Bug 284691 - ipfw table value corruption (addr table and flow table)
Summary: ipfw table value corruption (addr table and flow table)
Status: In Progress
Alias: None
Product: Base System
Classification: Unclassified
Component: kern (show other bugs)
Version: 14.2-RELEASE
Hardware: amd64 Any
: --- Affects Some People
Assignee: Andrey V. Elsukov
URL:
Keywords:
Depends on:
Blocks:
 
Reported: 2025-02-09 19:58 UTC by Jim B.
Modified: 2025-02-17 07:42 UTC (History)
1 user (show)

See Also:
linimon: mfc-stable14?
linimon: mfc-stable13?

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.
Description Jim B. 2025-02-09 19:58:29 UTC 
My goal is to create a table of addresses and connection limits such that the lookup of an address in the table returns a limit value for connections from that address.

The table gets created, but the limit value gets corrupted.

To replicate:

1. Create the table: "ipfw table foo create type addr valtype limit"

2. Add a record:  "ipfw table foo add 10.10.10.20 3"

# ipfw table foo add 10.10.10.20 3
added: 10.10.10.20/32 3
Added value-----------^

# ipfw table foo list
10.10.10.20/32 0
Corrupt value--^

Proceeding anyway...

3. Create a rule  "ipfw add 1000 allow udp from 'table(foo)' to me limit src-addr tablearg"

The rule is accepted, but it does not allow any traffic to pass due to the corrupted value.

The log entry is:
Feb  9 14:12:46 firewall kernel: ipfw: 1000 drop session type 40 10.10.10.20 0 -> 0.0.0.0 0, 0 too many entries

Additional note:

The same corruption happens on a flow table:
# ipfw table foo create type flow:src-ip,dst-port valtype limit
# 
# ipfw table foo add 10.10.10.20,5656 3
added: 10.10.10.20,5656 3
# 
# ipfw table foo list
10.10.10.20,5656 0
#
Comment 1 commit-hook freebsd_committer freebsd_triage 2025-02-10 08:02:22 UTC 
A commit in branch main references this bug:

URL: https://cgit.FreeBSD.org/src/commit/?id=95ab7b3223c08cf48ccf764815523ea995a7ea0e

commit 95ab7b3223c08cf48ccf764815523ea995a7ea0e
Author:     Andrey V. Elsukov <ae@FreeBSD.org>
AuthorDate: 2025-02-10 07:58:23 +0000
Commit:     Andrey V. Elsukov <ae@FreeBSD.org>
CommitDate: 2025-02-10 07:58:23 +0000

    ipfw: add missing initializer for 'limit' table value

    PR:             284691
    MFC after:      1 week

 sys/netpfil/ipfw/ip_fw_table_value.c | 1 +
 1 file changed, 1 insertion(+)
Comment 2 Mark Linimon freebsd_committer freebsd_triage 2025-02-14 20:31:16 UTC 
^Triage: assign to committer.  Set flags for possible MFCs if desired.
Comment 3 commit-hook freebsd_committer freebsd_triage 2025-02-17 07:35:24 UTC 
A commit in branch stable/14 references this bug:

URL: https://cgit.FreeBSD.org/src/commit/?id=09def8d654e7be0454925ab57c4e6e1d1d173911

commit 09def8d654e7be0454925ab57c4e6e1d1d173911
Author:     Andrey V. Elsukov <ae@FreeBSD.org>
AuthorDate: 2025-02-10 07:58:23 +0000
Commit:     Andrey V. Elsukov <ae@FreeBSD.org>
CommitDate: 2025-02-17 07:33:59 +0000

    ipfw: add missing initializer for 'limit' table value

    PR:             284691

    (cherry picked from commit 95ab7b3223c08cf48ccf764815523ea995a7ea0e)

 sys/netpfil/ipfw/ip_fw_table_value.c | 1 +
 1 file changed, 1 insertion(+)
Comment 4 commit-hook freebsd_committer freebsd_triage 2025-02-17 07:42:27 UTC 
A commit in branch stable/13 references this bug:

URL: https://cgit.FreeBSD.org/src/commit/?id=ff2588f2ac0a7a4d15496e2654f22d4d300037bf

commit ff2588f2ac0a7a4d15496e2654f22d4d300037bf
Author:     Andrey V. Elsukov <ae@FreeBSD.org>
AuthorDate: 2025-02-10 07:58:23 +0000
Commit:     Andrey V. Elsukov <ae@FreeBSD.org>
CommitDate: 2025-02-17 07:40:29 +0000

    ipfw: add missing initializer for 'limit' table value

    PR:             284691

    (cherry picked from commit 95ab7b3223c08cf48ccf764815523ea995a7ea0e)

 sys/netpfil/ipfw/ip_fw_table_value.c | 1 +
 1 file changed, 1 insertion(+)