Bug 212576

Summary: vnet jail startup and shutdown destroys ipfw object rewriter list
Product: Base System Reporter: John Zielinski <avernar>
Component: kernAssignee: freebsd-net (Nobody) <net>
Status: Closed FIXED    
Severity: Affects Only Me CC: ae, bz, crest, crest, melifaro, pi
Priority: ---    
Version: 11.0-RC1   
Hardware: Any   
OS: Any   
See Also: https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=212105
https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=212077
https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=212649
Attachments:
Description Flags
patch to fix the problem none

Description John Zielinski 2016-09-11 03:25:04 UTC 
In ip_fw2.c the functions ipfw_init_obj_rewriter and ipfw_destroy_obj_rewriter are called per vnet but the ctl3_rewriters and ctl3_rsize variables in ip_fw_sockopt.c file are system global.

This causes the rewriter list to be wiped out on vnet startup (and again at vnet shutdown but that has no effect on a now empty list).  The result is a very small memory leak in the kernel and the "ipfw list" command will segfault if tables are defined as the kernel will not return the table names.

Running 11.0-RC2 but it wasn't in the list.
Comment 1 John Zielinski 2016-09-16 16:13:31 UTC 
Created attachment 174843 [details]
patch to fix the problem

I attached a patch I made for my system to get things going.  Any issues in moving those two function calls from the vnet init/uninit to the module init/destroy?
Comment 2 commit-hook freebsd_committer freebsd_triage 2016-09-18 17:35:46 UTC 
A commit references this bug:

Author: ae
Date: Sun Sep 18 17:35:17 UTC 2016
New revision: 305940
URL: https://svnweb.freebsd.org/changeset/base/305940

Log:
  Move opcode rewriter init and destroy handlers into non-VENT code.

  PR:		212576,212649,212077
  Submitted by:	John Zielinski
  MFC after:	1 week

Changes:
  head/sys/netpfil/ipfw/ip_fw2.c
Comment 3 commit-hook freebsd_committer freebsd_triage 2016-09-30 03:28:08 UTC 
A commit references this bug:

Author: ae
Date: Fri Sep 30 03:27:07 UTC 2016
New revision: 306475
URL: https://svnweb.freebsd.org/changeset/base/306475

Log:
  MFC r305940:
    Move opcode rewriter init and destroy handlers into non-VNET code.

    PR:		212576,212649,212077
    Submitted by:	John Zielinski

Changes:
_U  stable/11/
  stable/11/sys/netpfil/ipfw/ip_fw2.c
Comment 4 Andrey V. Elsukov freebsd_committer freebsd_triage 2016-09-30 03:36:42 UTC 
Fixed in head/ and stable/11. Thanks!
Comment 5 Jan Bramkamp 2016-09-30 06:57:53 UTC 
Any chance for this to be included in an errata in FreeBSD 11.0 (releng/11.0)?