CORRECTION 13.1: "ipfw forward" TESTCASE for crosscheck

Go to: [ bottom of page ] [ top of archives ] [ this month ]
From: Peter <pmc_at_citylink.dinoex.sub.org>
Date: Mon, 28 Mar 2022 02:12:50 UTC
Message before was missing the most essential line (cut+paste error),
correction as below.

And I think I have found why some of my systems are not concerned
by the bug: apparently the problem appears only with packets that
are locally created.
Packets that are traversed (with net.inet.ip.forwarding=1 ) are not
affected and get forwarded correctly.



I did now a testcase, as follows:
===================================================================

root@zwlf:~ # cat /boot/loader.conf
net.fibs="3"
net.inet.ip.fw.default_to_accept=1

root@zwlf:~ # uname -a
FreeBSD zwlf 12.3-RELEASE FreeBSD 12.3-RELEASE r371126 GENERIC  amd64

root@zwlf:~ # kldload ipfw
root@zwlf:~ # ipfw show
65535 31 2392 allow ip from any to any

root@zwlf:~ # ifconfig tun0 create
root@zwlf:~ # ifconfig tun0 inet 1.1.1.1 1.1.1.3
root@zwlf:~ # cat < /dev/tun0 > /dev/null &
[1] 745

root@zwlf:~ # sysctl -a | grep one_pass
net.inet.ip.fw.one_pass: 1

root@zwlf:~ # ipfw add 1 fwd 1.1.1.3 all from any to 2.2.2.2 out

root@zwlf:~ # ping 2.2.2.2
PING 2.2.2.2 (2.2.2.2): 56 data bytes

root@zwlf:~ # tcpdump -nitun0 "host 2.2.2.2"
tcpdump: verbose output suppressed, use -v or -vv for full protocol decode
listening on tun0, link-type NULL (BSD loopback), capture size 262144 bytes
01:50:48.245471 IP 192.168.1.12 > 2.2.2.2: ICMP echo request, id 1027, seq 57, length 64
01:50:49.270479 IP 192.168.1.12 > 2.2.2.2: ICMP echo request, id 1027, seq 58, length 64
^C
2 packets captured
2 packets received by filter
0 packets dropped by kernel
root@zwlf:~ # tcpdump -nivtnet0 "host 2.2.2.2"
tcpdump: verbose output suppressed, use -v or -vv for full protocol decode
listening on vtnet0, link-type EN10MB (Ethernet), capture size 262144 bytes

===========================================================================

root@dzhn:~ # cat /boot/loader.conf
net.fibs="3"
net.inet.ip.fw.default_to_accept=1

root@dzhn:~ # uname -a
FreeBSD dzhn 13.1-PRERELEASE FreeBSD 13.1-PRERELEASE #2 local/stable/13-n249898-b64a3b409a5-dirty: Mon Mar  7 03:07:03 CET 2022     root@dzhn:/usr/obj/usr/src/amd64.amd64/sys/GENERIC amd64

root@dzhn:~ # kldload ipfw
root@dzhn:~ # ipfw show
65535 6 496 allow ip from any to any

root@dzhn:~ # ifconfig tun0 create
root@dzhn:~ # ifconfig tun0 inet 1.1.1.1 1.1.1.3
root@dzhn:~ # cat < /dev/tun0 > /dev/null &
[1] 728

root@dzhn:~ # sysctl -a | grep one_pass
net.inet.ip.fw.one_pass: 1

root@dzhn:~ # ipfw add 1 fwd 1.1.1.3 all from any to 2.2.2.2 out

root@dzhn:~ # ping 2.2.2.2
PING 2.2.2.2 (2.2.2.2): 56 data bytes

root@dzhn:~ # tcpdump -nitun0 "host 2.2.2.2"
tcpdump: verbose output suppressed, use -v or -vv for full protocol decode
listening on tun0, link-type NULL (BSD loopback), capture size 262144 bytes

root@dzhn:~ # tcpdump -nivtnet0 "host 2.2.2.2"
tcpdump: verbose output suppressed, use -v or -vv for full protocol decode
listening on vtnet0, link-type EN10MB (Ethernet), capture size 262144 bytes
02:01:46.861543 IP 192.168.1.13 > 2.2.2.2: ICMP echo request, id 60162, seq 34, length 64
02:01:47.876647 IP 192.168.1.13 > 2.2.2.2: ICMP echo request, id 60162, seq 35, length 64