kern/175909: FreeBSD 9.1 ipfw lookup dst-port regression
Daniel Hagerty
hag at linnaean.org
Thu Feb 7 01:40:01 UTC 2013
>Number: 175909
>Category: kern
>Synopsis: FreeBSD 9.1 ipfw lookup dst-port regression
>Confidential: no
>Severity: serious
>Priority: medium
>Responsible: freebsd-bugs
>State: open
>Quarter:
>Keywords:
>Date-Required:
>Class: sw-bug
>Submitter-Id: current-users
>Arrival-Date: Thu Feb 07 01:40:00 UTC 2013
>Closed-Date:
>Last-Modified:
>Originator: Daniel Hagerty
>Release: FreeBSD 9.1-RELEASE amd64
>Organization:
I misplaced my organization
>Environment:
System: FreeBSD perdition.linnaean.org 9.1-RELEASE FreeBSD 9.1-RELEASE #0 r243710+9a57fd8: Fri Jan 25 23:38:46 EST 2013 hag at yall.linnaean.org:/sys/amd64/compile/LINNAEAN64 amd64
>Description:
ipfw lookup dst-port rules don't seem to work. Didn't test
similar cases, like src-port.
>How-To-Repeat:
Load these ipfw rules:
table 1 add 22
add 00001 permit log ip4 from any to any proto tcp lookup dst-port 1
add 00010 permit log ip from any to any proto tcp dst-port 22
Observe how on freebsd 9.1, rule 1 will never match port 22
traffic it should, whereas the same rules on 8.3 will hit rule 1, as
expected.
>Fix:
I worked around it for the moment by writing the rule without a
lookup table; don't have time to kernel spelunk.
>Release-Note:
>Audit-Trail:
>Unformatted:
More information about the freebsd-bugs
mailing list