Bug 222953 - ipfw fwd tablearg & ipfw -q bugs
Summary: ipfw fwd tablearg & ipfw -q bugs
Status: New
Alias: None
Product: Base System
Classification: Unclassified
Component: kern (show other bugs)
Version: 11.1-RELEASE
Hardware: amd64 Any
: --- Affects Only Me
Assignee: Andrey V. Elsukov
URL:
Keywords:
Depends on:
Blocks:
 
Reported: 2017-10-12 13:31 UTC by bugs.freebsd.org
Modified: 2017-10-13 11:12 UTC (History)
2 users (show)

See Also:


Attachments
Proposed patch for fwd tablearg,port (673 bytes, patch)
2017-10-13 09:26 UTC, Andrey V. Elsukov
no flags Details | Diff
Proposed patch for ipfw(8) (485 bytes, patch)
2017-10-13 09:56 UTC, Andrey V. Elsukov
no flags Details | Diff

Note You need to log in before you can comment on or make changes to this bug.
Description bugs.freebsd.org 2017-10-12 13:31:28 UTC
172.18.201.* - are all on localhost.

fwd tablearg,8004 tcp from table(5) to any dst-port 80,8000,8080
> ipfw table 5 list
--- table(5), set(0) ---
172.19.0.0/24 172.18.201.2
172.19.0.0/16 172.18.201.1
172.19.2.0/32 172.18.201.5

It's not working on FreeBSD 11.1, while ok on 10.3.
By the way,
fwd 172.18.201.5,8004 tcp from table(5) to any dst-port 80,8000,8080
is ok.





on FreeBSD 11.1

ipfw -q table 22 delete 1.2.3.4 ; echo $?
notfound: 1.2.3.4/32 0
ipfw: Deleting record failed: record not found
71


on FreeBSD 10.3
ipfw -q table 22 delete 1.2.3.4 ; echo $?
0
Comment 1 Andrey V. Elsukov freebsd_committer 2017-10-13 09:26:28 UTC
Created attachment 187126 [details]
Proposed patch for fwd tablearg,port

Can you test this patch? You need to rebuild the ipfw kernel module, or the kernel if IPFIREWALL is build in.
Comment 2 Andrey V. Elsukov freebsd_committer 2017-10-13 09:56:01 UTC
Created attachment 187127 [details]
Proposed patch for ipfw(8)
Comment 3 bugs.freebsd.org 2017-10-13 10:04:47 UTC
I have added this corrections to files but how to compile?
Comment 4 Andrey V. Elsukov freebsd_committer 2017-10-13 10:10:16 UTC
(In reply to bugs.freebsd.org from comment #3)
> I have added this corrections to files but how to compile?

You can run these commands:

cd /usr/src
make -C sys/modules/ipfw
make -C sbin/ipfw

Then you can unload the unchanged ipfw.ko module and load changed one:
kldunload ipfw
make -C sys/modules/ipfw load

new ipfw(8) binary can be in the sbin/ipfw directory, or if you have builded world in /usr/obj/.
Comment 5 bugs.freebsd.org 2017-10-13 10:19:16 UTC
thanks! it's working now.
ipfw -q table 22 delete 1.2.3.4 ; echo $?
0

and fwd also ok.
Comment 6 commit-hook freebsd_committer 2017-10-13 11:02:07 UTC
A commit references this bug:

Author: ae
Date: Fri Oct 13 11:01:33 UTC 2017
New revision: 324592
URL: https://svnweb.freebsd.org/changeset/base/324592

Log:
  Return 'errno' value from the table_do_modify_record(), it is expected
  by table_modify_record().

  This makes quiet operations with tables really quiet.

  PR:		222953
  MFC after:	1 week

Changes:
  head/sbin/ipfw/tables.c
Comment 7 commit-hook freebsd_committer 2017-10-13 11:12:17 UTC
A commit references this bug:

Author: ae
Date: Fri Oct 13 11:11:54 UTC 2017
New revision: 324593
URL: https://svnweb.freebsd.org/changeset/base/324593

Log:
  Fix regression in handling O_FORWARD_IP opcode after r279948.

  To properly handle 'fwd tablearg,port' opcode, copy sin_port value from
  sockaddr_in structure stored in the opcode into corresponding hopstore
  field.

  PR:		222953
  MFC after:	1 week

Changes:
  head/sys/netpfil/ipfw/ip_fw2.c