6.0BETA1: ipfw Abort trap (dumped core) - "modified (chunk-)
pointer"
Gavin Atkinson
gavin.atkinson at ury.york.ac.uk
Mon Jul 25 16:44:33 GMT 2005
Hi,
[maxim cc'd as it seems he's already identified, but not fully solved
the issue]
I've just installed a machine with 5.4-RELEASE and upgraded it to 6.0
BETA1. I have some firewall rules loaded, and on bootup, ipfw fails
with:
ipfw in free(): error: modified (chunk-) pointer
Abort trap (core dumped)
when adding one particular rule (although it does succeed in adding it).
ipfw is loaded as a module, and the ruleset is loaded with the following
in rc.conf:
firewall_enable="YES"
firewall_script="/etc/ipfw.rules"
firewall_logging="YES"
/etc/ipfw.rules contains the following (minimal example):
ipfw -q -f flush # Delete all rules
cmd="ipfw add " # build rule prefix
timeservers="{130.88.200.98 or 158.43.128.33 or 128.86.8.123 }"
$cmd 00100 allow all from any to any via lo0
$cmd 00200 deny all from any to 127.0.0.0/8
$cmd 00300 deny ip from 127.0.0.0/8 to any
$cmd 00500 check-state
$cmd 00501 deny all from any to any frag
$cmd 00502 deny tcp from any to any established
$cmd 00600 allow udp from me to $timeservers ntp keep-state
(notice the lack of space between the "{" and the IP address in the
timeservers definition. This seems to be the root cause)
On bootup, I see the following:
...
00600 allow udp from me to { 130.88.200.98 or dst-ip 158.43.128.33 or dst-ip 128.86.8.123 } dst-port 123 keep-state
ipfw in free(): error: modified (chunk-) pointer
Abort trap (core dumped)
Note that I can't recreate this from multiuser, but it's 100%
recreatable by rebooting the machine. Despite the fact that ipfw is
able to parse the address list without a space in it, adding the space
stops the Abort.
This looks like the same problem discussed in December 2003 here:
http://lists.freebsd.org/pipermail/freebsd-net/2003-December/002182.html
The patch in
http://lists.freebsd.org/pipermail/freebsd-net/2003-December/002182.html
stops the Abort, but doesn't make ipfw work, instead it fails with
"ipfw: hostname ``'' unknown" on the same line
If anyone needs a patch testing, that's no problem.
Thanks,
Gavin
More information about the freebsd-current
mailing list