Bug 180731 - [ipfw] problem with displaying 255.255.255.255 address in ipfw table
Summary: [ipfw] problem with displaying 255.255.255.255 address in ipfw table
Status: Open
Alias: None
Product: Base System
Classification: Unclassified
Component: kern (show other bugs)
Version: Unspecified
Hardware: Any Any
: Normal Affects Some People
Assignee: freebsd-ipfw (Nobody)
URL:
Keywords:
Depends on:
Blocks:
 
Reported: 2013-07-21 23:00 UTC by dv
Modified: 2020-07-25 23:50 UTC (History)
2 users (show)

See Also:


Attachments

Note You need to log in before you can comment on or make changes to this bug.
Description dv 2013-07-21 23:00:00 UTC
There is a problem with listing 255.255.255.255 (broadcast address) in ipfw table. You can add/delete 255.255.255.255 address in ipfw tables, but I can't see it in 'ipfw table all list' output.

[#router:/]# ipfw table 7 list
127.0.0.0/8 0
224.0.0.0/4 0
[#router:/]# ipfw table 7 add 255.255.255.255
[#router:/]# ipfw table 7 list
127.0.0.0/8 0
224.0.0.0/4 0
[#router:/]# ipfw table 7 add 255.255.255.255
ipfw: setsockopt(IP_FW_TABLE_XADD): File exists
[#router:/]# ipfw table 7 delete 255.255.255.255
[#router:/]# ipfw table 7 list
127.0.0.0/8 0
224.0.0.0/4 0
[#router:/]# ipfw table 7 add 255.255.255.255
[#router:/]# ipfw table 7 list
127.0.0.0/8 0
224.0.0.0/4 0
[#router:/]# ipfw table 7 add 10.100.0.0/28
[#router:/]# ipfw table 7 list
127.0.0.0/8 0
224.0.0.0/4 0
10.100.0.0/28
[#router:/]#

Fix: 

There is no fix right now.
How-To-Repeat: /sbin/ipfw table 1 list
/sbin/ipfw table 1 add 255.255.255.255
/sbin/ipfw table 1 list
/sbin/ipfw table 1 add 255.255.255.255
/sbin/ipfw table 1 list
/sbin/ipfw table 1 delete 255.255.255.255
/sbin/ipfw table 1 list
Comment 1 Mark Linimon freebsd_committer freebsd_triage 2013-07-26 22:47:32 UTC
Responsible Changed
From-To: freebsd-bugs->freebsd-ipfw

Over to maintainer(s).
Comment 2 dv 2015-03-14 15:01:24 UTC
Exactly the same problem I see on FreeBSD 10.
FreeBSD 10.1-RELEASE-p6 GENERIC  amd64
Comment 3 smithi 2015-03-14 15:49:30 UTC
Confirming that this issue existed on 8.2 and <cough> 5.5-stable.
On 8.2 anyway, while the table entry is not listed, it does work:

t23# ipfw table all list
t23# ipfw table 9 add 255.255.255.255
t23# ipfw table 9 add 255.255.255.255
ipfw: setsockopt(IP_FW_TABLE_ADD): File exists
t23# ipfw table 9 list
t23# ipfw add 1000 count log ip4 from any to table\(9\)
01000 count log ip4 from any to table(9)
t23# ping 255.255.255.255
PING 255.255.255.255 (255.255.255.255): 56 data bytes
^C
--- 255.255.255.255 ping statistics ---
3 packets transmitted, 0 packets received, 100.0% packet loss
t23# ipfw -t show
01000         3          252 Sun Mar 15 02:23:41 2015 count log ip4 from any to table(9)
32000 156669252 124704530958 Sun Mar 15 02:23:48 2015 allow ip from any to any
65535         0            0                         deny ip from any to any
t23# tail -2 /var/log/security
Mar 15 02:23:39 t23 kernel: ipfw: 1000 Count ICMP:8.0 10.1.1.7 255.255.255.255 out via fxp0
Mar 15 02:23:41 t23 last message repeated 2 times
Comment 4 Rodney W. Grimes freebsd_committer 2018-03-18 09:28:24 UTC
This is probably the same as in https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=226688.

I understand a desire to have the 255.255.255.255, but this is really a degenerate form in both bug reports of 240.0.0.0/4 as that already covers this range in its use, the 255.255.255.255 is not needed in the table in any way, it servers no additional purpose.

The example here though does not include 240/4 for some reason, which it probably should be in the table if they are attempting to block reserved or unlikely to be in use IP addresses.

I agree there is a bug, but I also assert that it is a very low priority to spend a great deal of effort to fix.  If there is a simple fix in the radix code or an interface error has been made, then great, lets get it fixed.
Comment 5 Mark Linimon freebsd_committer freebsd_triage 2020-07-25 23:50:36 UTC
^Triage: this does not currently appear to be "in progress".