From nobody@FreeBSD.org  Wed Feb  1 09:50:29 2012
Return-Path: <nobody@FreeBSD.org>
Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34])
	by hub.freebsd.org (Postfix) with ESMTP id A55111065673
	for <freebsd-gnats-submit@FreeBSD.org>; Wed,  1 Feb 2012 09:50:29 +0000 (UTC)
	(envelope-from nobody@FreeBSD.org)
Received: from red.freebsd.org (red.freebsd.org [IPv6:2001:4f8:fff6::22])
	by mx1.freebsd.org (Postfix) with ESMTP id 912BD8FC0C
	for <freebsd-gnats-submit@FreeBSD.org>; Wed,  1 Feb 2012 09:50:29 +0000 (UTC)
Received: from red.freebsd.org (localhost [127.0.0.1])
	by red.freebsd.org (8.14.4/8.14.4) with ESMTP id q119oTnb055615
	for <freebsd-gnats-submit@FreeBSD.org>; Wed, 1 Feb 2012 09:50:29 GMT
	(envelope-from nobody@red.freebsd.org)
Received: (from nobody@localhost)
	by red.freebsd.org (8.14.4/8.14.4/Submit) id q119oSiG055614;
	Wed, 1 Feb 2012 09:50:28 GMT
	(envelope-from nobody)
Message-Id: <201202010950.q119oSiG055614@red.freebsd.org>
Date: Wed, 1 Feb 2012 09:50:28 GMT
From: Bjorn Danielsson <fbsd@50days.dax.nu>
To: freebsd-gnats-submit@FreeBSD.org
Subject: Request for ipv6 support in ipfw tables
X-Send-Pr-Version: www-3.1
X-GNATS-Notify:

>Number:         164690
>Category:       kern
>Synopsis:       [ipfw] Request for ipv6 support in ipfw tables
>Confidential:   no
>Severity:       serious
>Priority:       medium
>Responsible:    melifaro
>State:          closed
>Quarter:        
>Keywords:       
>Date-Required:  
>Class:          change-request
>Submitter-Id:   current-users
>Arrival-Date:   Wed Feb 01 10:00:23 UTC 2012
>Closed-Date:    Sun Jul 01 16:12:30 UTC 2012
>Last-Modified:  Mon Mar  4 18:00:00 UTC 2013
>Originator:     Bjorn Danielsson
>Release:        9.0
>Organization:
>Environment:
FreeBSD nine-pack 9.0-RELEASE FreeBSD 9.0-RELEASE #0: Tue Jan 31 09:49:15 CET 2012     root@nine-pack:/usr/src/sys/amd64/compile/CUSTOM  amd64
>Description:
The lookup tables for address prefixes in ipfw only understand v4 addresses.
This impacts the possibility to migrate systems that use this feature.

I know this has been discussed on the freebsd-ipfw list, but I think it
deserves its own PR also.

>How-To-Repeat:
ipfw table 0 add dead:beef::cafe/128

>Fix:


>Release-Note:
>Audit-Trail:
Responsible-Changed-From-To: freebsd-bugs->freebsd-ipfw 
Responsible-Changed-By: linimon 
Responsible-Changed-When: Wed Feb 1 23:40:49 UTC 2012 
Responsible-Changed-Why:  
Over to maintainer(s). 

http://www.freebsd.org/cgi/query-pr.cgi?pr=164690 
State-Changed-From-To: open->patched 
State-Changed-By: melifaro 
State-Changed-When: Tue Mar 13 09:51:13 UTC 2012 
State-Changed-Why:  
IPv6 support added to head in r232865 


Responsible-Changed-From-To: freebsd-ipfw->melifaro 
Responsible-Changed-By: melifaro 
Responsible-Changed-When: Tue Mar 13 09:51:13 UTC 2012 
Responsible-Changed-Why:  

http://www.freebsd.org/cgi/query-pr.cgi?pr=164690 
State-Changed-From-To: patched->closed 
State-Changed-By: melifaro 
State-Changed-When: Sun Jul 1 16:11:35 UTC 2012 
State-Changed-Why:  
IPv6 tables support is merged to stable/9 in r234597. 

http://www.freebsd.org/cgi/query-pr.cgi?pr=164690 

From: Andreas Nilsson <andrnils@gmail.com>
To: bug-followup@FreeBSD.org, fbsd@50days.dax.nu
Cc:  
Subject: Re: kern/164690: [ipfw] Request for ipv6 support in ipfw tables
Date: Mon, 4 Mar 2013 18:43:43 +0100

 --f46d0444ee1ff2880604d71ce583
 Content-Type: text/plain; charset=ISO-8859-1
 
 Lookup table support in ipfw is not working as of
 FreeBSD caolila 9.1-RELEASE FreeBSD 9.1-RELEASE #0 r243825: Tue Dec  4
 09:23:10 UTC 2012
 root@farrell.cse.buffalo.edu:/usr/obj/usr/src/sys/GENERIC
 amd64
 
 [root@caolila ~]# ipfw table 0 add ::1/128
 [root@caolila ~]# ipfw table 0 list
 ::1/128 0
 [root@caolila ~]# ipfw add 00010 deny ip from "table(0)" to any
 00010 deny ip from table(0) to any
 [root@caolila ~]# ping6 localhost
 PING6(56=40+8+8 bytes) ::1 --> ::1
 16 bytes from ::1, icmp_seq=0 hlim=64 time=0.159 ms
 16 bytes from ::1, icmp_seq=1 hlim=64 time=0.140 ms
 
 
 And the same on
 FreeBSD charlotte.resilans.se 9.1-STABLE FreeBSD 9.1-STABLE #0 r244955: Wed
 Jan  2 08:59:49 CET 2013
 root@charlotte.resilans.se:/usr/obj/usr/src/sys/GENERIC
 amd64
 
 
 # ipfw table 0 add ::1/128
 root@charlotte:~  18:31:48 127
 ::1/128 0
 root@charlotte:~  18:31:54 127
 00010 deny ip from table(0) to any
 root@charlotte:~  18:32:01 127
 PING6(56=40+8+8 bytes) ::1 --> ::1
 16 bytes from ::1, icmp_seq=0 hlim=64 time=0.111 ms
 16 bytes from ::1, icmp_seq=1 hlim=64 time=0.066 ms
 
 So it is added to the lookup table, but not used.
 
 Furthermore, trying to be more specific when telling ipfw what to do gives:
 [root@caolila ~]# ipfw add deny ip6 from "table(0)" to any
 ipfw: bad address "table(0)"
 
 
 Regards
 Andreas
 
 --f46d0444ee1ff2880604d71ce583
 Content-Type: text/html; charset=ISO-8859-1
 Content-Transfer-Encoding: quoted-printable
 
 <div dir=3D"ltr"><div><div><div><div><div>Lookup table support in ipfw is n=
 ot working as of <br>FreeBSD caolila 9.1-RELEASE FreeBSD 9.1-RELEASE #0 r24=
 3825: Tue Dec=A0 4=20
 09:23:10 UTC 2012=A0=A0=A0=A0=20
 root@farrell.cse.buffalo.edu:/usr/obj/usr/src/sys/GENERIC=A0 amd64<br><br>[=
 root@caolila ~]# ipfw table 0 add ::1/128<br>[root@caolila ~]# ipfw table 0=
  list<br>::1/128 0<br>[root@caolila ~]# ipfw add 00010 deny ip from &quot;t=
 able(0)&quot; to any<br>
 00010 deny ip from table(0) to any<br>[root@caolila ~]# ping6 localhost<br>=
 PING6(56=3D40+8+8 bytes) ::1 --&gt; ::1<br>16 bytes from ::1, icmp_seq=3D0 =
 hlim=3D64 time=3D0.159 ms<br>16 bytes from ::1, icmp_seq=3D1 hlim=3D64 time=
 =3D0.140 ms<br>
 <br><br></div></div>And the same on <br>FreeBSD <a href=3D"http://charlotte=
 .resilans.se">charlotte.resilans.se</a> 9.1-STABLE FreeBSD 9.1-STABLE #0 r2=
 44955: Wed Jan=A0 2 08:59:49 CET 2013=A0=A0=A0=A0 root@charlotte.resilans.s=
 e:/usr/obj/usr/src/sys/GENERIC=A0 amd64<br>
 <br><br># ipfw table 0 add ::1/128<br>root@charlotte:~=A0 18:31:48 127<br>:=
 :1/128 0<br>root@charlotte:~=A0 18:31:54 127<br>00010 deny ip from table(0)=
  to any<br>root@charlotte:~=A0 18:32:01 127<br>PING6(56=3D40+8+8 bytes) ::1=
  --&gt; ::1<br>
 16 bytes from ::1, icmp_seq=3D0 hlim=3D64 time=3D0.111 ms<br>16 bytes from =
 ::1, icmp_seq=3D1 hlim=3D64 time=3D0.066 ms<br><br></div>So it is added to =
 the lookup table, but not used.<br><br></div>Furthermore, trying to be more=
  specific when telling ipfw what to do gives:<br>
 [root@caolila ~]# ipfw add deny ip6 from &quot;table(0)&quot; to any<br>ipf=
 w: bad address &quot;table(0)&quot;<br><br><br></div>Regards<br>Andreas<br>=
 </div>
 
 --f46d0444ee1ff2880604d71ce583--

From: "Alexander V. Chernikov" <melifaro@FreeBSD.org>
To: Andreas Nilsson <andrnils@gmail.com>, bug-followup@FreeBSD.org
Cc:  
Subject: Re: kern/164690: [ipfw] Request for ipv6 support in ipfw tables
Date: Mon, 04 Mar 2013 21:56:17 +0400

 On 04.03.2013 21:50, Andreas Nilsson wrote:
 > Lookup table support in ipfw is not working as of FreeBSD caolila
 > 9.1-RELEASE FreeBSD 9.1-RELEASE #0 r243825: Tue Dec  4 09:23:10 UTC
 > 2012 root@farrell.cse.buffalo.edu:/usr/obj/usr/src/sys/GENERIC 
 > amd64
 > 
 > [root@caolila ~]# ipfw table 0 add ::1/128 [root@caolila ~]# ipfw
 > table 0 list ::1/128 0
 
 Fixed in r247666 (kern/175909). ::1 was mistakenly classified as
 interface name.
 
 > Furthermore, trying to be more specific when telling ipfw what to
 > do gives: [root@caolila ~]# ipfw add deny ip6 from "table(0)" to
 > any ipfw: bad address "table(0)"
 Fixed in r240892. Merged to 9-S in r241883.
 
 Both changes affects userland only.
>Unformatted:
