From owner-freebsd-bugs@FreeBSD.ORG  Thu Sep  4 05:02:25 2003
Return-Path: <owner-freebsd-bugs@FreeBSD.ORG>
Delivered-To: freebsd-bugs@freebsd.org
Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125])
	by hub.freebsd.org (Postfix) with ESMTP
	id 38EF516A4BF; Thu,  4 Sep 2003 05:02:25 -0700 (PDT)
Received: from mail.cise.ufl.edu (fir.cise.ufl.edu [128.227.205.249])
	by mx1.FreeBSD.org (Postfix) with ESMTP
	id 3E0DD43FB1; Thu,  4 Sep 2003 05:02:24 -0700 (PDT)
	(envelope-from jfh@cise.ufl.edu)
Received: from waterspout.cise.ufl.edu (waterspout.cise.ufl.edu
	[128.227.205.52])
	(using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits))
	(No client certificate requested)
	by mail.cise.ufl.edu (Postfix) with ESMTP
	id 3B81B644; Thu,  4 Sep 2003 08:02:19 -0400 (EDT)
Date: Thu, 4 Sep 2003 08:01:42 -0400
From: "James F.  Hranicky" <jfh@cise.ufl.edu>
To: Robert Watson <rwatson@FreeBSD.org>
Message-Id: <20030904080142.5121b382.jfh@cise.ufl.edu>
In-Reply-To: <Pine.NEB.3.96L.1030903114400.93404C-100000@fledge.watson.org>
References: <20030903062809.2ae57891.jfh@cise.ufl.edu>
	<Pine.NEB.3.96L.1030903114400.93404C-100000@fledge.watson.org>
Organization: University of Florida CISE Department
X-Mailer: Sylpheed version 0.9.4 (GTK+ 1.2.8; sparc-sun-solaris2.8)
Mime-Version: 1.0
Content-Type: text/plain; charset=US-ASCII
Content-Transfer-Encoding: 7bit
cc: admin@cise.ufl.edu
cc: FreeBSD-gnats-submit@FreeBSD.org
cc: freebsd-bugs@FreeBSD.org
Subject: Re: conf/56031: ipfw hangs on every invocation
X-BeenThere: freebsd-bugs@freebsd.org
X-Mailman-Version: 2.1.1
Precedence: list
List-Id: Bug reports <freebsd-bugs.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-bugs>,
	<mailto:freebsd-bugs-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-bugs>
List-Post: <mailto:freebsd-bugs@freebsd.org>
List-Help: <mailto:freebsd-bugs-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-bugs>,
	<mailto:freebsd-bugs-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Thu, 04 Sep 2003 12:02:25 -0000

On Wed, 3 Sep 2003 11:45:41 -0400 (EDT)
Robert Watson <rwatson@FreeBSD.org> wrote:

> On Wed, 3 Sep 2003, James F.  Hranicky wrote:

> I'd step up to the ioctl in question, and then see if it really hangs in
> the ioctl(), or if it gets past and starts spinning.  If it's the ioctl(),
> it would be very helpful to know which file descriptor it's on, and what
> the arguments are.  If it's not the ioctl() call, we need to figure out
> which loop isn't taking something important into account.

I think I've found it. First off, I neglected to mention I've added

	IPFW2=TRUE

to /etc/make.conf, so I'm using ipfw2 (sorry!).

After tracing through, it does seem to be a logic error in ipfw2.c .

At line 1036, there a loop like so:

        for (l = rule->act_ofs, cmd = rule->cmd ;
                        l > 0 ; l -= F_LEN(cmd) , cmd += F_LEN(cmd)) {

The loop is supposed to quit when l == 0, and l is supposed to be decremented
by F_LEN(cmd) each time.

F_LEN is defined as

	#define   F_LEN_MASK      0x3f
	#define   F_LEN(cmd)      ((cmd)->len & F_LEN_MASK)

Checking the values of the cmd struct:

	(gdb) p *cmd
	$6 = {opcode = O_NOP, len = 0 '\000', arg1 = 0}

Darn, l is always decremented by 0.

I'll probably fix the problem on my end by temporarily disabling ipfw2 (since I'm
not really even using it at the moment). 

Hope this helps.

Jim