Hi,
I tested your change and can confirm that it fixes the issue.
Ari S.
On 1.8.2019 21.19, Kyle Evans wrote:
On Thu, Aug 1, 2019 at 8:43 AM Kyle Evans <kev...@freebsd.org> wrote:
On Thu, Aug 1, 2019 at 1:38 AM Ari Suutari via freebsd-stable
<freebsd-stable@freebsd.org> wrote:
Hi,
We have a lot of servers using jails and ipfw rules with
numeric jail ids to limit acess between them (something
like 'allow tcp from from me to me 8086 jail 1 keep-state').
This has been working very well for ages. Yesterday, we upgraded
first of these servers to 11.3. During boot there are now messages
like 'ipfw: jail 1 not found' and the rules are not loaded.
I tracked this down to:
https://reviews.freebsd.org/rS348304
ipfw calls jail_getid, which used to just return the id without checking
if string was numeric. In 11.3, the function has been changed to actually
check if the jail with given id exists.
This doesn't really work in ipfw's context as the rules are loaded before
the jails are actually created.
Ari S.
Hi,
I've CC'd Andrey, who tends to work in this area. Apologies for not
catching the breakage- I'll whip up a patch unless Andrey objects, but
this area feels a bit finnicky. I think a couple of things need to
happen:
1.) To fix things -right now-, ipfw should fall back to strtoul if
jail_getid fails and only error out if strtoul fails. This restores
the functional status quo and still uses jail_getid properly, which is
documented to return -1 if the jail does not exist.
I've created a review for this at [0] -- I can't test it, though, so
some testing would be appreciated.
Thanks,
Kyle Evans
[0] https://reviews.freebsd.org/D21128
_______________________________________________
freebsd-stable@freebsd.org mailing list
https://lists.freebsd.org/mailman/listinfo/freebsd-stable
To unsubscribe, send any mail to "freebsd-stable-unsubscr...@freebsd.org"
_______________________________________________
freebsd-stable@freebsd.org mailing list
https://lists.freebsd.org/mailman/listinfo/freebsd-stable
To unsubscribe, send any mail to "freebsd-stable-unsubscr...@freebsd.org"
