From nobody Mon Mar 17 12:37:40 2025
X-Original-To: current@mlmmj.nyi.freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1])
	by mlmmj.nyi.freebsd.org (Postfix) with ESMTP id 4ZGZHt2HBTz5qXp8
	for <current@mlmmj.nyi.freebsd.org>; Mon, 17 Mar 2025 12:37:46 +0000 (UTC)
	(envelope-from SRS0=p7+9=WE=klop.ws=ronald-lists@realworks.nl)
Received: from smtp-relay-int.realworks.nl (smtp-relay-int.realworks.nl [194.109.157.24])
	(using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)
	 key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256)
	(Client did not present a certificate)
	by mx1.freebsd.org (Postfix) with ESMTPS id 4ZGZHr0B8Rz44H9;
	Mon, 17 Mar 2025 12:37:43 +0000 (UTC)
	(envelope-from SRS0=p7+9=WE=klop.ws=ronald-lists@realworks.nl)
Authentication-Results: mx1.freebsd.org;
	dkim=pass header.d=klop.ws header.s=rw2 header.b=LI2ZvVsX;
	dmarc=pass (policy=quarantine) header.from=klop.ws;
	spf=pass (mx1.freebsd.org: domain of "SRS0=p7+9=WE=klop.ws=ronald-lists@realworks.nl" designates 194.109.157.24 as permitted sender) smtp.mailfrom="SRS0=p7+9=WE=klop.ws=ronald-lists@realworks.nl"
Date: Mon, 17 Mar 2025 13:37:40 +0100 (CET)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=klop.ws; s=rw2;
	t=1742215061;
	h=from:from:reply-to:subject:subject:date:date:message-id:message-id:
	 to:to:cc:cc:mime-version:mime-version:content-type:content-type;
	bh=AmS8cNWdGDwm85R5b92BISSllEkPHIJZhWxAa48Glf8=;
	b=LI2ZvVsXEmVeC7yAae6S2xKfVN9mU4ATafQeE9DxAiKCBDilZuY0NIBD5o/7ZjaQX2Mnwo
	Tk9et93ft5hyDlhibAlldduvR/WYDgGo/EXK7WameggfVNsJA68KiWlrPIGhhqJsIGq3US
	6lS5gVmjIjRv090J7rxPIZyJSeigxJ+mtY/bbbuOxIV8KS1xZ+SvOKJbnNW6kNVXQhsZDK
	fpRxMQxqQS2c9WPujEeZBy7yVXPGL7dJuQJmzao9MuHHbJOs/wZcajF/ipRnTTqPylwwZg
	6qab74iVquFe/Ye6UpmPv1we8NXhs4mFYq4T8nijsIC3lHwkQ8ewHFl/d/ZuJw==
From: Ronald Klop <ronald-lists@klop.ws>
To: "Andrey V. Elsukov" <ae@FreeBSD.org>
Cc: current@freebsd.org
Message-ID: <35785817.6251.1742215060908@localhost>
Subject: ipfw changes and jails
List-Id: Discussions about the use of FreeBSD-current <freebsd-current.freebsd.org>
List-Archive: https://lists.freebsd.org/archives/freebsd-current
List-Help: <mailto:freebsd-current+help@freebsd.org>
List-Post: <mailto:freebsd-current@freebsd.org>
List-Subscribe: <mailto:freebsd-current+subscribe@freebsd.org>
List-Unsubscribe: <mailto:freebsd-current+unsubscribe@freebsd.org>
Sender: owner-freebsd-current@FreeBSD.org
MIME-Version: 1.0
Content-Type: multipart/alternative; 
	boundary="----=_Part_6250_1523303397.1742215060905"
X-Mailer: Realworks (742.22)
Importance: Normal
X-Priority: 3 (Normal)
X-Spamd-Result: default: False [-1.05 / 15.00];
	NEURAL_HAM_MEDIUM(-0.99)[-0.986];
	NEURAL_SPAM_LONG(0.98)[0.984];
	NEURAL_HAM_SHORT(-0.95)[-0.947];
	MID_RHS_NOT_FQDN(0.50)[];
	DMARC_POLICY_ALLOW(-0.50)[klop.ws,quarantine];
	FORGED_SENDER(0.30)[ronald-lists@klop.ws,SRS0=p7@realworks.nl];
	R_SPF_ALLOW(-0.20)[+ip4:194.109.157.0/24];
	R_DKIM_ALLOW(-0.20)[klop.ws:s=rw2];
	MIME_GOOD(-0.10)[multipart/alternative,text/plain];
	ONCE_RECEIVED(0.10)[];
	RBL_SENDERSCORE_REPUT_8(0.00)[194.109.157.24:from];
	ARC_NA(0.00)[];
	TO_DN_SOME(0.00)[];
	MIME_TRACE(0.00)[0:+,1:+,2:~];
	ASN(0.00)[asn:3265, ipnet:194.109.0.0/16, country:NL];
	RCVD_COUNT_ZERO(0.00)[0];
	RCPT_COUNT_TWO(0.00)[2];
	FROM_NEQ_ENVFROM(0.00)[ronald-lists@klop.ws,SRS0=p7@realworks.nl];
	FROM_HAS_DN(0.00)[];
	RCVD_IN_DNSWL_NONE(0.00)[194.109.157.24:from];
	HAS_X_PRIO_THREE(0.00)[3];
	TO_MATCH_ENVRCPT_ALL(0.00)[];
	TAGGED_FROM(0.00)[9=WE=klop.ws=ronald-lists];
	MLMMJ_DEST(0.00)[current@freebsd.org];
	DKIM_TRACE(0.00)[klop.ws:+]
X-Rspamd-Queue-Id: 4ZGZHr0B8Rz44H9
X-Spamd-Bar: -

------=_Part_6250_1523303397.1742215060905
Content-Type: text/plain; charset=us-ascii; format=flowed
Content-Transfer-Encoding: 7bit

Hi,

When running 14.2-RELEASE VNET jails on 15-CURRENT ipfw does not work anymore in the jail.

Can this commit be involved?
https://cgit.freebsd.org/src/commit/?id=4a77657cbc01

Copying the /sbin/ipfw binary from 15-CURRENT to /sbin in the 14.2 jail resolves the issue for me.

Example errors:
add net ::0.0.0.0: gateway ::1
ipfw: setsockopt(IP_FW_XDEL): Invalid argument
ipfw: getsockopt(IP_FW_XADD): Invalid argument

# ipfw show
ipfw: retrieving config failed: Invalid argument


Regards,
Ronald.
 
------=_Part_6250_1523303397.1742215060905
Content-Type: text/html; charset=us-ascii
Content-Transfer-Encoding: 7bit

<html><head></head><body>Hi,<br>
<br>
When running 14.2-RELEASE VNET jails on 15-CURRENT ipfw does not work anymore in the jail.<br>
<br>
Can this commit be involved?<br>
<a href="https://cgit.freebsd.org/src/commit/?id=4a77657cbc01">https://cgit.freebsd.org/src/commit/?id=4a77657cbc01</a><br>
<br>
Copying the /sbin/ipfw binary from 15-CURRENT to /sbin in the 14.2 jail resolves the issue for me.<br>
<br>
Example errors:<br>
add net ::0.0.0.0: gateway ::1<br>
ipfw: setsockopt(IP_FW_XDEL): Invalid argument<br>
ipfw: getsockopt(IP_FW_XADD): Invalid argument<br>
<br>
# ipfw show<br>
ipfw: retrieving config failed: Invalid argument<br>
<br>
<br>
Regards,<br>
Ronald.<br>
&nbsp;</body></html>
------=_Part_6250_1523303397.1742215060905--