Re: kern/147720: [ipfw] ipfw dynamic rules and fwd

2011-05-29 Thread Andrey V. Elsukov
The following reply was made to PR kern/147720; it has been noted by GNATS.

From: "Andrey V. Elsukov" 
To: bug-follo...@freebsd.org, dima_...@inbox.lv
Cc:  
Subject: Re: kern/147720: [ipfw] ipfw dynamic rules and fwd
Date: Sun, 29 May 2011 14:41:03 +0400

 This is an OpenPGP/MIME signed message (RFC 2440 and 3156)
 --enig6179B1AC85A77AA253EA07DD
 Content-Type: text/plain; charset=KOI8-R
 Content-Transfer-Encoding: quoted-printable
 
 Hi,
 
 are you sure that this patch works? Do you have working configuration?
 
 --=20
 WBR, Andrey V. Elsukov
 
 
 --enig6179B1AC85A77AA253EA07DD
 Content-Type: application/pgp-signature; name="signature.asc"
 Content-Description: OpenPGP digital signature
 Content-Disposition: attachment; filename="signature.asc"
 
 -BEGIN PGP SIGNATURE-
 Version: GnuPG v2.0.17 (FreeBSD)
 
 iQEcBAEBAgAGBQJN4iK/AAoJEAHF6gQQyKF62RwH/iuvANPzSdAvCSTKeNtC5jv3
 eBPgjbubEhv3/MMppzyd0FNM1/uRq9Rzk5XflozChhVOn00MXLc43TJ0Ow2wBUYJ
 K85rUnbeFnjmoEipXnqwtF+z8wj6YMKFM26k83MTm01IIZpN7N813AH3RC0OKyVk
 ktgXHNcf0Kx+E/GTngIIr+HHRXpmPgFd30unz6QaoE0UNDwvgA/eJT2x4sJw9GoW
 ivCTFkTgPxEpUJ2YMhh6d4rK3tx3/cLUTOOPshcDoqhY+kwm9EyiVBmZm2xui9Eu
 pV5BgIQfi+JM8pxVso5cuuT42ri8OWrSMPyuB2q5EnTcqF4UriucFz+UnfGQFfA=
 =+F6w
 -END PGP SIGNATURE-
 
 --enig6179B1AC85A77AA253EA07DD--
___
freebsd-ipfw@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-ipfw
To unsubscribe, send any mail to "freebsd-ipfw-unsubscr...@freebsd.org"


Re: kern/157379: [ipfw] mtr does not work if I use ipfw nat

2011-05-29 Thread linimon
Old Synopsis: mtr does not work if I use ipfw nat
New Synopsis: [ipfw] mtr does not work if I use ipfw nat

Responsible-Changed-From-To: freebsd-i386->freebsd-ipfw
Responsible-Changed-By: linimon
Responsible-Changed-When: Sun May 29 23:40:09 UTC 2011
Responsible-Changed-Why: 
reclassify.

http://www.freebsd.org/cgi/query-pr.cgi?pr=157379
___
freebsd-ipfw@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-ipfw
To unsubscribe, send any mail to "freebsd-ipfw-unsubscr...@freebsd.org"


Re: kern/156410: [patch][ipfw] tablearg option for ipfw setfib

2011-05-29 Thread ae
Synopsis: [patch][ipfw] tablearg option for ipfw setfib

State-Changed-From-To: open->patched
State-Changed-By: ae
State-Changed-When: Mon May 30 05:39:27 UTC 2011
State-Changed-Why: 
Commited to head/. Thanks!

http://www.freebsd.org/cgi/query-pr.cgi?pr=156410
___
freebsd-ipfw@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-ipfw
To unsubscribe, send any mail to "freebsd-ipfw-unsubscr...@freebsd.org"


Re: kern/156410: commit references a PR

2011-05-29 Thread dfilter service
The following reply was made to PR kern/156410; it has been noted by GNATS.

From: dfil...@freebsd.org (dfilter service)
To: bug-follo...@freebsd.org
Cc:  
Subject: Re: kern/156410: commit references a PR
Date: Mon, 30 May 2011 05:37:40 + (UTC)

 Author: ae
 Date: Mon May 30 05:37:26 2011
 New Revision: 222473
 URL: http://svn.freebsd.org/changeset/base/222473
 
 Log:
   Add tablearg support for ipfw setfib.
   
   PR:  kern/156410
   MFC after:   2 weeks
 
 Modified:
   head/sbin/ipfw/ipfw.8
   head/sbin/ipfw/ipfw2.c
   head/sys/netinet/ipfw/ip_fw2.c
   head/sys/netinet/ipfw/ip_fw_sockopt.c
 
 Modified: head/sbin/ipfw/ipfw.8
 ==
 --- head/sbin/ipfw/ipfw.8  Mon May 30 04:23:33 2011(r222472)
 +++ head/sbin/ipfw/ipfw.8  Mon May 30 05:37:26 2011(r222473)
 @@ -1,7 +1,7 @@
  .\"
  .\" $FreeBSD$
  .\"
 -.Dd July 27, 2010
 +.Dd May 30, 2011
  .Dt IPFW 8
  .Os
  .Sh NAME
 @@ -871,13 +871,16 @@ for more information on
  and
  .Cm ngtee
  actions.
 -.It Cm setfib Ar fibnum
 +.It Cm setfib Ar fibnum | tablearg
  The packet is tagged so as to use the FIB (routing table)
  .Ar fibnum
  in any subsequent forwarding decisions.
  Initially this is limited to the values 0 through 15, see
  .Xr setfib 1 .
  Processing continues at the next rule.
 +It is possible to use the 
 +.Cm tablearg
 +keyword with a setfib. If tablearg value is not within compiled FIB range 
packet fib is set to 0.
  .It Cm reass
  Queue and reassemble ip fragments.
  If the packet is not fragmented, counters are updated and processing 
continues with the next rule.
 @@ -1711,7 +1714,7 @@ is used.
  The
  .Cm tablearg
  argument can be used with the following actions:
 -.Cm nat, pipe , queue, divert, tee, netgraph, ngtee, fwd, skipto
 +.Cm nat, pipe , queue, divert, tee, netgraph, ngtee, fwd, skipto, setfib,
  action parameters:
  .Cm tag, untag,
  rule options:
 
 Modified: head/sbin/ipfw/ipfw2.c
 ==
 --- head/sbin/ipfw/ipfw2.c Mon May 30 04:23:33 2011(r222472)
 +++ head/sbin/ipfw/ipfw2.c Mon May 30 05:37:26 2011(r222473)
 @@ -2835,14 +2835,19 @@ chkarg:
size_t intsize = sizeof(int);
  
action->opcode = O_SETFIB;
 -  NEED1("missing fib number");
 -  action->arg1 = strtoul(*av, NULL, 10);
 -  if (sysctlbyname("net.fibs", &numfibs, &intsize, NULL, 0) == -1)
 -  errx(EX_DATAERR, "fibs not suported.\n");
 -  if (action->arg1 >= numfibs)  /* Temporary */
 -  errx(EX_DATAERR, "fib too large.\n");
 -  av++;
 -  break;
 +  NEED1("missing fib number");
 +  if (_substrcmp(*av, "tablearg") == 0) {
 +  action->arg1 = IP_FW_TABLEARG;
 +  } else {
 +  action->arg1 = strtoul(*av, NULL, 10);
 +  if (sysctlbyname("net.fibs", &numfibs, &intsize,
 +  NULL, 0) == -1)
 +  errx(EX_DATAERR, "fibs not suported.\n");
 +  if (action->arg1 >= numfibs)  /* Temporary */
 +  errx(EX_DATAERR, "fib too large.\n");
 +  }
 +  av++;
 +  break;
}
  
case TOK_REASS:
 
 Modified: head/sys/netinet/ipfw/ip_fw2.c
 ==
 --- head/sys/netinet/ipfw/ip_fw2.c Mon May 30 04:23:33 2011
(r222472)
 +++ head/sys/netinet/ipfw/ip_fw2.c Mon May 30 05:37:26 2011
(r222473)
 @@ -2137,14 +2137,21 @@ do {   
\
done = 1;   /* exit outer loop */
break;
  
 -  case O_SETFIB:
 +  case O_SETFIB: {
 +  uint32_t fib;
 +
f->pcnt++;  /* update stats */
f->bcnt += pktlen;
f->timestamp = time_uptime;
 -  M_SETFIB(m, cmd->arg1);
 -  args->f_id.fib = cmd->arg1;
 +  fib = (cmd->arg1 == IP_FW_TABLEARG) ? tablearg:
 +  cmd->arg1;
 +  if (fib >= rt_numfibs)
 +  fib = 0;
 +  M_SETFIB(m, fib);
 +  args->f_id.fib = fib;
l = 0;  /* exit inner loop */
break;
 +  }
  
case O_NAT:
if (!IPFW_NAT_LOADED) {
 
 Modified: head/sys/netinet/ipfw/ip_fw_sockopt.c
 =