From nobody@FreeBSD.org  Mon Jan 16 00:59:50 2006
Return-Path: <nobody@FreeBSD.org>
Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125])
	by hub.freebsd.org (Postfix) with ESMTP id 9DCAB16A41F
	for <freebsd-gnats-submit@FreeBSD.org>; Mon, 16 Jan 2006 00:59:50 +0000 (GMT)
	(envelope-from nobody@FreeBSD.org)
Received: from www.freebsd.org (www.freebsd.org [216.136.204.117])
	by mx1.FreeBSD.org (Postfix) with ESMTP id 69B9243D46
	for <freebsd-gnats-submit@FreeBSD.org>; Mon, 16 Jan 2006 00:59:50 +0000 (GMT)
	(envelope-from nobody@FreeBSD.org)
Received: from www.freebsd.org (localhost [127.0.0.1])
	by www.freebsd.org (8.13.1/8.13.1) with ESMTP id k0G0xo5i084750
	for <freebsd-gnats-submit@FreeBSD.org>; Mon, 16 Jan 2006 00:59:50 GMT
	(envelope-from nobody@www.freebsd.org)
Received: (from nobody@localhost)
	by www.freebsd.org (8.13.1/8.13.1/Submit) id k0G0xocN084749;
	Mon, 16 Jan 2006 00:59:50 GMT
	(envelope-from nobody)
Message-Id: <200601160059.k0G0xocN084749@www.freebsd.org>
Date: Mon, 16 Jan 2006 00:59:50 GMT
From: Barry Murphy <barry@unix.co.nz>
To: freebsd-gnats-submit@FreeBSD.org
Subject: ipfw with vlanX as the device
X-Send-Pr-Version: www-2.3

>Number:         91847
>Category:       kern
>Synopsis:       [ipfw] ipfw with vlanX as the device
>Confidential:   no
>Severity:       non-critical
>Priority:       low
>Responsible:    freebsd-ipfw
>State:          closed
>Quarter:        
>Keywords:       
>Date-Required:  
>Class:          sw-bug
>Submitter-Id:   current-users
>Arrival-Date:   Mon Jan 16 01:00:17 GMT 2006
>Closed-Date:    Sun Oct 02 16:02:38 UTC 2011
>Last-Modified:  Sun Oct 02 16:02:38 UTC 2011
>Originator:     Barry Murphy
>Release:        FreeBSD 6.0-STABLE
>Organization:
>Environment:
FreeBSD firewall.unix.co.nz 6.0-STABLE FreeBSD 6.0-STABLE #6: Fri Jan 13 00:22:59 NZDT 2006     icepick@firewall.unix.co.nz:/usr/obj/usr/src/sys/FIREWALL  i386
       
>Description:
I've found that ipfw doesn't appear to count or handle vlan traffic via ipfw.
I need it specifically to count vlan traffic as I use a transparent proxy and
need it to count all traffic including this.

Using iftop -i vlan18 I see the destination IP and source IP
Using iftop I see the source IP and transparent proxy IP and it's important
I don't see the transparent IP but rather the IP external to the network.

|Internet| -- |Firewall| -- |Cisco 3500XL| -- |Network|
>How-To-Repeat:
The cisco has a trunked port on the cisco plugged into the firewall which
has a few vlans, eg:

/sbin/ifconfig vlan18 create
/sbin/ifconfig vlan18 inet 60.234.x.x netmask 255.255.255.248 vlan 27 vlandev em1

I've then added an IPFW rule to count traffic going via vlan18 using all
possible ways I can think of:

ipfw add count ip from any to any in via vlan18
ipfw add count ip from any to any in recv vlan18
ipfw add count ip from any to any in xmit vlan18

sysctl:
/sbin/sysctl net.link.ether.bridge_ipfw: 1
/sbin/sysctl net.inet.ip.fw.one_pass=0
>Fix:
              
>Release-Note:
>Audit-Trail:

From: Gleb Smirnoff <glebius@FreeBSD.org>
To: Barry Murphy <barry@unix.co.nz>
Cc: freebsd-gnats-submit@FreeBSD.org
Subject: Re: misc/91847: ipfw with vlanX as the device
Date: Mon, 16 Jan 2006 11:33:47 +0300

 It is not clear whether traffic is routed through vlan18 or is it bridged
via it?
 
 -- 
 Totus tuus, Glebius.
 GLEBIUS-RIPN GLEB-RIPE
Responsible-Changed-From-To: freebsd-bugs->freebsd-ipfw 
Responsible-Changed-By: linimon 
Responsible-Changed-When: Wed Jan 18 07:45:47 UTC 2006 
Responsible-Changed-Why:  
Over to maintainer(s). 

http://www.freebsd.org/cgi/query-pr.cgi?pr=91847 
State-Changed-From-To: open->feedback 
State-Changed-By: ae 
State-Changed-When: Tue Jun 28 06:00:28 UTC 2011 
State-Changed-Why:  
Can you still reproduce this on a supported release?  

http://www.freebsd.org/cgi/query-pr.cgi?pr=91847 
State-Changed-From-To: feedback->closed 
State-Changed-By: ae 
State-Changed-When: Sun Oct 2 16:02:20 UTC 2011 
State-Changed-Why:  
Feedback timeout. 

http://www.freebsd.org/cgi/query-pr.cgi?pr=91847 
>Unformatted:
