Bug 218993

Summary: [patch] [ipfw] ipfw(8) may fail to remove rules
Product: Base System Reporter: Eugene Grosbein <eugen>
Component: binAssignee: Andrey V. Elsukov <ae>
Status: Closed FIXED    
Severity: Affects Some People CC: ae, marius, oleg
Priority: --- Keywords: patch
Version: 11.0-STABLE   
Hardware: Any   
OS: Any   
Attachments:
Description Flags
clean structures before reusing none

Description Eugene Grosbein freebsd_committer freebsd_triage 2017-05-01 12:36:20 UTC 
Created attachment 182222 [details]
clean structures before reusing

Let's try this in a shell:

# n=32
# for i in $(jot $n 1); do
> ipfw -q add 1 count ip from any to any
> ipfw -q add 2 count ip from any to any
> done
# ipfw delete 1 2
ipfw: rule 2: setsockopt(IP_FW_XDEL): Invalid argument

Rules numbered 1 got deleted, rules numbered 2 do not.
Note that problem does not manifest if n<32.

A bug is in /sbin/ipfw's ipfw_delete() function that fails to clean "rt" structure before each iteration. ipfw_zero() function has similar problem.

Attached patch fixes this.
Comment 1 commit-hook freebsd_committer freebsd_triage 2017-05-02 01:04:33 UTC 
A commit references this bug:

Author: ae
Date: Tue May  2 01:03:59 UTC 2017
New revision: 317663
URL: https://svnweb.freebsd.org/changeset/base/317663

Log:
  Properly initialize ipfw_range_tlv variable to fix possible EINVAL
  in case when ipfw delete/zero/resetlog command issued for several rules
  in the loop. Also reorder some variables by size.

  PR:		218993
  MFC after:	1 week

Changes:
  head/sbin/ipfw/ipfw2.c
Comment 2 commit-hook freebsd_committer freebsd_triage 2017-05-10 05:03:40 UTC 
A commit references this bug:

Author: ae
Date: Wed May 10 05:02:38 UTC 2017
New revision: 318132
URL: https://svnweb.freebsd.org/changeset/base/318132

Log:
  MFC r317663:
    Properly initialize ipfw_range_tlv variable to fix possible EINVAL
    in case when ipfw delete/zero/resetlog command issued for several rules
    in the loop. Also reorder some variables by size.

    PR:		218993

Changes:
_U  stable/11/
  stable/11/sbin/ipfw/ipfw2.c