From emoc@scr3am.com Wed Sep 22 13:39:25 1999 Return-Path: Received: from ego.scr3am.com (ns.scr3am.com [209.235.34.130]) by hub.freebsd.org (Postfix) with ESMTP id 1E74A151B9 for ; Wed, 22 Sep 1999 13:39:16 -0700 (PDT) (envelope-from emoc@scr3am.com) Received: from localhost (emoc@localhost) by ego.scr3am.com (8.9.3/8.9.3+pZ!) with ESMTP id QAA08957 for ; Wed, 22 Sep 1999 16:53:02 -0400 Message-Id: Date: Wed, 22 Sep 1999 16:53:02 -0400 (EDT) From: emoc the phearless To: FreeBSD-gnats-submit@freebsd.org Subject: rc, dummynet.4 changes >Number: 13907 >Category: conf >Synopsis: dummynet.4 correction, rc addition of >Confidential: no >Severity: non-critical >Priority: low >Responsible: freebsd-bugs >State: closed >Quarter: >Keywords: >Date-Required: >Class: change-request >Submitter-Id: current-users >Arrival-Date: Wed Sep 22 13:40:00 PDT 1999 >Closed-Date: Fri Jul 14 05:44:21 PDT 2000 >Last-Modified: Fri Jul 14 05:46:27 PDT 2000 >Originator: Matthew George >Release: FreeBSD 3.3-STABLE i386 >Organization: >Environment: >Description: dummynet.4 has the incorrect sysctl listed to disable one_pass rc.firewall and defaults/rc.conf are modified to enable disabling one_pass by setting net.inet.ip.fw.one_pass to 0 one_pass is used with dummynet in order to define whether packets are accepted once they match a pipe (this is the default behavior). If one_pass is set to 0, the packet is reinjected into the rules immediately following the pipe that it matched and will be tested against the remainder of the ruleset. >How-To-Repeat: >Fix: *** man4/dummynet.4.orig Tue Sep 21 19:57:15 1999 --- man4/dummynet.4 Tue Sep 21 19:57:47 1999 *************** *** 89,95 **** are reinjected into the protocol stack at the same point they came from (i.e. ip_input(), ip_output(), bdg_forward() ). Depending on the setting of the sysctl variable ! sys.net.inet.ipfw.one_pass Packets coming from a pipe can be either forwarded to their destination, or passed again through the .Nm ipfw --- 89,95 ---- are reinjected into the protocol stack at the same point they came from (i.e. ip_input(), ip_output(), bdg_forward() ). Depending on the setting of the sysctl variable ! net.inet.ip.fw.one_pass Packets coming from a pipe can be either forwarded to their destination, or passed again through the .Nm ipfw *** defaults/rc.conf.orig Tue Sep 21 19:38:59 1999 --- defaults/rc.conf Tue Sep 21 19:41:05 1999 *************** *** 35,40 **** --- 35,41 ---- firewall_script="/etc/rc.firewall" # Which script to run to set up the firewall firewall_type="UNKNOWN" # Firewall type (see /etc/rc.firewall) firewall_quiet="NO" # Set to YES to suppress rule display + firewall_one_pass="YES" # Set to NO to continue testing packets after matching a pipe (see dummynet(4)) natd_program="/sbin/natd" # path to natd, if you want a different one. natd_enable="NO" # Enable natd (if firewall_enable == YES). natd_interface="fxp0" # Public interface or IPaddress to use. *** rc.firewall.orig Tue Sep 21 19:44:21 1999 --- rc.firewall Tue Sep 21 19:50:26 1999 *************** *** 49,54 **** --- 49,60 ---- fi ############ + # Unset one_pass if requested + if [ "x$firewall_one_pass" = "xNO" ]; then + /sbin/sysctl -w net.inet.ip.fw.one_pass=0 + fi + + ############ # Set quiet mode if requested if [ "x$firewall_quiet" = "xYES" ]; then fwcmd="/sbin/ipfw -q" >Release-Note: >Audit-Trail: From: Sheldon Hearn To: emoc the phearless Cc: FreeBSD-gnats-submit@FreeBSD.ORG Subject: Re: conf/13907: rc, dummynet.4 changes Date: Wed, 22 Sep 1999 22:46:50 +0200 On Wed, 22 Sep 1999 16:53:02 -0400, emoc the phearless wrote: > + # Unset one_pass if requested > + if [ "x$firewall_one_pass" = "xNO" ]; then > + /sbin/sysctl -w net.inet.ip.fw.one_pass=0 > + fi > + > + ############ Note to anyone committing this to CURRENT: Make sure you stick to the new style, using ``case'' instead of ``if''. Thanks, Sheldon. State-Changed-From-To: open->closed State-Changed-By: nbm State-Changed-When: Fri Jul 14 05:44:21 PDT 2000 State-Changed-Why: Fixed in revision 1.5 and 1.4.2.1 of dummynet.4. Submitter (were his mail address not bouncing) could use /etc/sysctl.conf for sysctl manipulation. http://www.freebsd.org/cgi/query-pr.cgi?pr=13907 >Unformatted: net.inet.ip.fw.one_pass