From nobody@FreeBSD.org  Mon Sep 28 23:47:33 2009
Return-Path: <nobody@FreeBSD.org>
Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34])
	by hub.freebsd.org (Postfix) with ESMTP id AB237106566B
	for <freebsd-gnats-submit@FreeBSD.org>; Mon, 28 Sep 2009 23:47:33 +0000 (UTC)
	(envelope-from nobody@FreeBSD.org)
Received: from www.freebsd.org (www.freebsd.org [IPv6:2001:4f8:fff6::21])
	by mx1.freebsd.org (Postfix) with ESMTP id 9AA928FC12
	for <freebsd-gnats-submit@FreeBSD.org>; Mon, 28 Sep 2009 23:47:33 +0000 (UTC)
Received: from www.freebsd.org (localhost [127.0.0.1])
	by www.freebsd.org (8.14.3/8.14.3) with ESMTP id n8SNlX9N063674
	for <freebsd-gnats-submit@FreeBSD.org>; Mon, 28 Sep 2009 23:47:33 GMT
	(envelope-from nobody@www.freebsd.org)
Received: (from nobody@localhost)
	by www.freebsd.org (8.14.3/8.14.3/Submit) id n8SNlX20063673;
	Mon, 28 Sep 2009 23:47:33 GMT
	(envelope-from nobody)
Message-Id: <200909282347.n8SNlX20063673@www.freebsd.org>
Date: Mon, 28 Sep 2009 23:47:33 GMT
From: Chris St Denis <chris@smartt.com>
To: freebsd-gnats-submit@FreeBSD.org
Subject: ipfw: install_state: entry already present, done
X-Send-Pr-Version: www-3.1
X-GNATS-Notify:

>Number:         139226
>Category:       kern
>Synopsis:       [ipfw] install_state: entry already present, done
>Confidential:   no
>Severity:       non-critical
>Priority:       medium
>Responsible:    freebsd-ipfw
>State:          closed
>Quarter:        
>Keywords:       
>Date-Required:  
>Class:          sw-bug
>Submitter-Id:   current-users
>Arrival-Date:   Mon Sep 28 23:50:01 UTC 2009
>Closed-Date:    Wed Jun 08 05:01:31 UTC 2011
>Last-Modified:  Wed Jun 08 05:01:31 UTC 2011
>Originator:     Chris St Denis
>Release:        7.2
>Organization:
>Environment:
FreeBSD webs2.smartt.com 7.2-RELEASE-p2 FreeBSD 7.2-RELEASE-p2 #0: Wed Jun 24 00:14:35 UTC 2009     root@amd64-builder.daemonology.net:/usr/obj/usr/src/sys/GENERIC  amd64
>Description:
The simple IPFW stateful firewall rule 
"allow udp from me to any keep-state"

in conjunction with named running as a slave for several zones (not published, just replicating)

causes repeated kernel messages 
"ipfw: install_state: entry already present, done"


I doubt named is the actual cause of this of course. The master/slave udp chatter is just a source that triggers this error. I couldn't reproduce the message using something like nc -u, but somebody more familiar with this may be able to.
>How-To-Repeat:
Firewall config
================
Minimum rules method:
--------
Load the firewall as a kernel modue
#kldload ipfw

Add a keep-state UDP rule to the firewall
ipfw add allow udp from me to any keep-state

Alternate method
--------
set the following rc.conf variables to use somewhat more complex built-in "workstation" rule set

firewall_enable="yes"
firewall_type="workstation"


Named config
============
edit name.conf 
Add slave zones. Master server does not need to allow access for this to be triggered, just the slave trying to connect is enough.
>Fix:


>Release-Note:
>Audit-Trail:
Responsible-Changed-From-To: freebsd-bugs->freebsd-ipfw 
Responsible-Changed-By: linimon 
Responsible-Changed-When: Tue Sep 29 02:29:28 UTC 2009 
Responsible-Changed-Why:  
Over to maintainer(s). 

http://www.freebsd.org/cgi/query-pr.cgi?pr=139226 

From: Chris St Denis <chris@smartt.com>
To: bug-followup@FreeBSD.org, chris@smartt.com
Cc:  
Subject: Re: kern/139226: [ipfw] install_state: entry already present, done
Date: Fri, 16 Oct 2009 16:21:31 -0700

 I tested this in other versions of FreeBSD by downgrading to 6.4, 7.0, & 
 7.1 with freebsd-update. None of the other version experianced this 
 behavior. However when going back to 7.2 (with freebsd-update) the error 
 returned.
 
 Seems to be a regression in 7.2
 
 -- 
 Chris St Denis
 Programmer
 SmarttNet (www.smartt.com)
 Ph: 604-473-9700 Ext. 200
 -------------------------------------------
 "Smart Internet Solutions For Businesses" 
 

From: Chris St Denis <chris@smartt.com>
To: bug-followup@FreeBSD.org
Cc:  
Subject: Re: kern/139226: [ipfw] install_state: entry already present, done
Date: Tue, 08 Dec 2009 09:21:48 -0800

 I just tested this with 8.0-RELEASE, 8.0-STABLE, and 9.0-CURRENT and the 
 bug still exists on those versions.

From: Nikolay Denev <ndenev@gmail.com>
To: bug-followup@FreeBSD.org
Cc:  
Subject: Re: kern/139226: [ipfw] install_state: entry already present, done
Date: Mon, 13 Dec 2010 18:38:29 +0200

 Just got a lot of the same messages "ipfw: ipfw_install_state: entry =
 already present, done"
 on a 8.2-PRERELEASE from Fri Dec 10 05:17:02 CET 2010
 
 
State-Changed-From-To: open->patched 
State-Changed-By: ae 
State-Changed-When: Mon Jun 6 07:20:35 UTC 2011 
State-Changed-Why:  
Patched in head/ with r222559. 

http://www.freebsd.org/cgi/query-pr.cgi?pr=139226 

From: dfilter@FreeBSD.ORG (dfilter service)
To: bug-followup@FreeBSD.org
Cc:  
Subject: Re: kern/139226: commit references a PR
Date: Wed,  8 Jun 2011 04:50:42 +0000 (UTC)

 Author: ae
 Date: Wed Jun  8 04:50:23 2011
 New Revision: 222849
 URL: http://svn.freebsd.org/changeset/base/222849
 
 Log:
   MFC r222559:
     Hide useless warning under debug macro.
   
     PR:		kern/69963, kern/139226
 
 Modified:
   stable/8/sys/netinet/ipfw/ip_fw_dynamic.c
 Directory Properties:
   stable/8/sys/   (props changed)
   stable/8/sys/amd64/include/xen/   (props changed)
   stable/8/sys/cddl/contrib/opensolaris/   (props changed)
   stable/8/sys/contrib/dev/acpica/   (props changed)
   stable/8/sys/contrib/pf/   (props changed)
 
 Modified: stable/8/sys/netinet/ipfw/ip_fw_dynamic.c
 ==============================================================================
 --- stable/8/sys/netinet/ipfw/ip_fw_dynamic.c	Wed Jun  8 04:06:56 2011	(r222848)
 +++ stable/8/sys/netinet/ipfw/ip_fw_dynamic.c	Wed Jun  8 04:50:23 2011	(r222849)
 @@ -753,11 +753,12 @@ ipfw_install_state(struct ip_fw *rule, i
  	q = lookup_dyn_rule_locked(&args->f_id, NULL, NULL);
  
  	if (q != NULL) {	/* should never occur */
 +		DEB(
  		if (last_log != time_uptime) {
  			last_log = time_uptime;
  			printf("ipfw: %s: entry already present, done\n",
  			    __func__);
 -		}
 +		})
  		IPFW_DYN_UNLOCK();
  		return (0);
  	}
 _______________________________________________
 svn-src-all@freebsd.org mailing list
 http://lists.freebsd.org/mailman/listinfo/svn-src-all
 To unsubscribe, send any mail to "svn-src-all-unsubscribe@freebsd.org"
 

From: dfilter@FreeBSD.ORG (dfilter service)
To: bug-followup@FreeBSD.org
Cc:  
Subject: Re: kern/139226: commit references a PR
Date: Wed,  8 Jun 2011 04:54:41 +0000 (UTC)

 Author: ae
 Date: Wed Jun  8 04:54:22 2011
 New Revision: 222850
 URL: http://svn.freebsd.org/changeset/base/222850
 
 Log:
   MFC r222559:
     Hide useless warning under debug macro.
   
     PR:           kern/69963, kern/139226
   
     This is direct commit to stable/7.
 
 Modified:
   stable/7/sys/netinet/ip_fw2.c
 Directory Properties:
   stable/7/sys/   (props changed)
   stable/7/sys/cddl/contrib/opensolaris/   (props changed)
   stable/7/sys/contrib/dev/acpica/   (props changed)
   stable/7/sys/contrib/pf/   (props changed)
 
 Modified: stable/7/sys/netinet/ip_fw2.c
 ==============================================================================
 --- stable/7/sys/netinet/ip_fw2.c	Wed Jun  8 04:50:23 2011	(r222849)
 +++ stable/7/sys/netinet/ip_fw2.c	Wed Jun  8 04:54:22 2011	(r222850)
 @@ -1460,11 +1460,12 @@ install_state(struct ip_fw *rule, ipfw_i
  	q = lookup_dyn_rule_locked(&args->f_id, NULL, NULL);
  
  	if (q != NULL) {	/* should never occur */
 +		DEB(
  		if (last_log != time_uptime) {
  			last_log = time_uptime;
  			printf("ipfw: %s: entry already present, done\n",
  			    __func__);
 -		}
 +		})
  		IPFW_DYN_UNLOCK();
  		return (0);
  	}
 _______________________________________________
 svn-src-all@freebsd.org mailing list
 http://lists.freebsd.org/mailman/listinfo/svn-src-all
 To unsubscribe, send any mail to "svn-src-all-unsubscribe@freebsd.org"
 
State-Changed-From-To: patched->closed 
State-Changed-By: ae 
State-Changed-When: Wed Jun 8 05:01:10 UTC 2011 
State-Changed-Why:  
Merged to stable/8 and stable/7. 

http://www.freebsd.org/cgi/query-pr.cgi?pr=139226 
>Unformatted:
