misc/127209: IPFW table become corrupted after many changes

Pawel Szember pawel at szember.net
Mon Sep 8 15:10:04 UTC 2008 

>Number:         127209
>Category:       misc
>Synopsis:       IPFW table become corrupted after many changes
>Confidential:   no
>Severity:       non-critical
>Priority:       medium
>Responsible:    freebsd-bugs
>State:          open
>Quarter:        
>Keywords:       
>Date-Required:
>Class:          sw-bug
>Submitter-Id:   current-users
>Arrival-Date:   Mon Sep 08 15:10:03 UTC 2008
>Closed-Date:
>Last-Modified:
>Originator:     Pawel Szember
>Release:        7.0-STABLE
>Organization:
Marsoft S.A.
>Environment:
FreeBSD skarzynskiego.marsoft.net 7.0-STABLE FreeBSD 7.0-STABLE #0: Thu Jul  3 13:47:26 CEST 2008     root at skarzynskiego.marsoft.net:/usr/obj/usr/src/sys/MARSOFT  amd64

>Description:
from time to time  some tables (that are often changed) become 'corrupted' with entries that cannot be deleted or flushed


root@[skarzynskiego] ~/adm# ipfw table 127 list
13.1.1.1/32 0
85.31.226.183/32 0
root@[skarzynskiego] ~/adm# ipfw table 127 flush
root@[skarzynskiego] ~/adm# ipfw table 127 list
85.31.226.183/32 0
root@[skarzynskiego] ~/adm# ipfw table 127 add 1.1.1.1
root@[skarzynskiego] ~/adm# ipfw table 127 list
1.1.1.1/32 0
85.31.226.183/32 0
root@[skarzynskiego] ~/adm# ipfw table 127 flush
root@[skarzynskiego] ~/adm# ipfw table 127 list
85.31.226.183/32 0
root@[skarzynskiego] ~/adm# ipfw table 127 delete 85.31.226.183/32
ipfw: setsockopt(IP_FW_TABLE_DEL): No such process


there is no way to delete 85.31.226.183/32 from a table
There is also a problem with matching ipfw rules with this table.
Some packets (with IP that is not in the table) matches a rule eg:

fwd localhost,80  log logamount 0 tcp from table\(127\) to any 80

while they are not listed in table 127 

>How-To-Repeat:

the problem is quite random and happens on various machines under heavy load of traffic (400+ mbps) with frequent changes and flushes of tables (eg. flushed table and than 2000 added entries at the moment every 5 minutes )

>Fix:


>Release-Note:
>Audit-Trail:
>Unformatted:

More information about the freebsd-bugs mailing list