From nobody Sun Nov 10 16:41:34 2024
X-Original-To: bugs@mlmmj.nyi.freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1])
	by mlmmj.nyi.freebsd.org (Postfix) with ESMTP id 4Xmdjp2HG3z5cx6B
	for <bugs@mlmmj.nyi.freebsd.org>; Sun, 10 Nov 2024 16:41:34 +0000 (UTC)
	(envelope-from bugzilla-noreply@freebsd.org)
Received: from mxrelay.nyi.freebsd.org (mxrelay.nyi.freebsd.org [IPv6:2610:1c1:1:606c::19:3])
	(using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)
	 key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256
	 client-signature RSA-PSS (4096 bits) client-digest SHA256)
	(Client CN "mxrelay.nyi.freebsd.org", Issuer "R10" (verified OK))
	by mx1.freebsd.org (Postfix) with ESMTPS id 4Xmdjp062bz4DWM
	for <bugs@FreeBSD.org>; Sun, 10 Nov 2024 16:41:34 +0000 (UTC)
	(envelope-from bugzilla-noreply@freebsd.org)
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org;
	s=dkim; t=1731256894;
	h=from:from:reply-to:subject:subject:date:date:message-id:message-id:
	 to:to:cc:mime-version:mime-version:content-type:content-type:
	 content-transfer-encoding:content-transfer-encoding;
	bh=Ih7hplyjygu8izg3pGC24mHAW5XAbtcKE/g9viojdEw=;
	b=HLHVyCsju4niMKkJJ50tu4uSZI3tZnO7xf6Kft6Re/hi2nCD2NaF8tt89gOx2tipFK0gx3
	X09P00uXB2SQ50VE+y2sQ33K2MVnc+2SqITB5UfnGXNivZAzuIAYnkYk/o/mLxXu9ge24N
	VVte87aQI6782CRt3J+7dykQ9zuu5hP0JY/AKuRBwlpGrrs1nZnETVt/RpwaPxvZbe4NiS
	SgYMGTVIxuuCU3DKl3AnyWMn/aKqRadwG8S7O84U7XqzvuwmQrPimPeNdX0fW4GRiQVSks
	jvKmtjtSfk4nwy99zeN2kt4MvdY65EjUw269bsMoM2FvS1FJgLE0kgEUVQ/hGg==
ARC-Authentication-Results: i=1;
	mx1.freebsd.org;
	none
ARC-Seal: i=1; s=dkim; d=freebsd.org; t=1731256894; a=rsa-sha256; cv=none;
	b=frtIjFD3sYei8xCO4VRxfNG/d4i3TFCHiAuxKZn0jkpmU+ivxDmvsS0kba/RgDp9sprElC
	FxOJVEI0En2XeSb6sku6RPomXXz37ENwHySIC8hB0mXnLEgPdXVSMWxxiMKVuy8e8jtIo2
	wdVFXSdm0YiDFnun1hNdq4NCbh/EOWbX5cIAxrwXLfw9WETH/L6sXdl92GROtzG4uRDCuX
	BIiirtUzOmQvi7L3i33EsJAuw4aehakL4TJHFFCkumkaFyKs/j7GDNcNXpFO4Bf8Tly9YX
	GkE+2Ewpyy8+HkMpUMrdVpzWZv1nq7+XAKc1ZcF/7mk3kpOL5EsE1jWSxSXIIQ==
Received: from kenobi.freebsd.org (kenobi.freebsd.org [IPv6:2610:1c1:1:606c::50:1d])
	(using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)
	 key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256)
	(Client did not present a certificate)
	by mxrelay.nyi.freebsd.org (Postfix) with ESMTPS id 4Xmdjn5t4tzq6d
	for <bugs@FreeBSD.org>; Sun, 10 Nov 2024 16:41:33 +0000 (UTC)
	(envelope-from bugzilla-noreply@freebsd.org)
Received: from kenobi.freebsd.org ([127.0.1.5])
	by kenobi.freebsd.org (8.15.2/8.15.2) with ESMTP id 4AAGfX7t029026
	for <bugs@FreeBSD.org>; Sun, 10 Nov 2024 16:41:33 GMT
	(envelope-from bugzilla-noreply@freebsd.org)
Received: (from www@localhost)
	by kenobi.freebsd.org (8.15.2/8.15.2/Submit) id 4AAGfX7D029025
	for bugs@FreeBSD.org; Sun, 10 Nov 2024 16:41:33 GMT
	(envelope-from bugzilla-noreply@freebsd.org)
X-Authentication-Warning: kenobi.freebsd.org: www set sender to bugzilla-noreply@freebsd.org using -f
From: bugzilla-noreply@freebsd.org
To: bugs@FreeBSD.org
Subject: [Bug 282673] ipfw tags are lost while transit via if_epair
Date: Sun, 10 Nov 2024 16:41:34 +0000
X-Bugzilla-Reason: AssignedTo
X-Bugzilla-Type: new
X-Bugzilla-Watch-Reason: None
X-Bugzilla-Product: Base System
X-Bugzilla-Component: kern
X-Bugzilla-Version: 14.1-RELEASE
X-Bugzilla-Keywords: 
X-Bugzilla-Severity: Affects Only Me
X-Bugzilla-Who: bugs.freebsd.org@mx.zzux.com
X-Bugzilla-Status: New
X-Bugzilla-Resolution: 
X-Bugzilla-Priority: ---
X-Bugzilla-Assigned-To: bugs@FreeBSD.org
X-Bugzilla-Flags: 
X-Bugzilla-Changed-Fields: bug_id short_desc product version rep_platform
 op_sys bug_status bug_severity priority component assigned_to reporter
Message-ID: <bug-282673-227@https.bugs.freebsd.org/bugzilla/>
Content-Type: text/plain; charset="UTF-8"
Content-Transfer-Encoding: quoted-printable
X-Bugzilla-URL: https://bugs.freebsd.org/bugzilla/
Auto-Submitted: auto-generated
List-Id: Bug reports <freebsd-bugs.freebsd.org>
List-Archive: https://lists.freebsd.org/archives/freebsd-bugs
List-Help: <mailto:freebsd-bugs+help@freebsd.org>
List-Post: <mailto:freebsd-bugs@freebsd.org>
List-Subscribe: <mailto:freebsd-bugs+subscribe@freebsd.org>
List-Unsubscribe: <mailto:freebsd-bugs+unsubscribe@freebsd.org>
Sender: owner-freebsd-bugs@FreeBSD.org
MIME-Version: 1.0

https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=3D282673

            Bug ID: 282673
           Summary: ipfw tags are lost while transit via if_epair
           Product: Base System
           Version: 14.1-RELEASE
          Hardware: amd64
                OS: Any
            Status: New
          Severity: Affects Only Me
          Priority: ---
         Component: kern
          Assignee: bugs@FreeBSD.org
          Reporter: bugs.freebsd.org@mx.zzux.com

Example script:

#!/bin/sh
kldload -n ipfw
ifconfig epair1 create

ifconfig epair1a inet 192.0.2.1/30 up
ifconfig epair1b inet 192.0.2.2/30 up

route -4 add 192.0.2.4/30 192.0.2.2 -ifp epair1a

ipfw add 31560 count tag 4 tagged 3 in
ipfw add 31570 count tag 3 tagged 2 in
ipfw add 31580 count tag 2 not tagged 2 in dst-ip 192.0.2.4
ipfw add 31590 unreach host tagged 4 out

netstat -nrW4

ping -c 5 -t 6 192.0.2.4

traceroute -w 1 -In 192.0.2.4

ipfw show 31560-31590
ipfw -q delete 31560-31590

ifconfig epair1a destroy





Result on FreeBSD 11.2-RELEASE-p4 (everything's ok):
Routing tables

Internet:
Destination        Gateway            Flags       Use    Mtu      Netif Exp=
ire
127.0.0.1          link#3             UH            0  16384        lo0
192.0.2.0/30       link#4             U             0   1500    epair1a
192.0.2.1          link#4             UHS           0  16384        lo0
192.0.2.2          link#5             UHS           0  16384        lo0
192.0.2.4/30       192.0.2.2          UGS           0   1500    epair1a
192.168.232.0/24   192.168.232.222    UGS          97   1500       lan1
192.168.232.192/27 link#1             U             2   1500       lan1
192.168.232.200    link#1             UHS           0  16384        lo0
PING 192.0.2.4 (192.0.2.4): 56 data bytes
36 bytes from localhost (127.0.0.1): Destination Host Unreachable
Vr HL TOS  Len   ID Flg  off TTL Pro  cks      Src      Dst
 4  5  00 0054 979c   0 0000  3d  01 6207 192.0.2.1  192.0.2.4

36 bytes from localhost (127.0.0.1): Destination Host Unreachable
Vr HL TOS  Len   ID Flg  off TTL Pro  cks      Src      Dst
 4  5  00 0054 9ee0   0 0000  3d  01 5ac3 192.0.2.1  192.0.2.4

36 bytes from localhost (127.0.0.1): Destination Host Unreachable
Vr HL TOS  Len   ID Flg  off TTL Pro  cks      Src      Dst
 4  5  00 0054 9ee1   0 0000  3d  01 5ac2 192.0.2.1  192.0.2.4

36 bytes from localhost (127.0.0.1): Destination Host Unreachable
Vr HL TOS  Len   ID Flg  off TTL Pro  cks      Src      Dst
 4  5  00 0054 9ee2   0 0000  3d  01 5ac1 192.0.2.1  192.0.2.4

36 bytes from localhost (127.0.0.1): Destination Host Unreachable
Vr HL TOS  Len   ID Flg  off TTL Pro  cks      Src      Dst
 4  5  00 0054 9ee3   0 0000  3d  01 5ac0 192.0.2.1  192.0.2.4


--- 192.0.2.4 ping statistics ---
5 packets transmitted, 0 packets received, 100.0% packet loss
traceroute to 192.0.2.4 (192.0.2.4), 64 hops max, 48 byte packets
 1  127.0.0.1  0.130 ms  0.036 ms  0.033 ms
 2  127.0.0.1  0.030 ms  0.026 ms  0.040 ms
 3  127.0.0.1  0.032 ms  0.028 ms  0.028 ms
 4  127.0.0.1  0.029 ms !H  0.057 ms !H  0.031 ms !H
31560  11   708 count tag 4 ip from any to any tagged 3 in
31570  25  1560 count tag 3 ip from any to any tagged 2 in
31580  17   996 count tag 2 ip from any to 192.0.2.4 not tagged 2 in
31590   8   564 reject ip from any to any tagged 4 out



Result on FreeBSD 14.1-RELEASE-p5 (very different from 11.2, tags are lost,
cannot control every pass via ipfw):
Routing tables

Internet:
Destination        Gateway            Flags   Nhop#    Mtu      Netif Expire
127.0.0.1          link#3             UH          1  16384        lo0
192.0.2.0/30       link#4             U           5   1500    epair1a
192.0.2.1          link#3             UHS         6  16384        lo0
192.0.2.2          link#3             UHS         7  16384        lo0
192.0.2.4/30       192.0.2.2          UGS         8   1500    epair1a
192.168.232.0/24   192.168.232.222    UGS         4   1500       lan1
192.168.232.192/27 link#1             U           2   1500       lan1
192.168.232.200    link#3             UHS         3  16384        lo0
PING 192.0.2.4 (192.0.2.4): 56 data bytes
92 bytes from 127.0.0.1: Time to live exceeded
Vr HL TOS  Len   ID Flg  off TTL Pro  cks       Src       Dst
 4  5  00 0054 612e   0 0000  01  01 d475 192.0.2.1 192.0.2.4

92 bytes from 127.0.0.1: Time to live exceeded
Vr HL TOS  Len   ID Flg  off TTL Pro  cks       Src       Dst
 4  5  00 0054 612f   0 0000  01  01 d474 192.0.2.1 192.0.2.4

92 bytes from 127.0.0.1: Time to live exceeded
Vr HL TOS  Len   ID Flg  off TTL Pro  cks       Src       Dst
 4  5  00 0054 6130   0 0000  01  01 d473 192.0.2.1 192.0.2.4

92 bytes from 127.0.0.1: Time to live exceeded
Vr HL TOS  Len   ID Flg  off TTL Pro  cks       Src       Dst
 4  5  00 0054 6131   0 0000  01  01 d472 192.0.2.1 192.0.2.4

92 bytes from 127.0.0.1: Time to live exceeded
Vr HL TOS  Len   ID Flg  off TTL Pro  cks       Src       Dst
 4  5  00 0054 6132   0 0000  01  01 d471 192.0.2.1 192.0.2.4


--- 192.0.2.4 ping statistics ---
5 packets transmitted, 0 packets received, 100.0% packet loss
traceroute to 192.0.2.4 (192.0.2.4), 64 hops max, 48 byte packets
 1  127.0.0.1  0.103 ms  0.084 ms  0.059 ms
 2  127.0.0.1  0.047 ms  0.047 ms  0.044 ms
.......
64  127.0.0.1  0.104 ms  0.112 ms  0.105 ms
31560     0      0 count tag 4 tagged 3 in
31570     0      0 count tag 3 tagged 2 in
31580  6560 326400 count tag 2 not tagged 2 in dst-ip 192.0.2.4
31590     0      0 reject tagged 4 out

--=20
You are receiving this mail because:
You are the assignee for the bug.=