pipe# + 0x1).
I am not sure if the mask supports ip/port notation (dst-ip covers
only the address part).
Of course the real bug is that the parser should be more strict and complain
about extra/ignored fields. But the ipfw parser is full of these things.

cheers
luigi


my error is I should have used dst-port 0x000f  not /0x000f
 seems to be working now



--
FreeBSD fb10-cc03.kumo.com 10.3-RELEASE-p16 : Wed Feb 22 14:40:53 UTC 2017
amd64

fb10-cc03# ipfw pipe 11 config mask dst-ip 0x00ff/0x0fff bw 200Kbit/s

fb10-cc03# ipfw pipe show
00011: 200.000 Kbit/s0 ms burst 0
q131083  50 sl. 0 flows (1 buckets) sched 65547 weight 0 lmax 0 pri 0
droptail
  sched 65547 type FIFO flags 0x1 64 buckets 0 active
 mask:  0x00 0x/0x -> 0x00ff/0x






___
freebsd-ipfw@freebsd.org mailing list
https://lists.freebsd.org/mailman/listinfo/freebsd-ipfw
To unsubscribe, send any mail to "freebsd-ipfw-unsubscr...@freebsd.org"

Re: dummynet loses ports mask bits

2017-02-28 Thread Julian Elischer


On 1/3/17 1:27 am, Julian Elischer wrote:
In the following example it appears that the mask bits for the port 
number are lost.
before I raise a bug.. is there anyone who can see that I am doing 
anything wrong?


just realised I'm using wrong syntax   need "mask dst-port"
fooled by the fact there was no error.



I'm not sure what the q131053 stuff is about either, but..

--
FreeBSD fb10-cc03.kumo.com 10.3-RELEASE-p16 : Wed Feb 22 14:40:53 
UTC 2017  amd64


fb10-cc03# ipfw pipe 11 config mask dst-ip 0x00ff/0x0fff bw 
200Kbit/s


fb10-cc03# ipfw pipe show
00011: 200.000 Kbit/s0 ms burst 0
q131083  50 sl. 0 flows (1 buckets) sched 65547 weight 0 lmax 0 pri 
0 droptail

 sched 65547 type FIFO flags 0x1 64 buckets 0 active
mask:  0x00 0x/0x -> 0x00ff/0x

___
freebsd-ipfw@freebsd.org mailing list
https://lists.freebsd.org/mailman/listinfo/freebsd-ipfw
To unsubscribe, send any mail to "freebsd-ipfw-unsubscr...@freebsd.org"



___
freebsd-ipfw@freebsd.org mailing list
https://lists.freebsd.org/mailman/listinfo/freebsd-ipfw
To unsubscribe, send any mail to "freebsd-ipfw-unsubscr...@freebsd.org"

Re: dummynet loses ports mask bits

2017-02-28 Thread Luigi Rizzo

On Tue, Feb 28, 2017 at 9:27 AM, Julian Elischer  wrote:
> In the following example it appears that the mask bits for the port number
> are lost.
> before I raise a bug.. is there anyone who can see that I am doing anything
> wrong?
>
> I'm not sure what the q131053 stuff is about either, but..

q131053 is the internal name for the queue associated with the pipe
(pipe# + 0x1).
I am not sure if the mask supports ip/port notation (dst-ip covers
only the address part).
Of course the real bug is that the parser should be more strict and complain
about extra/ignored fields. But the ipfw parser is full of these things.

cheers
luigi

> --
> FreeBSD fb10-cc03.kumo.com 10.3-RELEASE-p16 : Wed Feb 22 14:40:53 UTC 2017
> amd64
>
> fb10-cc03# ipfw pipe 11 config mask dst-ip 0x00ff/0x0fff bw 200Kbit/s
>
> fb10-cc03# ipfw pipe show
> 00011: 200.000 Kbit/s0 ms burst 0
> q131083  50 sl. 0 flows (1 buckets) sched 65547 weight 0 lmax 0 pri 0
> droptail
>  sched 65547 type FIFO flags 0x1 64 buckets 0 active
> mask:  0x00 0x/0x -> 0x00ff/0x
>



-- 
-+---
 Prof. Luigi RIZZO, ri...@iet.unipi.it  . Dip. di Ing. dell'Informazione
 http://www.iet.unipi.it/~luigi/. Universita` di Pisa
 TEL  +39-050-2217533   . via Diotisalvi 2
 Mobile   +39-338-6809875   . 56122 PISA (Italy)
-+---
___
freebsd-ipfw@freebsd.org mailing list
https://lists.freebsd.org/mailman/listinfo/freebsd-ipfw
To unsubscribe, send any mail to "freebsd-ipfw-unsubscr...@freebsd.org"

dummynet loses ports mask bits

2017-02-28 Thread Julian Elischer

In the following example it appears that the mask bits for the port 
number are lost.
before I raise a bug.. is there anyone who can see that I am doing 
anything wrong?


I'm not sure what the q131053 stuff is about either, but..

--
FreeBSD fb10-cc03.kumo.com 10.3-RELEASE-p16 : Wed Feb 22 14:40:53 UTC 
2017  amd64


fb10-cc03# ipfw pipe 11 config mask dst-ip 0x00ff/0x0fff bw 200Kbit/s

fb10-cc03# ipfw pipe show
00011: 200.000 Kbit/s0 ms burst 0
q131083  50 sl. 0 flows (1 buckets) sched 65547 weight 0 lmax 0 pri 0 
droptail

 sched 65547 type FIFO flags 0x1 64 buckets 0 active
mask:  0x00 0x/0x -> 0x00ff/0x

___
freebsd-ipfw@freebsd.org mailing list
https://lists.freebsd.org/mailman/listinfo/freebsd-ipfw
To unsubscribe, send any mail to "freebsd-ipfw-unsubscr...@freebsd.org"

[Bug 216719] panic: ipfw_check_frame: unknown retval - while trying to ipfw nat incoming packet without translation state (can be L2 firewall related)

2017-02-28 Thread bugzilla-noreply

https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=216719

smi...@nimnet.asn.au changed:

   What|Removed |Added

 CC||smi...@nimnet.asn.au

--- Comment #2 from smi...@nimnet.asn.au ---
(In reply to bsd from comment #1)

You have set net.link.ether.ipfw=1b

Are you using any rules for layer2 ?  If not, set that to 0.  If so,
likely best to follow the example in ipfw(8) /PACKET FLOW to separate
layer2 from layer 3 processing, otherwise every rule is tested on
both layer2 and layer 3 passes, i.e. usually on each of 4 passes.

Which is why adding 'not layer2'  to the nat rule fixed it here, but
other dragons may lie hidden in other rules checked at both layers.

But of course, it shouldn't panic .. backtrace looks all layer2.

-- 
You are receiving this mail because:
You are the assignee for the bug.
___
freebsd-ipfw@freebsd.org mailing list
https://lists.freebsd.org/mailman/listinfo/freebsd-ipfw
To unsubscribe, send any mail to "freebsd-ipfw-unsubscr...@freebsd.org"

[Bug 216719] panic: ipfw_check_frame: unknown retval - while trying to ipfw nat incoming packet without translation state (can be L2 firewall related)

2017-02-28 Thread bugzilla-noreply

https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=216719

--- Comment #1 from b...@kobyla.org ---
Adding the "not layer2" to ipfw nat rule helps to avoid this problem

-- 
You are receiving this mail because:
You are the assignee for the bug.
___
freebsd-ipfw@freebsd.org mailing list
https://lists.freebsd.org/mailman/listinfo/freebsd-ipfw
To unsubscribe, send any mail to "freebsd-ipfw-unsubscr...@freebsd.org"

[Bug 217391] [ipfw] [panic] erroneous ipfw rule triggers KASSERT

Re: dummynet loses ports mask bits

Re: dummynet loses ports mask bits

Re: dummynet loses ports mask bits

Re: dummynet loses ports mask bits

dummynet loses ports mask bits

[Bug 216719] panic: ipfw_check_frame: unknown retval - while trying to ipfw nat incoming packet without translation state (can be L2 firewall related)

[Bug 216719] panic: ipfw_check_frame: unknown retval - while trying to ipfw nat incoming packet without translation state (can be L2 firewall related)

8 matches

Site Navigation

Mail list logo

Footer information