From hsu@mail.clinet.fi  Tue Aug  5 15:41:22 1997
Received: from hauki.clinet.fi (root@hauki.clinet.fi [194.100.0.1])
          by hub.freebsd.org (8.8.5/8.8.5) with ESMTP id PAA09935
          for <FreeBSD-gnats-submit@freebsd.org>; Tue, 5 Aug 1997 15:41:20 -0700 (PDT)
Received: from katiska.clinet.fi (root@katiska.clinet.fi [194.100.0.4])
	by hauki.clinet.fi (8.8.6/8.8.6) with ESMTP id BAA08336
	for <FreeBSD-gnats-submit@freebsd.org>; Wed, 6 Aug 1997 01:41:14 +0300 (EET DST)
Received: (root@localhost) by katiska.clinet.fi (8.8.6/8.6.4) id BAA24474; Wed, 6 Aug 1997 01:41:14 +0300 (EEST)
Message-Id: <199708052241.BAA24474@katiska.clinet.fi>
Date: Wed, 6 Aug 1997 01:41:14 +0300 (EEST)
From: Heikki Suonsivu <hsu@mail.clinet.fi>
Reply-To: hsu@mail.clinet.fi
To: FreeBSD-gnats-submit@freebsd.org
Subject: ipfw no more returns error when deleting non-existent rule
X-Send-Pr-Version: 3.2

>Number:         4231
>Category:       bin
>Synopsis:       ipfw no more returns error when deleting non-existent rule
>Confidential:   no
>Severity:       serious
>Priority:       high
>Responsible:    freebsd-bugs
>State:          closed
>Quarter:
>Keywords:
>Date-Required:
>Class:          sw-bug
>Submitter-Id:   current-users
>Arrival-Date:   Tue Aug  5 15:50:00 PDT 1997
>Closed-Date:    Mon Jan 5 16:23:21 PST 1998
>Last-Modified:  Mon Jan  5 16:25:46 PST 1998
>Originator:     Heikki Suonsivu
>Release:        FreeBSD 2.2-STABLE i386
>Organization:
Clinet, Espoo, Finland
>Environment:

2.2-STABLE (probably also in current).

>Description:

ipfw command no more returns exit 1 when deleting non-existant rule, even
though it still gives an error message.

>How-To-Repeat:

To test, do

while ipfw delete 5123
do
done

and it will loop forever.

We have used this in scripts which clean up and install new filters for
various purposes, like filtering cyberpromo and friends.  Bad, as these
filters are usually also installed in local rc files and system won't get
past them unless they are backgrounded.

>Fix:

I think this does the trick (not extensively tested, but its simple).

It may be worth checking out ipfw.c for any other similar problems as it
seems to have changed quite a bit when this bug was merged in ?

Index: ipfw.c
===================================================================
RCS file: /usr/CVS/src/sbin/ipfw/ipfw.c,v
retrieving revision 1.34.2.5
diff -c -r1.34.2.5 ipfw.c
*** ipfw.c	1997/06/23 22:34:24	1.34.2.5
--- ipfw.c	1997/08/05 22:26:07
***************
*** 713,718 ****
--- 713,719 ----
  {
  	struct ip_fw rule;
  	int i;
+ 	int success = 0;
  	
  	memset(&rule, 0, sizeof rule);
  
***************
*** 722,730 ****
  	while (ac && isdigit(**av)) {
  		rule.fw_number = atoi(*av); av++; ac--;
  		i = setsockopt(s, IPPROTO_IP, IP_FW_DEL, &rule, sizeof rule);
! 		if (i)
! 			warn("setsockopt(%s)", "IP_FW_DEL");
  	}
  }
  
  static void
--- 723,734 ----
  	while (ac && isdigit(**av)) {
  		rule.fw_number = atoi(*av); av++; ac--;
  		i = setsockopt(s, IPPROTO_IP, IP_FW_DEL, &rule, sizeof rule);
! 		if (!i)
! 			success = 1;
  	}
+ 
+ 	if (!success)
+ 		err(1, "setsockopt(IP_FW_DEL)");
  }
  
  static void


>Release-Note:
>Audit-Trail:
State-Changed-From-To: open->closed 
State-Changed-By: alex 
State-Changed-When: Mon Jan 5 16:23:21 PST 1998 
State-Changed-Why:  
Fixed in the following revisions: 

2.2-stable:   rev 1.34.2.9 
3.0-current:  rev 1.50 
>Unformatted:
