From roderick@stud187236.mobiel.utwente.nl Sat Jan 17 14:23:23 2004 Return-Path: Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 2335316A4CE for ; Sat, 17 Jan 2004 14:23:23 -0800 (PST) Received: from netlx050.vf.utwente.nl (netlx050.vf.utwente.nl [192.87.17.19]) by mx1.FreeBSD.org (Postfix) with ESMTP id 4E2A743D2D for ; Sat, 17 Jan 2004 14:23:21 -0800 (PST) (envelope-from roderick@stud187236.mobiel.utwente.nl) Received: from stud187236.mobiel.utwente.nl (stud187236.mobiel.utwente.nl [130.89.187.236]) by netlx050.vf.utwente.nl (8.11.7/HKD) with ESMTP id i0HMNDf22082 for ; Sat, 17 Jan 2004 23:23:13 +0100 Received: from stud187236.mobiel.utwente.nl (localhost [127.0.0.1]) by stud187236.mobiel.utwente.nl (8.12.10/8.12.10) with ESMTP id i0HMMX8V084522 for ; Sat, 17 Jan 2004 23:22:33 +0100 (CET) (envelope-from roderick@stud187236.mobiel.utwente.nl) Received: (from root@localhost) by stud187236.mobiel.utwente.nl (8.12.10/8.12.10/Submit) id i0HMMXGL084521; Sat, 17 Jan 2004 23:22:33 +0100 (CET) (envelope-from roderick) Message-Id: <200401172222.i0HMMXGL084521@stud187236.mobiel.utwente.nl> Date: Sat, 17 Jan 2004 23:22:33 +0100 (CET) From: Roderick van Domburg To: FreeBSD-gnats-submit@freebsd.org Cc: Subject: Incorrect ip6fw output when adding rules X-Send-Pr-Version: 3.113 X-GNATS-Notify: >Number: 61502 >Category: bin >Synopsis: Incorrect ip6fw output when adding rules >Confidential: no >Severity: non-critical >Priority: medium >Responsible: dwmalone >State: closed >Quarter: >Keywords: >Date-Required: >Class: sw-bug >Submitter-Id: current-users >Arrival-Date: Sat Jan 17 14:30:19 PST 2004 >Closed-Date: Wed Oct 22 15:16:22 UTC 2008 >Last-Modified: Wed Oct 22 15:16:22 UTC 2008 >Originator: Roderick van Domburg >Release: FreeBSD 5.2-CURRENT sparc64 >Organization: University of Twente >Environment: System: FreeBSD stud187236.mobiel.utwente.nl 5.2-CURRENT FreeBSD 5.2-CURRENT #0: Sun Jan 11 14:03:52 CET 2004 roderick@magog.student.utwente.nl:/usr/obj/usr/src/sys/MAGOG sparc64 >Description: When adding IPv6 firewall rules without specifying a set rulenumber, 'ip6fw' incorrectly lists the new rule as being added as number 0000 even though it is added under a different rulenumber. >How-To-Repeat: 1. Enable the IPv6 firewall service 2. Add any rule without specifying a number. Example: `ip6fw add allow tcp from any to any` ip6fw reports the rule being added as 0000. 3. Execute `ip6fw show`. The rule will have been added as 0100, assuming the ruleset was flushed. No matter if it was, the rule will have been assigned a correct number different from 0000. However, executing `ip6fw add 100 allow tcp from any to any` during (2) produces output as expected. This incorrect behavior is _not_ displayed on plain IPv6 ipfw on sparc64. I had no architectures readily available to see if all this was platform- specific. >Fix: Unknown. >Release-Note: >Audit-Trail: Responsible-Changed-From-To: freebsd-bugs->dwmalone Responsible-Changed-By: dwmalone Responsible-Changed-When: Sat Jan 17 14:32:30 PST 2004 Responsible-Changed-Why: I'll have a look at this. http://www.freebsd.org/cgi/query-pr.cgi?pr=61502 State-Changed-From-To: open->closed State-Changed-By: dwmalone State-Changed-When: Wed Oct 22 15:13:58 UTC 2008 State-Changed-Why: This is actully a quirk of how ip6fw decided to do it's rules setting. Because of the method used, there is no way for the kernel to export the actual rule number used without explicitly doing an ip6fw show. I'm going to close this, because the problem shouldn't be present in ipfw, which now does IPv6. David. http://www.freebsd.org/cgi/query-pr.cgi?pr=61502 >Unformatted: