Date: Tue, 03 Aug 2004 19:11:43 GMT From: System Administrator <root@asarian-host.net> To: FreeBSD-gnats-submit@FreeBSD.org Subject: kern/69963: ipfw: install_state warning about already existing entry Message-ID: <200408031911.I73JBH5M044723@asarian-host.net> Resent-Message-ID: <200408031920.i73JKKL4097282@freefall.freebsd.org>
next in thread | raw e-mail | index | archive | help
>Number: 69963 >Category: kern >Synopsis: ipfw: install_state warning about already existing entry >Confidential: no >Severity: non-critical >Priority: low >Responsible: freebsd-bugs >State: open >Quarter: >Keywords: >Date-Required: >Class: sw-bug >Submitter-Id: current-users >Arrival-Date: Tue Aug 03 19:20:20 GMT 2004 >Closed-Date: >Last-Modified: >Originator: Superuser >Release: FreeBSD 4.9-RELEASE-p3 i386 >Organization: Asarian-host.net >Environment: System: FreeBSD asarian-host.net 4.9-RELEASE-p3 FreeBSD 4.9-RELEASE-p3 #2: Mon Aug 2 16:44:12 CEST 2004 root@asarian-host.net:/klad/obj/klad/src/sys/ASARIAN-HOST i386 >Description: I installed the following ipfw2 rules (see below). The goal is simple: I want to limit connections to port 25 to 32 in total, targeted at "me". And of those 32, only 4 per source. Like so: ipfw add 1 check-state ... ipfw add 11 skipto 12 tcp from any to me 25 setup limit dst-addr 32 ipfw add 12 allow tcp from any to me 25 setup limit src-addr 4 Doing so, causes the console to be flooded with messages like these: "ipfw: install_state: entry already present, done" It is this code in ip_fw2.c and ip_fw.c that prints the message: q = lookup_dyn_rule(&args->f_id, NULL, NULL); if (q != NULL) { /* should never occur */ if (last_log != time_second) { last_log = time_second; printf("ipfw: install_state: entry already present, done\n"); } return 0; } >How-To-Repeat: every time the rules in question hit >Fix: Since this seems to be a non-critical error (as it is just a matter of ignoring an already existing rule), I commented out the line that does the printf, so as to avoid the repeated warnings. Needless to say, this is not at all a real solution. In fact, it is no solution at all, just a suppressant. >Release-Note: >Audit-Trail: >Unformatted:
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?200408031911.I73JBH5M044723>