From nobody Sun Oct 12 16:46:39 2025 X-Original-To: freebsd-current@mlmmj.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mlmmj.nyi.freebsd.org (Postfix) with ESMTP id 4cl5wg0GSSz6CCTR for ; Sun, 12 Oct 2025 16:46:43 +0000 (UTC) (envelope-from david@catwhisker.org) Received: from mx.catwhisker.org (mx.catwhisker.org [107.204.234.170]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256) (Client did not present a certificate) by mx1.freebsd.org (Postfix) with ESMTPS id 4cl5wf006Lz4QSw for ; Sun, 12 Oct 2025 16:46:41 +0000 (UTC) (envelope-from david@catwhisker.org) Authentication-Results: mx1.freebsd.org; dkim=none; dmarc=none; spf=pass (mx1.freebsd.org: domain of david@catwhisker.org designates 107.204.234.170 as permitted sender) smtp.mailfrom=david@catwhisker.org Received: from albert.catwhisker.org (localhost [127.0.0.1]) by albert.catwhisker.org (8.18.1/8.18.1) with ESMTP id 59CGkdAG007730; Sun, 12 Oct 2025 16:46:39 GMT (envelope-from david@albert.catwhisker.org) Received: (from david@localhost) by albert.catwhisker.org (8.18.1/8.18.1/Submit) id 59CGkdZ6007729; Sun, 12 Oct 2025 09:46:39 -0700 (PDT) (envelope-from david) Date: Sun, 12 Oct 2025 09:46:39 -0700 From: David Wolfskill To: A FreeBSD User , FreeBSD CURRENT Subject: Re: ipfw: ipfw: Adding record failed: Inappropriate ioctl for device Message-ID: Mail-Followup-To: David Wolfskill , A FreeBSD User , FreeBSD CURRENT References: <20251011155130.47db5448@thor.sb211.local> List-Id: Discussions about the use of FreeBSD-current List-Archive: https://lists.freebsd.org/archives/freebsd-current List-Help: List-Post: List-Subscribe: List-Unsubscribe: Sender: owner-freebsd-current@FreeBSD.org MIME-Version: 1.0 Content-Type: multipart/signed; micalg=pgp-sha512; protocol="application/pgp-signature"; boundary="d7etUujwabv1nj8x" Content-Disposition: inline In-Reply-To: X-Spamd-Bar: ----- X-Spamd-Result: default: False [-5.18 / 15.00]; SIGNED_PGP(-2.00)[]; NEURAL_HAM_LONG(-1.00)[-1.000]; NEURAL_HAM_SHORT(-1.00)[-0.997]; NEURAL_HAM_MEDIUM(-0.78)[-0.784]; MIME_GOOD(-0.20)[multipart/signed,text/plain]; R_SPF_ALLOW(-0.20)[+ip4:107.204.234.170:c]; ARC_NA(0.00)[]; DMARC_NA(0.00)[catwhisker.org]; R_DKIM_NA(0.00)[]; FREEFALL_USER(0.00)[david]; MISSING_XM_UA(0.00)[]; MLMMJ_DEST(0.00)[freebsd-current@freebsd.org]; RCPT_COUNT_TWO(0.00)[2]; MID_RHS_MATCH_FROMTLD(0.00)[]; RCVD_COUNT_TWO(0.00)[2]; FROM_EQ_ENVFROM(0.00)[]; MIME_TRACE(0.00)[0:+,1:+,2:~]; TO_MATCH_ENVRCPT_SOME(0.00)[]; RCVD_TLS_LAST(0.00)[]; TO_DN_ALL(0.00)[]; FROM_HAS_DN(0.00)[] X-Rspamd-Queue-Id: 4cl5wf006Lz4QSw --d7etUujwabv1nj8x Content-Type: text/plain; charset=us-ascii Content-Disposition: inline Content-Transfer-Encoding: quoted-printable TL;DR: Both failing & successful invocations of /sbin/ipfw get an "errno 25 Inappropriate ioctl for device" from attempting CALL ioctl(0,TIOCGETA,$aadress) But in the successful case, ipfw keeps on going, while in the failing case, it's fatal after adding the first table entry. Details: OK; I tried that same test: cat /tmp/t1 | /sbin/ipfw /dev/stdin (where /tmp/t1 is a list of 10 "table 1 add ..." lines) on a system running stable/14-n272653-051c12a5d90a; as expected, it worked. So then I tried each under ktrace. In the failing case (main-n281070-1129bf441e99), we see: =2E.. 2856 ipfw CALL mmap(0,0x600000,0x3,0x15001002<= MAP_PRIVATE|MAP_ANON|MAP_ALIGNED(21)>,0xffffffff,0) 2856 ipfw RET mmap 51717863374848/0x2f0980e00000 2856 ipfw CALL cpuset_getaffinity(0x3,0x9,0xffffffffffffffff,0x80,0x= 24050e2c5540) 2856 ipfw STRU cpuset_t [ 0, 1, 2, 3, 4, 5, 6, 7 ] 2856 ipfw RET cpuset_getaffinity 0 2856 ipfw CALL mprotect(0x23fcede45000,0x2000,0x1) 2856 ipfw RET mprotect 0 2856 ipfw CALL access(0x24050e2c699c,0x4) 2856 ipfw NAMI "/dev/fd/0" 2856 ipfw RET access 0 2856 ipfw CALL open(0x24050e2c699c,0) 2856 ipfw NAMI "/dev/fd/0" 2856 ipfw RET open 3 2856 ipfw CALL fstat(0x3,0x24050e2c5370) 2856 ipfw STRU struct stat {dev=3D18446744071679573768, ino=3D13, mo= de=3D0100644, nlink=3D1, uid=3D0, gid=3D0, rdev=3D18446744073709551615, ati= me=3D1760285783.535137000, mtime=3D1760274765.723262000, ctime=3D1760274765= =2E723262000, birthtime=3D1760274747.106237000, size=3D233, blksize=3D4096,= blocks=3D8, flags=3D0x0 } 2856 ipfw RET fstat 0 2856 ipfw CALL read(0x3,0x2f0980c08000,0x1000) 2856 ipfw GIO fd 3 read 233 bytes "table 1 add 1.0.1.0/24 table 1 add 1.0.2.0/23 table 1 add 1.0.8.0/21 table 1 add 1.0.32.0/19 table 1 add 1.1.0.0/24 table 1 add 1.1.2.0/23 table 1 add 1.1.4.0/22 table 1 add 1.1.9.0/24 table 1 add 1.1.10.0/23 table 1 add 1.1.12.0/22 " 2856 ipfw RET read 233/0xe9 2856 ipfw CALL ioctl(0,TIOCGETA,0x24050e2c5474) 2856 ipfw RET ioctl -1 errno 25 Inappropriate ioctl for device 2856 ipfw CALL socket(PF_INET,0x3,IPPROTO_RAW) 2856 ipfw RET socket 4 2856 ipfw CALL getsockopt(0x4,IPPROTO_IP,IP_FW3,0x24050e2c4fa0,0x240= 50e2c4f20) 2856 ipfw RET getsockopt 0 2856 ipfw CALL getsockopt(0x4,IPPROTO_IP,IP_FW3,0x24050e2c5350,0x240= 50e2c50d0) 2856 ipfw RET getsockopt 0 2856 ipfw CALL fstat(0x1,0x24050e2c42e0) 2856 ipfw STRU struct stat {dev=3D1895890688, ino=3D546, mode=3D0206= 20, nlink=3D1, uid=3D0, gid=3D4, rdev=3D546, atime=3D1760285792, mtime=3D17= 60285792, ctime=3D1760285792, birthtime=3D-1, size=3D0, blksize=3D4096, blo= cks=3D0, flags=3D0x0 } 2856 ipfw RET fstat 0 2856 ipfw CALL ioctl(0x1,TIOCGETA,0x24050e2c4294) 2856 ipfw RET ioctl 0 2856 ipfw CALL write(0x1,0x2f0980c09000,0x14) 2856 ipfw GIO fd 1 wrote 20 bytes "added: 1.0.1.0/24 0 " 2856 ipfw RET write 20/0x14 2856 ipfw CALL issetugid 2856 ipfw RET issetugid 0 2856 ipfw CALL fstatat(AT_FDCWD,0x24050e2c4b80,0x24050e2c4f80,0) 2856 ipfw NAMI "/usr/share/nls/C/libc.cat" 2856 ipfw RET fstatat -1 errno 2 No such file or directory 2856 ipfw CALL fstatat(AT_FDCWD,0x24050e2c4b80,0x24050e2c4f80,0) 2856 ipfw NAMI "/usr/share/nls/libc/C" 2856 ipfw RET fstatat -1 errno 2 No such file or directory 2856 ipfw CALL fstatat(AT_FDCWD,0x24050e2c4b80,0x24050e2c4f80,0) 2856 ipfw NAMI "/usr/local/share/nls/C/libc.cat" 2856 ipfw RET fstatat -1 errno 2 No such file or directory 2856 ipfw CALL fstatat(AT_FDCWD,0x24050e2c4b80,0x24050e2c4f80,0) 2856 ipfw NAMI "/usr/local/share/nls/libc/C" 2856 ipfw RET fstatat -1 errno 2 No such file or directory 2856 ipfw CALL write(0x2,0x24050e2c4910,0x8) 2856 ipfw GIO fd 2 wrote 8 bytes "Line 1: " 2856 ipfw RET write 8 2856 ipfw CALL write(0x2,0x24050e2c4a00,0x34) 2856 ipfw GIO fd 2 wrote 52 bytes "Adding record failed: Inappropriate ioctl for device" =2E... while in the successful case, we see: =2E.. 1673 ipfw CALL mmap(0,0x600000,0x3,0x15001002<= MAP_PRIVATE|MAP_ANON|MAP_ALIGNED(21)>,0xffffffff,0) 1673 ipfw RET mmap 85264691101696/0x4d8c3ba00000 1673 ipfw CALL mprotect(0x2dd45673a000,0x1000,0x1) 1673 ipfw RET mprotect 0 1673 ipfw CALL access(0x2ddc76ab4b73,0x4) 1673 ipfw NAMI "/dev/stdin" 1673 ipfw RET access 0 1673 ipfw CALL open(0x2ddc76ab4b73,0) 1673 ipfw NAMI "/dev/stdin" 1673 ipfw RET open 3 1673 ipfw CALL fstat(0x3,0x2ddc76ab3580) 1673 ipfw STRU struct stat {dev=3D82, ino=3D1057, mode=3D010000, nli= nk=3D0, uid=3D0, gid=3D0, rdev=3D0, atime=3D1760286745.775325068, mtime=3D1= 760286745.778324751, ctime=3D1760286745.775325068, birthtime=3D0, size=3D23= 3, blksize=3D4096, blocks=3D1, flags=3D0x0 } 1673 ipfw RET fstat 0 1673 ipfw CALL read(0x3,0x4d8c3b809000,0x1000) 1673 ipfw GIO fd 3 read 233 bytes "table 1 add 1.0.1.0/24 table 1 add 1.0.2.0/23 table 1 add 1.0.8.0/21 table 1 add 1.0.32.0/19 table 1 add 1.1.0.0/24 table 1 add 1.1.2.0/23 table 1 add 1.1.4.0/22 table 1 add 1.1.9.0/24 table 1 add 1.1.10.0/23 table 1 add 1.1.12.0/22 " 1673 ipfw RET read 233/0xe9 1673 ipfw CALL ioctl(0,TIOCGETA,0x2ddc76ab3684) 1673 ipfw RET ioctl -1 errno 25 Inappropriate ioctl for device 1673 ipfw CALL socket(PF_INET,0x3,IPPROTO_RAW) 1673 ipfw RET socket 4 1673 ipfw CALL getsockopt(0x4,IPPROTO_IP,IP_FW3,0x2ddc76ab31b0,0x2dd= c76ab3130) 1673 ipfw RET getsockopt 0 1673 ipfw CALL getsockopt(0x4,IPPROTO_IP,IP_FW3,0x2ddc76ab3560,0x2dd= c76ab32e0) 1673 ipfw RET getsockopt 0 1673 ipfw CALL fstat(0x1,0x2ddc76ab24f0) 1673 ipfw STRU struct stat {dev=3D1895890688, ino=3D563, mode=3D0206= 20, nlink=3D1, uid=3D0, gid=3D4, rdev=3D563, atime=3D1760286745, mtime=3D17= 60286745, ctime=3D1760286745, birthtime=3D-1, size=3D0, blksize=3D4096, blo= cks=3D0, flags=3D0x0 } 1673 ipfw RET fstat 0 1673 ipfw CALL ioctl(0x1,TIOCGETA,0x2ddc76ab24a4) 1673 ipfw RET ioctl 0 1673 ipfw CALL write(0x1,0x4d8c3b80a000,0x14) 1673 ipfw GIO fd 1 wrote 20 bytes "added: 1.0.1.0/24 0 " 1673 ipfw RET write 20/0x14 1673 ipfw CALL getsockopt(0x4,IPPROTO_IP,IP_FW3,0x2ddc76ab31b0,0x2dd= c76ab3130) 1673 ipfw RET getsockopt 0 1673 ipfw CALL getsockopt(0x4,IPPROTO_IP,IP_FW3,0x2ddc76ab3560,0x2dd= c76ab32e0) 1673 ipfw RET getsockopt 0 1673 ipfw CALL write(0x1,0x4d8c3b80a000,0x14) 1673 ipfw GIO fd 1 wrote 20 bytes "added: 1.0.2.0/23 0 " =2E... Peace, david --=20 David H. Wolfskill david@catwhisker.org See https://www.catwhisker.org/~david/publickey.gpg for my public key. --d7etUujwabv1nj8x Content-Type: application/pgp-signature; name=signature.asc -----BEGIN PGP SIGNATURE----- iNUEARYKAH0WIQSTLzOSbomIK53fjFliipiWhXYx5QUCaOvbb18UgAAAAAAuAChp c3N1ZXItZnByQG5vdGF0aW9ucy5vcGVucGdwLmZpZnRoaG9yc2VtYW4ubmV0OTMy RjMzOTI2RTg5ODgyQjlEREY4QzU5NjI4QTk4OTY4NTc2MzFFNQAKCRBiipiWhXYx 5UmNAQC8Lr0D/oHla6JLj/+bW5adQtAAm0oiBskVmNDw6M3QaQEAt6EOWLnkLzCT X6uNaUezrNBl+W+n8po9fVE3CAtHkgA= =byum -----END PGP SIGNATURE----- --d7etUujwabv1nj8x--