From pepper@reppep.com  Sun Oct 20 13:35:12 2002
Return-Path: <pepper@reppep.com>
Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125])
	by hub.freebsd.org (Postfix) with ESMTP
	id 924F837B401; Sun, 20 Oct 2002 13:35:12 -0700 (PDT)
Received: from www.reppep.com (www.reppep.com [66.92.104.200])
	by mx1.FreeBSD.org (Postfix) with ESMTP
	id 06F7D43E6E; Sun, 20 Oct 2002 13:35:12 -0700 (PDT)
	(envelope-from pepper@reppep.com)
Received: from [66.92.104.201] (g4.reppep.com [66.92.104.201])
	by www.reppep.com (Postfix) with ESMTP
	id A18B5AC4F; Sun, 20 Oct 2002 16:36:58 -0400 (EDT)
Message-Id: <p05300537b9d8c333d008@[66.92.104.201]>
Date: Sun, 20 Oct 2002 16:34:02 -0400
From: Chris Pepper <pepper@reppep.com>
To: Luigi Rizzo <luigi@freebsd.org>
Cc: FreeBSD-gnats-submit@freebsd.org
In-Reply-To: <20021020122600.A7500@carp.icir.org>
Subject: Re: IPFW2 broken in recent 4.7-STABLE??
References: <20021020191841.4DF27AA8B@www.reppep.com>
 <20021020122600.A7500@carp.icir.org>

>Number:         44315
>Category:       kern
>Synopsis:       Re: IPFW2 broken in recent 4.7-STABLE??
>Confidential:   no
>Severity:       serious
>Priority:       medium
>Responsible:    gnats-admin
>State:          closed
>Quarter:        
>Keywords:       
>Date-Required:  
>Class:          sw-bug
>Submitter-Id:   current-users
>Arrival-Date:   Sun Oct 20 13:40:01 PDT 2002
>Closed-Date:    Sun Oct 20 13:47:07 PDT 2002
>Last-Modified:  Thu Oct 07 18:11:33 GMT 2004
>Originator:     
>Release:        
>Organization:
>Environment:
>Description:
 At 12:26 PM -0700 2002/10/20, Luigi Rizzo wrote:
 >you have a mismatch between kernel and userland. Probably an
 >ipfw2 in userland and still ipfw1 in the kernel.
 
 	Strange. I just rebuild kernel & world and get the same 
 problem. Is there anything more than "IPFW2=TRUE" in /etc/make.conf 
 that controls 1 vs. 2? How can I check the installed versions of both 
 parts? I don't see anything useful with "strings /modules/ipfw.ko".
 
 
 						Thanks,
 
 
 						Chris Pepper
 
 >	cheers
 >	luigi
 >
 >On Sun, Oct 20, 2002 at 03:18:41PM -0400, Chris Pepper wrote:
 >>
 >>  >Submitter-Id:	current-users
 >>  >Originator:	Chris Pepper
 >>  >Organization:
 >>  >Confidential:	no
 >>  >Synopsis:	IPFW2 broken in recent 4.7-STABLE??
 >>  >Severity:	serious
 >>  >Priority:	medium
 >>  >Category:	kern
 >>  >Class:		sw-bug
 >>  >Release:	FreeBSD 4.7-STABLE i386
 >>  >Environment:
 >>  System: FreeBSD www.reppep.com 4.7-STABLE FreeBSD 4.7-STABLE #4: 
 >>Sun Oct 20 01:54:39 EDT 2002 
 >>root@www.reppep.com:/usr/obj/usr/src/sys/GENERIC i386
 >>
 >>
 >>
 >>  >Description:
 >>	Last night I enabled IPFW in /etc/rc.conf with the "open" 
 >>ruleset. Traffic was flowing, and "ipfw -atNde l" showed the 
 >>expected 5 rules. Here are my entries from rc.conf:
 >>
 >>  firewall_enable="YES"		# Set to YES to enable 
 >>firewall functionality
 >>  firewall_script="/etc/rc.firewall" # Which script to run to set up 
 >>the firewall
 >>  firewall_type="open"		# Firewall type (see /etc/rc.firewall)
 >>  firewall_quiet="NO"		# Set to YES to suppress rule display
 >>  firewall_logging="YES"		# Set to YES to enable events logging
 >>  firewall_flags=""		# Flags passed to ipfw when type is a file
 >>
 >>	Half an hour ago, I added IPFW2=TRUE to /etc/make.conf and 
 >>rebuild my kernel from a cvsup this morning, and IPFW stopped 
 >>passing traffic (no access in or out of the box, Samba and other 
 >>daemons started reporting permission denied errors). "ipfw -atNde 
 >>l" returned the following (repeating over 100mb without line 
 >>breaks, before I gave up and stopped it):
 >>
 >>  [www:~] root# more ipfw-atNde-l.txt
 >>  00141 38749194944512          0                           ip from 
 >>any to any [op
 >>  code 0 len 0] [opcode 0 len 0] [opcode 0 len 0] [opcode 0 len 0] 
 >>[opcode 0 len 0
 >>  ] [opcode 0 len 0] [opcode 0 len 0] [opcode 0 len 0] [opcode 0 len 
 >>0] [opcode 0
 >>  len 0] [opcode 0 len 0] [opcode 0 len 0] [opcode 0 len 0] [opcode 
 >>0 len 0] [opco
 >>  de 0 len 0] [opcode 0 len 0] [opcode 0 len 0] [opcode 0 len 0] 
 >>[opcode 0 len 0]
 >>  [opcode 0 len 0] [opcode 0 len 0] [opcode 0 len 0] [opcode 0 len 
 >>0] [opcode 0 le
 >>  n 0] [opcode 0 len 0] [opcode 0 len 0] [opcode 0 len 0] [opcode 0 
 >>len 0] [opcode
 >>
 >>	firewall_enable="NO" in /etc/rc.conf restored connectivity, 
 >>but I would like to get IPFW2 working so I can use OR rules.
 >>
 >>  >How-To-Repeat:
 >>	Rebuild current 4.7-STABLE with IPFW2=TRUE in /etc/make.conf; 
 >>enable IPFW with "open" type firewall in /etc/rc.conf. Attempt to 
 >>pass traffic or open listeners.
 >>
 >>  >Fix:
 >>
 
 
 -- 
 Chris Pepper:               <http://www.reppep.com/~pepper/>
 Rockefeller University:     <http://www.rockefeller.edu/>
>How-To-Repeat:
>Fix:
>Release-Note:
>Audit-Trail:
State-Changed-From-To: open->closed 
State-Changed-By: tom 
State-Changed-When: Sun Oct 20 13:46:44 PDT 2002 
State-Changed-Why:  
Stray follow-up to kern/44311 

http://www.freebsd.org/cgi/query-pr.cgi?pr=44315 
>Unformatted:
