106316 – [dummynet] dummynet with multipass ipfw drops packets when reloading FW

Bug 106316 - [dummynet] dummynet with multipass ipfw drops packets when reloading FW

Summary: [dummynet] dummynet with multipass ipfw drops packets when reloading FW

Status:	Closed Overcome By Events

Alias:	None

Product:	Base System
Classification:	Unclassified
Component:	kern (show other bugs)
Version:	Unspecified
Hardware:	Any Any

Importance:	Normal Affects Only Me
Assignee:	freebsd-net (Nobody)

URL:
Keywords:

Depends on:
Blocks:

Reported:	2006-12-04 13:50 UTC by Cichas
Modified:	2017-08-26 03:31 UTC (History)
CC List:	1 user (show)

See Also:

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.

Description Cichas 2006-12-04 13:50:04 UTC

IPFW2 with dummynet pipes 
net.inet.ip.fw.one_pass: 0
no skipto rule

After 'ipfw -f flush' you will get lots of:
ipfw: ouch!, skip past end of rules, denying packet

It's bug because at least kernel rule 65535 should be used for packets going out of pipes after rule flush.

Fix: 

Only workaround:
/sbin/sysctl net.inet.ip.fw.one_pass=1
$fwcmd -f flush
$fwcmd add 65500 allow all from any to any

sleep XY to flush pipes, load new ruleset, one_pass=0 and delete rule 65500
How-To-Repeat: PC1 -- ethernet -- PC2
Run iperf test between them

On PC1 od PC2 run:
/sbin/sysctl net.inet.ip.fw.one_pass 0
ipfw pipe 1 config bw 256Kbit/s queue 512KBytes
ipfw pipe 2 config bw 256Kbit/s queue 512KBytes
ipfw add 10 pipe 1 ip from any to any out
ipfw add 10 allow ip from any to any out
ipfw add 20 pipe 2 ip from any to any in
ipfw add 20 allow ip from any to any in
/bin/sleep 20
ipfw -f flush

Comment 1 Mark Linimon freebsd_committer

2007-04-24 06:00:20 UTC

Responsible Changed
From-To: freebsd-bugs->freebsd-net

Over to maintainer(s).