t seems protected with IPFW_RLOCK...
--
WBR, Andrey V. Elsukov
___
freebsd-ipfw@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-ipfw
To unsubscribe, send any mail to "[EMAIL PROTECTED]"
)
will be good.
--
WBR, Andrey V. Elsukov
___
freebsd-ipfw@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-ipfw
To unsubscribe, send any mail to "[EMAIL PROTECTED]"
5 ns2 kernel: a bge0
> > Sep 14 12:00:15 ns2 kernel: e0
> > Sep 14 12:00:15 ns2 kernel: <
This problem is not related to the ipfw. But you can try this patch:
http://people.yandex-team.ru/~sem/FreeBSD/kernel/log_mutex.diff
Please, report back if it will help you.
--
WBR, Andrey V. El
Hi,
I got a trace for this fault.
dummynet reinject packet to the ip_input through netisr_dispath.
This procedure was done success several times, but in the next time
it's fault.
(kgdb) p &ipfw_chk
$1 = (int (*)(struct ip_fw_args *)) 0xc3374ea0
(kgdb) l *(0xc3374ea0+0x16)
0xc3374eb6 is in ipfw
VPN-connections between Wireless clients and
FreeBSD server.
--
WBR, Andrey V. Elsukov
___
freebsd-ipfw@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-ipfw
To unsubscribe, send any mail to "[EMAIL PROTECTED]"
The following reply was made to PR bin/115372; it has been noted by GNATS.
From: "Andrey V. Elsukov" <[EMAIL PROTECTED]>
To: [EMAIL PROTECTED], [EMAIL PROTECTED]
Cc: Maxim Konovalov <[EMAIL PROTECTED]>,
Oleg Bulyzhin <[EMAIL PROTECTED]>
Subject: Re: bin/115372
other hand, include the IPv4 header bytes.
Is this a known problem? Is it a more general BSD kernel problem?
Probably, you should use ipfw(8) instead of ip6fw(8). ip6fw was
removed and it's functional moved into ipfw(8).
--
WBR, Andrey V. Elsukov
_
.
Do you change this option to 1?
--
WBR, Andrey V. Elsukov
___
freebsd-ipfw@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-ipfw
To unsubscribe, send any mail to "[EMAIL PROTECTED]"
"tablearg".
The number 65535 is reserved for the "tablearg".
--
WBR, Andrey V. Elsukov
___
freebsd-ipfw@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-ipfw
To unsubscribe, send any mail to "[EMAIL PROTECTED]"
sk me for implement a "delete rules by template"
(text of rule), like a cisco-way (no ).
What you think about that?
--
WBR, Andrey V. Elsukov
___
freebsd-ipfw@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-ipfw
To un
The following reply was made to PR kern/112708; it has been noted by GNATS.
From: "Andrey V. Elsukov" <[EMAIL PROTECTED]>
To: [EMAIL PROTECTED], [EMAIL PROTECTED]
Cc:
Subject: Re: kern/112708: ipfw is seems to be broken to limit number of
connections
Date: Thu, 17 May 2007 16:
Jim Sifferle wrote:
Am I missing some intermediate steps? Thanks for any help...
You can try to make with DEBUG_FLAGS=-I/usr/src/sys or replace header
/usr/include/netinet/ip_fw.h with patched /usr/src/sys/netinet/ip_fw.h
--
WBR, Andrey V. Elsukov
Jim Sifferle wrote:
Am I missing some intermediate steps? Thanks for any help...
You can try to make with DEBUG_FLAGS=-I/usr/src/sys or replace header
/usr/include/netinet/ip_fw.h with patched /usr/src/sys/netinet/ip_fw.h
--
WBR, Andrey V. Elsukov
The following reply was made to PR bin/80913; it has been noted by GNATS.
From: "Andrey V. Elsukov" <[EMAIL PROTECTED]>
To: [EMAIL PROTECTED], [EMAIL PROTECTED],
Maxim Konovalov <[EMAIL PROTECTED]>
Cc:
Subject: Re: bin/80913: [patch] /sbin/ipfw2 silently disca
The following reply was made to PR bin/80913; it has been noted by GNATS.
From: "Andrey V. Elsukov" <[EMAIL PROTECTED]>
To: [EMAIL PROTECTED], [EMAIL PROTECTED],
Maxim Konovalov <[EMAIL PROTECTED]>
Cc:
Subject: Re: bin/80913: [patch] /sbin/ipfw2 silently disca
Julian Elischer wrote:
This was fixed in 6.[later] (6.2 at least, maybe 6.1)
(The need for the EXTENDED option)
Yes, i know. I think this PR can be closed.
--
WBR, Andrey V. Elsukov
___
freebsd-ipfw@freebsd.org mailing list
http://lists.freebsd.org
The following reply was made to PR kern/107305; it has been noted by GNATS.
From: "Andrey V. Elsukov" <[EMAIL PROTECTED]>
To: [EMAIL PROTECTED], [EMAIL PROTECTED]
Cc:
Subject: Re: kern/107305: [ipfw] ipfw fwd doesn't seem to work
Date: Fri, 27 Apr 2007 08:46:09 +040
fix for this:
http://butcher.heavennet.ru/patches/other/ipfw_mac_fix/ipfw2.c.diff
My tests don't show other break, what you think about this patch?
--
WBR, Andrey V. Elsukov
___
freebsd-ipfw@freebsd.org mailing list
http://lists.freebsd.org/ma
case O_QUEUE:
- if (cmdlen != F_INSN_SIZE(ipfw_insn))
+ if (cmdlen != F_INSN_SIZE(ipfw_insn_pipe))
goto bad_size;
goto check_action;
--
WBR, Andrey V. Elsukov
___
freebsd-ipf
try to use find(1) and grep(1) with your source tree.
--
WBR, Andrey V. Elsukov
___
freebsd-ipfw@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-ipfw
To unsubscribe, send any mail to "[EMAIL PROTECTED]"
arjun badarinath пишет:
Hi all,
I wanted to know wat these system calls actually do .
ip_dn_ctl_ptr
ip_dn_io_ptr
ip_dn_ruledel_ptr
It's not a system calls. It's a pointers for the interaction with
dummynet.
--
WBR, Andrey
/sbin/ipfw/
--
WBR, Andrey V. Elsukov
___
freebsd-ipfw@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-ipfw
To unsubscribe, send any mail to "[EMAIL PROTECTED]"
eeded some limiting..
--
WBR, Andrey V. Elsukov
___
freebsd-ipfw@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-ipfw
To unsubscribe, send any mail to "[EMAIL PROTECTED]"
ckets.
How to use:
# ipfw add 1 count tag
# sysctl net.inet.ip.fw.trace_tag=
# tail -f /var/log/security
- some tag number
- rule for matching needed packets
What you think about that?
--
WBR, Andrey V. Elsukov
___
freebsd-ipfw@freebsd.org mailing
r your system.
cd /usr/src/sbin
setenv CVSROOT [EMAIL PROTECTED]:/home/ncvs
setenv CVS_RSH ssh
To get a RELENG_6_1 sources try this command:
cvs co -r RELENG_6_1 src/sbin/ipfw
--
WBR, Andrey V. Elsukov
___
freebsd-ipfw@freebsd.org mailing list
http://l
le version )
Which FreeBSD version you use?
And why you want to use another version of ipfw?
Please, provide output of these commands:
# uname -a
# sysctl kern | grep osrel
# grep ^REV /usr/src/sys/conf/newvers.sh
# ident /usr/src/sbin/ipfw/ipfw2.c
# ident /usr/src/sys/netinet/ip_fw.h
--
WBR, Andrey
=-I/usr/src/sys/netinet make install
--
WBR, Andrey V. Elsukov
___
freebsd-ipfw@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-ipfw
To unsubscribe, send any mail to "[EMAIL PROTECTED]"
break;
+ default:
+ goto next_rule;
+ /* NOTREACHED */
We can check cmd->arg1 for correct values in the ipfw_chk
function.
--
W
c/sys/netinet to CFLAGS
or replace /usr/include/netinet/ip_fw.h with a new ip_fw.h.
--
WBR, Andrey V. Elsukov
___
freebsd-ipfw@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-ipfw
To unsubscribe, send any mail to "[EMAIL PROTECTED]"
7;t see this code at this line :)
If you mean this code:
if (do_cmd(IP_FW_ADD, rule, (uintptr_t)&i) == -1)
err(EX_UNAVAILABLE, "getsockopt(%s)", "IP_FW_ADD");
I think this is "copy&paste" bug :)
--
WBR, Andrey V. Elsukov
__
sdmail/freebsd-ipfw_2005/msg00634.html
--
WBR, Andrey V. Elsukov
___
freebsd-ipfw@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-ipfw
To unsubscribe, send any mail to "[EMAIL PROTECTED]"
your rules with one.
--
WBR, Andrey V. Elsukov
___
freebsd-ipfw@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-ipfw
To unsubscribe, send any mail to "[EMAIL PROTECTED]"
The following reply was made to PR bin/102422; it has been noted by GNATS.
From: "Andrey V. Elsukov" <[EMAIL PROTECTED]>
To: "Stephen E. Halpin" <[EMAIL PROTECTED]>
Cc: [EMAIL PROTECTED], Oleg Bulyzhin <[EMAIL PROTECTED]>,
Gleb Smirnoff <[EMAIL
The following reply was made to PR kern/80642; it has been noted by GNATS.
From: "Andrey V. Elsukov" <[EMAIL PROTECTED]>
To: [EMAIL PROTECTED]
Cc:
Subject: Re: kern/80642: [ipfw] [patch] ipfw small patch - new RULE OPTION
Date: Tue, 27 Jun 2006 16:39:21 +0400
I think this PR
patch that uses a
tableargs feature with ipfw_tags to CURRENT:
http://docs.freebsd.org/cgi/mid.cgi?200606150939.k5F9dMrB019958
--
WBR, Andrey V. Elsukov
___
freebsd-ipfw@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-ipfw
To
ert natd tcp from 192.x.x.x 80 to any out xmit $ExtIf
$ExtIf - external interface.
--
WBR, Andrey V. Elsukov
___
freebsd-ipfw@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-ipfw
To unsubscribe, send any mail to "[EMAIL PROTECTED]"
:
http://butcher.heavennet.ru/patches/kernel/ipfw_tags/
--
WBR, Andrey V. Elsukov
___
freebsd-ipfw@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-ipfw
To unsubscribe, send any mail to "[EMAIL PROTECTED]"
ld help to you.
--
WBR, Andrey V. Elsukov
___
freebsd-ipfw@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-ipfw
To unsubscribe, send any mail to "[EMAIL PROTECTED]"
Maxim Konovalov wrote:
Synopsis: [ipfw] ipfw core (crash)
http://www.freebsd.org/cgi/query-pr.cgi?pr=60154
I have updated patch and make the perl script for testing.
--
WBR, Andrey V. Elsukov
#!/usr/local/bin/perl -w
The following reply was made to PR kern/60154; it has been noted by GNATS.
From: "Andrey V. Elsukov" <[EMAIL PROTECTED]>
To: [EMAIL PROTECTED]
Cc: [EMAIL PROTECTED]
Subject: Re: kern/60154: [ipfw] ipfw core (crash)
Date: Thu, 08 Dec 2005 08:58:02 +0300
This is a multi-part
Alessandro Parrinello wrote:
Hi, i need to change the natting rules of natd by a c
program dynamically based on information gived me by a
server. How can i do this?
If you speak about an ipfw divert rules, then you can see the sbin/ipfw
source code as example.
--
WBR, Andrey V. Elsukov
The following reply was made to PR kern/87032; it has been noted by GNATS.
From: "Andrey V. Elsukov" <[EMAIL PROTECTED]>
To: [EMAIL PROTECTED]
Cc:
Subject: Re: kern/87032: [PATCH] ipfw ioctl interface implementation
Date: Wed, 12 Oct 2005 08:36:51 +0400
This is a multi-part
drops like following:
Oct 4 14:15:44 hostname kernel: ipfw: drop session, too many entries
(by rule 200)
--
WBR, Andrey V. Elsukov
--- sys/netinet/ip_fw2.c.orig Mon Sep 13 11:21:17 2004
+++ sys/netinet/ip_fw2.cTue Oct 4 14:18:51 2005
@@ -1090,7 +1090,8
Andrey V. Elsukov wrote:
I want a nonprivileged access to ipfw (without sudo, suid and etc..).
But RAW sockets restrict this. I have an one idea - a pseudo device
/dev/ipfw. I think that realisation of this feature is not
difficult task. Now i have some questions.
Thanks for more answers :)
I
_XXX option?
Thanks and sorry for my english :(
--
WBR, Andrey V. Elsukov
___
freebsd-ipfw@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-ipfw
To unsubscribe, send any mail to "[EMAIL PROTECTED]"
_5. In 5.4-RELEASE ipfw's ALTQ not
supported.
--
WBR, Andrey V. Elsukov
___
freebsd-ipfw@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-ipfw
To unsubscribe, send any mail to "[EMAIL PROTECTED]"
The following reply was made to PR kern/80642; it has been noted by GNATS.
From: "Andrey V. Elsukov" <[EMAIL PROTECTED]>
To: [EMAIL PROTECTED], [EMAIL PROTECTED]
Cc:
Subject: Re: kern/80642: [patch] IPFW small patch - new RULE OPTION
Date: Fri, 17 Jun 2005 14:31:20 +0400
This
101 - 147 of 147 matches
Mail list logo