From owner-freebsd-bugs  Tue Aug  5 15:50:07 1997
Return-Path: <owner-freebsd-bugs>
Received: (from root@localhost)
          by hub.freebsd.org (8.8.5/8.8.5) id PAA10373
          for bugs-outgoing; Tue, 5 Aug 1997 15:50:07 -0700 (PDT)
Received: (from gnats@localhost)
          by hub.freebsd.org (8.8.5/8.8.5) id PAA10365;
          Tue, 5 Aug 1997 15:50:02 -0700 (PDT)
Resent-Date: Tue, 5 Aug 1997 15:50:02 -0700 (PDT)
Resent-Message-Id: <199708052250.PAA10365@hub.freebsd.org>
Resent-From: gnats (GNATS Management)
Resent-To: freebsd-bugs
Resent-Reply-To: FreeBSD-gnats@FreeBSD.ORG, hsu@mail.clinet.fi
Received: from hauki.clinet.fi (root@hauki.clinet.fi [194.100.0.1])
          by hub.freebsd.org (8.8.5/8.8.5) with ESMTP id PAA09935
          for <FreeBSD-gnats-submit@freebsd.org>; Tue, 5 Aug 1997 15:41:20 -0700 (PDT)
Received: from katiska.clinet.fi (root@katiska.clinet.fi [194.100.0.4])
	by hauki.clinet.fi (8.8.6/8.8.6) with ESMTP id BAA08336
	for <FreeBSD-gnats-submit@freebsd.org>; Wed, 6 Aug 1997 01:41:14 +0300 (EET DST)
Received: (root@localhost) by katiska.clinet.fi (8.8.6/8.6.4) id BAA24474; Wed, 6 Aug 1997 01:41:14 +0300 (EEST)
Message-Id: <199708052241.BAA24474@katiska.clinet.fi>
Date: Wed, 6 Aug 1997 01:41:14 +0300 (EEST)
From: Heikki Suonsivu <hsu@mail.clinet.fi>
Reply-To: hsu@mail.clinet.fi
To: FreeBSD-gnats-submit@FreeBSD.ORG
X-Send-Pr-Version: 3.2
Subject: bin/4231: ipfw no more returns error when deleting non-existent rule
Sender: owner-freebsd-bugs@FreeBSD.ORG
X-Loop: FreeBSD.org
Precedence: bulk


>Number:         4231
>Category:       bin
>Synopsis:       ipfw no more returns error when deleting non-existent rule
>Confidential:   no
>Severity:       serious
>Priority:       high
>Responsible:    freebsd-bugs
>State:          open
>Class:          sw-bug
>Submitter-Id:   current-users
>Arrival-Date:   Tue Aug  5 15:50:00 PDT 1997
>Last-Modified:
>Originator:     Heikki Suonsivu
>Organization:
Clinet, Espoo, Finland
>Release:        FreeBSD 2.2-STABLE i386
>Environment:

2.2-STABLE (probably also in current).

>Description:

ipfw command no more returns exit 1 when deleting non-existant rule, even
though it still gives an error message.

>How-To-Repeat:

To test, do

while ipfw delete 5123
do
done

and it will loop forever.

We have used this in scripts which clean up and install new filters for
various purposes, like filtering cyberpromo and friends.  Bad, as these
filters are usually also installed in local rc files and system won't get
past them unless they are backgrounded.

>Fix:

I think this does the trick (not extensively tested, but its simple).

It may be worth checking out ipfw.c for any other similar problems as it
seems to have changed quite a bit when this bug was merged in ?

Index: ipfw.c
===================================================================
RCS file: /usr/CVS/src/sbin/ipfw/ipfw.c,v
retrieving revision 1.34.2.5
diff -c -r1.34.2.5 ipfw.c
*** ipfw.c	1997/06/23 22:34:24	1.34.2.5
--- ipfw.c	1997/08/05 22:26:07
***************
*** 713,718 ****
--- 713,719 ----
  {
  	struct ip_fw rule;
  	int i;
+ 	int success = 0;
  	
  	memset(&rule, 0, sizeof rule);
  
***************
*** 722,730 ****
  	while (ac && isdigit(**av)) {
  		rule.fw_number = atoi(*av); av++; ac--;
  		i = setsockopt(s, IPPROTO_IP, IP_FW_DEL, &rule, sizeof rule);
! 		if (i)
! 			warn("setsockopt(%s)", "IP_FW_DEL");
  	}
  }
  
  static void
--- 723,734 ----
  	while (ac && isdigit(**av)) {
  		rule.fw_number = atoi(*av); av++; ac--;
  		i = setsockopt(s, IPPROTO_IP, IP_FW_DEL, &rule, sizeof rule);
! 		if (!i)
! 			success = 1;
  	}
+ 
+ 	if (!success)
+ 		err(1, "setsockopt(IP_FW_DEL)");
  }
  
  static void


>Audit-Trail:
>Unformatted: