[Bug 278059] Kernel panic in ipfw_chk starting in FreeBSD 14
https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=278059 --- Comment #2 from Nick Johnson --- I can confirm that disabling layer-2 filtering in ipfw seems to eliminate this crash. The system in question has been up for 46 days now, when previously it was crashing after just a few days. -- You are receiving this mail because: You are the assignee for the bug.
[Bug 263078] kernel core generated from ipfw_chk() function
https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=263078 --- Comment #8 from Zhenlei Huang --- *** Bug 278389 has been marked as a duplicate of this bug. *** -- You are receiving this mail because: You are the assignee for the bug.
[Bug 263078] kernel core generated from ipfw_chk() function
https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=263078 Zhenlei Huang changed: What|Removed |Added CC||z...@freebsd.org --- Comment #7 from Zhenlei Huang --- (In reply to keerthana from comment #6) > We observed the crash was still happening from same code which was given by > aadhya, > Is there any proper fix available for this issue? FreeBSD 11 is EOL at September 30, 2021 and is no longer supported. Please upgrade to supported releases [1]. > Is this core obseverd in latest FreeBSD releases? The fix should be in all supported releases. Please give it (the latest release) a try. 1. https://www.freebsd.org/security/#sup -- You are receiving this mail because: You are the assignee for the bug.
[Bug 263078] kernel core generated from ipfw_chk() function
https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=263078 keerthana changed: What|Removed |Added CC||bkeer...@cisco.com --- Comment #6 from keerthana --- Given patch is not working in 11.2 freebsd, we are still seeing the kernel panic. Environment : === hw.model: Intel(R) Xeon(R) Gold 5118 CPU @ 2.30GHz hw.machine: amd64 hw.ncpu: 24 FreeBSD 11.2-RELEASE Here is the BT : === (kgdb) bt #0 __curthread () at ./machine/pcpu.h:229 #1 doadump (textdump=1) at ../../../kern/kern_shutdown.c:327 #2 0x80614a9b in kern_reboot (howto=260) at ./../../kern/kern_shutdown.c:395 #3 0x80614f99 in vpanic (fmt=, ap=) at ./../../kern/kern_shutdown.c:799 #4 0x80614cd3 in panic (fmt=) at ./../../kern/kern_shutdown.c:719 #5 0x808997df in trap_fatal (frame=0xfe103e2f4b00, eva=4) at ./../../amd64/amd64/trap.c:875 #6 0x80899839 in trap_pfault (frame=0xfe103e2f4b00, usermode=0) at ./../../amd64/amd64/trap.c:712 #7 0x80899028 in trap (frame=0xfe103e2f4b00) at ./../../amd64/amd64/trap.c:415 #8 #9 ipfw_find_rule (chain=, key=2000, id=0) at ./../../netpfil/ipfw/ip_fw_sockopt.c:236 #10 0x807a8403 in jump_lookup_pos (chain=, f=, num=, tablearg=, jump_backwards=) at ./../../netpfil/ipfw/ip_fw2.c:1284 #11 jump_cached (chain=, f=, num=, tablearg=, jump_backwards=) at ../../../netpfil/ipfw/ip_fw2.c:1323 #12 ipfw_chk (args=) at ../../../netpfil/ipfw/ip_fw2.c:2773 #13 0x807afd9f in ipfw_check_packet (arg=, m0=0xfe103e2f4f90, ifp=, dir=1, inp=0x0) at ../../../netpfil/ipfw/ip_fw_pfil.c:151 #14 0x80723514 in pfil_run_hooks (ph=0x8101bdf8 , mp=, ifp=0xf8000a288800, dir=1, flags=0, inp=0x0) at ../../../net/pfil.c:116 #15 0x807465d9 in ip_input (m=0xf80253911300) at ./../../netinet/ip_input.c:601 #16 0x80722561 in netisr_dispatch_src (proto=1, source=, m=0x4a) at ../../../net/netisr.c:1120 #17 0x8070ac72 in ether_demux (ifp=0xf8000a288800, m=0x7d0) at ./../../net/if_ethersubr.c:884 #18 0x8070bd77 in ether_input_internal (ifp=0xf8000a288800, m=0x7d0) at ../../../net/if_ethersubr.c:660 #19 ether_nh_input (m=) at ../../../net/if_ethersubr.c:690 #20 0x80722561 in netisr_dispatch_src (proto=5, source=, m=0x4a) at ../../../net/netisr.c:1120 #21 0x8070aff6 in ether_input (ifp=, m=0x0) at ./../../net/if_ethersubr.c:780 #22 0x808c3d3c in ixl_rx_input (ptype=0 '\000', rxr=, ifp=, m=) at ../../../dev/ixl/ixl_txrx.c:1579 #23 ixl_rxeof (que=0xfe0002880e38, count=512) at ./../../dev/ixl/ixl_txrx.c:1910 #24 0x808b0ddf in ixl_msix_que (arg=0xfe0002880e38) at ./../../dev/ixl/ixl_pf_main.c:751 #25 0x805e585f in intr_event_execute_handlers (p=, ie=0xf80016814d00) at ../../../kern/kern_intr.c:1336 #26 0x805e5ef7 in ithread_execute_handlers (ie=, p=) at ../../../kern/kern_intr.c:1349 #27 ithread_loop (arg=0xf80010cf4d00) at ../../../kern/kern_intr.c:1430 ---Type to continue, or q to quit--- #28 0x805e2ed6 in fork_exit (callout=0x805e5e40 , arg=0xf80010cf4d00, frame=0xfe103e2f5340) at ../../../kern/kern_fork.c:1054 #29 We observed the crash was still happening from same code which was given by aadhya, Is there any proper fix available for this issue? Is this core obseverd in latest FreeBSD releases? -- You are receiving this mail because: You are the assignee for the bug.
[Bug 278088] ipfw missing options for some useful IPv6 features for RFC 4890
https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=278088 Mark Linimon changed: What|Removed |Added Assignee|b...@freebsd.org|i...@freebsd.org -- You are receiving this mail because: You are the assignee for the bug.
[Bug 278039] ipfw: can't add the address ::/128 to a table
https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=278039 --- Comment #2 from Joshua Kinard --- Looking at it a bit more, I think this is related to Bug #226688, where you can't add IPv4 255.255.255.255 to a table, either: > # ipfw set 2 table test1 create > # ipfw set 2 table test1 add 255.255.255.255 > error: 255.255.255.255/32 0 > ipfw: Adding record failed: Invalid argument On a whim, I tried adding the IPv6 equivalent, and that also fails: > # ipfw set 2 table test1 add ::::::: > error: :::::::/128 0 > ipfw: Adding record failed: Invalid argument But you can add, numerically, the address directly below that: > # ipfw set 2 table test1 add :::::::fffe > added: :::::::fffe/128 0 Going back to IPv4, the same applies for 0.0.0.0/32: > # ipfw set 2 table test1 add 0.0.0.0 > error: 0.0.0.0/32 0 > ipfw: Adding record failed: Invalid argument But like Lexi highlights, change the CIDR, and it accepts it: > # ipfw set 2 table test1 add 0.0.0.0/31 > added: 0.0.0.0/31 0 The last item is functionally the same as adding 0.0.0.1, or in the IPv6 case, ::1. So it feels like there is a range check somewhere that's doing "x > 0" and/or "x < MAX", when it should be using >= or <=, cause functionally, ::/0.00.0 and 255.255.255.255/::::::: are just fancy ways of representing 0 and 2^32-1/2^128-1. -- You are receiving this mail because: You are the assignee for the bug.
[Bug 278039] ipfw: can't add the address ::/128 to a table
https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=278039 --- Comment #1 from Joshua Kinard --- (In reply to Lexi Winter from comment #0) It also fails when trying to add just plain "::", w/o the CIDR prefix. -- You are receiving this mail because: You are the assignee for the bug.
[Bug 278059] Kernel panic in ipfw_chk starting in FreeBSD 14
https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=278059 Mark Linimon changed: What|Removed |Added Assignee|b...@freebsd.org|i...@freebsd.org Keywords||crash, regression -- You are receiving this mail because: You are the assignee for the bug.
[Bug 278039] ipfw: can't add the address ::/128 to a table
https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=278039 Mark Linimon changed: What|Removed |Added Assignee|b...@freebsd.org|i...@freebsd.org -- You are receiving this mail because: You are the assignee for the bug.
[Bug 276732] IPFW keep-state rules with untag do not go through parent rule cmd
https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=276732 John Baldwin changed: What|Removed |Added Assignee|i...@freebsd.org|j...@freebsd.org Flags||mfc-stable14?, ||mfc-stable13? Status|Open|In Progress -- You are receiving this mail because: You are the assignee for the bug.
[Bug 276732] IPFW keep-state rules with untag do not go through parent rule cmd
https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=276732 --- Comment #8 from commit-h...@freebsd.org --- A commit in branch main references this bug: URL: https://cgit.FreeBSD.org/src/commit/?id=62b1faa3b7495de22a3225e42dabe6ce8c371e86 commit 62b1faa3b7495de22a3225e42dabe6ce8c371e86 Author: Karim Fodil-Lemelin AuthorDate: 2024-02-16 01:57:51 + Commit: John Baldwin CommitDate: 2024-02-16 01:57:51 + ipfw: Skip to the start of the loop when following a keep-state rule When a packet matches an existing dynamic rule for a keep-state rule, the matching engine advances the "instruction pointer" to the action portion of the rule skipping over the match conditions. However, the code was merely breaking out of the switch statement rather than doing a continue, so the remainder of the loop body after the switch was still executed. If the first action opcode contains an F_NOT but not an F_OR (such as an "untag" action), then match is toggled to 0, and the code exits the inner loop via a break which aborts processing of the actions. To fix, just use a continue instead of a break. PR: 276732 Reviewed by:jhb, ae MFC after: 2 weeks sys/netpfil/ipfw/ip_fw2.c | 3 +-- 1 file changed, 1 insertion(+), 2 deletions(-) -- You are receiving this mail because: You are the assignee for the bug.
[Bug 276732] IPFW keep-state rules with untag do not go through parent rule cmd
https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=276732 --- Comment #7 from fodillemlinka...@gmail.com --- (In reply to John Baldwin from comment #5) Since this was work founded by my employer XipLink Inc. might as well use my work email: k...@xiplink.com Thanks. -- You are receiving this mail because: You are the assignee for the bug.
[Bug 276732] IPFW keep-state rules with untag do not go through parent rule cmd
https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=276732 --- Comment #6 from fodillemlinka...@gmail.com --- (In reply to John Baldwin from comment #5) Please use Karim Fodil-Lemelin Thanks -- You are receiving this mail because: You are the assignee for the bug.
[Bug 276732] IPFW keep-state rules with untag do not go through parent rule cmd
https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=276732 --- Comment #5 from John Baldwin --- (In reply to fodillemlinkarim from comment #3) Do you have a full name you'd like me to use as the author of the git commit for this fix? So far what I would use is "Karim " -- You are receiving this mail because: You are the assignee for the bug.
[Bug 276732] IPFW keep-state rules with untag do not go through parent rule cmd
https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=276732 --- Comment #4 from Andrey V. Elsukov --- (In reply to John Baldwin from comment #2) I agree. I just hope the change will not become a big surprise for someone when it start to work :) -- You are receiving this mail because: You are the assignee for the bug.
[Bug 276732] IPFW keep-state rules with untag do not go through parent rule cmd
https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=276732 --- Comment #3 from fodillemlinka...@gmail.com --- Fine by me, the break and match were left there to stay consistent with other parts of the that file that behave in a similar fashion, for example the O_COUNT and O_SKIPTO cases. -- You are receiving this mail because: You are the assignee for the bug.
[Bug 276732] IPFW keep-state rules with untag do not go through parent rule cmd
https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=276732 John Baldwin changed: What|Removed |Added Status|New |Open --- Comment #2 from John Baldwin --- (Hit Enter too soon, ignore previous comment) I agree with the diagnosis. I suspect though that the bug is a bit bigger as currently we always skip over the first action opcode. The fact that 'match' is set to 1 allows this to "work" if the first action is "accept" which is usually the action for keep-state rules. However, I suspect that if you have a 'log' action on a keep-state rule we don't actually log packets that match an existing dynamic rule since we skip over the "log" opcode due to this bug. A bit more background: in this set of loops in the kernel, you can think of 'cmd' as being a program counter (PC) for an ISA and 'cmdlen' is the implicit PC increment to perform after handling the current opcode. Since this action is triggering the equivalent of a branch, it resets 'cmd' and 'l' as is done at the start of the inner for loop and sets 'cmdlen' to 0 to avoid turn the implicit PC increment at the end of the for loop into a nop. I think though that the patch should drop the 'match = 1' as that is now just noise. Also, there is no need to keep the dead 'break' statement. I've cc'd ae@ to see if he has any thoughts, but if there's no other feedback in the next week or so I'll commit the tweaked fix. -- You are receiving this mail because: You are the assignee for the bug.
[Bug 276732] IPFW keep-state rules with untag do not go through parent rule cmd
https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=276732 John Baldwin changed: What|Removed |Added CC||a...@freebsd.org, ||j...@freebsd.org --- Comment #1 from John Baldwin --- I agree with the diagnosis. I suspect though that the bug is a bit bigger as currently we always skip over the first bug -- You are receiving this mail because: You are the assignee for the bug.
[Bug 276732] IPFW keep-state rules with untag do not go through parent rule cmd
https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=276732 Mark Linimon changed: What|Removed |Added Assignee|b...@freebsd.org|i...@freebsd.org -- You are receiving this mail because: You are the assignee for the bug.
Problem reports for i...@freebsd.org that need special attention
To view an individual PR, use: https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=(Bug Id). The following is a listing of current problems submitted by FreeBSD users, which need special attention. These represent problem reports covering all versions including experimental development code and obsolete releases. Status |Bug Id | Description +---+--- New |232764 | [ipfw] share/examples/ipfw/change_rules.sh: Suppo 1 problems total for which you should take action.
Problem reports for i...@freebsd.org that need special attention
To view an individual PR, use: https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=(Bug Id). The following is a listing of current problems submitted by FreeBSD users, which need special attention. These represent problem reports covering all versions including experimental development code and obsolete releases. Status |Bug Id | Description +---+--- New |232764 | [ipfw] share/examples/ipfw/change_rules.sh: Suppo 1 problems total for which you should take action.
Problem reports for i...@freebsd.org that need special attention
To view an individual PR, use: https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=(Bug Id). The following is a listing of current problems submitted by FreeBSD users, which need special attention. These represent problem reports covering all versions including experimental development code and obsolete releases. Status |Bug Id | Description +---+--- New |232764 | [ipfw] share/examples/ipfw/change_rules.sh: Suppo 1 problems total for which you should take action.
Problem reports for i...@freebsd.org that need special attention
To view an individual PR, use: https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=(Bug Id). The following is a listing of current problems submitted by FreeBSD users, which need special attention. These represent problem reports covering all versions including experimental development code and obsolete releases. Status |Bug Id | Description +---+--- New |232764 | [ipfw] share/examples/ipfw/change_rules.sh: Suppo 1 problems total for which you should take action.
[Bug 275470] Kernel Panic in IPFW when adding entries to table
https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=275470 --- Comment #2 from Thierry Dussuet --- (In reply to Eugene Perevyazko from comment #1) Thank you, that's very kind, and a great idea! -- You are receiving this mail because: You are the assignee for the bug.
[Bug 275470] Kernel Panic in IPFW when adding entries to table
https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=275470
Eugene Perevyazko changed:
What|Removed |Added
CC||j...@dnepro.net
--- Comment #1 from Eugene Perevyazko ---
Skipping the problem of kernel panic itself I'd like to propose a workaround
for your script:
TMPFILE=`mktemp -t tbl53` || exit 1
awk '/^[0-9]/ && !/127.0.0/ {print "table 53 add "$1}'
/tmp/dnsbl/dnsbl-1.uceprotect.net > $TMPFILE
ipfw -q $TMPFILE
rm $TMPFILE
It also should be much faster and lighter on CPU.
for example it takes less than a second of wall time on ancient core2:
# ipfw table 53 flush
# ipfw table 53 list | wc
0 0 0
# time ipfw -q /tmp/tbl53.0kfeoXCu
0.179u 0.242s 0:00.42 97.6% 158+184k 0+0io 0pf+0w
# ipfw table 53 list | wc
65698 131396 1278284
--
You are receiving this mail because:
You are the assignee for the bug.
[Bug 275470] Kernel Panic in IPFW when adding entries to table
https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=275470 Mark Linimon changed: What|Removed |Added Assignee|b...@freebsd.org|i...@freebsd.org Keywords||crash -- You are receiving this mail because: You are the assignee for the bug.
Problem reports for i...@freebsd.org that need special attention
To view an individual PR, use: https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=(Bug Id). The following is a listing of current problems submitted by FreeBSD users, which need special attention. These represent problem reports covering all versions including experimental development code and obsolete releases. Status |Bug Id | Description +---+--- New |232764 | [ipfw] share/examples/ipfw/change_rules.sh: Suppo 1 problems total for which you should take action.
Problem reports for i...@freebsd.org that need special attention
To view an individual PR, use: https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=(Bug Id). The following is a listing of current problems submitted by FreeBSD users, which need special attention. These represent problem reports covering all versions including experimental development code and obsolete releases. Status |Bug Id | Description +---+--- New |232764 | [ipfw] share/examples/ipfw/change_rules.sh: Suppo 1 problems total for which you should take action.
[Bug 132774] [ipfw] IPFW with uid/gid/jail rules may lead to lockup
https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=132774 --- Comment #6 from vincent.jan...@outlook.com --- Update: I got the host to panic with a kernel debug build. Same stack trace on multiple hosts. panic: rw_rlock: wlock already held for tcpinp @ /usr/src/sys/netinet/in_pcb.c:2529 cpuid = 6 time = 1700228046 KDB: stack backtrace: db_trace_self_wrapper() at db_trace_self_wrapper+0x2b/frame 0xfe020367a020 vpanic() at vpanic+0x151/frame 0xfe020367a070 panic() at panic+0x43/frame 0xfe020367a0d0 __rw_rlock_int() at __rw_rlock_int+0x10e/frame 0xfe020367a100 in_pcblookup_hash() at in_pcblookup_hash+0x4f/frame 0xfe020367a130 in_pcblookup_mbuf() at in_pcblookup_mbuf+0x24/frame 0xfe020367a150 check_uidgid() at check_uidgid+0x1e7/frame 0xfe020367a1a0 ipfw_chk() at ipfw_chk+0x12c3/frame 0xfe020367a3f0 ipfw_check_packet() at ipfw_check_packet+0xec/frame 0xfe020367a4d0 pfil_run_hooks() at pfil_run_hooks+0xb7/frame 0xfe020367a510 ip_output() at ip_output+0xb56/frame 0xfe020367a640 tcp_respond() at tcp_respond+0xb32/frame 0xfe020367a720 tcp_twcheck() at tcp_twcheck+0x2e6/frame 0xfe020367a780 tcp_input_with_port() at tcp_input_with_port+0x7b0/frame 0xfe020367a8b0 tcp_input() at tcp_input+0xb/frame 0xfe020367a8c0 ip_input() at ip_input+0x18b/frame 0xfe020367a950 netisr_dispatch_src() at netisr_dispatch_src+0xb1/frame 0xfe020367a9b0 ether_demux() at ether_demux+0x17c/frame 0xfe020367a9e0 ether_nh_input() at ether_nh_input+0x40b/frame 0xfe020367aa40 netisr_dispatch_src() at netisr_dispatch_src+0xb1/frame 0xfe020367aaa0 ether_input() at ether_input+0x99/frame 0xfe020367ab00 ether_demux() at ether_demux+0xcd/frame 0xfe020367ab30 ether_nh_input() at ether_nh_input+0x40b/frame 0xfe020367ab90 netisr_dispatch_src() at netisr_dispatch_src+0xb1/frame 0xfe020367abf0 ether_input() at ether_input+0x99/frame 0xfe020367ac50 tcp_lro_flush() at tcp_lro_flush+0x304/frame 0xfe020367ac80 tcp_lro_rx_done() at tcp_lro_rx_done+0x3a/frame 0xfe020367aca0 tcp_lro_flush_all() at tcp_lro_flush_all+0x175/frame 0xfe020367acf0 iflib_rxeof() at iflib_rxeof+0xe2c/frame 0xfe020367ae00 _task_fn_rx() at _task_fn_rx+0x7a/frame 0xfe020367ae40 gtaskqueue_run_locked() at gtaskqueue_run_locked+0xa7/frame 0xfe020367aec0 gtaskqueue_thread_loop() at gtaskqueue_thread_loop+0xc2/frame 0xfe020367aef0 fork_exit() at fork_exit+0x80/frame 0xfe020367af30 fork_trampoline() at fork_trampoline+0xe/frame 0xfe020367af30 --- trap 0, rip = 0, rsp = 0, rbp = 0 --- KDB: enter: panic -- You are receiving this mail because: You are the assignee for the bug.
[Bug 132774] [ipfw] IPFW with uid/gid/jail rules may lead to lockup
https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=132774 vincent.jan...@outlook.com changed: What|Removed |Added CC||vincent.jan...@outlook.com --- Comment #5 from vincent.jan...@outlook.com --- Looks like I am hitting the same issue. I upgraded several hosts from 12.4 to 13.2. Virtual machines are not affected, only physical hosts. I was able to narrow it down to some IPFW rules. Here is the setup: Host A: Recently upgraded, physical host with FreeBSD 13.2 Host B: Also physical host with FreeBSD 13.2, runs a webserver (10.1.1.20) Host A has this IPFW rule: $IPFW_CMD add 2040 allow ip from me to 10.1.1.20/32 uid 0 Host B has this IPFW rule: $IPFW_CMD add 3000 allow tcp from any to 10.1.1.20 80,443 keep-state I can reproduce a freeze by repeatedly fetching a file on Host A from Host B: [root@host-a] $ while true; do curl -v http://10.1.1.2/test.txt --output /dev/null; done After a few seconds, the network connection of Host A is lost. I can still log in through a local shell, but after about 20 seconds the host freezes completely. No kernel panic, nothing in the logs. Host B is still running fine and never freezes. - Freezes do NOT happen if I remove the uid 0 selector from Host A's rule or stop IPFW completely. - Freezes also do NOT happen if I remove the keep-state of Host B's rule or stop IPFW completely. @Stefan Rink Are you also maybe using an Intel NIC with the ixbge driver? My guess is an issue in combination with the driver and IPFW. [root@host-a] $ pciconf -lv | grep -A1 -B3 network ix0@pci0:6:0:0: class=0x02 rev=0x01 hdr=0x00 vendor=0x8086 device=0x10f8 subvendor=0x103c subdevice=0x18d0 vendor = 'Intel Corporation' device = '82599 10 Gigabit Dual Port Backplane Connection' class = network subclass = ethernet ix1@pci0:6:0:1: class=0x02 rev=0x01 hdr=0x00 vendor=0x8086 device=0x10f8 subvendor=0x103c subdevice=0x18d0 vendor = 'Intel Corporation' device = '82599 10 Gigabit Dual Port Backplane Connection' class = network subclass = ethernet -- You are receiving this mail because: You are the assignee for the bug.
[Bug 226642] ipfw me4 equivalant
https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=226642 Dries Michiels changed: What|Removed |Added Summary|[request] ipfw me4 |ipfw me4 equivalant |equivalant | -- You are receiving this mail because: You are the assignee for the bug.
[Bug 226642] [request] ipfw me4 equivalant
https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=226642 Dries Michiels changed: What|Removed |Added Version|11.1-STABLE |CURRENT -- You are receiving this mail because: You are the assignee for the bug.
Problem reports for i...@freebsd.org that need special attention
To view an individual PR, use: https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=(Bug Id). The following is a listing of current problems submitted by FreeBSD users, which need special attention. These represent problem reports covering all versions including experimental development code and obsolete releases. Status |Bug Id | Description +---+--- New |232764 | [ipfw] share/examples/ipfw/change_rules.sh: Suppo 1 problems total for which you should take action.
Problem reports for i...@freebsd.org that need special attention
To view an individual PR, use: https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=(Bug Id). The following is a listing of current problems submitted by FreeBSD users, which need special attention. These represent problem reports covering all versions including experimental development code and obsolete releases. Status |Bug Id | Description +---+--- New |232764 | [ipfw] share/examples/ipfw/change_rules.sh: Suppo 1 problems total for which you should take action.
[Bug 274873] A possible data race in sys/netpfil/ipfw/dn_aqm_pie.c
https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=274873 Mark Johnston changed: What|Removed |Added Resolution|--- |Not A Bug Status|New |Closed -- You are receiving this mail because: You are the assignee for the bug.
[Bug 274873] A possible data race in sys/netpfil/ipfw/dn_aqm_pie.c
https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=274873 --- Comment #2 from Tuo Li --- (In reply to Mark Johnston from comment #1) Thank you for your reply! It is very helpful. I did not consider the global lock operation DN_BH_WLOCK() and thus reported this false data race. I am sorry to bother you and I will be more careful in the subsequent reports. -- You are receiving this mail because: You are the assignee for the bug.
[Bug 274873] A possible data race in sys/netpfil/ipfw/dn_aqm_pie.c
https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=274873 Mark Linimon changed: What|Removed |Added Assignee|b...@freebsd.org|i...@freebsd.org -- You are receiving this mail because: You are the assignee for the bug.
Problem reports for i...@freebsd.org that need special attention
To view an individual PR, use: https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=(Bug Id). The following is a listing of current problems submitted by FreeBSD users, which need special attention. These represent problem reports covering all versions including experimental development code and obsolete releases. Status |Bug Id | Description +---+--- New |232764 | [ipfw] share/examples/ipfw/change_rules.sh: Suppo 1 problems total for which you should take action.
Problem reports for i...@freebsd.org that need special attention
To view an individual PR, use: https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=(Bug Id). The following is a listing of current problems submitted by FreeBSD users, which need special attention. These represent problem reports covering all versions including experimental development code and obsolete releases. Status |Bug Id | Description +---+--- New |232764 | [ipfw] share/examples/ipfw/change_rules.sh: Suppo 1 problems total for which you should take action.
Problem reports for i...@freebsd.org that need special attention
To view an individual PR, use: https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=(Bug Id). The following is a listing of current problems submitted by FreeBSD users, which need special attention. These represent problem reports covering all versions including experimental development code and obsolete releases. Status |Bug Id | Description +---+--- New |232764 | [ipfw] share/examples/ipfw/change_rules.sh: Suppo 1 problems total for which you should take action.
Problem reports for i...@freebsd.org that need special attention
To view an individual PR, use: https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=(Bug Id). The following is a listing of current problems submitted by FreeBSD users, which need special attention. These represent problem reports covering all versions including experimental development code and obsolete releases. Status |Bug Id | Description +---+--- New |232764 | [ipfw] share/examples/ipfw/change_rules.sh: Suppo 1 problems total for which you should take action.
Problem reports for i...@freebsd.org that need special attention
To view an individual PR, use: https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=(Bug Id). The following is a listing of current problems submitted by FreeBSD users, which need special attention. These represent problem reports covering all versions including experimental development code and obsolete releases. Status |Bug Id | Description +---+--- New |232764 | [ipfw] share/examples/ipfw/change_rules.sh: Suppo 1 problems total for which you should take action.
Problem reports for i...@freebsd.org that need special attention
To view an individual PR, use: https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=(Bug Id). The following is a listing of current problems submitted by FreeBSD users, which need special attention. These represent problem reports covering all versions including experimental development code and obsolete releases. Status |Bug Id | Description +---+--- New |232764 | [ipfw] share/examples/ipfw/change_rules.sh: Suppo 1 problems total for which you should take action.
Problem reports for i...@freebsd.org that need special attention
To view an individual PR, use: https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=(Bug Id). The following is a listing of current problems submitted by FreeBSD users, which need special attention. These represent problem reports covering all versions including experimental development code and obsolete releases. Status |Bug Id | Description +---+--- New |232764 | [ipfw] share/examples/ipfw/change_rules.sh: Suppo 1 problems total for which you should take action.
[Bug 268241] broken handling of icmp needfrag packets with libalias/ipfw_nat and smaller wan mtu
https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=268241 Graham Perrin changed: What|Removed |Added Assignee|n...@freebsd.org |i...@freebsd.org Keywords|ipfilter| CC|i...@freebsd.org|grahamper...@gmail.com, ||n...@freebsd.org --- Comment #1 from Graham Perrin --- ^Triage: a) assign to ipfw@ b) CC former assignee net@ c) remove an incorrect keyword – ipfilter is not ipfw (fault: mine). -- You are receiving this mail because: You are the assignee for the bug. You are on the CC list for the bug.
[Bug 165190] ipfw(4): lo(4) loopback interface is not marking IPv6 packets
https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=165190 Graham Perrin changed: What|Removed |Added Keywords|ipfilter| CC||grahamper...@gmail.com Assignee|b...@freebsd.org|i...@freebsd.org --- Comment #9 from Graham Perrin --- ^Triage: a) assign to ipfw@ b) remove an incorrect keyword – ipfilter is not ipfw (fault: mine). -- You are receiving this mail because: You are the assignee for the bug.
Problem reports for i...@freebsd.org that need special attention
To view an individual PR, use: https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=(Bug Id). The following is a listing of current problems submitted by FreeBSD users, which need special attention. These represent problem reports covering all versions including experimental development code and obsolete releases. Status |Bug Id | Description +---+--- New |232764 | [ipfw] share/examples/ipfw/change_rules.sh: Suppo 1 problems total for which you should take action.
Problem reports for i...@freebsd.org that need special attention
To view an individual PR, use: https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=(Bug Id). The following is a listing of current problems submitted by FreeBSD users, which need special attention. These represent problem reports covering all versions including experimental development code and obsolete releases. Status |Bug Id | Description +---+--- New |232764 | [ipfw] share/examples/ipfw/change_rules.sh: Suppo 1 problems total for which you should take action.
Problem reports for i...@freebsd.org that need special attention
To view an individual PR, use: https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=(Bug Id). The following is a listing of current problems submitted by FreeBSD users, which need special attention. These represent problem reports covering all versions including experimental development code and obsolete releases. Status |Bug Id | Description +---+--- New |232764 | [ipfw] share/examples/ipfw/change_rules.sh: Suppo 1 problems total for which you should take action.
Problem reports for i...@freebsd.org that need special attention
To view an individual PR, use: https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=(Bug Id). The following is a listing of current problems submitted by FreeBSD users, which need special attention. These represent problem reports covering all versions including experimental development code and obsolete releases. Status |Bug Id | Description +---+--- New |232764 | [ipfw] share/examples/ipfw/change_rules.sh: Suppo 1 problems total for which you should take action.
Problem reports for i...@freebsd.org that need special attention
To view an individual PR, use: https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=(Bug Id). The following is a listing of current problems submitted by FreeBSD users, which need special attention. These represent problem reports covering all versions including experimental development code and obsolete releases. Status |Bug Id | Description +---+--- New |232764 | [ipfw] share/examples/ipfw/change_rules.sh: Suppo 1 problems total for which you should take action.
[Bug 132774] [ipfw] IPFW with uid/gid/jail rules may lead to lockup
https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=132774 --- Comment #4 from Stefan Rink --- Small update; Not 100% sure if I'm hitting this one because it just freezes and I can't seem to get into the debugger when it happens but I noticed it didn't freeze for a week when I forgot to load IPFW on the machine and shortly after I loaded IPFW and restarted a jail the node froze within a couple of hours. The console usually complains about one of the bge interfaces of the lacp flapping when it freezes. This same hardware was running 13.1 without a single crash for more then a year and there is still another node with the same hardware and configuration running on 13.1. Currently testing with IPFW but without any rules that contain jail ids and in the meanwhile moving more stuff to the node in the hope it will crash faster. Network config of the physical nodes; [bge0 + bge4] -> lagg -> vlan -> jails while CBSD was the one creating count rules that contain jail id's when IPFW was loaded. ps. We also have nodes running FreeBSD 13.2 without any issues but they have different 'hardware' because they are virtual but do have IPFW and the 'count' rules per jail. - Created a new kernel with debugging and witness enabled but waiting until it freezes again first. -- You are receiving this mail because: You are the assignee for the bug.
[Bug 132774] [ipfw] IPFW with uid/gid/jail rules may lead to lockup
https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=132774 Mark Linimon changed: What|Removed |Added Assignee|b...@freebsd.org|i...@freebsd.org Version|7.1-STABLE |13.2-STABLE -- You are receiving this mail because: You are the assignee for the bug.
Problem reports for i...@freebsd.org that need special attention
To view an individual PR, use: https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=(Bug Id). The following is a listing of current problems submitted by FreeBSD users, which need special attention. These represent problem reports covering all versions including experimental development code and obsolete releases. Status |Bug Id | Description +---+--- New |232764 | [ipfw] share/examples/ipfw/change_rules.sh: Suppo 1 problems total for which you should take action.
Problem reports for i...@freebsd.org that need special attention
To view an individual PR, use: https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=(Bug Id). The following is a listing of current problems submitted by FreeBSD users, which need special attention. These represent problem reports covering all versions including experimental development code and obsolete releases. Status |Bug Id | Description +---+--- New |232764 | [ipfw] share/examples/ipfw/change_rules.sh: Suppo 1 problems total for which you should take action.
Problem reports for i...@freebsd.org that need special attention
To view an individual PR, use: https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=(Bug Id). The following is a listing of current problems submitted by FreeBSD users, which need special attention. These represent problem reports covering all versions including experimental development code and obsolete releases. Status |Bug Id | Description +---+--- New |232764 | [ipfw] share/examples/ipfw/change_rules.sh: Suppo 1 problems total for which you should take action.
Problem reports for i...@freebsd.org that need special attention
To view an individual PR, use: https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=(Bug Id). The following is a listing of current problems submitted by FreeBSD users, which need special attention. These represent problem reports covering all versions including experimental development code and obsolete releases. Status |Bug Id | Description +---+--- New |232764 | [ipfw] share/examples/ipfw/change_rules.sh: Suppo 1 problems total for which you should take action.
[Bug 270177] "ipfw fwd NEIGHBOUR" goes through default gateway.
https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=270177 Eugene Grosbein changed: What|Removed |Added Resolution|--- |DUPLICATE CC||eu...@freebsd.org Status|New |Closed --- Comment #4 from Eugene Grosbein --- Fixed in 13.2-RELEASE. *** This bug has been marked as a duplicate of bug 256828 *** -- You are receiving this mail because: You are the assignee for the bug.
[Bug 266439] ipfw fwd stopped working after upgrade from 12.2 to 13.1-p2
https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=266439 Eugene Grosbein changed: What|Removed |Added Resolution|FIXED |DUPLICATE --- Comment #7 from Eugene Grosbein --- Fixed in 13.2-RELEASE *** This bug has been marked as a duplicate of bug 256828 *** -- You are receiving this mail because: You are the assignee for the bug.
[Bug 266439] ipfw fwd stopped working after upgrade from 12.2 to 13.1-p2
https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=266439 Eugene Grosbein changed: What|Removed |Added Status|Open|Closed Resolution|--- |FIXED CC||eu...@freebsd.org --- Comment #6 from Eugene Grosbein --- Fixed in 13.2-RELEASE. -- You are receiving this mail because: You are the assignee for the bug.
Problem reports for i...@freebsd.org that need special attention
To view an individual PR, use: https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=(Bug Id). The following is a listing of current problems submitted by FreeBSD users, which need special attention. These represent problem reports covering all versions including experimental development code and obsolete releases. Status |Bug Id | Description +---+--- New |232764 | [ipfw] share/examples/ipfw/change_rules.sh: Suppo 1 problems total for which you should take action.
Problem reports for i...@freebsd.org that need special attention
To view an individual PR, use: https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=(Bug Id). The following is a listing of current problems submitted by FreeBSD users, which need special attention. These represent problem reports covering all versions including experimental development code and obsolete releases. Status |Bug Id | Description +---+--- New |232764 | [ipfw] share/examples/ipfw/change_rules.sh: Suppo 1 problems total for which you should take action.
Problem reports for i...@freebsd.org that need special attention
To view an individual PR, use: https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=(Bug Id). The following is a listing of current problems submitted by FreeBSD users, which need special attention. These represent problem reports covering all versions including experimental development code and obsolete releases. Status |Bug Id | Description +---+--- New |232764 | [ipfw] share/examples/ipfw/change_rules.sh: Suppo 1 problems total for which you should take action.
[Bug 272094] pfilctl IPFW hook order not works with PF route-to
https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=272094 Franco Fichtner changed: What|Removed |Added CC||fra...@opnsense.org --- Comment #6 from Franco Fichtner --- Two things here: 1. Having a netpfil facility accommodating for multiple packet filters at the same time and saying you shouldn't mix it is not a good argument, because e.g. the ordering between ipfw/pf is easily made deterministic with something like: # pfctl -d # pfctl -e 2. route-to's if_output is derived from OpenBSD where only one packet filter exists. There has been a proposal for several years to change that: https://reviews.freebsd.org/D8877 It's practically been accepted back then, but was never merged. I have updated code based on stable/13. I am happy to rebase on main if someone can take this on... Cheers, Franco -- You are receiving this mail because: You are on the CC list for the bug.
[Bug 272094] pfilctl IPFW hook order not works with PF route-to
https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=272094 --- Comment #5 from Gleb Smirnoff --- (In reply to Alfa from comment #3) > Sorry to bother but i am confused about PFILCTL tool, to make it clear What > is this tool's main purpose? To change how firewalls are hooked into the network stack. Sorry for obvious answer :) A more practical answer: - Somebody may want to filter only on input, skipping any filtering on output. - There are some drivers that provide a NIC level hook. This allows to unhook firewalls from default path and hook them on the NIC only. First, these NIC level hooks allow to drop packets at a much lower cost. Second, you can build your firewall based on interfaces, very much like Cisco or Juniper do. - Although running a stack of firewalls (pf, ipfw, ipfilter) is not something that is supported or recommended, some people do that and some configurations (apparently without route-to) work excellent. pfilctl allows to reconfigure the stack. P.S. We probably should enable interface level hooks in general, for those drivers that don't support NIC level hooks. That won't provide a packet drop performance gain, but will allow to design router-style firewall with any NICs. -- You are receiving this mail because: You are on the CC list for the bug.
[Bug 272094] pfilctl IPFW hook order not works with PF route-to
https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=272094 --- Comment #4 from Kristof Provost --- (In reply to Alfa from comment #3) > I am also using ip_divert with ipfw because PF divert-to not works as > expected #260867 this bug references divert-to infinite loop problem this bug > still exists I don't remember that bug. It's not on my todo list. Perhaps you can get ipfw to do everything you need. > Sorry to bother but i am confused about PFILCTL tool, to make it clear What > is this tool's main purpose? https://man.freebsd.org/cgi/man.cgi?query=pfilctl=8=FreeBSD+13.1-RELEASE I don't actually know anything more about it than the man page. If that's not sufficient I'm afraid all I can recommend is that you look at the code. -- You are receiving this mail because: You are on the CC list for the bug.
[Bug 272094] pfilctl IPFW hook order not works with PF route-to
https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=272094 --- Comment #3 from Alfa --- (In reply to Kristof Provost from comment #1) "you can use dummynet with pf, and can also do basic layer 2 filtering with pf. No doubt it's also possible to implement captive portal entirely with ipfw." I am also using ip_divert with ipfw because PF divert-to not works as expected #260867 this bug references divert-to infinite loop problem this bug still exists "Correct. pf_route() calls ifp->if_output() directly and the packet will not be seen by another firewall." Sorry to bother but i am confused about PFILCTL tool, to make it clear What is this tool's main purpose? -- You are receiving this mail because: You are on the CC list for the bug.
[Bug 272094] pfilctl IPFW hook order not works with PF route-to
https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=272094 Mina Galić changed: What|Removed |Added CC||free...@igalic.co Status|New |Open Assignee|b...@freebsd.org|n...@freebsd.org -- You are receiving this mail because: You are on the CC list for the bug.
[Bug 272094] pfilctl IPFW hook order not works with PF route-to
https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=272094 Ed Maste changed: What|Removed |Added CC||ema...@freebsd.org --- Comment #2 from Ed Maste --- @kp I wonder where is an appropriate place to document that combining firewalls may not have desired results. pfil.9 seems to be the only general page (firewall agnostic) but a section 9 page isn't right for this. I guess firewall.7 should be rewritten to describe pf (and ipfilter) as well as ipfw, and then this issue could be added there. -- You are receiving this mail because: You are on the CC list for the bug.
[Bug 272094] pfilctl IPFW hook order not works with PF route-to
https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=272094 --- Comment #1 from Kristof Provost --- > I am currently using both IPFW and PF at the same time. But some will say > this is a bad idea. Mostly because it is. As far as I'm concerned that's not a supported configuration. Maybe you can make it work, maybe not. Either way you get to keep all of the pieces, at no extra charge! > I think the packets that first hit PF route-to are sent directly to the > output interface. Correct. pf_route() calls ifp->if_output() directly and the packet will not be seen by another firewall. This is one of the many reasons that running multiple firewalls at the same time is not recommended. You may be interested to learn that from FreeBSD 14 onwards (i.e. current main) you can use dummynet with pf, and can also do basic layer 2 filtering with pf. No doubt it's also possible to implement captive portal entirely with ipfw. tl;dr: You're on your own with this. -- You are receiving this mail because: You are on the CC list for the bug.
[Bug 272094] pfilctl IPFW hook order not works with PF route-to
https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=272094
Bug ID: 272094
Summary: pfilctl IPFW hook order not works with PF route-to
Product: Base System
Version: 13.2-RELEASE
Hardware: amd64
OS: Any
Status: New
Severity: Affects Some People
Priority: ---
Component: kern
Assignee: b...@freebsd.org
Reporter: burak...@outlook.com
CC: gleb...@freebsd.org, i...@freebsd.org, k...@freebsd.org,
p...@freebsd.org
Hi i have created a simple captive portal using IPFW on my FreeBSD 13.2 RELEASE
machine
I am currently using both IPFW and PF at the same time. But some will say this
is a bad idea. I used IPFW for captive portal, bandwidth mgmt and any other
Layer 2 filtering purposes and PF for general firewalling proccess like block,
NAT, route-to.
#212331 this bug references same error but based on FreeBSD 10.3
My problem:
when i applied both captive portal and PBR rule on igb1. IPFW fwd cannot
redirect unauthenticated users to portal page. I think the packets that first
hit PF route-to are sent directly to the output interface. So that traffic not
hit to IPFW. So i tried to use newly implemented "pfilctl" tool to change
PF,IPFW hook order and I tried every combination but with no luck. I am
awaiting your kind responses
// FreeBSD's Default PF first in hook order
# pfilctl heads
Intercept point Type
inet6 IPv6
In pf default-in6
In ipfw default6
Out ipfw default6
Out pf default-out6
inet IPv4
In pf default-in
In ipfw default
Out ipfw default
Out pf default-out
ethernet Ethernet
In ipfw default-link
Out ipfw default-link
// My IPFW first in settings
pfilctl unlink -ia ipfw:default inet
pfilctl unlink -oa ipfw:default inet
pfilctl unlink -ia pf:default-in inet
pfilctl unlink -oa pf:default-out inet
// i tried every combination on linking
pfilctl link -ia ipfw:default inet
pfilctl link -ia pf:default-in inet
pfilctl link -oa pf:default-out inet
pfilctl link -oa ipfw:default inet
Intercept point Type
inet6 IPv6
In pf default-in6
In ipfw default6
Out ipfw default6
Out pf default-out6
inet IPv4
In ipfw default
In pf default-in
Out ipfw default
Out pf default-out
ethernet Ethernet
In ipfw default-link
Out ipfw default-link
// ROUTE-TO RULE
pass in log quick on { igb1 } route-to { ( igb0 192.168.30.1 ) } inet from
{ any } to { any }
--
You are receiving this mail because:
You are on the CC list for the bug.
[Bug 272073] Kernel Panic in IPFW when using Radix Tables for Captive portal
https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=272073 Andrey V. Elsukov changed: What|Removed |Added See Also||https://bugs.freebsd.org/bu ||gzilla/show_bug.cgi?id=2714 ||09 -- You are receiving this mail because: You are on the CC list for the bug.
[Bug 272073] Kernel Panic in IPFW when using Radix Tables for Captive portal
https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=272073 Andrey V. Elsukov changed: What|Removed |Added See Also||https://bugs.freebsd.org/bu ||gzilla/show_bug.cgi?id=2713 ||93 --- Comment #4 from Andrey V. Elsukov --- (In reply to Alfa from comment #3) This is temporary workaround, it is not yet fixed. -- You are receiving this mail because: You are on the CC list for the bug.
[Bug 272073] Kernel Panic in IPFW when using Radix Tables for Captive portal
https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=272073 --- Comment #3 from Alfa --- (In reply to Andrey V. Elsukov from comment #2) Yes, Thank you. I applied your sysctl tunable and captive portal worked as expected since 18 hours. may i know is that a final solution? and can it cause an another problem? -- You are receiving this mail because: You are on the CC list for the bug.
[Bug 272073] Kernel Panic in IPFW when using Radix Tables for Captive portal
https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=272073 Mark Linimon changed: What|Removed |Added CC||i...@freebsd.org -- You are receiving this mail because: You are on the CC list for the bug.
Problem reports for i...@freebsd.org that need special attention
To view an individual PR, use: https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=(Bug Id). The following is a listing of current problems submitted by FreeBSD users, which need special attention. These represent problem reports covering all versions including experimental development code and obsolete releases. Status |Bug Id | Description +---+--- New |232764 | [ipfw] share/examples/ipfw/change_rules.sh: Suppo 1 problems total for which you should take action.
Problem reports for i...@freebsd.org that need special attention
To view an individual PR, use: https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=(Bug Id). The following is a listing of current problems submitted by FreeBSD users, which need special attention. These represent problem reports covering all versions including experimental development code and obsolete releases. Status |Bug Id | Description +---+--- New |232764 | [ipfw] share/examples/ipfw/change_rules.sh: Suppo 1 problems total for which you should take action.
Problem reports for i...@freebsd.org that need special attention
To view an individual PR, use: https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=(Bug Id). The following is a listing of current problems submitted by FreeBSD users, which need special attention. These represent problem reports covering all versions including experimental development code and obsolete releases. Status |Bug Id | Description +---+--- New |232764 | [ipfw] share/examples/ipfw/change_rules.sh: Suppo 1 problems total for which you should take action.
Problem reports for i...@freebsd.org that need special attention
To view an individual PR, use: https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=(Bug Id). The following is a listing of current problems submitted by FreeBSD users, which need special attention. These represent problem reports covering all versions including experimental development code and obsolete releases. Status |Bug Id | Description +---+--- New |232764 | [ipfw] share/examples/ipfw/change_rules.sh: Suppo 1 problems total for which you should take action.
Problem reports for i...@freebsd.org that need special attention
To view an individual PR, use: https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=(Bug Id). The following is a listing of current problems submitted by FreeBSD users, which need special attention. These represent problem reports covering all versions including experimental development code and obsolete releases. Status |Bug Id | Description +---+--- New |232764 | [ipfw] share/examples/ipfw/change_rules.sh: Suppo 1 problems total for which you should take action.
Problem reports for i...@freebsd.org that need special attention
To view an individual PR, use: https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=(Bug Id). The following is a listing of current problems submitted by FreeBSD users, which need special attention. These represent problem reports covering all versions including experimental development code and obsolete releases. Status |Bug Id | Description +---+--- New |232764 | [ipfw] share/examples/ipfw/change_rules.sh: Suppo 1 problems total for which you should take action.
Problem reports for i...@freebsd.org that need special attention
To view an individual PR, use: https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=(Bug Id). The following is a listing of current problems submitted by FreeBSD users, which need special attention. These represent problem reports covering all versions including experimental development code and obsolete releases. Status |Bug Id | Description +---+--- New |232764 | [ipfw] share/examples/ipfw/change_rules.sh: Suppo 1 problems total for which you should take action.
[Bug 215875] [ipfw] ipfw lookup tables do not support mbuf_tags(9) ipfw cookies lookups
https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=215875 Eugene Grosbein changed: What|Removed |Added Resolution|--- |Overcome By Events Status|New |Closed CC||eu...@freebsd.org --- Comment #3 from Eugene Grosbein --- I almost forgot about this PR. The problem I wanted to solve also gone after 6 years. It's no use keeping the PR open. -- You are receiving this mail because: You are the assignee for the bug.
[Bug 215875] [ipfw] ipfw lookup tables do not support mbuf_tags(9) ipfw cookies lookups
https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=215875 --- Comment #2 from Andrey V. Elsukov --- Hi, recently ipfw mark was introduced in CURRENT, probably it can help with your task. https://reviews.freebsd.org/D39555 -- You are receiving this mail because: You are the assignee for the bug.
Problem reports for i...@freebsd.org that need special attention
To view an individual PR, use: https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=(Bug Id). The following is a listing of current problems submitted by FreeBSD users, which need special attention. These represent problem reports covering all versions including experimental development code and obsolete releases. Status |Bug Id | Description +---+--- New |215875 | [ipfw] ipfw lookup tables do not support mbuf_tag New |232764 | [ipfw] share/examples/ipfw/change_rules.sh: Suppo 2 problems total for which you should take action.
Problem reports for i...@freebsd.org that need special attention
To view an individual PR, use: https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=(Bug Id). The following is a listing of current problems submitted by FreeBSD users, which need special attention. These represent problem reports covering all versions including experimental development code and obsolete releases. Status |Bug Id | Description +---+--- New |215875 | [ipfw] ipfw lookup tables do not support mbuf_tag New |232764 | [ipfw] share/examples/ipfw/change_rules.sh: Suppo 2 problems total for which you should take action.
Problem reports for i...@freebsd.org that need special attention
To view an individual PR, use: https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=(Bug Id). The following is a listing of current problems submitted by FreeBSD users, which need special attention. These represent problem reports covering all versions including experimental development code and obsolete releases. Status |Bug Id | Description +---+--- New |215875 | [ipfw] ipfw lookup tables do not support mbuf_tag New |232764 | [ipfw] share/examples/ipfw/change_rules.sh: Suppo 2 problems total for which you should take action.
[Bug 266439] ipfw fwd stopped working after upgrade from 12.2 to 13.1-p2
https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=266439 --- Comment #5 from Aurélien Méré --- Hi I confirm that it's working again for me in 13.2-RELEASE. Thanks -- You are receiving this mail because: You are the assignee for the bug.
Problem reports for i...@freebsd.org that need special attention
To view an individual PR, use: https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=(Bug Id). The following is a listing of current problems submitted by FreeBSD users, which need special attention. These represent problem reports covering all versions including experimental development code and obsolete releases. Status |Bug Id | Description +---+--- New |215875 | [ipfw] ipfw lookup tables do not support mbuf_tag New |232764 | [ipfw] share/examples/ipfw/change_rules.sh: Suppo 2 problems total for which you should take action.
Problem reports for i...@freebsd.org that need special attention
To view an individual PR, use: https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=(Bug Id). The following is a listing of current problems submitted by FreeBSD users, which need special attention. These represent problem reports covering all versions including experimental development code and obsolete releases. Status |Bug Id | Description +---+--- New |215875 | [ipfw] ipfw lookup tables do not support mbuf_tag New |232764 | [ipfw] share/examples/ipfw/change_rules.sh: Suppo 2 problems total for which you should take action.
Problem reports for i...@freebsd.org that need special attention
To view an individual PR, use: https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=(Bug Id). The following is a listing of current problems submitted by FreeBSD users, which need special attention. These represent problem reports covering all versions including experimental development code and obsolete releases. Status |Bug Id | Description +---+--- New |215875 | [ipfw] ipfw lookup tables do not support mbuf_tag New |232764 | [ipfw] share/examples/ipfw/change_rules.sh: Suppo 2 problems total for which you should take action.
Problem reports for i...@freebsd.org that need special attention
To view an individual PR, use: https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=(Bug Id). The following is a listing of current problems submitted by FreeBSD users, which need special attention. These represent problem reports covering all versions including experimental development code and obsolete releases. Status |Bug Id | Description +---+--- New |215875 | [ipfw] ipfw lookup tables do not support mbuf_tag New |232764 | [ipfw] share/examples/ipfw/change_rules.sh: Suppo 2 problems total for which you should take action.
[Bug 270177] "ipfw fwd NEIGHBOUR" goes through default gateway.
https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=270177 Andrey V. Elsukov changed: What|Removed |Added See Also||https://bugs.freebsd.org/bu ||gzilla/show_bug.cgi?id=2568 ||28 -- You are receiving this mail because: You are the assignee for the bug.
[Bug 266439] ipfw fwd stopped working after upgrade from 12.2 to 13.1-p2
https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=266439 Andrey V. Elsukov changed: What|Removed |Added See Also||https://bugs.freebsd.org/bu ||gzilla/show_bug.cgi?id=2701 ||77 -- You are receiving this mail because: You are the assignee for the bug.
[Bug 270177] "ipfw fwd NEIGHBOUR" goes through default gateway.
https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=270177 Andrey V. Elsukov changed: What|Removed |Added See Also||https://bugs.freebsd.org/bu ||gzilla/show_bug.cgi?id=2664 ||39 CC||a...@freebsd.org -- You are receiving this mail because: You are the assignee for the bug.
[Bug 270177] "ipfw fwd NEIGHBOUR" goes through default gateway.
https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=270177 Mark Linimon changed: What|Removed |Added Assignee|b...@freebsd.org|i...@freebsd.org -- You are receiving this mail because: You are the assignee for the bug.
Problem reports for i...@freebsd.org that need special attention
To view an individual PR, use: https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=(Bug Id). The following is a listing of current problems submitted by FreeBSD users, which need special attention. These represent problem reports covering all versions including experimental development code and obsolete releases. Status |Bug Id | Description +---+--- New |215875 | [ipfw] ipfw lookup tables do not support mbuf_tag New |232764 | [ipfw] share/examples/ipfw/change_rules.sh: Suppo 2 problems total for which you should take action.
[Bug 266439] ipfw fwd stopped working after upgrade from 12.2 to 13.1-p2
https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=266439 fulle...@over-yonder.net changed: What|Removed |Added CC||fulle...@over-yonder.net --- Comment #4 from fulle...@over-yonder.net --- (just for information to save other people digging) As bug 256828 says, this was fixed in 17c9c2049004038ed6f2dc23a64cb9f74411ec52 in stable/13 (2022-04-18). However, checking `git merge-base stable/13 releng/13.1` shows 8824cbace389c440394bb9ea6c127d0f8f85538b (2022-03-09) as the branch point, so it landed in stable/13 too late to automatically be in 13.1, and it wasn't merged over to the releng branch (e.g, check the sys/netinet/ip_output.c log in releng/13.1; there weren't any chances since 2022-02). So going purely by that, it's not expected to be fixed in 13.1, but will be in 13.2. -- You are receiving this mail because: You are the assignee for the bug.
Problem reports for i...@freebsd.org that need special attention
To view an individual PR, use: https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=(Bug Id). The following is a listing of current problems submitted by FreeBSD users, which need special attention. These represent problem reports covering all versions including experimental development code and obsolete releases. Status |Bug Id | Description +---+--- New |215875 | [ipfw] ipfw lookup tables do not support mbuf_tag New |232764 | [ipfw] share/examples/ipfw/change_rules.sh: Suppo 2 problems total for which you should take action.
Problem reports for i...@freebsd.org that need special attention
To view an individual PR, use: https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=(Bug Id). The following is a listing of current problems submitted by FreeBSD users, which need special attention. These represent problem reports covering all versions including experimental development code and obsolete releases. Status |Bug Id | Description +---+--- New |215875 | [ipfw] ipfw lookup tables do not support mbuf_tag New |232764 | [ipfw] share/examples/ipfw/change_rules.sh: Suppo 2 problems total for which you should take action.
