From nobody@FreeBSD.org  Mon Apr  2 05:30:04 2007
Return-Path: <nobody@FreeBSD.org>
Received: from mx1.freebsd.org (mx1.freebsd.org [69.147.83.52])
	by hub.freebsd.org (Postfix) with ESMTP id B1F1816A401
	for <freebsd-gnats-submit@FreeBSD.org>; Mon,  2 Apr 2007 05:30:04 +0000 (UTC)
	(envelope-from nobody@FreeBSD.org)
Received: from www.freebsd.org (www.freebsd.org [69.147.83.33])
	by mx1.freebsd.org (Postfix) with ESMTP id 9DDF513C45B
	for <freebsd-gnats-submit@FreeBSD.org>; Mon,  2 Apr 2007 05:30:04 +0000 (UTC)
	(envelope-from nobody@FreeBSD.org)
Received: from www.freebsd.org (localhost [127.0.0.1])
	by www.freebsd.org (8.13.1/8.13.1) with ESMTP id l325U4wh047682
	for <freebsd-gnats-submit@FreeBSD.org>; Mon, 2 Apr 2007 05:30:04 GMT
	(envelope-from nobody@www.freebsd.org)
Received: (from nobody@localhost)
	by www.freebsd.org (8.13.1/8.13.1/Submit) id l325P251047089;
	Mon, 2 Apr 2007 05:25:02 GMT
	(envelope-from nobody)
Message-Id: <200704020525.l325P251047089@www.freebsd.org>
Date: Mon, 2 Apr 2007 05:25:02 GMT
From: "Jukka A. Ukkonen"<jau@iki.fi>
To: freebsd-gnats-submit@FreeBSD.org
Subject: After the latest changes ipfw2 complains: "ipfw: opcode 50 size 2 wrong"
X-Send-Pr-Version: www-3.0

>Number:         111121
>Category:       kern
>Synopsis:       [ipfw] After the latest changes ipfw2 complains: "ipfw: opcode 50 size 2 wrong"
>Confidential:   no
>Severity:       serious
>Priority:       high
>Responsible:    freebsd-ipfw
>State:          closed
>Quarter:        
>Keywords:       
>Date-Required:  
>Class:          sw-bug
>Submitter-Id:   current-users
>Arrival-Date:   Mon Apr 02 05:40:04 GMT 2007
>Closed-Date:    Wed Apr 04 17:12:12 PDT 2007
>Last-Modified:  Wed Apr 04 17:12:12 PDT 2007
>Originator:     Jukka A. Ukkonen
>Release:        FreeBSD 6.2-STABLE (2007-04-01)
>Organization:
private
>Environment:
FreeBSD mjolnir 6.2-STABLE FreeBSD 6.2-STABLE #0: Sun Apr  1 16:59:00 EET DST 2007     root@mjolnir:/usr/obj/usr/src/sys/Mjolnir  i386
>Description:
After the latest updates to ipfw2 it has started complaining
"ipfw: opcode 50 size 2 wrong"
Apparently this also causes the rest of the rules to be rejected starting
from the rule triggering the opcode error.

As a side effect one firewall instance that has been using ipfw2 has stopped
passing packets out through it internal interface, because the rules allowing
the internal transmissions are no longer loaded.

If I counted correctly the opcodes in the header file,
opcode 50 corresponds to the "pipe" rules.

In the ipfw2 instance in which the problem was found there are only a few
pipe related rules...

pipe 100 config bw 512kbit/s
pipe 101 config bw 128Kbit/s
add 04500 pipe 101 tcp from SLOWLANE to any 80,443 
add 65533 pipe 100 tcp from any 80,443 to SLOWLANE

It seems that ipfw gives up when trying the rule 04500.

The SLOWLANE in capital letters is a macro which expands to "table(13)".
This table is intended to hold a dynamically adjustable list of bandwidth
hog internal addresses. Initially it is an empty table.


>How-To-Repeat:
Try enough rules triggering opcode 50 (pipe) I guess.

>Fix:
None yet.
>Release-Note:
>Audit-Trail:
Responsible-Changed-From-To: freebsd-bugs->freebsd-ipfw 
Responsible-Changed-By: remko 
Responsible-Changed-When: Mon Apr 2 05:56:31 UTC 2007 
Responsible-Changed-Why:  
Over to ipfw maintainers 

http://www.freebsd.org/cgi/query-pr.cgi?pr=111121 
State-Changed-From-To: open->closed 
State-Changed-By: julian 
State-Changed-When: Wed Apr 4 17:11:48 PDT 2007 
State-Changed-Why:  
MFC reverted. 



http://www.freebsd.org/cgi/query-pr.cgi?pr=111121 
>Unformatted:
