From nobody@FreeBSD.org  Mon Sep  8 15:02:29 2008
Return-Path: <nobody@FreeBSD.org>
Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34])
	by hub.freebsd.org (Postfix) with ESMTP id 7D4E31065672
	for <freebsd-gnats-submit@FreeBSD.org>; Mon,  8 Sep 2008 15:02:29 +0000 (UTC)
	(envelope-from nobody@FreeBSD.org)
Received: from www.freebsd.org (www.freebsd.org [IPv6:2001:4f8:fff6::21])
	by mx1.freebsd.org (Postfix) with ESMTP id 6F1C38FC19
	for <freebsd-gnats-submit@FreeBSD.org>; Mon,  8 Sep 2008 15:02:29 +0000 (UTC)
	(envelope-from nobody@FreeBSD.org)
Received: from www.freebsd.org (localhost [127.0.0.1])
	by www.freebsd.org (8.14.2/8.14.2) with ESMTP id m88F2S97026826
	for <freebsd-gnats-submit@FreeBSD.org>; Mon, 8 Sep 2008 15:02:28 GMT
	(envelope-from nobody@www.freebsd.org)
Received: (from nobody@localhost)
	by www.freebsd.org (8.14.2/8.14.1/Submit) id m88F2S4a026825;
	Mon, 8 Sep 2008 15:02:28 GMT
	(envelope-from nobody)
Message-Id: <200809081502.m88F2S4a026825@www.freebsd.org>
Date: Mon, 8 Sep 2008 15:02:28 GMT
From: Pawel Szember <pawel@szember.net>
To: freebsd-gnats-submit@FreeBSD.org
Subject: IPFW table become corrupted after many changes
X-Send-Pr-Version: www-3.1
X-GNATS-Notify:

>Number:         127209
>Category:       kern
>Synopsis:       [ipfw] IPFW table become corrupted after many changes
>Confidential:   no
>Severity:       non-critical
>Priority:       medium
>Responsible:    freebsd-ipfw
>State:          closed
>Quarter:        
>Keywords:       
>Date-Required:  
>Class:          sw-bug
>Submitter-Id:   current-users
>Arrival-Date:   Mon Sep 08 15:10:03 UTC 2008
>Closed-Date:    Sun Oct 02 15:59:40 UTC 2011
>Last-Modified:  Sun Oct 02 15:59:40 UTC 2011
>Originator:     Pawel Szember
>Release:        7.0-STABLE
>Organization:
Marsoft S.A.
>Environment:
FreeBSD skarzynskiego.marsoft.net 7.0-STABLE FreeBSD 7.0-STABLE #0: Thu Jul  3 13:47:26 CEST 2008     root@skarzynskiego.marsoft.net:/usr/obj/usr/src/sys/MARSOFT  amd64

>Description:
from time to time  some tables (that are often changed) become 'corrupted'
with entries that cannot be deleted or flushed


root@[skarzynskiego] ~/adm# ipfw table 127 list
13.1.1.1/32 0
85.31.226.183/32 0
root@[skarzynskiego] ~/adm# ipfw table 127 flush
root@[skarzynskiego] ~/adm# ipfw table 127 list
85.31.226.183/32 0
root@[skarzynskiego] ~/adm# ipfw table 127 add 1.1.1.1
root@[skarzynskiego] ~/adm# ipfw table 127 list
1.1.1.1/32 0
85.31.226.183/32 0
root@[skarzynskiego] ~/adm# ipfw table 127 flush
root@[skarzynskiego] ~/adm# ipfw table 127 list
85.31.226.183/32 0
root@[skarzynskiego] ~/adm# ipfw table 127 delete 85.31.226.183/32
ipfw: setsockopt(IP_FW_TABLE_DEL): No such process


there is no way to delete 85.31.226.183/32 from a table
There is also a problem with matching ipfw rules with this table.
Some packets (with IP that is not in the table) matches a rule eg:

fwd localhost,80  log logamount 0 tcp from table\(127\) to any 80

while they are not listed in table 127 

>How-To-Repeat:

the problem is quite random and happens on various machines under heavy
load of traffic (400+ mbps) with frequent changes and flushes of tables
(eg. flushed table and than 2000 added entries at the moment every 5 minutes )

>Fix:


>Release-Note:
>Audit-Trail:
Responsible-Changed-From-To: freebsd-bugs->freebsd-ipfw 
Responsible-Changed-By: linimon 
Responsible-Changed-When: Mon Sep 8 22:17:26 UTC 2008 
Responsible-Changed-Why:  
Over to maintainer(s). 

http://www.freebsd.org/cgi/query-pr.cgi?pr=127209 
State-Changed-From-To: open->feedback 
State-Changed-By: ae 
State-Changed-When: Thu Jul 7 08:52:47 UTC 2011 
State-Changed-Why:  
Can you reproduce this on 8.x+ releases? 

http://www.freebsd.org/cgi/query-pr.cgi?pr=127209 
State-Changed-From-To: feedback->closed 
State-Changed-By: ae 
State-Changed-When: Sun Oct 2 15:57:15 UTC 2011 
State-Changed-Why:  
Seems 8.x releases don't affected with this problem. I guess it is fixed. 

http://www.freebsd.org/cgi/query-pr.cgi?pr=127209 
>Unformatted:
