From nobody@FreeBSD.org  Wed Mar  3 15:41:09 2004
Return-Path: <nobody@FreeBSD.org>
Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125])
	by hub.freebsd.org (Postfix) with ESMTP id 7101616A4CF
	for <freebsd-gnats-submit@FreeBSD.org>; Wed,  3 Mar 2004 15:41:09 -0800 (PST)
Received: from www.freebsd.org (www.freebsd.org [216.136.204.117])
	by mx1.FreeBSD.org (Postfix) with ESMTP id 6B16443D3F
	for <freebsd-gnats-submit@FreeBSD.org>; Wed,  3 Mar 2004 15:41:09 -0800 (PST)
	(envelope-from nobody@FreeBSD.org)
Received: from www.freebsd.org (localhost [127.0.0.1])
	by www.freebsd.org (8.12.10/8.12.10) with ESMTP id i23Nf972019633
	for <freebsd-gnats-submit@FreeBSD.org>; Wed, 3 Mar 2004 15:41:09 -0800 (PST)
	(envelope-from nobody@www.freebsd.org)
Received: (from nobody@localhost)
	by www.freebsd.org (8.12.10/8.12.10/Submit) id i23Nf9qI019632;
	Wed, 3 Mar 2004 15:41:09 -0800 (PST)
	(envelope-from nobody)
Message-Id: <200403032341.i23Nf9qI019632@www.freebsd.org>
Date: Wed, 3 Mar 2004 15:41:09 -0800 (PST)
From: Alex de Kruijff <akruijff@dds.nl>
To: freebsd-gnats-submit@FreeBSD.org
Subject: IPFW2 Queues dont t work
X-Send-Pr-Version: www-2.3

>Number:         63724
>Category:       kern
>Synopsis:       [ipfw] IPFW2 Queues dont t work
>Confidential:   no
>Severity:       serious
>Priority:       medium
>Responsible:    freebsd-ipfw
>State:          closed
>Quarter:        
>Keywords:       
>Date-Required:  
>Class:          sw-bug
>Submitter-Id:   current-users
>Arrival-Date:   Wed Mar 03 15:50:00 PST 2004
>Closed-Date:    Fri Apr 21 09:15:24 GMT 2006
>Last-Modified:  Fri Apr 21 09:15:24 GMT 2006
>Originator:     Alex de Kruijff
>Release:        5.2.1
>Organization:
>Environment:
FreeBSD alex.lan 5.2.1-RELEASE FreeBSD 5.2.1-RELEASE #0: Thu Feb 26 12:33:02 CET 2004     akruijff@alex.lan:/temp/obj/usr/src/sys/I686  i386

>Description:
      IPFW isn't properly processen ip packekets when using queues. Using pipes does work. This results in los of the network.

31600    0      0 count ip from any to any
31610    0      0 queue 2 ip from 192.168.31.48/29 to any
31710    0      0 skipto 31999 ip from 192.168.31.48/29 to any
31720    0      0 skipto 31999 ip from me to any uid akruijff
31998    0      0 reject log ip from any to any
31999    0      0 allow ip from any to any

This setup does work on a recent 4.9 system

My kernel includes:
#options        QUOTA                   # enable disk quotas
options         IPFIREWALL              # firewall
options         IPFIREWALL_DEFAULT_TO_ACCEPT    # allow everything by default
#options        IPFIREWALL_FORWARD      # enable transparent proxy support
options         IPFIREWALL_VERBOSE      # enable logging to syslogd(8)  
options         IPFIREWALL_VERBOSE_LIMIT=100    # limit verbosity
options         DUMMYNET                # This needs IPFIREWALL

(FORWARD didtn' compile at one time, so i cut it out.)
>How-To-Repeat:
      Setup IPFW and use a queue then try it out.


>Fix:
      Non known
>Release-Note:
>Audit-Trail:
Responsible-Changed-From-To: freebsd-bugs->freebsd-ipfw 
Responsible-Changed-By: kris 
Responsible-Changed-When: Sat Mar 6 01:27:14 PST 2004 
Responsible-Changed-Why:  
Assign to ipfw mailing list 

http://www.freebsd.org/cgi/query-pr.cgi?pr=63724 
Responsible-Changed-From-To: freebsd-ipfw->ipfw 
Responsible-Changed-By: simon 
Responsible-Changed-When: Mon Mar 15 11:23:54 PST 2004 
Responsible-Changed-Why:  
Reassign to ipfw so the list only gets one GNATS reminder. 

Suggested by:	Bjoern A. Zeeb <bzeeb-lists@lists.zabbadoz.net> 

http://www.freebsd.org/cgi/query-pr.cgi?pr=63724 

From: Maxim Konovalov <maxim@macomnet.ru>
To: Alex de Kruijff <akruijff@dds.nl>
Cc: bug-followup@freebsd.org
Subject: kern/63724
Date: Fri, 14 Apr 2006 01:05:01 +0400 (MSD)

 Alex,
 
 ipfw rule #31600 counters show packets just do not reach it and all
 subsequent rules.  We need the whole ipfw ruleset.
 
 Can you check the problem persists in recent FreeBSD releases?
 
 -- 
 Maxim Konovalov

From: Alex de Kruijff <freebsd@akruijff.dds.nl>
To: Maxim Konovalov <maxim@macomnet.ru>
Cc: bug-followup@freebsd.org
Subject: Re: kern/63724
Date: Sun, 16 Apr 2006 00:42:00 +0200

 Maxim,
 
 On Fri, Apr 14, 2006 at 01:05:01AM +0400, Maxim Konovalov wrote:
 > ipfw rule #31600 counters show packets just do not reach it and all
 > subsequent rules.
 
 Its was not a problem with the ruleset. I used the same ruleset on 4.9
 as on 5.2. The ruleset also worked when I replaced the queues with
 pipes. I failed to report that one needs to run
 'net.inet.ip.fw.one_pass=0'.
 
 > We need the whole ipfw ruleset.
 
 I beleave I tested this test case. Did these rules work for you under
 5.2 or 5.x? If so you can just close it.
 
 As for the counters I could have simply types 'ipfw z; ipfw sh'.
 
 Did the test case worked fine for you? Under 5.2?
 
 > Can you check the problem persists in recent FreeBSD releases?
 
 It works under 6.x. (both 6.0 as 6.1) I don't have a box with 5.x.
 -- 
 Alex

From: Maxim Konovalov <maxim@macomnet.ru>
To: akruijff@dds.nl
Cc: bug-followup@freebsd.org
Subject: Re: kern/63724
Date: Thu, 20 Apr 2006 23:56:54 +0400 (MSD)

 On Sun, 16 Apr 2006, 00:42+0200, Alex de Kruijff wrote:
 
 > Maxim,
 >
 > On Fri, Apr 14, 2006 at 01:05:01AM +0400, Maxim Konovalov wrote:
 > > ipfw rule #31600 counters show packets just do not reach it and all
 > > subsequent rules.
 >
 > Its was not a problem with the ruleset. I used the same ruleset on 4.9
 > as on 5.2. The ruleset also worked when I replaced the queues with
 > pipes. I failed to report that one needs to run
 > 'net.inet.ip.fw.one_pass=0'.
 >
 > > We need the whole ipfw ruleset.
 >
 > I beleave I tested this test case. Did these rules work for you under
 > 5.2 or 5.x? If so you can just close it.
 >
 > As for the counters I could have simply types 'ipfw z; ipfw sh'.
 >
 > Did the test case worked fine for you? Under 5.2?
 >
 > > Can you check the problem persists in recent FreeBSD releases?
 >
 > It works under 6.x. (both 6.0 as 6.1) I don't have a box with 5.x.
 
 Neither do I.
 
 -- 
 Maxim Konovalov

From: Alex de Kruijff <akruijff@dds.nl>
To: Maxim Konovalov <maxim@macomnet.ru>
Cc: bug-followup@freebsd.org
Subject: Re: kern/63724
Date: Thu, 20 Apr 2006 22:23:14 +0200

 On Thu, Apr 20, 2006 at 11:56:54PM +0400, Maxim Konovalov wrote:
 > On Sun, 16 Apr 2006, 00:42+0200, Alex de Kruijff wrote:
 > > Maxim,
 > > On Fri, Apr 14, 2006 at 01:05:01AM +0400, Maxim Konovalov wrote:
 > > > ipfw rule #31600 counters show packets just do not reach it and all
 > > > subsequent rules.
 > >
 > > Its was not a problem with the ruleset. I used the same ruleset on 4.9
 > > as on 5.2. The ruleset also worked when I replaced the queues with
 > > pipes. I failed to report that one needs to run
 > > 'net.inet.ip.fw.one_pass=0'.
 > >
 > > > We need the whole ipfw ruleset.
 > >
 > > I beleave I tested this test case. Did these rules work for you under
 > > 5.2 or 5.x? If so you can just close it.
 > >
 > > As for the counters I could have simply types 'ipfw z; ipfw sh'.
 > >
 > > Did the test case worked fine for you? Under 5.2?
 > >
 > > > Can you check the problem persists in recent FreeBSD releases?
 > >
 > > It works under 6.x. (both 6.0 as 6.1) I don't have a box with 5.x.
 > 
 > Neither do I.
 
 My hunce is that its also fixed in the later 5 releases, so I suggest
 closing the bug report.
 
 Tanks for you time,
 Alex
State-Changed-From-To: open->closed 
State-Changed-By: maxim 
State-Changed-When: Fri Apr 21 09:14:15 UTC 2006 
State-Changed-Why:  
The problem does not exists in HEAD/RELENG_6. 

http://www.freebsd.org/cgi/query-pr.cgi?pr=63724 
>Unformatted:
