Skip site navigation (1)Skip section navigation (2) 
Date:      Tue, 03 Aug 2004 19:11:43 GMT
From:      System Administrator <root@asarian-host.net>
To:        FreeBSD-gnats-submit@FreeBSD.org
Subject:    kern/69963: ipfw: install_state warning about already existing entry
Message-ID:  <200408031911.I73JBH5M044723@asarian-host.net>
Resent-Message-ID: <200408031920.i73JKKL4097282@freefall.freebsd.org>
next in thread | raw e-mail | index | archive | help 

>Number:         69963
>Category:       kern
>Synopsis:       ipfw: install_state warning about already existing entry
>Confidential:   no
>Severity:       non-critical
>Priority:       low
>Responsible:    freebsd-bugs
>State:          open
>Quarter:        
>Keywords:       
>Date-Required:
>Class:          sw-bug
>Submitter-Id:   current-users
>Arrival-Date:   Tue Aug 03 19:20:20 GMT 2004
>Closed-Date:
>Last-Modified:
>Originator:     Superuser
>Release:        FreeBSD 4.9-RELEASE-p3 i386
>Organization:
Asarian-host.net
>Environment:
System: FreeBSD asarian-host.net 4.9-RELEASE-p3 FreeBSD 4.9-RELEASE-p3 #2: Mon Aug 2 16:44:12 CEST 2004 root@asarian-host.net:/klad/obj/klad/src/sys/ASARIAN-HOST i386

>Description:

I installed the following ipfw2 rules (see below). The goal is simple: I want to limit connections to port 25 to 32 in total, targeted at "me". And of those 32, only 4 per source. Like so:

ipfw add 1 check-state
...
ipfw add 11 skipto 12 tcp from any to me 25 setup limit dst-addr 32
ipfw add 12 allow tcp from any to me 25 setup limit src-addr 4

Doing so, causes the console to be flooded with messages like these:

    "ipfw: install_state: entry already present, done"

It is this code in ip_fw2.c and ip_fw.c that prints the message:

 q = lookup_dyn_rule(&args->f_id, NULL, NULL);
 if (q != NULL) { /* should never occur */
  if (last_log != time_second) {
   last_log = time_second;
   printf("ipfw: install_state: entry already present, done\n");
  }
  return 0;
 }

>How-To-Repeat:
	every time the rules in question hit
>Fix:

Since this seems to be a non-critical error (as it is just a matter of ignoring an already existing rule),
I commented out the line that does the printf, so as to avoid the repeated warnings. Needless to say,
this is not at all a real solution. In fact, it is no solution at all, just a suppressant.

>Release-Note:
>Audit-Trail:
>Unformatted:

Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?200408031911.I73JBH5M044723>