kern/175909: FreeBSD 9.1 ipfw lookup dst-port regression
Gleb Smirnoff
glebius at FreeBSD.org
Thu Feb 7 08:40:01 UTC 2013
The following reply was made to PR kern/175909; it has been noted by GNATS.
From: Gleb Smirnoff <glebius at FreeBSD.org>
To: Daniel Hagerty <hag at linnaean.org>
Cc: FreeBSD-gnats-submit at freebsd.org, melifaro at FreeBSD.org
Subject: Re: kern/175909: FreeBSD 9.1 ipfw lookup dst-port regression
Date: Thu, 7 Feb 2013 12:38:32 +0400
Daniel,
On Wed, Feb 06, 2013 at 08:38:24PM -0500, Daniel Hagerty wrote:
D> >Description:
D>
D> ipfw lookup dst-port rules don't seem to work. Didn't test
D> similar cases, like src-port.
D>
D> >How-To-Repeat:
D> Load these ipfw rules:
D>
D> table 1 add 22
D> add 00001 permit log ip4 from any to any proto tcp lookup dst-port 1
D> add 00010 permit log ip from any to any proto tcp dst-port 22
D>
D> Observe how on freebsd 9.1, rule 1 will never match port 22
D> traffic it should, whereas the same rules on 8.3 will hit rule 1, as
D> expected.
D>
D> >Fix:
D> I worked around it for the moment by writing the rule without a
D> lookup table; don't have time to kernel spelunk.
Can you please try whether the problem can be reproduced on stable/9
branch prior to revision r234597?
To accomplish this you need:
# svn co -r r234596 http://svn.freebsd.org/base/stable/9
# cd 9
# make buildworld buildkernel
# make installkernel installworld
reboot
--
Totus tuus, Glebius.
More information about the freebsd-bugs
mailing list