bin/130132: no way to get mask from ipfw pipe show/list for some
pipes
Mike Yurlov
umike at kaluga.net
Sat Jan 3 04:20:03 PST 2009
>Number: 130132
>Category: bin
>Synopsis: no way to get mask from ipfw pipe show/list for some pipes
>Confidential: no
>Severity: serious
>Priority: medium
>Responsible: freebsd-bugs
>State: open
>Quarter:
>Keywords:
>Date-Required:
>Class: change-request
>Submitter-Id: current-users
>Arrival-Date: Sat Jan 03 12:20:02 UTC 2009
>Closed-Date:
>Last-Modified:
>Originator: Mike Yurlov
>Release: 6.x, 7.x
>Organization:
>Environment:
FreeBSD xxx.kaluga.net 6.3-RELEASE FreeBSD 6.3-RELEASE #2: Wed Dec 24 19:59:28 MSK 2008 root at xxx.kaluga.net:/usr/src/sys/i386/compile/xxx i386
>Description:
Commands "ipfw pipe show" and "ipfw pipe list"(equivalent in ipfw2.c code) do not print mask parameters for pipes which have no traffic since 6.0-RELEASE (to all 6.x/7.x/8.x).
Also, perhaps it breaks for queues which have no traffic and pipes/queues with expired/removed associated flows too.
Moreover, it is now no way at all to find mask parameters for some pipes (as stated above) throught native ipfw tool, so this change reduce ipfw tool functionlity, cause user confision and breaks existing applications. No one other method to get current pipe/queue mask parameters via any native tool are known, so this functionality lost at all.
This change breaks POLA and should be corrected.
>How-To-Repeat:
# ipfw pipe 1 config bw 1024Kbit/s mask dst-ip 0xffffffff
# ipfw pipe 2 config bw 1024Kbit/s mask src-ip 0xfffffff7
# ipfw pipe list
00001: 1.024 Mbit/s 0 ms 50 sl. 0 queues (64 buckets) droptail
00002: 1.024 Mbit/s 0 ms 50 sl. 0 queues (64 buckets) droptail
# ipfw pipe show
00001: 1.024 Mbit/s 0 ms 50 sl. 0 queues (64 buckets) droptail
00002: 1.024 Mbit/s 0 ms 50 sl. 0 queues (64 buckets) droptail
As listed above we have no way to differ pipes parameters at all
>Fix:
I proposed move back printf(mask-index) and printf(BKT-index) ipv4/ipv6 code in ipfw2.c: list_queues() function from print flows cycle to function top like RELENG_4/5, remove if(!index_printed) parts and associated variables.
For example like that (just copy/paste for 6.2-RELEASE source, also I don't know is using q[0] in IS_IP6_FLOW_ID(&(q[0].id)) are correct)
--- ipfw2.orig Sat Oct 21 19:59:19 2006
+++ ipfw2.c Sat Jan 3 05:57:23 2009
@@ -2089,18 +2089,46 @@
list_queues(struct dn_flow_set *fs, struct dn_flow_queue *q)
{
int l;
- int index_printed, indexes = 0;
char buff[255];
struct protoent *pe;
+ if (!IS_IP6_FLOW_ID(&(q[0].id))) {
+ printf(" "
+ "mask: 0x%02x 0x%08x/0x%04x -> 0x%08x/0x%04x\n",
+ fs->flow_mask.proto,
+ fs->flow_mask.src_ip, fs->flow_mask.src_port,
+ fs->flow_mask.dst_ip, fs->flow_mask.dst_port);
+ } else if (IS_IP6_FLOW_ID(&(q[0].id))) {
+ printf("\n mask: proto: 0x%02x, flow_id: 0x%08x, ",
+ fs->flow_mask.proto, fs->flow_mask.flow_id6);
+ inet_ntop(AF_INET6, &(fs->flow_mask.src_ip6),
+ buff, sizeof(buff));
+ printf("%s/0x%04x -> ", buff, fs->flow_mask.src_port);
+ inet_ntop( AF_INET6, &(fs->flow_mask.dst_ip6),
+ buff, sizeof(buff) );
+ printf("%s/0x%04x\n", buff, fs->flow_mask.dst_port);
+ }
+
if (fs->rq_elements == 0)
return;
+ if (!IS_IP6_FLOW_ID(&(q[0].id))) {
+ printf("BKT Prot ___Source IP/port____ "
+ "____Dest. IP/port____ "
+ "Tot_pkt/bytes Pkt/Byte Drp\n");
+
+ } else if (IS_IP6_FLOW_ID(&(q[0].id))) {
+ printf("BKT ___Prot___ _flow-id_ "
+ "______________Source IPv6/port_______________ "
+ "_______________Dest. IPv6/port_______________ "
+ "Tot_pkt/bytes Pkt/Byte Drp\n");
+
+ }
+
if (do_sort != 0)
heapsort(q, fs->rq_elements, sizeof *q, sort_q);
/* Print IPv4 flows */
- index_printed = 0;
for (l = 0; l < fs->rq_elements; l++) {
struct in_addr ina;
@@ -2108,22 +2136,6 @@
if (IS_IP6_FLOW_ID(&(q[l].id)))
continue;
- if (!index_printed) {
- index_printed = 1;
- if (indexes > 0) /* currently a no-op */
- printf("\n");
- indexes++;
- printf(" "
- "mask: 0x%02x 0x%08x/0x%04x -> 0x%08x/0x%04x\n",
- fs->flow_mask.proto,
- fs->flow_mask.src_ip, fs->flow_mask.src_port,
- fs->flow_mask.dst_ip, fs->flow_mask.dst_port);
-
- printf("BKT Prot ___Source IP/port____ "
- "____Dest. IP/port____ "
- "Tot_pkt/bytes Pkt/Byte Drp\n");
- }
-
printf("%3d ", q[l].hash_slot);
pe = getprotobynumber(q[l].id.proto);
if (pe)
@@ -2145,30 +2157,10 @@
}
/* Print IPv6 flows */
- index_printed = 0;
for (l = 0; l < fs->rq_elements; l++) {
if (!IS_IP6_FLOW_ID(&(q[l].id)))
continue;
- if (!index_printed) {
- index_printed = 1;
- if (indexes > 0)
- printf("\n");
- indexes++;
- printf("\n mask: proto: 0x%02x, flow_id: 0x%08x, ",
- fs->flow_mask.proto, fs->flow_mask.flow_id6);
- inet_ntop(AF_INET6, &(fs->flow_mask.src_ip6),
- buff, sizeof(buff));
- printf("%s/0x%04x -> ", buff, fs->flow_mask.src_port);
- inet_ntop( AF_INET6, &(fs->flow_mask.dst_ip6),
- buff, sizeof(buff) );
- printf("%s/0x%04x\n", buff, fs->flow_mask.dst_port);
-
- printf("BKT ___Prot___ _flow-id_ "
- "______________Source IPv6/port_______________ "
- "_______________Dest. IPv6/port_______________ "
- "Tot_pkt/bytes Pkt/Byte Drp\n");
- }
printf("%3d ", q[l].hash_slot);
pe = getprotobynumber(q[l].id.proto);
if (pe != NULL)
>Release-Note:
>Audit-Trail:
>Unformatted:
More information about the freebsd-bugs
mailing list