kern/148418: IPFW error
Dmitriy
_dmitriy at mail.ru
Wed Jul 7 07:20:02 UTC 2010
>Number: 148418
>Category: kern
>Synopsis: IPFW error
>Confidential: no
>Severity: serious
>Priority: medium
>Responsible: freebsd-bugs
>State: open
>Quarter:
>Keywords:
>Date-Required:
>Class: sw-bug
>Submitter-Id: current-users
>Arrival-Date: Wed Jul 07 07:20:01 UTC 2010
>Closed-Date:
>Last-Modified:
>Originator: Dmitriy
>Release: 8.1-PRERELEASE
>Organization:
.
>Environment:
FreeBSD antares2.antares-1.ru 8.1-PRERELEASE FreeBSD 8.1-PRERELEASE #0: Mon Jul 5 16:24:49 MSD 2010 dmitriy at antares2.antares-1.ru:/usr/obj/usr/src/sys/ANTA2 amd64
>Description:
Error processing options "in/out" at IPFW.
For example, the startup sequence "ipfw show" on the test set of rules.
Counters on the rules 400 and 500 do not match.
/tmp > ipfw zero 400 500
Entry 400 cleared.
Entry 500 cleared.
/tmp > ipfw show
00400 3 180 skipto 500 ip from any to any not dst-ip 192.168.1.0/24 out via re0
00450 5219 484371 skipto 700 ip from any to any
00500 0 0 skipto 600 ip from any to any out via re0
00500 3 180 skipto 600 ip from any to any
65000 453624 218175176 allow ip from any to any
65535 0 0 deny ip from any to any
/tmp > ipfw show
00400 6 400 skipto 500 ip from any to any not dst-ip 192.168.1.0/24 out via re0
00450 5223 484571 skipto 700 ip from any to any
00500 0 0 skipto 600 ip from any to any out via re0
00500 6 400 skipto 600 ip from any to any
65000 453631 218175596 allow ip from any to any
65535 0 0 deny ip from any to any
/tmp > ipfw show
00400 9 612 skipto 500 ip from any to any not dst-ip 192.168.1.0/24 out via re0
00450 5227 484771 skipto 700 ip from any to any
00500 0 0 skipto 600 ip from any to any out via re0
00500 9 612 skipto 600 ip from any to any
65000 453638 218176008 allow ip from any to any
65535 0 0 deny ip from any to any
/tmp > ipfw show
00400 12 824 skipto 500 ip from any to any not dst-ip 192.168.1.0/24 out via re0
00450 5231 484971 skipto 700 ip from any to any
00500 0 0 skipto 600 ip from any to any out via re0
00500 12 824 skipto 600 ip from any to any
65000 453645 218176420 allow ip from any to any
65535 0 0 deny ip from any to any
/tmp > ipfw show
00400 15 1044 skipto 500 ip from any to any not dst-ip 192.168.1.0/24 out via re0
00450 5235 485171 skipto 700 ip from any to any
00500 0 0 skipto 600 ip from any to any out via re0
00500 15 1044 skipto 600 ip from any to any
65000 453652 218176840 allow ip from any to any
65535 0 0 deny ip from any to any
>How-To-Repeat:
configure ipfw
00400 skipto 500 ip from any to any not dst-ip 192.168.1.0/24 out via re0
00450 skipto 700 ip from any to any
00500 skipto 600 ip from any to any out via re0
00500 skipto 600 ip from any to any
65000 allow ip from any to any
65535 deny ip from any to any
Kernel config
cpu HAMMER
ident ANTA2
makeoptions DEBUG=-g # Build kernel with gdb(1) debug symbols
options SCHED_ULE # ULE scheduler
options PREEMPTION # Enable kernel thread preemption
options INET # InterNETworking
options SCTP # Stream Control Transmission Protocol
options FFS # Berkeley Fast Filesystem
options SOFTUPDATES # Enable FFS soft updates support
options UFS_ACL # Support for access control lists
options UFS_DIRHASH # Improve performance on big directories
options UFS_GJOURNAL # Enable gjournal-based UFS journaling
options MD_ROOT # MD is a potential root device
options NFSCLIENT # Network Filesystem Client
options NFSSERVER # Network Filesystem Server
options NFSLOCKD # Network Lock Manager
options NFS_ROOT # NFS usable as /, requires NFSCLIENT
options MSDOSFS # MSDOS Filesystem
options CD9660 # ISO 9660 Filesystem
options PROCFS # Process filesystem (requires PSEUDOFS)
options PSEUDOFS # Pseudo-filesystem framework
options GEOM_PART_GPT # GUID Partition Tables.
options GEOM_LABEL # Provides labelization
options COMPAT_43TTY # BSD 4.3 TTY compat (sgtty)
options COMPAT_FREEBSD32 # Compatible with i386 binaries
options COMPAT_FREEBSD4 # Compatible with FreeBSD4
options COMPAT_FREEBSD5 # Compatible with FreeBSD5
options COMPAT_FREEBSD6 # Compatible with FreeBSD6
options COMPAT_FREEBSD7 # Compatible with FreeBSD7
options SCSI_DELAY=5000 # Delay (in ms) before probing SCSI
options KTRACE # ktrace(1) support
options STACK # stack(9) support
options SYSVSHM # SYSV-style shared memory
options SYSVMSG # SYSV-style message queues
options SYSVSEM # SYSV-style semaphores
options P1003_1B_SEMAPHORES # POSIX-style semaphores
options _KPOSIX_PRIORITY_SCHEDULING # POSIX P1003_1B real-time extensions
options PRINTF_BUFR_SIZE=128 # Prevent printf output being interspersed.
options KBD_INSTALL_CDEV # install a CDEV entry in /dev
options HWPMC_HOOKS # Necessary kernel hooks for hwpmc(4)
options AUDIT # Security event auditing
options MAC # TrustedBSD MAC Framework
options FLOWTABLE # per-cpu routing cache
options INCLUDE_CONFIG_FILE # Include this file in kernel
options SMP # Symmetric MultiProcessor Kernel
options NULLFS
options GEOM_MIRROR
options IPFIREWALL, IPFIREWALL_VERBOSE, IPDIVERT, DUMMYNET, IPFIREWALL_FORWARD
options NTFS, NETSMB, SMBFS, LIBICONV, LIBMCHAIN
options ACCEPT_FILTER_HTTP
options NETGRAPH, NETGRAPH_ETHER, NETGRAPH_BPF, NETGRAPH_IFACE
options NETGRAPH_KSOCKET, NETGRAPH_PPP, NETGRAPH_VJC, NETGRAPH_PPPOE
options NETGRAPH_SOCKET, NETGRAPH_TEE, NETGRAPH_MPPC_ENCRYPTION
options NETGRAPH_PPTPGRE, NETGRAPH_HOLE, NETGRAPH_TCPMSS
device cpufreq
device acpi
device pci
device fdc
device ata
device atadisk # ATA disk drives
device ataraid # ATA RAID drives
device atapicd # ATAPI CDROM drives
options ATA_STATIC_ID # Static device numbering
device scbus # SCSI bus (required for SCSI)
device ch # SCSI media changers
device da # Direct Access (disks)
device sa # Sequential Access (tape etc)
device cd # CD
device pass # Passthrough device (direct SCSI access)
device ses # SCSI Environmental Services (and SAF-TE)
device atkbdc # AT keyboard controller
device atkbd # AT keyboard
device psm # PS/2 mouse
device kbdmux # keyboard multiplexer
device vga # VGA video card driver
device splash # Splash screen and screen saver support
device sc
options SC_ALT_MOUSE_IMAGE , SC_DFLT_FONT , SC_DISABLE_REBOOT
makeoptions SC_DFLT_FONT=cp866
device agp # support several AGP chipsets
device uart # Generic UART driver
device ppc
device ppbus # Parallel port bus (required)
device lpt # Printer
device plip # TCP/IP over parallel
device ppi # Parallel port interface device
device miibus # MII bus support
device fxp # Intel EtherExpress PRO/100B (82557, 82558)
device re # RealTek 8139C+/8169/8169S/8110S
device rl # RealTek 8129/8139
device vr # VIA Rhine, Rhine II
device sk # SysKonnect SK-984x & SK-982x gigabit Ethernet
device loop # Network loopback
device random # Entropy device
device ether # Ethernet support
device vlan # 802.1Q VLAN support
device tun # Packet tunnel.
device pty # BSD-style compatibility pseudo ttys
device md # Memory "disks"
device gif # IPv6 and IPv4 tunneling
device faith # IPv6-to-IPv4 relaying (translation)
device firmware # firmware assist module
device bpf # Berkeley packet filter
options USB_DEBUG # enable debug msgs
device uhci # UHCI PCI->USB interface
device ohci # OHCI PCI->USB interface
device ehci # EHCI PCI->USB interface (USB 2.0)
device usb # USB Bus (required)
device uhid # "Human Interface Devices"
device ukbd # Keyboard
device ulpt # Printer
device umass # Disks/Mass storage - Requires scbus and da
device ums # Mouse
device uark # Technologies ARK3116 based serial adapters
device ubsa # Belkin F5U103 and compatible serial adapters
device uftdi # For FTDI usb serial adapters
device uipaq # Some WinCE based devices
device uplcom # Prolific PL-2303 serial adapters
device uslcom # SI Labs CP2101/CP2102 serial adapters
device uvisor # Visor and Palm devices
device uvscom # USB serial support for DDI pocket's PHS
device aue # ADMtek USB Ethernet
device axe # ASIX Electronics USB Ethernet
device cdce # Generic USB over Ethernet
device cue # CATC USB Ethernet
device kue # Kawasaki LSI USB Ethernet
device rue # RealTek RTL8150 USB Ethernet
device udav # Davicom DM9601E USB
device vlan
device speaker
>Fix:
>Release-Note:
>Audit-Trail:
>Unformatted:
More information about the freebsd-bugs
mailing list