From owner-freebsd-current@FreeBSD.ORG Mon Jul 25 16:44:33 2005 Return-Path: X-Original-To: freebsd-current@freebsd.org Delivered-To: freebsd-current@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id B698C16A41F; Mon, 25 Jul 2005 16:44:33 +0000 (GMT) (envelope-from gavin.atkinson@ury.york.ac.uk) Received: from mail-gw0.york.ac.uk (mail-gw0.york.ac.uk [144.32.128.245]) by mx1.FreeBSD.org (Postfix) with ESMTP id 222E543D46; Mon, 25 Jul 2005 16:44:32 +0000 (GMT) (envelope-from gavin.atkinson@ury.york.ac.uk) Received: from buffy.york.ac.uk (buffy-128.york.ac.uk [144.32.128.160]) by mail-gw0.york.ac.uk (8.12.10/8.12.10) with ESMTP id j6PGiU6T023944; Mon, 25 Jul 2005 17:44:30 +0100 (BST) Received: from buffy.york.ac.uk (localhost [127.0.0.1]) by buffy.york.ac.uk (8.13.4/8.13.4) with ESMTP id j6PEbAMA003827; Mon, 25 Jul 2005 15:37:10 +0100 (BST) (envelope-from gavin.atkinson@ury.york.ac.uk) Received: (from ga9@localhost) by buffy.york.ac.uk (8.13.4/8.13.1/Submit) id j6PEbAPv003826; Mon, 25 Jul 2005 15:37:10 +0100 (BST) (envelope-from gavin.atkinson@ury.york.ac.uk) X-Authentication-Warning: buffy.york.ac.uk: ga9 set sender to gavin.atkinson@ury.york.ac.uk using -f From: Gavin Atkinson To: freebsd-current@freebsd.org Content-Type: text/plain Content-Transfer-Encoding: 7bit Date: Mon, 25 Jul 2005 15:37:09 +0100 Message-Id: <1122302229.2749.30.camel@buffy.york.ac.uk> Mime-Version: 1.0 X-Mailer: Evolution 2.2.1.1 FreeBSD GNOME Team Port X-York-MailScanner: Found to be clean X-York-MailScanner-From: gavin.atkinson@ury.york.ac.uk Cc: maxim@freebsd.org Subject: 6.0BETA1: ipfw Abort trap (dumped core) - "modified (chunk-) pointer" X-BeenThere: freebsd-current@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: Discussions about the use of FreeBSD-current List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 25 Jul 2005 16:44:33 -0000 Hi, [maxim cc'd as it seems he's already identified, but not fully solved the issue] I've just installed a machine with 5.4-RELEASE and upgraded it to 6.0 BETA1. I have some firewall rules loaded, and on bootup, ipfw fails with: ipfw in free(): error: modified (chunk-) pointer Abort trap (core dumped) when adding one particular rule (although it does succeed in adding it). ipfw is loaded as a module, and the ruleset is loaded with the following in rc.conf: firewall_enable="YES" firewall_script="/etc/ipfw.rules" firewall_logging="YES" /etc/ipfw.rules contains the following (minimal example): ipfw -q -f flush # Delete all rules cmd="ipfw add " # build rule prefix timeservers="{130.88.200.98 or 158.43.128.33 or 128.86.8.123 }" $cmd 00100 allow all from any to any via lo0 $cmd 00200 deny all from any to 127.0.0.0/8 $cmd 00300 deny ip from 127.0.0.0/8 to any $cmd 00500 check-state $cmd 00501 deny all from any to any frag $cmd 00502 deny tcp from any to any established $cmd 00600 allow udp from me to $timeservers ntp keep-state (notice the lack of space between the "{" and the IP address in the timeservers definition. This seems to be the root cause) On bootup, I see the following: ... 00600 allow udp from me to { 130.88.200.98 or dst-ip 158.43.128.33 or dst-ip 128.86.8.123 } dst-port 123 keep-state ipfw in free(): error: modified (chunk-) pointer Abort trap (core dumped) Note that I can't recreate this from multiuser, but it's 100% recreatable by rebooting the machine. Despite the fact that ipfw is able to parse the address list without a space in it, adding the space stops the Abort. This looks like the same problem discussed in December 2003 here: http://lists.freebsd.org/pipermail/freebsd-net/2003-December/002182.html The patch in http://lists.freebsd.org/pipermail/freebsd-net/2003-December/002182.html stops the Abort, but doesn't make ipfw work, instead it fails with "ipfw: hostname ``'' unknown" on the same line If anyone needs a patch testing, that's no problem. Thanks, Gavin