https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=284691
Bug ID: 284691
Summary: ipfw table value corruption (addr table and flow
table)
Product: Base System
Version: 14.2-RELEASE
Hardware: amd64
OS: Any
Status: New
Severity: Affects Some People
Priority: ---
Component: kern
Assignee: b...@freebsd.org
Reporter: j...@jimby.name
My goal is to create a table of addresses and connection limits such that the
lookup of an address in the table returns a limit value for connections from
that address.
The table gets created, but the limit value gets corrupted.
To replicate:
1. Create the table: "ipfw table foo create type addr valtype limit"
2. Add a record: "ipfw table foo add 10.10.10.20 3"
# ipfw table foo add 10.10.10.20 3
added: 10.10.10.20/32 3
Added value-----------^
# ipfw table foo list
10.10.10.20/32 0
Corrupt value--^
Proceeding anyway...
3. Create a rule "ipfw add 1000 allow udp from 'table(foo)' to me limit
src-addr tablearg"
The rule is accepted, but it does not allow any traffic to pass due to the
corrupted value.
The log entry is:
Feb 9 14:12:46 firewall kernel: ipfw: 1000 drop session type 40 10.10.10.20 0
-> 0.0.0.0 0, 0 too many entries
Additional note:
The same corruption happens on a flow table:
# ipfw table foo create type flow:src-ip,dst-port valtype limit
#
# ipfw table foo add 10.10.10.20,5656 3
added: 10.10.10.20,5656 3
#
# ipfw table foo list
10.10.10.20,5656 0
#
--
You are receiving this mail because:
You are the assignee for the bug.
