[Bug 282673] ipfw tags are lost while transit via if_epair

bugzilla-noreply Sun, 10 Nov 2024 08:41:42 -0800

https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=282673


            Bug ID: 282673
           Summary: ipfw tags are lost while transit via if_epair
           Product: Base System
           Version: 14.1-RELEASE
          Hardware: amd64
                OS: Any
            Status: New
          Severity: Affects Only Me
          Priority: ---
         Component: kern
          Assignee: [email protected]
          Reporter: [email protected]

Example script:

#!/bin/sh
kldload -n ipfw
ifconfig epair1 create

ifconfig epair1a inet 192.0.2.1/30 up
ifconfig epair1b inet 192.0.2.2/30 up

route -4 add 192.0.2.4/30 192.0.2.2 -ifp epair1a

ipfw add 31560 count tag 4 tagged 3 in
ipfw add 31570 count tag 3 tagged 2 in
ipfw add 31580 count tag 2 not tagged 2 in dst-ip 192.0.2.4
ipfw add 31590 unreach host tagged 4 out

netstat -nrW4

ping -c 5 -t 6 192.0.2.4

traceroute -w 1 -In 192.0.2.4

ipfw show 31560-31590
ipfw -q delete 31560-31590

ifconfig epair1a destroy





Result on FreeBSD 11.2-RELEASE-p4 (everything's ok):
Routing tables

Internet:
Destination        Gateway            Flags       Use    Mtu      Netif Expire
127.0.0.1          link#3             UH            0  16384        lo0
192.0.2.0/30       link#4             U             0   1500    epair1a
192.0.2.1          link#4             UHS           0  16384        lo0
192.0.2.2          link#5             UHS           0  16384        lo0
192.0.2.4/30       192.0.2.2          UGS           0   1500    epair1a
192.168.232.0/24   192.168.232.222    UGS          97   1500       lan1
192.168.232.192/27 link#1             U             2   1500       lan1
192.168.232.200    link#1             UHS           0  16384        lo0
PING 192.0.2.4 (192.0.2.4): 56 data bytes
36 bytes from localhost (127.0.0.1): Destination Host Unreachable
Vr HL TOS  Len   ID Flg  off TTL Pro  cks      Src      Dst
 4  5  00 0054 979c   0 0000  3d  01 6207 192.0.2.1  192.0.2.4

36 bytes from localhost (127.0.0.1): Destination Host Unreachable
Vr HL TOS  Len   ID Flg  off TTL Pro  cks      Src      Dst
 4  5  00 0054 9ee0   0 0000  3d  01 5ac3 192.0.2.1  192.0.2.4

36 bytes from localhost (127.0.0.1): Destination Host Unreachable
Vr HL TOS  Len   ID Flg  off TTL Pro  cks      Src      Dst
 4  5  00 0054 9ee1   0 0000  3d  01 5ac2 192.0.2.1  192.0.2.4

36 bytes from localhost (127.0.0.1): Destination Host Unreachable
Vr HL TOS  Len   ID Flg  off TTL Pro  cks      Src      Dst
 4  5  00 0054 9ee2   0 0000  3d  01 5ac1 192.0.2.1  192.0.2.4

36 bytes from localhost (127.0.0.1): Destination Host Unreachable
Vr HL TOS  Len   ID Flg  off TTL Pro  cks      Src      Dst
 4  5  00 0054 9ee3   0 0000  3d  01 5ac0 192.0.2.1  192.0.2.4


--- 192.0.2.4 ping statistics ---
5 packets transmitted, 0 packets received, 100.0% packet loss
traceroute to 192.0.2.4 (192.0.2.4), 64 hops max, 48 byte packets
 1  127.0.0.1  0.130 ms  0.036 ms  0.033 ms
 2  127.0.0.1  0.030 ms  0.026 ms  0.040 ms
 3  127.0.0.1  0.032 ms  0.028 ms  0.028 ms
 4  127.0.0.1  0.029 ms !H  0.057 ms !H  0.031 ms !H
31560  11   708 count tag 4 ip from any to any tagged 3 in
31570  25  1560 count tag 3 ip from any to any tagged 2 in
31580  17   996 count tag 2 ip from any to 192.0.2.4 not tagged 2 in
31590   8   564 reject ip from any to any tagged 4 out



Result on FreeBSD 14.1-RELEASE-p5 (very different from 11.2, tags are lost,
cannot control every pass via ipfw):
Routing tables

Internet:
Destination        Gateway            Flags   Nhop#    Mtu      Netif Expire
127.0.0.1          link#3             UH          1  16384        lo0
192.0.2.0/30       link#4             U           5   1500    epair1a
192.0.2.1          link#3             UHS         6  16384        lo0
192.0.2.2          link#3             UHS         7  16384        lo0
192.0.2.4/30       192.0.2.2          UGS         8   1500    epair1a
192.168.232.0/24   192.168.232.222    UGS         4   1500       lan1
192.168.232.192/27 link#1             U           2   1500       lan1
192.168.232.200    link#3             UHS         3  16384        lo0
PING 192.0.2.4 (192.0.2.4): 56 data bytes
92 bytes from 127.0.0.1: Time to live exceeded
Vr HL TOS  Len   ID Flg  off TTL Pro  cks       Src       Dst
 4  5  00 0054 612e   0 0000  01  01 d475 192.0.2.1 192.0.2.4

92 bytes from 127.0.0.1: Time to live exceeded
Vr HL TOS  Len   ID Flg  off TTL Pro  cks       Src       Dst
 4  5  00 0054 612f   0 0000  01  01 d474 192.0.2.1 192.0.2.4

92 bytes from 127.0.0.1: Time to live exceeded
Vr HL TOS  Len   ID Flg  off TTL Pro  cks       Src       Dst
 4  5  00 0054 6130   0 0000  01  01 d473 192.0.2.1 192.0.2.4

92 bytes from 127.0.0.1: Time to live exceeded
Vr HL TOS  Len   ID Flg  off TTL Pro  cks       Src       Dst
 4  5  00 0054 6131   0 0000  01  01 d472 192.0.2.1 192.0.2.4

92 bytes from 127.0.0.1: Time to live exceeded
Vr HL TOS  Len   ID Flg  off TTL Pro  cks       Src       Dst
 4  5  00 0054 6132   0 0000  01  01 d471 192.0.2.1 192.0.2.4


--- 192.0.2.4 ping statistics ---
5 packets transmitted, 0 packets received, 100.0% packet loss
traceroute to 192.0.2.4 (192.0.2.4), 64 hops max, 48 byte packets
 1  127.0.0.1  0.103 ms  0.084 ms  0.059 ms
 2  127.0.0.1  0.047 ms  0.047 ms  0.044 ms
.......
64  127.0.0.1  0.104 ms  0.112 ms  0.105 ms
31560     0      0 count tag 4 tagged 3 in
31570     0      0 count tag 3 tagged 2 in
31580  6560 326400 count tag 2 not tagged 2 in dst-ip 192.0.2.4
31590     0      0 reject tagged 4 out

-- 
You are receiving this mail because:
You are the assignee for the bug.

[Bug 282673] ipfw tags are lost while transit via if_epair

Reply via email to