From nobody@FreeBSD.org  Mon Nov 21 22:19:29 2011
Return-Path: <nobody@FreeBSD.org>
Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34])
	by hub.freebsd.org (Postfix) with ESMTP id 4B426106564A
	for <freebsd-gnats-submit@FreeBSD.org>; Mon, 21 Nov 2011 22:19:29 +0000 (UTC)
	(envelope-from nobody@FreeBSD.org)
Received: from red.freebsd.org (red.freebsd.org [IPv6:2001:4f8:fff6::22])
	by mx1.freebsd.org (Postfix) with ESMTP id 21B3F8FC13
	for <freebsd-gnats-submit@FreeBSD.org>; Mon, 21 Nov 2011 22:19:29 +0000 (UTC)
Received: from red.freebsd.org (localhost [127.0.0.1])
	by red.freebsd.org (8.14.4/8.14.4) with ESMTP id pALMJStr032564
	for <freebsd-gnats-submit@FreeBSD.org>; Mon, 21 Nov 2011 22:19:28 GMT
	(envelope-from nobody@red.freebsd.org)
Received: (from nobody@localhost)
	by red.freebsd.org (8.14.4/8.14.4/Submit) id pALMJSBb032563;
	Mon, 21 Nov 2011 22:19:28 GMT
	(envelope-from nobody)
Message-Id: <201111212219.pALMJSBb032563@red.freebsd.org>
Date: Mon, 21 Nov 2011 22:19:28 GMT
From: Terrence Koeman <terrence@mediamonks.net>
To: freebsd-gnats-submit@FreeBSD.org
Subject: ipfw+nat redirect_addr option no longer works (as expected?)
X-Send-Pr-Version: www-3.1
X-GNATS-Notify:

>Number:         162739
>Category:       kern
>Synopsis:       [ipfw] ipfw_nat redirect_addr option no longer works (as expected?)
>Confidential:   no
>Severity:       serious
>Priority:       high
>Responsible:    glebius
>State:          closed
>Quarter:        
>Keywords:       
>Date-Required:  
>Class:          sw-bug
>Submitter-Id:   current-users
>Arrival-Date:   Mon Nov 21 22:20:05 UTC 2011
>Closed-Date:    Mon Nov 28 08:16:56 UTC 2011
>Last-Modified:  Mon Nov 28 08:20:32 UTC 2011
>Originator:     Terrence Koeman
>Release:        8.2-STABLE on 2011.07.10.03.00.00
>Organization:
>Environment:
FreeBSD satanael 8.2-STABLE FreeBSD 8.2-STABLE #30: Mon Nov 21 17:18:52 CET 2011     terrence@satanael:/usr/obj/usr/src/sys/SATANAEL-SMP  amd64

compiled from cvs 2011.07.10.03.00.00
>Description:
I updated a 8-STABLE machine recently (last update february 2011) and noticed that the static NAT translations stopped working.

Relevant ipfw rules:

----
$cmd nat   20 config  ip $outsidenat \
    redirect_addr 172.16.0.70 ext.ext.ext.70 \
    redirect_addr 172.16.0.68 ext.ext.ext.68 \
    redirect_addr 172.16.0.69 ext.ext.ext.69 \
    redirect_addr 172.16.0.71 ext.ext.ext.71 \
    redirect_addr 172.16.0.72 ext.ext.ext.72 \
    redirect_addr 172.16.0.73 ext.ext.ext.73 \
    redirect_addr 172.16.0.74 ext.ext.ext.74 \
    redirect_addr 172.16.0.75 ext.ext.ext.75 \
    redirect_addr 172.16.0.76 ext.ext.ext.76 \
    redirect_addr 172.16.0.77 ext.ext.ext.77 

  $cmd add 00450 nat   20       all  from $insidenet        to not $insidenet       out via $outside

  $cmd add 00500 nat   20       all  from any               to $outsidenet          in  via $outside
----

This makes 172.16.0.70-77 get static nat-ed to ext.ext.ext.70-77 and any other 172.16.0.0/12 to $outsidenat.

This works when I use cvs 2011.07.01.03.00.00, and this stops working when I use 2011.07.10.03.00.00. 

With 'stops working' I mean that clients 172.16.0.70-77 are translated to $outsidenat instead of ext.ext.ext.70-77 as expected. When I remove the general nat IP (ip $outsidenat), translation ceases entirely.

I suspected that svn commit r223872 (http://lists.freebsd.org/pipermail/svn-src-stable-8/2011-July/005776.html) might be the cause and chose the dates accordingly. The problem seems to be caused by this change.
>How-To-Repeat:
Use cvs 2011.07.10.03.00.00, compile,install kernel & world. redirect_addr stops working.
>Fix:


>Release-Note:
>Audit-Trail:
Responsible-Changed-From-To: freebsd-bugs->freebsd-ipfw 
Responsible-Changed-By: ae 
Responsible-Changed-When: Tue Nov 22 05:10:40 UTC 2011 
Responsible-Changed-Why:  
Over to maintainer(s). 

http://www.freebsd.org/cgi/query-pr.cgi?pr=162739 

From: "Terrence Koeman" <terrence@mediamonks.net>
To: "bug-followup@FreeBSD.org" <bug-followup@FreeBSD.org>
Cc:  
Subject: Re: kern/162739: [ipfw] ipfw_nat redirect_addr option no longer works (as expected?)
Date: Tue, 22 Nov 2011 15:14:52 +0100

 I actually ment svn commit: r223871 (http://lists.freebsd.org/pipermail/svn=
 -src-stable-8/2011-July/005775.html)
 
 -- 
 Regards,
 T. Koeman, MTh/BSc/BPsy; Technical Monk
 
 
 
 
Responsible-Changed-From-To: freebsd-ipfw->glebius 
Responsible-Changed-By: glebius 
Responsible-Changed-When: Tue Nov 22 22:50:36 UTC 2011 
Responsible-Changed-Why:  
Looks like my fault. 

http://www.freebsd.org/cgi/query-pr.cgi?pr=162739 

From: Gleb Smirnoff <glebius@FreeBSD.org>
To: Terrence Koeman <terrence@mediamonks.net>
Cc: freebsd-gnats-submit@FreeBSD.org
Subject: Re: misc/162739: ipfw+nat redirect_addr option no longer works (as
 expected?)
Date: Wed, 23 Nov 2011 02:50:13 +0400

 --5mCyUwZo2JvN/JJP
 Content-Type: text/plain; charset=koi8-r
 Content-Disposition: inline
 
   Terrence,
 
   can you please try the attached patch to src/sbin/ipfw?
 
 -- 
 Totus tuus, Glebius.
 
 --5mCyUwZo2JvN/JJP
 Content-Type: text/x-diff; charset=koi8-r
 Content-Disposition: attachment; filename="nat.c.diff"
 
 Index: nat.c
 ===================================================================
 --- nat.c	(revision 227832)
 +++ nat.c	(working copy)
 @@ -345,11 +345,12 @@
  	space = sizeof(struct cfg_redir);
  
  	/* Extract local address. */
 -	if ((sep = strtok(**av, ",")) != NULL) {
 +	if (strchr(**av, ',') != NULL) {
  		struct cfg_spool *spool;
  
  		/* Setup LSNAT server pool. */
  		r->laddr.s_addr = INADDR_NONE;
 +		sep = strtok(**av, ",");
  		while (sep != NULL) {
  			spool = (struct cfg_spool *)buf;
  			space += sizeof(struct cfg_spool);
 
 --5mCyUwZo2JvN/JJP--

From: "Terrence Koeman" <terrence@mediamonks.net>
To: "bug-followup@FreeBSD.org" <bug-followup@FreeBSD.org>
Cc:  
Subject: Re: kern/162739: [ipfw] ipfw_nat redirect_addr option no longer works (as expected?)
Date: Wed, 23 Nov 2011 17:48:54 +0100

 This patch solves the problem for me, thanks.
 
 -- 
 Regards,
 T. Koeman, MTh/BSc/BPsy; Technical Monk
 
 
 
 

From: dfilter@FreeBSD.ORG (dfilter service)
To: bug-followup@FreeBSD.org
Cc:  
Subject: Re: kern/162739: commit references a PR
Date: Wed, 23 Nov 2011 18:38:18 +0000 (UTC)

 Author: glebius
 Date: Wed Nov 23 18:38:08 2011
 New Revision: 227901
 URL: http://svn.freebsd.org/changeset/base/227901
 
 Log:
   Fix parsing of redirect_addr argument.
   
   PR:		kern/162739
   MFC after:	3 days
 
 Modified:
   head/sbin/ipfw/nat.c
 
 Modified: head/sbin/ipfw/nat.c
 ==============================================================================
 --- head/sbin/ipfw/nat.c	Wed Nov 23 18:15:49 2011	(r227900)
 +++ head/sbin/ipfw/nat.c	Wed Nov 23 18:38:08 2011	(r227901)
 @@ -345,11 +345,12 @@ setup_redir_addr(char *buf, int *ac, cha
  	space = sizeof(struct cfg_redir);
  
  	/* Extract local address. */
 -	if ((sep = strtok(**av, ",")) != NULL) {
 +	if (strchr(**av, ',') != NULL) {
  		struct cfg_spool *spool;
  
  		/* Setup LSNAT server pool. */
  		r->laddr.s_addr = INADDR_NONE;
 +		sep = strtok(**av, ",");
  		while (sep != NULL) {
  			spool = (struct cfg_spool *)buf;
  			space += sizeof(struct cfg_spool);
 _______________________________________________
 svn-src-all@freebsd.org mailing list
 http://lists.freebsd.org/mailman/listinfo/svn-src-all
 To unsubscribe, send any mail to "svn-src-all-unsubscribe@freebsd.org"
 
State-Changed-From-To: open->closed 
State-Changed-By: glebius 
State-Changed-When: Mon Nov 28 08:16:29 UTC 2011 
State-Changed-Why:  
Fixed in head, stable/8, stable/9 and releng/9.0. 

http://www.freebsd.org/cgi/query-pr.cgi?pr=162739 

From: dfilter@FreeBSD.ORG (dfilter service)
To: bug-followup@FreeBSD.org
Cc:  
Subject: Re: kern/162739: commit references a PR
Date: Mon, 28 Nov 2011 08:12:52 +0000 (UTC)

 Author: glebius
 Date: Mon Nov 28 08:12:37 2011
 New Revision: 228051
 URL: http://svn.freebsd.org/changeset/base/228051
 
 Log:
   MFhead r227901:
   
     Fix parsing of redirect_addr argument.
   
     PR:	kern/162739
   
   Approved by:	re (kib)
 
 Modified:
   stable/9/sbin/ipfw/nat.c
 Directory Properties:
   stable/9/sbin/ipfw/   (props changed)
 
 Modified: stable/9/sbin/ipfw/nat.c
 ==============================================================================
 --- stable/9/sbin/ipfw/nat.c	Mon Nov 28 08:10:12 2011	(r228050)
 +++ stable/9/sbin/ipfw/nat.c	Mon Nov 28 08:12:37 2011	(r228051)
 @@ -345,11 +345,12 @@ setup_redir_addr(char *buf, int *ac, cha
  	space = sizeof(struct cfg_redir);
  
  	/* Extract local address. */
 -	if ((sep = strtok(**av, ",")) != NULL) {
 +	if (strchr(**av, ',') != NULL) {
  		struct cfg_spool *spool;
  
  		/* Setup LSNAT server pool. */
  		r->laddr.s_addr = INADDR_NONE;
 +		sep = strtok(**av, ",");
  		while (sep != NULL) {
  			spool = (struct cfg_spool *)buf;
  			space += sizeof(struct cfg_spool);
 _______________________________________________
 svn-src-all@freebsd.org mailing list
 http://lists.freebsd.org/mailman/listinfo/svn-src-all
 To unsubscribe, send any mail to "svn-src-all-unsubscribe@freebsd.org"
 

From: dfilter@FreeBSD.ORG (dfilter service)
To: bug-followup@FreeBSD.org
Cc:  
Subject: Re: kern/162739: commit references a PR
Date: Mon, 28 Nov 2011 08:15:16 +0000 (UTC)

 Author: glebius
 Date: Mon Nov 28 08:14:59 2011
 New Revision: 228052
 URL: http://svn.freebsd.org/changeset/base/228052
 
 Log:
   MFhead r227901:
   
     Fix parsing of redirect_addr argument.
   
     PR:	kern/162739
   
   Approved by:	re (kib)
 
 Modified:
   releng/9.0/sbin/ipfw/nat.c
 Directory Properties:
   releng/9.0/sbin/ipfw/   (props changed)
 
 Modified: releng/9.0/sbin/ipfw/nat.c
 ==============================================================================
 --- releng/9.0/sbin/ipfw/nat.c	Mon Nov 28 08:12:37 2011	(r228051)
 +++ releng/9.0/sbin/ipfw/nat.c	Mon Nov 28 08:14:59 2011	(r228052)
 @@ -345,11 +345,12 @@ setup_redir_addr(char *buf, int *ac, cha
  	space = sizeof(struct cfg_redir);
  
  	/* Extract local address. */
 -	if ((sep = strtok(**av, ",")) != NULL) {
 +	if (strchr(**av, ',') != NULL) {
  		struct cfg_spool *spool;
  
  		/* Setup LSNAT server pool. */
  		r->laddr.s_addr = INADDR_NONE;
 +		sep = strtok(**av, ",");
  		while (sep != NULL) {
  			spool = (struct cfg_spool *)buf;
  			space += sizeof(struct cfg_spool);
 _______________________________________________
 svn-src-all@freebsd.org mailing list
 http://lists.freebsd.org/mailman/listinfo/svn-src-all
 To unsubscribe, send any mail to "svn-src-all-unsubscribe@freebsd.org"
 

From: dfilter@FreeBSD.ORG (dfilter service)
To: bug-followup@FreeBSD.org
Cc:  
Subject: Re: kern/162739: commit references a PR
Date: Mon, 28 Nov 2011 08:16:08 +0000 (UTC)

 Author: glebius
 Date: Mon Nov 28 08:16:00 2011
 New Revision: 228053
 URL: http://svn.freebsd.org/changeset/base/228053
 
 Log:
   MFhead r227901:
   
     Fix parsing of redirect_addr argument.
     PR:	kern/162739
 
 Modified:
   stable/8/sbin/ipfw/nat.c
 Directory Properties:
   stable/8/sbin/ipfw/   (props changed)
 
 Modified: stable/8/sbin/ipfw/nat.c
 ==============================================================================
 --- stable/8/sbin/ipfw/nat.c	Mon Nov 28 08:14:59 2011	(r228052)
 +++ stable/8/sbin/ipfw/nat.c	Mon Nov 28 08:16:00 2011	(r228053)
 @@ -345,11 +345,12 @@ setup_redir_addr(char *buf, int *ac, cha
  	space = sizeof(struct cfg_redir);
  
  	/* Extract local address. */
 -	if ((sep = strtok(**av, ",")) != NULL) {
 +	if (strchr(**av, ',') != NULL) {
  		struct cfg_spool *spool;
  
  		/* Setup LSNAT server pool. */
  		r->laddr.s_addr = INADDR_NONE;
 +		sep = strtok(**av, ",");
  		while (sep != NULL) {
  			spool = (struct cfg_spool *)buf;
  			space += sizeof(struct cfg_spool);
 _______________________________________________
 svn-src-all@freebsd.org mailing list
 http://lists.freebsd.org/mailman/listinfo/svn-src-all
 To unsubscribe, send any mail to "svn-src-all-unsubscribe@freebsd.org"
 
>Unformatted:
