From owner-freebsd-hackers@FreeBSD.ORG Tue Aug 3 18:33:31 2004 Return-Path: Delivered-To: freebsd-hackers@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 04D0B16A4CE for ; Tue, 3 Aug 2004 18:33:31 +0000 (GMT) Received: from mail.asarian-host.net (mail.asarian-host.net [194.109.160.70]) by mx1.FreeBSD.org (Postfix) with ESMTP id 1576643D67 for ; Tue, 3 Aug 2004 18:33:30 +0000 (GMT) SRS0=So2F/K8/=KZ=asarian-host.net=admin@asarian-host.net) Comments: To protect the identity of the sender, certain header fields are either not shown, or masked. Anonymous email accounts can be requested by filling in the appropriate form at: https://asarian-host.net/cgi-bin/signup.cgi Received: (from root@localhost) by mail.asarian-host.net (8.13.0/8.13.0) id i73IXSXd043208 for freebsd-hackers@freebsd.org; Tue, 3 Aug 2004 20:33:28 +0200 (CEST) (envelope-from admin@asarian-host.net) From: Mark Received-SPF: pass (asarian-host.net: domain of admin@asarian-host.net designates sender IP as SASL permitted sender) Message-Id: <200408031833.I73IXS7R043191@asarian-host.net> Date: Tue, 03 Aug 2004 18:33:28 GMT X-Authenticated-Sender: admin@asarian-host.net X-Trace: Sm85H7dAPEIQxdlPhJb/XlSL6Askwfvap6Tkh3OuwnN+8zc6hTh/RvN650SkZodAM06gKdFyczocgFwe72VHgQ== X-Complaints-To: abuse@asarian-host.net X-Abuse-Info: Please be sure to forward a copy of ALL headers, otherwise we are unable to process your complaint Organization: Asarian-host To: "Bill Moran" References: <20040803105731.197c7cd0.wmoran@asarian-host.net><200408031633.I73GXIBP038908@asarian-host.net> <20040803125617.06d9d0bd.wmoran@potentialtech.com> MIME-Version: 1.0 Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: 7bit X-Priority: 3 X-MSMail-Priority: Normal X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2800.1441 X-Auth: Asarian-host PGP signature iQEVAwUAQQ/aeDFqW1BleBN9AQEXDQf+LfOfZaUCHh+WE+q99C5M6CFbwcjuYqW3 9EbG9Hia1poqGRP/ilNAV69IxhMUVkaUbQp717DvQoCwYTfrUFovT7R03Lk91Bew F1noo6xzwRdHnabRust/KHjvrWka41CmQIvatloMgaPT/UjE0GeL+nUN8pKQWM01 LUtD5xEj29ppt8Tg21W5w48ddbUeA41Lg6cDe9o1D5TMwDaZ3Pj2c0yEjqzd7YXb EWa7G73G9JLseSVS+kiYvC/vGtIwbReEyBP1S3HT9w8xWqqSQCB2OKalCWGL5nzm 832wvFrIKYUA2BCLXd/RCHsqv9IujLEsarpK2LrbpdvP5sbCndydCQ== =6Ih6 cc: freebsd-hackers@freebsd.org cc: freebsd-questions@freebsd.org Subject: Re: One OR MORE of source and destination addresses? X-BeenThere: freebsd-hackers@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Technical Discussions relating to FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 03 Aug 2004 18:33:31 -0000 Bill Moran wrote: >>> My whole console is flooded with messages like these: >>> >>> "ipfw: install_state: entry already present, done" >>> >>> Is there a known patch? >> >> I just took a look at the code: >> >> if (q != NULL) { /* should never occur */ >> if (last_log != time_second) { >> last_log = time_second; >> printf("ipfw: install_state: entry already present, done\n"); >> } >> return 0; >> } >> >> What if I just hack the "printf ..." line out of there? Would that >> 'solve' it? I know it's dirty; but would things still work? > > Theoretically, yes (note that I'm certainly no expert on this chunk of > code) My reason for saying yes is: > 1) The error seems to be that IPFW is trying to add the same stateful > rule twice ... which means it _did_ get successfully added once. > 2) When that condition occurs, the function returns 0. The comment at > the top of the file states that the function returns 1 on failure, > so it would appear that this condition is still considered > successful. Thank you for taking the time to look into this. Yes, my reason for thinking "yes" was the same. It seems there are critical errors, such as "Too many dynamic rules", returning 1, and, say, unexpected errors, like when trying to create a rule that already exists, returning 0. Since the rule actually seems to be working (limiting total connection to 32, and only 4 per source), just commenting out the printf statement seems like a harmless, be it very dirty, "solution". Indeed, this should probably be fixed; and I will file a PR tonight. - Mark