From emoc@scr3am.com Wed Sep 22 13:39:25 1999
Return-Path: <emoc@scr3am.com>
Received: from ego.scr3am.com (ns.scr3am.com [209.235.34.130])
	by hub.freebsd.org (Postfix) with ESMTP id 1E74A151B9
	for <FreeBSD-gnats-submit@freebsd.org>; Wed, 22 Sep 1999 13:39:16 -0700 (PDT)
	(envelope-from emoc@scr3am.com)
Received: from localhost (emoc@localhost)
	by ego.scr3am.com (8.9.3/8.9.3+pZ!) with ESMTP id QAA08957
	for <FreeBSD-gnats-submit@freebsd.org>; Wed, 22 Sep 1999 16:53:02 -0400
Message-Id: <Pine.LNX.4.10.9909221649560.8279-100000@ego.scr3am.com>
Date: Wed, 22 Sep 1999 16:53:02 -0400 (EDT)
From: emoc the phearless <emoc@scr3am.com>
To: FreeBSD-gnats-submit@freebsd.org
Subject: rc, dummynet.4 changes

>Number:         13907
>Category:       conf
>Synopsis:       dummynet.4 correction, rc addition of
>Confidential:   no
>Severity:       non-critical
>Priority:       low
>Responsible:    freebsd-bugs
>State:          closed
>Quarter:        
>Keywords:       
>Date-Required:  
>Class:          change-request
>Submitter-Id:   current-users
>Arrival-Date:   Wed Sep 22 13:40:00 PDT 1999
>Closed-Date:    Fri Jul 14 05:44:21 PDT 2000
>Last-Modified:  Fri Jul 14 05:46:27 PDT 2000
>Originator:     Matthew George
>Release:        FreeBSD 3.3-STABLE i386
>Organization:
<Organization of PR author (multiple lines)>
>Environment:



>Description:

        dummynet.4 has the incorrect sysctl listed to disable one_pass

        rc.firewall and defaults/rc.conf are modified to enable disabling
        one_pass by setting net.inet.ip.fw.one_pass to 0

        one_pass is used with dummynet in order to define whether packets
        are accepted once they match a pipe (this is the default behavior).
        If one_pass is set to 0, the packet is reinjected into the rules
        immediately following the pipe that it matched and will be tested
        against the remainder of the ruleset.

>How-To-Repeat:



>Fix:
        
*** man4/dummynet.4.orig        Tue Sep 21 19:57:15 1999
--- man4/dummynet.4     Tue Sep 21 19:57:47 1999
***************
*** 89,95 ****
  are reinjected into the protocol stack at the same point they came
  from (i.e. ip_input(), ip_output(), bdg_forward() ).
  Depending on the setting of the sysctl variable
!    sys.net.inet.ipfw.one_pass
  Packets coming from a pipe can be either forwarded to their
  destination, or passed again through the
  .Nm ipfw
--- 89,95 ----
  are reinjected into the protocol stack at the same point they came
  from (i.e. ip_input(), ip_output(), bdg_forward() ).
  Depending on the setting of the sysctl variable
!    net.inet.ip.fw.one_pass
  Packets coming from a pipe can be either forwarded to their
  destination, or passed again through the
  .Nm ipfw

*** defaults/rc.conf.orig       Tue Sep 21 19:38:59 1999
--- defaults/rc.conf    Tue Sep 21 19:41:05 1999
***************
*** 35,40 ****
--- 35,41 ----
  firewall_script="/etc/rc.firewall" # Which script to run to set up the firewall
  firewall_type="UNKNOWN"               # Firewall type (see /etc/rc.firewall)
  firewall_quiet="NO"           # Set to YES to suppress rule display
+ firewall_one_pass="YES"               # Set to NO to continue testing packets after matching a pipe (see dummynet(4))
  natd_program="/sbin/natd"     # path to natd, if you want a different one.
  natd_enable="NO"                # Enable natd (if firewall_enable == YES).
  natd_interface="fxp0"           # Public interface or IPaddress to use.

*** rc.firewall.orig    Tue Sep 21 19:44:21 1999
--- rc.firewall Tue Sep 21 19:50:26 1999
***************
*** 49,54 ****
--- 49,60 ----
  fi
  
  ############
+ # Unset one_pass if requested
+ if [ "x$firewall_one_pass" = "xNO" ]; then
+       /sbin/sysctl -w net.inet.ip.fw.one_pass=0
+ fi
+ 
+ ############
  # Set quiet mode if requested
  if [ "x$firewall_quiet" = "xYES" ]; then
        fwcmd="/sbin/ipfw -q"



>Release-Note:
>Audit-Trail:

From: Sheldon Hearn <sheldonh@uunet.co.za>
To: emoc the phearless <emoc@scr3am.com>
Cc: FreeBSD-gnats-submit@FreeBSD.ORG
Subject: Re: conf/13907: rc, dummynet.4 changes 
Date: Wed, 22 Sep 1999 22:46:50 +0200

 On Wed, 22 Sep 1999 16:53:02 -0400, emoc the phearless wrote:
 
 > + # Unset one_pass if requested
 > + if [ "x$firewall_one_pass" = "xNO" ]; then
 > +       /sbin/sysctl -w net.inet.ip.fw.one_pass=0
 > + fi
 > + 
 > + ############
 
 Note to anyone committing this to CURRENT:
 
 	Make sure you stick to the new style, using ``case'' instead of
 	``if''.
 
 Thanks,
 Sheldon.
 
State-Changed-From-To: open->closed 
State-Changed-By: nbm 
State-Changed-When: Fri Jul 14 05:44:21 PDT 2000 
State-Changed-Why:  
Fixed in revision 1.5 and 1.4.2.1 of dummynet.4.  Submitter (were his 
mail address not bouncing) could use /etc/sysctl.conf for sysctl 
manipulation. 

http://www.freebsd.org/cgi/query-pr.cgi?pr=13907 
>Unformatted:
 net.inet.ip.fw.one_pass
