From owner-freebsd-bugs@FreeBSD.ORG Mon Sep 8 15:10:04 2008 Return-Path: Delivered-To: freebsd-bugs@hub.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 560881065675 for ; Mon, 8 Sep 2008 15:10:04 +0000 (UTC) (envelope-from gnats@FreeBSD.org) Received: from freefall.freebsd.org (freefall.freebsd.org [IPv6:2001:4f8:fff6::28]) by mx1.freebsd.org (Postfix) with ESMTP id 366F28FC20 for ; Mon, 8 Sep 2008 15:10:04 +0000 (UTC) (envelope-from gnats@FreeBSD.org) Received: from freefall.freebsd.org (gnats@localhost [127.0.0.1]) by freefall.freebsd.org (8.14.2/8.14.2) with ESMTP id m88FA35J013748 for ; Mon, 8 Sep 2008 15:10:03 GMT (envelope-from gnats@freefall.freebsd.org) Received: (from gnats@localhost) by freefall.freebsd.org (8.14.2/8.14.1/Submit) id m88FA3td013747; Mon, 8 Sep 2008 15:10:03 GMT (envelope-from gnats) Resent-Date: Mon, 8 Sep 2008 15:10:03 GMT Resent-Message-Id: <200809081510.m88FA3td013747@freefall.freebsd.org> Resent-From: FreeBSD-gnats-submit@FreeBSD.org (GNATS Filer) Resent-To: freebsd-bugs@FreeBSD.org Resent-Reply-To: FreeBSD-gnats-submit@FreeBSD.org, Pawel Szember Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 7D4E31065672 for ; Mon, 8 Sep 2008 15:02:29 +0000 (UTC) (envelope-from nobody@FreeBSD.org) Received: from www.freebsd.org (www.freebsd.org [IPv6:2001:4f8:fff6::21]) by mx1.freebsd.org (Postfix) with ESMTP id 6F1C38FC19 for ; Mon, 8 Sep 2008 15:02:29 +0000 (UTC) (envelope-from nobody@FreeBSD.org) Received: from www.freebsd.org (localhost [127.0.0.1]) by www.freebsd.org (8.14.2/8.14.2) with ESMTP id m88F2S97026826 for ; Mon, 8 Sep 2008 15:02:28 GMT (envelope-from nobody@www.freebsd.org) Received: (from nobody@localhost) by www.freebsd.org (8.14.2/8.14.1/Submit) id m88F2S4a026825; Mon, 8 Sep 2008 15:02:28 GMT (envelope-from nobody) Message-Id: <200809081502.m88F2S4a026825@www.freebsd.org> Date: Mon, 8 Sep 2008 15:02:28 GMT From: Pawel Szember To: freebsd-gnats-submit@FreeBSD.org X-Send-Pr-Version: www-3.1 Cc: Subject: misc/127209: IPFW table become corrupted after many changes X-BeenThere: freebsd-bugs@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: Bug reports List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 08 Sep 2008 15:10:04 -0000 >Number: 127209 >Category: misc >Synopsis: IPFW table become corrupted after many changes >Confidential: no >Severity: non-critical >Priority: medium >Responsible: freebsd-bugs >State: open >Quarter: >Keywords: >Date-Required: >Class: sw-bug >Submitter-Id: current-users >Arrival-Date: Mon Sep 08 15:10:03 UTC 2008 >Closed-Date: >Last-Modified: >Originator: Pawel Szember >Release: 7.0-STABLE >Organization: Marsoft S.A. >Environment: FreeBSD skarzynskiego.marsoft.net 7.0-STABLE FreeBSD 7.0-STABLE #0: Thu Jul 3 13:47:26 CEST 2008 root@skarzynskiego.marsoft.net:/usr/obj/usr/src/sys/MARSOFT amd64 >Description: from time to time some tables (that are often changed) become 'corrupted' with entries that cannot be deleted or flushed root@[skarzynskiego] ~/adm# ipfw table 127 list 13.1.1.1/32 0 85.31.226.183/32 0 root@[skarzynskiego] ~/adm# ipfw table 127 flush root@[skarzynskiego] ~/adm# ipfw table 127 list 85.31.226.183/32 0 root@[skarzynskiego] ~/adm# ipfw table 127 add 1.1.1.1 root@[skarzynskiego] ~/adm# ipfw table 127 list 1.1.1.1/32 0 85.31.226.183/32 0 root@[skarzynskiego] ~/adm# ipfw table 127 flush root@[skarzynskiego] ~/adm# ipfw table 127 list 85.31.226.183/32 0 root@[skarzynskiego] ~/adm# ipfw table 127 delete 85.31.226.183/32 ipfw: setsockopt(IP_FW_TABLE_DEL): No such process there is no way to delete 85.31.226.183/32 from a table There is also a problem with matching ipfw rules with this table. Some packets (with IP that is not in the table) matches a rule eg: fwd localhost,80 log logamount 0 tcp from table\(127\) to any 80 while they are not listed in table 127 >How-To-Repeat: the problem is quite random and happens on various machines under heavy load of traffic (400+ mbps) with frequent changes and flushes of tables (eg. flushed table and than 2000 added entries at the moment every 5 minutes ) >Fix: >Release-Note: >Audit-Trail: >Unformatted: