date:20110712

Re: kern/147720: [ipfw] ipfw dynamic rules and fwd

2011-07-12 Thread Vadim Goncharov

The following reply was made to PR kern/147720; it has been noted by GNATS.

From: Vadim Goncharov 
To: "skele...@lissyara.su" 
Cc: bug-follo...@freebsd.org
Subject: Re: kern/147720: [ipfw] ipfw dynamic rules and fwd
Date: Tue, 12 Jul 2011 22:45:47 +0700

 Hi skele...@lissyara.su! 

 On Tue, 21 Jun 2011 07:10:07 GMT; skele...@lissyara.su  
wrote:

 >  I tested patch-1.diff and found several problems. When I use 2 channels 
 >  my VPN (I use mpd with connect type pptp) stop working. This problem 
 >  appears not on all servers.
 >  
 >  Here my results of tests:
 >  
 >  1) FreeBSD 8.1 amd64 (VPN server), 2 external real IPs - doesn't work VPN
 >  2) FreeBSD 8.2 i386 , 1 external real IP (second - doesn't real) - 
 >  doesn't work connect on second (not real) IP
 >  3) FreeBSD 8.1 i386 (VPN client), 2 external real IPs - all works fine
 >  4) FreeBSD 8.2 i386 (VPN client), 1 external real IP (second - doesn't 
 >  real) - connect from 2 external IPs works, but doesn't work VPN.

 This is not really problem with the patch, as PPTP is using not only TCP
 connection, but also establish a GRE tunnel, independent from that TCP
 connection from the dynamic rules' point of view. There must be something
 tracking packet data payload (e.g. libalias-based NAT engine supports this)
 which will link two connections together.

 This message, still, does not provide any useful information even to conclude
 if there some regression with this patch. Personally I think this is the
 architectural problem with PPTP, and patch was just used in a non-appropriate
 conditions, i.e. such configuration should be avoided, and patch itself is OK.

 -- 
 WBR, Vadim Goncharov. ICQ#166852181   mailto:vadim_nucli...@mail.ru
 [Moderator of RU.ANTI-ECOLOGY][FreeBSD][http://antigreen.org][LJ:/nuclight]
___
freebsd-ipfw@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-ipfw
To unsubscribe, send any mail to "freebsd-ipfw-unsubscr...@freebsd.org"

Re: bin/156653: commit references a PR

2011-07-12 Thread dfilter service

The following reply was made to PR bin/156653; it has been noted by GNATS.

From: dfil...@freebsd.org (dfilter service)
To: bug-follo...@freebsd.org
Cc:  
Subject: Re: bin/156653: commit references a PR
Date: Wed, 13 Jul 2011 04:27:56 + (UTC)

 Author: ae
 Date: Wed Jul 13 04:27:47 2011
 New Revision: 223972
 URL: http://svn.freebsd.org/changeset/base/223972
 
 Log:
   MFC r223661:
 Improve error reporting. Use corresponding error message when file to be
 preprocessed is missing. Also suggest to use absolute pathname if -p
 option is specified.
   
 PR: bin/156653
 
 Modified:
   stable/8/sbin/ipfw/main.c
 Directory Properties:
   stable/8/sbin/ipfw/   (props changed)
 
 Modified: stable/8/sbin/ipfw/main.c
 ==
 --- stable/8/sbin/ipfw/main.c  Wed Jul 13 00:48:36 2011(r223971)
 +++ stable/8/sbin/ipfw/main.c  Wed Jul 13 04:27:47 2011(r223972)
 @@ -262,7 +262,7 @@ ipfw_main(int oldac, char **oldav)
save_av = av;
  
optind = optreset = 1;  /* restart getopt() */
 -  while ((ch = getopt(ac, av, "abcdefhinNqs:STtv")) != -1)
 +  while ((ch = getopt(ac, av, "abcdefhinNp:qs:STtv")) != -1)
switch (ch) {
case 'a':
do_acct = 1;
 @@ -306,6 +306,10 @@ ipfw_main(int oldac, char **oldav)
co.do_resolv = 1;
break;
  
 +  case 'p':
 +  errx(EX_USAGE, "An absolute pathname must be used "
 +  "with -p option.");
 +
case 'q':
co.do_quiet = 1;
break;
 @@ -603,9 +607,12 @@ main(int ac, char *av[])
 * as a file to be preprocessed.
 */
  
 -  if (ac > 1 && av[ac - 1][0] == '/' && access(av[ac - 1], R_OK) == 0)
 -  ipfw_readfile(ac, av);
 -  else {
 +  if (ac > 1 && av[ac - 1][0] == '/') {
 +  if (access(av[ac - 1], R_OK) == 0)
 +  ipfw_readfile(ac, av);
 +  else
 +  err(EX_USAGE, "pathname: %s", av[ac - 1]);
 +  } else {
if (ipfw_main(ac, av)) {
errx(EX_USAGE,
"usage: ipfw [options]\n"
 ___
 svn-src-...@freebsd.org mailing list
 http://lists.freebsd.org/mailman/listinfo/svn-src-all
 To unsubscribe, send any mail to "svn-src-all-unsubscr...@freebsd.org"
 
___
freebsd-ipfw@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-ipfw
To unsubscribe, send any mail to "freebsd-ipfw-unsubscr...@freebsd.org"

Re: bin/156653: ipfw(8) reports missing file as parameter problem

2011-07-12 Thread ae

Synopsis: ipfw(8) reports missing file as parameter problem

State-Changed-From-To: patched->closed
State-Changed-By: ae
State-Changed-When: Wed Jul 13 04:31:00 UTC 2011
State-Changed-Why: 
Merged to stable/7 and stable/8. Thanks!

http://www.freebsd.org/cgi/query-pr.cgi?pr=156653
___
freebsd-ipfw@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-ipfw
To unsubscribe, send any mail to "freebsd-ipfw-unsubscr...@freebsd.org"

Re: bin/156653: commit references a PR

2011-07-12 Thread dfilter service

The following reply was made to PR bin/156653; it has been noted by GNATS.

From: dfil...@freebsd.org (dfilter service)
To: bug-follo...@freebsd.org
Cc:  
Subject: Re: bin/156653: commit references a PR
Date: Wed, 13 Jul 2011 04:31:06 + (UTC)

 Author: ae
 Date: Wed Jul 13 04:30:16 2011
 New Revision: 223973
 URL: http://svn.freebsd.org/changeset/base/223973
 
 Log:
   MFC r223661:
 Improve error reporting. Use corresponding error message when file to be
 preprocessed is missing. Also suggest to use absolute pathname if -p
 option is specified.
   
 PR: bin/156653
 
 Modified:
   stable/7/sbin/ipfw/main.c
 Directory Properties:
   stable/7/sbin/ipfw/   (props changed)
 
 Modified: stable/7/sbin/ipfw/main.c
 ==
 --- stable/7/sbin/ipfw/main.c  Wed Jul 13 04:27:47 2011(r223972)
 +++ stable/7/sbin/ipfw/main.c  Wed Jul 13 04:30:16 2011(r223973)
 @@ -204,7 +204,7 @@ ipfw_main(int oldac, char **oldav)
save_av = av;
  
optind = optreset = 1;  /* restart getopt() */
 -  while ((ch = getopt(ac, av, "abcdefhinNqs:STtv")) != -1)
 +  while ((ch = getopt(ac, av, "abcdefhinNp:qs:STtv")) != -1)
switch (ch) {
case 'a':
do_acct = 1;
 @@ -248,6 +248,10 @@ ipfw_main(int oldac, char **oldav)
co.do_resolv = 1;
break;
  
 +  case 'p':
 +  errx(EX_USAGE, "An absolute pathname must be used "
 +  "with -p option.");
 +
case 'q':
co.do_quiet = 1;
break;
 @@ -527,9 +531,12 @@ main(int ac, char *av[])
 * as a file to be preprocessed.
 */
  
 -  if (ac > 1 && av[ac - 1][0] == '/' && access(av[ac - 1], R_OK) == 0)
 -  ipfw_readfile(ac, av);
 -  else {
 +  if (ac > 1 && av[ac - 1][0] == '/') {
 +  if (access(av[ac - 1], R_OK) == 0)
 +  ipfw_readfile(ac, av);
 +  else
 +  err(EX_USAGE, "pathname: %s", av[ac - 1]);
 +  } else {
if (ipfw_main(ac, av)) {
errx(EX_USAGE,
"usage: ipfw [options]\n"
 ___
 svn-src-...@freebsd.org mailing list
 http://lists.freebsd.org/mailman/listinfo/svn-src-all
 To unsubscribe, send any mail to "svn-src-all-unsubscr...@freebsd.org"
 
___
freebsd-ipfw@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-ipfw
To unsubscribe, send any mail to "freebsd-ipfw-unsubscr...@freebsd.org"

Re: kern/147720: [ipfw] ipfw dynamic rules and fwd

Re: bin/156653: commit references a PR

Re: bin/156653: ipfw(8) reports missing file as parameter problem

Re: bin/156653: commit references a PR

4 matches

Site Navigation

Mail list logo

Footer information