>Number: 148418 >Category: kern >Synopsis: IPFW error >Confidential: no >Severity: serious >Priority: medium >Responsible: freebsd-bugs >State: open >Quarter: >Keywords: >Date-Required: >Class: sw-bug >Submitter-Id: current-users >Arrival-Date: Wed Jul 07 07:20:01 UTC 2010 >Closed-Date: >Last-Modified: >Originator: Dmitriy >Release: 8.1-PRERELEASE >Organization: . >Environment: FreeBSD antares2.antares-1.ru 8.1-PRERELEASE FreeBSD 8.1-PRERELEASE #0: Mon Jul 5 16:24:49 MSD 2010 [email protected]:/usr/obj/usr/src/sys/ANTA2 amd64 >Description: Error processing options "in/out" at IPFW. For example, the startup sequence "ipfw show" on the test set of rules. Counters on the rules 400 and 500 do not match.
/tmp > ipfw zero 400 500 Entry 400 cleared. Entry 500 cleared. /tmp > ipfw show 00400 3 180 skipto 500 ip from any to any not dst-ip 192.168.1.0/24 out via re0 00450 5219 484371 skipto 700 ip from any to any 00500 0 0 skipto 600 ip from any to any out via re0 00500 3 180 skipto 600 ip from any to any 65000 453624 218175176 allow ip from any to any 65535 0 0 deny ip from any to any /tmp > ipfw show 00400 6 400 skipto 500 ip from any to any not dst-ip 192.168.1.0/24 out via re0 00450 5223 484571 skipto 700 ip from any to any 00500 0 0 skipto 600 ip from any to any out via re0 00500 6 400 skipto 600 ip from any to any 65000 453631 218175596 allow ip from any to any 65535 0 0 deny ip from any to any /tmp > ipfw show 00400 9 612 skipto 500 ip from any to any not dst-ip 192.168.1.0/24 out via re0 00450 5227 484771 skipto 700 ip from any to any 00500 0 0 skipto 600 ip from any to any out via re0 00500 9 612 skipto 600 ip from any to any 65000 453638 218176008 allow ip from any to any 65535 0 0 deny ip from any to any /tmp > ipfw show 00400 12 824 skipto 500 ip from any to any not dst-ip 192.168.1.0/24 out via re0 00450 5231 484971 skipto 700 ip from any to any 00500 0 0 skipto 600 ip from any to any out via re0 00500 12 824 skipto 600 ip from any to any 65000 453645 218176420 allow ip from any to any 65535 0 0 deny ip from any to any /tmp > ipfw show 00400 15 1044 skipto 500 ip from any to any not dst-ip 192.168.1.0/24 out via re0 00450 5235 485171 skipto 700 ip from any to any 00500 0 0 skipto 600 ip from any to any out via re0 00500 15 1044 skipto 600 ip from any to any 65000 453652 218176840 allow ip from any to any 65535 0 0 deny ip from any to any >How-To-Repeat: configure ipfw 00400 skipto 500 ip from any to any not dst-ip 192.168.1.0/24 out via re0 00450 skipto 700 ip from any to any 00500 skipto 600 ip from any to any out via re0 00500 skipto 600 ip from any to any 65000 allow ip from any to any 65535 deny ip from any to any Kernel config cpu HAMMER ident ANTA2 makeoptions DEBUG=-g # Build kernel with gdb(1) debug symbols options SCHED_ULE # ULE scheduler options PREEMPTION # Enable kernel thread preemption options INET # InterNETworking options SCTP # Stream Control Transmission Protocol options FFS # Berkeley Fast Filesystem options SOFTUPDATES # Enable FFS soft updates support options UFS_ACL # Support for access control lists options UFS_DIRHASH # Improve performance on big directories options UFS_GJOURNAL # Enable gjournal-based UFS journaling options MD_ROOT # MD is a potential root device options NFSCLIENT # Network Filesystem Client options NFSSERVER # Network Filesystem Server options NFSLOCKD # Network Lock Manager options NFS_ROOT # NFS usable as /, requires NFSCLIENT options MSDOSFS # MSDOS Filesystem options CD9660 # ISO 9660 Filesystem options PROCFS # Process filesystem (requires PSEUDOFS) options PSEUDOFS # Pseudo-filesystem framework options GEOM_PART_GPT # GUID Partition Tables. options GEOM_LABEL # Provides labelization options COMPAT_43TTY # BSD 4.3 TTY compat (sgtty) options COMPAT_FREEBSD32 # Compatible with i386 binaries options COMPAT_FREEBSD4 # Compatible with FreeBSD4 options COMPAT_FREEBSD5 # Compatible with FreeBSD5 options COMPAT_FREEBSD6 # Compatible with FreeBSD6 options COMPAT_FREEBSD7 # Compatible with FreeBSD7 options SCSI_DELAY=5000 # Delay (in ms) before probing SCSI options KTRACE # ktrace(1) support options STACK # stack(9) support options SYSVSHM # SYSV-style shared memory options SYSVMSG # SYSV-style message queues options SYSVSEM # SYSV-style semaphores options P1003_1B_SEMAPHORES # POSIX-style semaphores options _KPOSIX_PRIORITY_SCHEDULING # POSIX P1003_1B real-time extensions options PRINTF_BUFR_SIZE=128 # Prevent printf output being interspersed. options KBD_INSTALL_CDEV # install a CDEV entry in /dev options HWPMC_HOOKS # Necessary kernel hooks for hwpmc(4) options AUDIT # Security event auditing options MAC # TrustedBSD MAC Framework options FLOWTABLE # per-cpu routing cache options INCLUDE_CONFIG_FILE # Include this file in kernel options SMP # Symmetric MultiProcessor Kernel options NULLFS options GEOM_MIRROR options IPFIREWALL, IPFIREWALL_VERBOSE, IPDIVERT, DUMMYNET, IPFIREWALL_FORWARD options NTFS, NETSMB, SMBFS, LIBICONV, LIBMCHAIN options ACCEPT_FILTER_HTTP options NETGRAPH, NETGRAPH_ETHER, NETGRAPH_BPF, NETGRAPH_IFACE options NETGRAPH_KSOCKET, NETGRAPH_PPP, NETGRAPH_VJC, NETGRAPH_PPPOE options NETGRAPH_SOCKET, NETGRAPH_TEE, NETGRAPH_MPPC_ENCRYPTION options NETGRAPH_PPTPGRE, NETGRAPH_HOLE, NETGRAPH_TCPMSS device cpufreq device acpi device pci device fdc device ata device atadisk # ATA disk drives device ataraid # ATA RAID drives device atapicd # ATAPI CDROM drives options ATA_STATIC_ID # Static device numbering device scbus # SCSI bus (required for SCSI) device ch # SCSI media changers device da # Direct Access (disks) device sa # Sequential Access (tape etc) device cd # CD device pass # Passthrough device (direct SCSI access) device ses # SCSI Environmental Services (and SAF-TE) device atkbdc # AT keyboard controller device atkbd # AT keyboard device psm # PS/2 mouse device kbdmux # keyboard multiplexer device vga # VGA video card driver device splash # Splash screen and screen saver support device sc options SC_ALT_MOUSE_IMAGE , SC_DFLT_FONT , SC_DISABLE_REBOOT makeoptions SC_DFLT_FONT=cp866 device agp # support several AGP chipsets device uart # Generic UART driver device ppc device ppbus # Parallel port bus (required) device lpt # Printer device plip # TCP/IP over parallel device ppi # Parallel port interface device device miibus # MII bus support device fxp # Intel EtherExpress PRO/100B (82557, 82558) device re # RealTek 8139C+/8169/8169S/8110S device rl # RealTek 8129/8139 device vr # VIA Rhine, Rhine II device sk # SysKonnect SK-984x & SK-982x gigabit Ethernet device loop # Network loopback device random # Entropy device device ether # Ethernet support device vlan # 802.1Q VLAN support device tun # Packet tunnel. device pty # BSD-style compatibility pseudo ttys device md # Memory "disks" device gif # IPv6 and IPv4 tunneling device faith # IPv6-to-IPv4 relaying (translation) device firmware # firmware assist module device bpf # Berkeley packet filter options USB_DEBUG # enable debug msgs device uhci # UHCI PCI->USB interface device ohci # OHCI PCI->USB interface device ehci # EHCI PCI->USB interface (USB 2.0) device usb # USB Bus (required) device uhid # "Human Interface Devices" device ukbd # Keyboard device ulpt # Printer device umass # Disks/Mass storage - Requires scbus and da device ums # Mouse device uark # Technologies ARK3116 based serial adapters device ubsa # Belkin F5U103 and compatible serial adapters device uftdi # For FTDI usb serial adapters device uipaq # Some WinCE based devices device uplcom # Prolific PL-2303 serial adapters device uslcom # SI Labs CP2101/CP2102 serial adapters device uvisor # Visor and Palm devices device uvscom # USB serial support for DDI pocket's PHS device aue # ADMtek USB Ethernet device axe # ASIX Electronics USB Ethernet device cdce # Generic USB over Ethernet device cue # CATC USB Ethernet device kue # Kawasaki LSI USB Ethernet device rue # RealTek RTL8150 USB Ethernet device udav # Davicom DM9601E USB device vlan device speaker >Fix: >Release-Note: >Audit-Trail: >Unformatted: _______________________________________________ [email protected] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-bugs To unsubscribe, send any mail to "[email protected]"
