From eugen@eg.svzserv.kuzbass.ru  Fri Nov 21 05:06:30 2008
Return-Path: <eugen@eg.svzserv.kuzbass.ru>
Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34])
	by hub.freebsd.org (Postfix) with ESMTP id 3C5981065672
	for <FreeBSD-gnats-submit@freebsd.org>; Fri, 21 Nov 2008 05:06:30 +0000 (UTC)
	(envelope-from eugen@eg.svzserv.kuzbass.ru)
Received: from eg.svzserv.kuzbass.ru (eg.svzserv.kuzbass.ru [213.184.65.84])
	by mx1.freebsd.org (Postfix) with ESMTP id 99F908FC0C
	for <FreeBSD-gnats-submit@freebsd.org>; Fri, 21 Nov 2008 05:06:29 +0000 (UTC)
	(envelope-from eugen@eg.svzserv.kuzbass.ru)
Received: from eg.svzserv.kuzbass.ru (localhost [127.0.0.1])
	by eg.svzserv.kuzbass.ru (8.14.2/8.14.2) with ESMTP id mAL4smVj016737
	for <FreeBSD-gnats-submit@freebsd.org>; Fri, 21 Nov 2008 11:54:48 +0700 (KRAT)
	(envelope-from eugen@eg.svzserv.kuzbass.ru)
Received: (from root@localhost)
	by eg.svzserv.kuzbass.ru (8.14.2/8.14.2/Submit) id mAL4smoO016736;
	Fri, 21 Nov 2008 11:54:48 +0700 (KRAT)
	(envelope-from eugen)
Message-Id: <200811210454.mAL4smoO016736@eg.svzserv.kuzbass.ru>
Date: Fri, 21 Nov 2008 11:54:48 +0700 (KRAT)
From: Eugene Grosbein <egrosbein@rdtc.ru>
Reply-To: Eugene Grosbein <egrosbein@rdtc.ru>
To: FreeBSD-gnats-submit@freebsd.org
Cc:
Subject: [ipfw] 'ipfw fwd' does not change outgoing interface name
X-Send-Pr-Version: 3.113
X-GNATS-Notify:

>Number:         129036
>Category:       kern
>Synopsis:       [ipfw] 'ipfw fwd' does not change outgoing interface name
>Confidential:   no
>Severity:       serious
>Priority:       low
>Responsible:    freebsd-net
>State:          open
>Quarter:        
>Keywords:       
>Date-Required:  
>Class:          sw-bug
>Submitter-Id:   current-users
>Arrival-Date:   Fri Nov 21 05:10:01 UTC 2008
>Closed-Date:    
>Last-Modified:  Thu Jan 16 11:37:43 UTC 2014
>Originator:     Eugene Grosbein
>Release:        FreeBSD 6.3-STABLE i386
>Organization:
Svyaz Service JSC
>Environment:
System: FreeBSD eg.svzserv.kuzbass.ru 6.3-STABLE FreeBSD 6.3-STABLE #4: Fri Aug 15 14:42:33 KRAST 2008 eugen@eg.svzserv.kuzbass.ru:/usr/local/obj/usr/local/src/sys/EG i386

>Description:
	
	"ipfw fwd" rules commonly used to implement policy-based routing.
	Very often they are used to change outgoing interface for packet.
	For incoming packet, "ipfw fwd" changes next-hop but fails
	to change outgoing interface name if it changes with new next-hop
	assignment.

>How-To-Repeat:

	Assume a packet from 10.0.0.1 comes in via em0 and according to
	routing table should be forwarded via em1.
	When another router 192.168.0.1 is directly connected through em2:

	ipfw add 1000 fwd 192.168.0.1 ip from 10.0.0.0/8 to any in recv em0
	ipfw add 2000 divert 5000 ip from any to any out xmit em1

	Our packet is matched by rules 1000, so it's next-hop is changed
	to 192.168.0.1 and it will really go out em2. But at second
	ipwf rulest pass it is matched with rules 2000 to.
	That's really bad - packet is passed to userland application
	or netgraph mode listening on divert port 5000 but it must not.

>Fix:

	Unknown.
	With some care, ipfw ruleset may be changed to workaroung
	the problem but real fix is needed - kernel should correct
	name of ougoing interface for such cases so ipfw won't make mistakes.
>Release-Note:
>Audit-Trail:
Responsible-Changed-From-To: freebsd-bugs->freebsd-ipfw 
Responsible-Changed-By: linimon 
Responsible-Changed-When: Fri Nov 21 07:41:39 UTC 2008 
Responsible-Changed-Why:  
Over to maintainer(s). 

http://www.freebsd.org/cgi/query-pr.cgi?pr=129036 
State-Changed-From-To: open->feedback 
State-Changed-By: ae 
State-Changed-When: Thu Jun 16 18:38:43 UTC 2011 
State-Changed-Why:  
Can you still reproduce this on a supported release?  

http://www.freebsd.org/cgi/query-pr.cgi?pr=129036 

From: Eugene Grosbein <egrosbein@rdtc.ru>
To: bug-followup@FreeBSD.ORG
Cc: ae@FreeBSD.ORG
Subject: Re: kern/129036: [ipfw] 'ipfw fwd' does not change outgoing interface
 name
Date: Fri, 17 Jun 2011 03:54:30 +0700

 > Can you still reproduce this on a supported release? 
 
 Yes, the same problem can be reproduced with 8.2-STABLE.
 
 Eugene Grosbein.
 

From: Sergey Matveychuk <sem@FreeBSD.org>
To: bug-followup@FreeBSD.org, egrosbein@rdtc.ru
Cc:  
Subject: Re: kern/129036: [ipfw] &#39;ipfw fwd&#39; does not change outgoing
 interface name
Date: Mon, 27 Feb 2012 17:11:07 +0400

 Can't reproduce on both 9.0 and 8.3. Could you test on them please?

From: Eugene Grosbein <egrosbein@rdtc.ru>
To: Sergey Matveychuk <sem@freebsd.org>
Cc: bug-followup@freebsd.org
Subject: Re: kern/129036: [ipfw] 'ipfw fwd' does not change outgoing interface
 name
Date: Wed, 29 Feb 2012 00:38:10 +0700

 27.02.2012 20:11, Sergey Matveychuk :
 > Can't reproduce on both 9.0 and 8.3. Could you test on them please?
 
 I've just testet 8.3-PRERELEASE and problem is still here.
 In my current setup, the router based on 8.3-PRE has 3 interfaces:
 
 - vr0 is LAN
 - ng0 is primary uplink (default route points to ng0)
 - vr1 is secondary uplink.
 
 The very first lines of ipfw ruleset are:
 
 ipfw add 10 fwd G.G.G.G ip from any to 1.1.1.1 in recv vr0
 ipfw add 15 allow ip from any to 1.1.1.1 in
 ipfw add 20 count ip from any to 1.1.1.1 out xmit ng0
 
 Here G.G.G.G is gateway address of secondary uplink,
 so route to G.G.G.G points to vr1. And I run "ping -c1 1.1.1.1"
 from LAN while running "tcpdump -np vr1 host 1.1.1.1".
 
 tcpdump shows me that rule 10 works and ICMP packet goes out via vr1.
 But the packes still matchs rule 20 - that's the problem.
 
 Eugene Grosbein
State-Changed-From-To: feedback->open 
State-Changed-By: sem 
State-Changed-When: Thu Mar 1 17:16:45 UTC 2012 
State-Changed-Why:  
got feedback. back to open 

http://www.freebsd.org/cgi/query-pr.cgi?pr=129036 
Responsible-Changed-From-To: freebsd-ipfw->freebsd-net 
Responsible-Changed-By: melifaro 
Responsible-Changed-When: Thu Jan 16 11:31:08 UTC 2014 
Responsible-Changed-Why:  
Reclassify. 

This problem is not related to ipfw: 

ipfw(4) sets M_IP_NEXTHOP & adds PACKET_TAG_IPFORWARD on ingress and returns. 
ip_input() sees M_IP_NEXTHOP and passes packet to ip_forward() which performs 
routing decision and calls ip_output(). Finally, ip_ouput() calls PFIL hook 
with ifp determined by ip_forward() and checks M_IP_NEXTHOP _after_ that. 

http://www.freebsd.org/cgi/query-pr.cgi?pr=129036 
>Unformatted:
