On Tue, Mar 28, 2000 at 02:08:12PM -0500, Mason Loring Bliss wrote:
> On Mon, Mar 27, 2000 at 09:09:51PM +0100, Patrick Welche wrote:
> 
> > On Mon, Mar 27, 2000 at 11:18:09AM +0100, Patrick Welche wrote:
> > > pass in quick on ne0 to ne1 all
> > > pass in quick on ne1 to ne0 all
> > 
> > On further reflexion, these two rules set up an infinite loop...
> 
> Do they? I would have thought "quick" meant "no more processing of this
> packet by ipf after this rule," thus making every eligible packet only
> see one rule by definition...?

Actually, you're right, after the first rule, the packet would be
"out on ne1", not "in on ne1" anyway => I shouldn't get a hang..

How-to-repeat:
boot single user
ifconfig inet cards / add default route
mount /usr
# ipf -E
IP Filter: v3.3.8 initialized.  Default = pass all, Logging = enabled
# ipfstat -io
empty list for ipfilter(out)
empty list for ipfilter(in)
# ipf -Fa -f -
pass in quick on ne0 to ne1 all
pass in quick on ne1 to ne0 all
# ipfstat -io

* hang *
* drop into ddb / t *

ne2000_write_mbuf(c0409c00,c03e2080,4000,c0000000,f6) at ne2000_write_mbuf+0x24
5
dp8390_start(c0409c34) at dp8390_start+0xca
ether_output(c0409c34,c03e2080,c5327ddc,c04171f0,400a) at ether_output+0x45f
ipfr_fastroute(c03e2080,c5327e24,c041cf90) at ipfr_fastroute+0x1e7
fr_check(c51f5010,14,c0407034,0,c5327ea8) at fr_check+0x69f
ip_input(c03e2080) at ip_input+0x1c6
ipintr(10,10,c53193c0,c53193c0,c5327f30) at ipintr+0x64
Bad frame pointer: 0xc5327ebc

system: 1.4U pre rc.d / i386


If someone can confirm that those rules make sense, I'll file a pr..

Cheers,

Patrick