From nobody@FreeBSD.org  Wed Mar 24 10:18:07 2010
Return-Path: <nobody@FreeBSD.org>
Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34])
	by hub.freebsd.org (Postfix) with ESMTP id E47301065670
	for <freebsd-gnats-submit@FreeBSD.org>; Wed, 24 Mar 2010 10:18:07 +0000 (UTC)
	(envelope-from nobody@FreeBSD.org)
Received: from www.freebsd.org (www.freebsd.org [IPv6:2001:4f8:fff6::21])
	by mx1.freebsd.org (Postfix) with ESMTP id D3B918FC22
	for <freebsd-gnats-submit@FreeBSD.org>; Wed, 24 Mar 2010 10:18:07 +0000 (UTC)
Received: from www.freebsd.org (localhost [127.0.0.1])
	by www.freebsd.org (8.14.3/8.14.3) with ESMTP id o2OAI7OM025385
	for <freebsd-gnats-submit@FreeBSD.org>; Wed, 24 Mar 2010 10:18:07 GMT
	(envelope-from nobody@www.freebsd.org)
Received: (from nobody@localhost)
	by www.freebsd.org (8.14.3/8.14.3/Submit) id o2OAI7ah025384;
	Wed, 24 Mar 2010 10:18:07 GMT
	(envelope-from nobody)
Message-Id: <201003241018.o2OAI7ah025384@www.freebsd.org>
Date: Wed, 24 Mar 2010 10:18:07 GMT
From: Vitaly Moiseev <vm@vm.net.ua>
To: freebsd-gnats-submit@FreeBSD.org
Subject: 8.0-STABLE net.inet.ip.fw.one_pass: 1 not work
X-Send-Pr-Version: www-3.1
X-GNATS-Notify:

>Number:         145004
>Category:       misc
>Synopsis:       8.0-STABLE net.inet.ip.fw.one_pass: 1 not work
>Confidential:   no
>Severity:       serious
>Priority:       medium
>Responsible:    freebsd-bugs
>State:          closed
>Quarter:        
>Keywords:       
>Date-Required:  
>Class:          sw-bug
>Submitter-Id:   current-users
>Arrival-Date:   Wed Mar 24 10:20:02 UTC 2010
>Closed-Date:    Wed Mar 24 15:20:59 UTC 2010
>Last-Modified:  Wed Mar 24 15:30:02 UTC 2010
>Originator:     Vitaly Moiseev
>Release:        8.0-STABLE amd64
>Organization:
ISP Express LTD
>Environment:
FreeBSD pppoe-server.expressnikopol.net.ua 8.0-STABLE FreeBSD 8.0-STABLE #6: Wed Mar 24 02:00:10 EET
 2010     rot@pppoe-server.expressnikopol.net.ua:/usr/obj/usr/src/sys/PPPOE  amd64
>Description:
after update to 8.0-STABLE when use ipfw pipe dummynet and variable net.inet.ip.fw.one_pass set to 1, the packet is passed again to the firewall code starting from the next rule.
>How-To-Repeat:
use ipfw pipe and default to deny ipfw and set net.inet.ip.fw.one_pass=1 - the packets after exit from pipe rules go to next rules.
>Fix:


>Release-Note:
>Audit-Trail:

From: dfilter@FreeBSD.ORG (dfilter service)
To: bug-followup@FreeBSD.org
Cc:  
Subject: Re: misc/145004: commit references a PR
Date: Wed, 24 Mar 2010 15:17:08 +0000 (UTC)

 Author: luigi
 Date: Wed Mar 24 15:16:59 2010
 New Revision: 205602
 URL: http://svn.freebsd.org/changeset/base/205602
 
 Log:
   Honor ip.fw.one_pass when a packet comes out of a pipe without being delayed.
   I forgot to handle this case when i did the mtag cleanup three months ago.
   
   PR:		145004
 
 Modified:
   head/sys/netinet/ipfw/ip_dn_io.c
 
 Modified: head/sys/netinet/ipfw/ip_dn_io.c
 ==============================================================================
 --- head/sys/netinet/ipfw/ip_dn_io.c	Wed Mar 24 15:16:05 2010	(r205601)
 +++ head/sys/netinet/ipfw/ip_dn_io.c	Wed Mar 24 15:16:59 2010	(r205602)
 @@ -762,7 +762,11 @@ dummynet_io(struct mbuf **m0, int dir, s
  	 *     
  	 */
  	if (/*dn_cfg.io_fast &&*/ m == *m0 && (dir & PROTO_LAYER2) == 0 ) {
 -		/* fast io */
 +		/* fast io, rename the tag * to carry reinject info. */
 +		struct m_tag *tag = m_tag_first(m);
 +
 +		tag->m_tag_cookie = MTAG_IPFW_RULE;
 +		tag->m_tag_id = 0;
  		io_pkt_fast++;
  		if (m->m_nextpkt != NULL) {
  			printf("dummynet: fast io: pkt chain detected!\n");
 _______________________________________________
 svn-src-all@freebsd.org mailing list
 http://lists.freebsd.org/mailman/listinfo/svn-src-all
 To unsubscribe, send any mail to "svn-src-all-unsubscribe@freebsd.org"
 
State-Changed-From-To: open->closed 
State-Changed-By: luigi 
State-Changed-When: Wed Mar 24 15:20:12 UTC 2010 
State-Changed-Why:  
fixed in r205601(HEAD) and r205602(RELENG_8) 


http://www.freebsd.org/cgi/query-pr.cgi?pr=145004 

From: dfilter@FreeBSD.ORG (dfilter service)
To: bug-followup@FreeBSD.org
Cc:  
Subject: Re: misc/145004: commit references a PR
Date: Wed, 24 Mar 2010 15:20:04 +0000 (UTC)

 Author: luigi
 Date: Wed Mar 24 15:19:47 2010
 New Revision: 205603
 URL: http://svn.freebsd.org/changeset/base/205603
 
 Log:
   MFC 205602:
   Honor ip.fw.one_pass when a packet comes out of a pipe without being delayed.
   I forgot to handle this case when i did the mtag cleanup three months ago.
   
   I am merging immediately because this bugfix is important for
   people using RELENG_8.
   
   PR:           145004
 
 Modified:
   stable/8/sys/netinet/ipfw/ip_dn_io.c
 
 Modified: stable/8/sys/netinet/ipfw/ip_dn_io.c
 ==============================================================================
 --- stable/8/sys/netinet/ipfw/ip_dn_io.c	Wed Mar 24 15:16:59 2010	(r205602)
 +++ stable/8/sys/netinet/ipfw/ip_dn_io.c	Wed Mar 24 15:19:47 2010	(r205603)
 @@ -762,7 +762,11 @@ dummynet_io(struct mbuf **m0, int dir, s
  	 *     
  	 */
  	if (/*dn_cfg.io_fast &&*/ m == *m0 && (dir & PROTO_LAYER2) == 0 ) {
 -		/* fast io */
 +		/* fast io, rename the tag * to carry reinject info. */
 +		struct m_tag *tag = m_tag_first(m);
 +
 +		tag->m_tag_cookie = MTAG_IPFW_RULE;
 +		tag->m_tag_id = 0;
  		io_pkt_fast++;
  		if (m->m_nextpkt != NULL) {
  			printf("dummynet: fast io: pkt chain detected!\n");
 _______________________________________________
 svn-src-all@freebsd.org mailing list
 http://lists.freebsd.org/mailman/listinfo/svn-src-all
 To unsubscribe, send any mail to "svn-src-all-unsubscribe@freebsd.org"
 
>Unformatted:
