From owner-freebsd-bugs@FreeBSD.ORG Tue Aug 3 19:20:28 2004 Return-Path: Delivered-To: freebsd-bugs@hub.freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 28FE816A4D1 for ; Tue, 3 Aug 2004 19:20:28 +0000 (GMT) Received: from freefall.freebsd.org (freefall.freebsd.org [216.136.204.21]) by mx1.FreeBSD.org (Postfix) with ESMTP id 50A6143D66 for ; Tue, 3 Aug 2004 19:20:23 +0000 (GMT) (envelope-from gnats@FreeBSD.org) Received: from freefall.freebsd.org (gnats@localhost [127.0.0.1]) by freefall.freebsd.org (8.12.11/8.12.11) with ESMTP id i73JKKhE097283 for ; Tue, 3 Aug 2004 19:20:20 GMT (envelope-from gnats@freefall.freebsd.org) Received: (from gnats@localhost) by freefall.freebsd.org (8.12.11/8.12.11/Submit) id i73JKKL4097282; Tue, 3 Aug 2004 19:20:20 GMT (envelope-from gnats) Resent-Date: Tue, 3 Aug 2004 19:20:20 GMT Resent-Message-Id: <200408031920.i73JKKL4097282@freefall.freebsd.org> Resent-From: FreeBSD-gnats-submit@FreeBSD.org (GNATS Filer) Resent-To: freebsd-bugs@FreeBSD.org Resent-Reply-To: FreeBSD-gnats-submit@FreeBSD.org, root@asarian-host.net Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id C958016A4CE for ; Tue, 3 Aug 2004 19:11:45 +0000 (GMT) Received: from mail.asarian-host.net (mail.asarian-host.net [194.109.160.70]) by mx1.FreeBSD.org (Postfix) with ESMTP id 13DE243D3F for ; Tue, 3 Aug 2004 19:11:45 +0000 (GMT) SRS0=pvJzLaBV=KZ=asarian-host.net=root@asarian-host.net) Received: (from root@localhost) by mail.asarian-host.net (8.13.0/8.13.0) id i73JBh0m044730 for freebsd-gnats-submit@freebsd.org; Tue, 3 Aug 2004 21:11:43 +0200 (CEST) (envelope-from root@asarian-host.net) Message-Id: <200408031911.I73JBH5M044723@asarian-host.net> Date: Tue, 03 Aug 2004 19:11:43 GMT From: System Administrator To: FreeBSD-gnats-submit@FreeBSD.org Comments: To protect the identity of the sender, certain header fields are either not shown, or masked. Anonymous email accounts can be requested by filling in the appropriate form at: https://asarian-host.net/cgi-bin/signup.cgi X-Send-Pr-Version: 3.113 Subject: kern/69963: ipfw: install_state warning about already existing entry X-BeenThere: freebsd-bugs@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list Reply-To: root@asarian-host.net List-Id: Bug reports List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 03 Aug 2004 19:20:28 -0000 >Number: 69963 >Category: kern >Synopsis: ipfw: install_state warning about already existing entry >Confidential: no >Severity: non-critical >Priority: low >Responsible: freebsd-bugs >State: open >Quarter: >Keywords: >Date-Required: >Class: sw-bug >Submitter-Id: current-users >Arrival-Date: Tue Aug 03 19:20:20 GMT 2004 >Closed-Date: >Last-Modified: >Originator: Superuser >Release: FreeBSD 4.9-RELEASE-p3 i386 >Organization: Asarian-host.net >Environment: System: FreeBSD asarian-host.net 4.9-RELEASE-p3 FreeBSD 4.9-RELEASE-p3 #2: Mon Aug 2 16:44:12 CEST 2004 root@asarian-host.net:/klad/obj/klad/src/sys/ASARIAN-HOST i386 >Description: I installed the following ipfw2 rules (see below). The goal is simple: I want to limit connections to port 25 to 32 in total, targeted at "me". And of those 32, only 4 per source. Like so: ipfw add 1 check-state ... ipfw add 11 skipto 12 tcp from any to me 25 setup limit dst-addr 32 ipfw add 12 allow tcp from any to me 25 setup limit src-addr 4 Doing so, causes the console to be flooded with messages like these: "ipfw: install_state: entry already present, done" It is this code in ip_fw2.c and ip_fw.c that prints the message: q = lookup_dyn_rule(&args->f_id, NULL, NULL); if (q != NULL) { /* should never occur */ if (last_log != time_second) { last_log = time_second; printf("ipfw: install_state: entry already present, done\n"); } return 0; } >How-To-Repeat: every time the rules in question hit >Fix: Since this seems to be a non-critical error (as it is just a matter of ignoring an already existing rule), I commented out the line that does the printf, so as to avoid the repeated warnings. Needless to say, this is not at all a real solution. In fact, it is no solution at all, just a suppressant. >Release-Note: >Audit-Trail: >Unformatted: