Date: Thu, 06 Apr 2017 16:53:29 +0000 From: bugzilla-noreply@freebsd.org To: freebsd-bugs@FreeBSD.org Subject: [Bug 218433] Ipfilter ippool table handling source code or man page being incorrect. Message-ID: <bug-218433-8@https.bugs.freebsd.org/bugzilla/>
next in thread | raw e-mail | index | archive | help
https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=218433 Bug ID: 218433 Summary: Ipfilter ippool table handling source code or man page being incorrect. Product: Base System Version: 11.0-RELEASE Hardware: Any OS: Any Status: New Severity: Affects Many People Priority: --- Component: kern Assignee: freebsd-bugs@FreeBSD.org Reporter: luzar722@gmail.com General to-do list 1. Determine whether the man page or the code is correct. 2. Verify that all arguments are parsed (and subsequently processes). 3. Verify that correct error messages are produced as appropriate. Targeted to-do list 1. Man 5 ippool talks about a evolving configuration syntax. The original syntax was more verbose. Remove all the source code dealing with the original verbose syntax and correct ippool(5) manual content to match. Or if in your opinion the original verbose syntax is easier to comprehend, keep it and get rid of the new syntax. 2. ippool –R -m table-name command has error causing core to dump. No documentation about where to find the core dump. Is it the in core table contents being dumped or the running code that is dumped? Found /etc/ippool.core file, maybe that’s the core dump file. 3. The command “ippool -a –m table-name x.x.x.x used for adding a single node entry to the table works but “ippool –l –m table-name command does not show that just added ip address in the node list, but does show a ?(0)/32 node instead. If you try to add the node again you get message saying the node exists in the table already. Same thing occurs even if the ip address is suffixed with /32. 4. There is no documented way to dump the number of times a table ip address has been matched. The “man 8 ippool” lists the –d flag as a global option used for debugging the configuration file processing. Issuing “ippool -l -d –m table-name” displays all of the tables nodes with a hit count as a pair of 2 lines per node. This display needs to be condensed to a single line so it’s easier to parse through looking for the hits. 5. When the host system is shutdown or rebooted the ippool tables that were running are not restarted and the hit count is lost. 6. The “man 5 ippool” manual is mis-named. It should be named ippool.config. 7. In the “man 5 ippool” manual it gives this example “table roll=all type=hash name=servers size=5”. What does “size=5” mean? 8. The “man 5 ippool” manual doesn’t talk about the true syntax of the /etc/ippool.conf file. pool ipf/tree (name test;) { 1.121.136.228; 1.186.172.218; 1.34.169.204/32; 101.109.155.81/16; 104.121.89.129; }; Notice the position of the left and right { } Notice the usage of : I’m thinking the ending }; is an error, should be just } 9. The maximum table size is not documented any where and/or if its possible to increase it. 10. There is no documentation about the ip address being entered in a sorted order. Or about that ippool handles the placement of the entry in the in-core table allowing room for inserted new entry's while maintaining fast search performance. You don’t have to explain to people how this is accomplished, but you should tell them that it’s occurring automatically. Possible enchantments. 1. Would like to see an option that table entries get posted internally with some kind of auto expire date/time that automatically removes the entry when that timer elapses and the entry has no hits. If the entry gets a hit the timer resets and starts timer as of when the hit occurred. Maybe say 3 options, number of minutes, number of hours, and number of days. 2. The usage of the “ippool –R -m table-name” command is to remove the named table from running in core so it can be re-added in mass with updated content. I can all most do the same thing using this command sequence ippool -f /etc/ippool.conf -u this unloads all the entries but leaves the table name in place then this command reloads in mass ippool -f /etc/ippool.conf Would like to see the –u unload option have option to write a file containing all the entries with their hit counts and auto expire value. -- You are receiving this mail because: You are the assignee for the bug.
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?bug-218433-8>