Bug 250434 - ipfw: ipfw fwd broken in 12.2
Summary: ipfw: ipfw fwd broken in 12.2
Status: Closed FIXED
Alias: None
Product: Base System
Classification: Unclassified
Component: kern (show other bugs)
Version: CURRENT
Hardware: Any Any
: --- Affects Some People
Assignee: Alexander V. Chernikov
URL:
Keywords: regression
Depends on:
Blocks:
 
Reported: 2020-10-18 13:06 UTC by Bernard Spil
Modified: 2021-11-02 19:48 UTC (History)
8 users (show)

See Also:

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.
Description Bernard Spil freebsd_committer freebsd_triage 2020-10-18 13:06:11 UTC 
After upgrading from 12.1-p8 adm64 to 12.2-RC2, I ran into a regression with ipfw fwd.

My ipfw config has some fwd rules early in the ruleset to forward traffic to service-jails.

> 00070 fwd 192.0.2.8 tcp from not 192.0.2.0/24 to 192.0.2.1 80,443
> 00071 fwd 192.0.2.2 tcp from not 192.0.2.0/24 to 192.0.2.1 25,587
> 00072 fwd 192.0.2.4 tcp from not 192.0.2.0/24 to 192.0.2.1 9001,9030
> 00073 fwd 192.0.2.11 ip from not 192.0.2.0/24 to 192.0.2.1 54321
> 00074 fwd 192.0.2.7 tcp from not me to 192.0.2.1,192.0.2.8 4242
> 00075 fwd 192.0.2.9 tcp from not 192.0.2.0/24 to 192.0.2.1 993,995

these are a work-around for the crappy Fritz!box router that can't handle multiple IP-addresses on a single MAC.

After the 12.2 upgrade, this no longer worked. ipfw list output:

> 00070 fwd 192.0.2.8,28786 tcp from not 192.0.2.0/24 to 192.0.2.1 80,443
> 00071 fwd 192.0.2.2,28786 tcp from not 192.0.2.0/24 to 192.0.2.1 25,587
> 00072 fwd 192.0.2.4,28786 tcp from not 192.0.2.0/24 to 192.0.2.1 9001,9030
> 00073 fwd 192.0.2.11,28786 ip from not 192.0.2.0/24 to 192.0.2.1 54321
> 00074 fwd 192.0.2.7,28786 tcp from not me to 192.0.2.1,192.0.2.8 4242
> 00075 fwd 192.0.2.9,28786 tcp from not 192.0.2.0/24 to 192.0.2.1 993,995

tcpdump showed only SYN packets on the interface, nothing else.
The additional service-jail IP-addresses are also bound to the same interface
em0.

Please let me know how I can assist in solving this issue!
Comment 1 Bernard Spil freebsd_committer freebsd_triage 2020-10-18 18:00:24 UTC 
After merging r363173 into 12.2-RC3 the ipfw fwd rule works again.

Output of ipfw list shows the rules exactly like before on 12.1-p8

Thanks for the quick fix.
Comment 2 commit-hook freebsd_committer freebsd_triage 2020-10-18 20:55:15 UTC 
A commit references this bug:

Author: melifaro
Date: Sun Oct 18 20:54:16 UTC 2020
New revision: 366816
URL: https://svnweb.freebsd.org/changeset/base/366816

Log:
  MFC r363173:   [ipfw] quieten maybe-uninitialized errors in ipfw.

  PR:		250434
  Reported by:	brndr

Changes:
_U  stable/12/
  stable/12/sbin/ipfw/dummynet.c
  stable/12/sbin/ipfw/ipfw2.c
  stable/12/sbin/ipfw/nat64lsn.c
  stable/12/sbin/ipfw/tables.c
Comment 4 Anton Saietskii 2021-01-14 14:52:18 UTC 
Is someone going to update https://www.freebsd.org/releases/12.2R/errata.html $4? Current issue is still listed as open there.
Comment 5 Mark Johnston freebsd_committer freebsd_triage 2021-01-14 15:11:10 UTC 
(In reply to Anton Saietskii from comment #4)
Thanks for pointing it out, I submitted a diff: https://reviews.freebsd.org/D28155
Comment 6 Ahmed 2021-11-02 19:48:16 UTC 
MARKED AS SPAM