Skip site navigation (1)Skip section navigation (2) 
Date:      Mon, 8 Sep 2008 15:02:28 GMT
From:      Pawel Szember <pawel@szember.net>
To:        freebsd-gnats-submit@FreeBSD.org
Subject:   misc/127209: IPFW table become corrupted after many changes
Message-ID:  <200809081502.m88F2S4a026825@www.freebsd.org>
Resent-Message-ID: <200809081510.m88FA3td013747@freefall.freebsd.org>
next in thread | raw e-mail | index | archive | help 

>Number:         127209
>Category:       misc
>Synopsis:       IPFW table become corrupted after many changes
>Confidential:   no
>Severity:       non-critical
>Priority:       medium
>Responsible:    freebsd-bugs
>State:          open
>Quarter:        
>Keywords:       
>Date-Required:
>Class:          sw-bug
>Submitter-Id:   current-users
>Arrival-Date:   Mon Sep 08 15:10:03 UTC 2008
>Closed-Date:
>Last-Modified:
>Originator:     Pawel Szember
>Release:        7.0-STABLE
>Organization:
Marsoft S.A.
>Environment:
FreeBSD skarzynskiego.marsoft.net 7.0-STABLE FreeBSD 7.0-STABLE #0: Thu Jul  3 13:47:26 CEST 2008     root@skarzynskiego.marsoft.net:/usr/obj/usr/src/sys/MARSOFT  amd64

>Description:
from time to time  some tables (that are often changed) become 'corrupted' with entries that cannot be deleted or flushed


root@[skarzynskiego] ~/adm# ipfw table 127 list
13.1.1.1/32 0
85.31.226.183/32 0
root@[skarzynskiego] ~/adm# ipfw table 127 flush
root@[skarzynskiego] ~/adm# ipfw table 127 list
85.31.226.183/32 0
root@[skarzynskiego] ~/adm# ipfw table 127 add 1.1.1.1
root@[skarzynskiego] ~/adm# ipfw table 127 list
1.1.1.1/32 0
85.31.226.183/32 0
root@[skarzynskiego] ~/adm# ipfw table 127 flush
root@[skarzynskiego] ~/adm# ipfw table 127 list
85.31.226.183/32 0
root@[skarzynskiego] ~/adm# ipfw table 127 delete 85.31.226.183/32
ipfw: setsockopt(IP_FW_TABLE_DEL): No such process


there is no way to delete 85.31.226.183/32 from a table
There is also a problem with matching ipfw rules with this table.
Some packets (with IP that is not in the table) matches a rule eg:

fwd localhost,80  log logamount 0 tcp from table\(127\) to any 80

while they are not listed in table 127 

>How-To-Repeat:

the problem is quite random and happens on various machines under heavy load of traffic (400+ mbps) with frequent changes and flushes of tables (eg. flushed table and than 2000 added entries at the moment every 5 minutes )

>Fix:


>Release-Note:
>Audit-Trail:
>Unformatted:

Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?200809081502.m88F2S4a026825>