Skip site navigation (1)Skip section navigation (2) 
Date:      Wed, 6 Aug 1997 01:41:14 +0300 (EEST)
From:      Heikki Suonsivu <hsu@mail.clinet.fi>
To:        FreeBSD-gnats-submit@FreeBSD.ORG
Subject:   bin/4231: ipfw no more returns error when deleting non-existent rule
Message-ID:  <199708052241.BAA24474@katiska.clinet.fi>
Resent-Message-ID: <199708052250.PAA10365@hub.freebsd.org>
next in thread | raw e-mail | index | archive | help 

>Number:         4231
>Category:       bin
>Synopsis:       ipfw no more returns error when deleting non-existent rule
>Confidential:   no
>Severity:       serious
>Priority:       high
>Responsible:    freebsd-bugs
>State:          open
>Class:          sw-bug
>Submitter-Id:   current-users
>Arrival-Date:   Tue Aug  5 15:50:00 PDT 1997
>Last-Modified:
>Originator:     Heikki Suonsivu
>Organization:
Clinet, Espoo, Finland
>Release:        FreeBSD 2.2-STABLE i386
>Environment:

2.2-STABLE (probably also in current).

>Description:

ipfw command no more returns exit 1 when deleting non-existant rule, even
though it still gives an error message.

>How-To-Repeat:

To test, do

while ipfw delete 5123
do
done

and it will loop forever.

We have used this in scripts which clean up and install new filters for
various purposes, like filtering cyberpromo and friends.  Bad, as these
filters are usually also installed in local rc files and system won't get
past them unless they are backgrounded.

>Fix:

I think this does the trick (not extensively tested, but its simple).

It may be worth checking out ipfw.c for any other similar problems as it
seems to have changed quite a bit when this bug was merged in ?

Index: ipfw.c
===================================================================
RCS file: /usr/CVS/src/sbin/ipfw/ipfw.c,v
retrieving revision 1.34.2.5
diff -c -r1.34.2.5 ipfw.c
*** ipfw.c	1997/06/23 22:34:24	1.34.2.5
--- ipfw.c	1997/08/05 22:26:07
***************
*** 713,718 ****
--- 713,719 ----
  {
  	struct ip_fw rule;
  	int i;
+ 	int success = 0;
  	
  	memset(&rule, 0, sizeof rule);
  
***************
*** 722,730 ****
  	while (ac && isdigit(**av)) {
  		rule.fw_number = atoi(*av); av++; ac--;
  		i = setsockopt(s, IPPROTO_IP, IP_FW_DEL, &rule, sizeof rule);
! 		if (i)
! 			warn("setsockopt(%s)", "IP_FW_DEL");
  	}
  }
  
  static void
--- 723,734 ----
  	while (ac && isdigit(**av)) {
  		rule.fw_number = atoi(*av); av++; ac--;
  		i = setsockopt(s, IPPROTO_IP, IP_FW_DEL, &rule, sizeof rule);
! 		if (!i)
! 			success = 1;
  	}
+ 
+ 	if (!success)
+ 		err(1, "setsockopt(IP_FW_DEL)");
  }
  
  static void


>Audit-Trail:
>Unformatted:

Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?199708052241.BAA24474>