From owner-freebsd-bugs@FreeBSD.ORG  Mon Apr  2 05:40:06 2007
Return-Path: <owner-freebsd-bugs@FreeBSD.ORG>
X-Original-To: freebsd-bugs@hub.freebsd.org
Delivered-To: freebsd-bugs@hub.freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org [69.147.83.52])
	by hub.freebsd.org (Postfix) with ESMTP id F3D4016A407
	for <freebsd-bugs@hub.freebsd.org>;
	Mon,  2 Apr 2007 05:40:05 +0000 (UTC)
	(envelope-from gnats@FreeBSD.org)
Received: from freefall.freebsd.org (freefall.freebsd.org [69.147.83.40])
	by mx1.freebsd.org (Postfix) with ESMTP id BB7BC13C4BC
	for <freebsd-bugs@hub.freebsd.org>;
	Mon,  2 Apr 2007 05:40:05 +0000 (UTC)
	(envelope-from gnats@FreeBSD.org)
Received: from freefall.freebsd.org (gnats@localhost [127.0.0.1])
	by freefall.freebsd.org (8.13.4/8.13.4) with ESMTP id l325e5i9025259
	for <freebsd-bugs@freefall.freebsd.org>; Mon, 2 Apr 2007 05:40:05 GMT
	(envelope-from gnats@freefall.freebsd.org)
Received: (from gnats@localhost)
	by freefall.freebsd.org (8.13.4/8.13.4/Submit) id l325e5ve025258;
	Mon, 2 Apr 2007 05:40:05 GMT (envelope-from gnats)
Resent-Date: Mon, 2 Apr 2007 05:40:05 GMT
Resent-Message-Id: <200704020540.l325e5ve025258@freefall.freebsd.org>
Resent-From: FreeBSD-gnats-submit@FreeBSD.org (GNATS Filer)
Resent-To: freebsd-bugs@FreeBSD.org
Resent-Reply-To: FreeBSD-gnats-submit@FreeBSD.org,
	"Jukka A. Ukkonen"<jau@iki.fi>
Received: from mx1.freebsd.org (mx1.freebsd.org [69.147.83.52])
	by hub.freebsd.org (Postfix) with ESMTP id B1F1816A401
	for <freebsd-gnats-submit@FreeBSD.org>;
	Mon,  2 Apr 2007 05:30:04 +0000 (UTC)
	(envelope-from nobody@FreeBSD.org)
Received: from www.freebsd.org (www.freebsd.org [69.147.83.33])
	by mx1.freebsd.org (Postfix) with ESMTP id 9DDF513C45B
	for <freebsd-gnats-submit@FreeBSD.org>;
	Mon,  2 Apr 2007 05:30:04 +0000 (UTC)
	(envelope-from nobody@FreeBSD.org)
Received: from www.freebsd.org (localhost [127.0.0.1])
	by www.freebsd.org (8.13.1/8.13.1) with ESMTP id l325U4wh047682
	for <freebsd-gnats-submit@FreeBSD.org>; Mon, 2 Apr 2007 05:30:04 GMT
	(envelope-from nobody@www.freebsd.org)
Received: (from nobody@localhost)
	by www.freebsd.org (8.13.1/8.13.1/Submit) id l325P251047089;
	Mon, 2 Apr 2007 05:25:02 GMT (envelope-from nobody)
Message-Id: <200704020525.l325P251047089@www.freebsd.org>
Date: Mon, 2 Apr 2007 05:25:02 GMT
From: "Jukka A. Ukkonen"<jau@iki.fi>
To: freebsd-gnats-submit@FreeBSD.org
X-Send-Pr-Version: www-3.0
Cc: 
Subject: kern/111121: After the latest changes ipfw2 complains: "ipfw:
	opcode 50 size 2 wrong"
X-BeenThere: freebsd-bugs@freebsd.org
X-Mailman-Version: 2.1.5
Precedence: list
List-Id: Bug reports <freebsd-bugs.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-bugs>,
	<mailto:freebsd-bugs-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-bugs>
List-Post: <mailto:freebsd-bugs@freebsd.org>
List-Help: <mailto:freebsd-bugs-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-bugs>,
	<mailto:freebsd-bugs-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Mon, 02 Apr 2007 05:40:06 -0000


>Number:         111121
>Category:       kern
>Synopsis:       After the latest changes ipfw2 complains: "ipfw: opcode 50 size 2 wrong"
>Confidential:   no
>Severity:       critical
>Priority:       high
>Responsible:    freebsd-bugs
>State:          open
>Quarter:        
>Keywords:       
>Date-Required:
>Class:          sw-bug
>Submitter-Id:   current-users
>Arrival-Date:   Mon Apr 02 05:40:04 GMT 2007
>Closed-Date:
>Last-Modified:
>Originator:     Jukka A. Ukkonen
>Release:        FreeBSD 6.2-STABLE (2007-04-01)
>Organization:
private
>Environment:
FreeBSD mjolnir 6.2-STABLE FreeBSD 6.2-STABLE #0: Sun Apr  1 16:59:00 EET DST 2007     root@mjolnir:/usr/obj/usr/src/sys/Mjolnir  i386
>Description:
After the latest updates to ipfw2 it has started complaining
"ipfw: opcode 50 size 2 wrong"
Apparently this also causes the rest of the rules to be rejected starting
from the rule triggering the opcode error.

As a side effect one firewall instance that has been using ipfw2 has stopped
passing packets out through it internal interface, because the rules allowing
the internal transmissions are no longer loaded.

If I counted correctly the opcodes in the header file,
opcode 50 corresponds to the "pipe" rules.

In the ipfw2 instance in which the problem was found there are only a few
pipe related rules...

pipe 100 config bw 512kbit/s
pipe 101 config bw 128Kbit/s
add 04500 pipe 101 tcp from SLOWLANE to any 80,443 
add 65533 pipe 100 tcp from any 80,443 to SLOWLANE

It seems that ipfw gives up when trying the rule 04500.

The SLOWLANE in capital letters is a macro which expands to "table(13)".
This table is intended to hold a dynamically adjustable list of bandwidth
hog internal addresses. Initially it is an empty table.


>How-To-Repeat:
Try enough rules triggering opcode 50 (pipe) I guess.

>Fix:
None yet.
>Release-Note:
>Audit-Trail:
>Unformatted: