Bug 241013 - ipfw: Silence firewall_logif on ipfw service restart
Summary: ipfw: Silence firewall_logif on ipfw service restart
Status: Closed FIXED
Alias: None
Product: Base System
Classification: Unclassified
Component: conf (show other bugs)
Version: CURRENT
Hardware: Any Any
: --- Affects Only Me
Assignee: Lutz Donnerhacke
URL:
Keywords: patch
Depends on:
Blocks:
 
Reported: 2019-10-02 13:51 UTC by Jose Luis Duran
Modified: 2021-05-03 10:31 UTC (History)
2 users (show)

See Also:


Attachments
Silence firewall_logif on ipfw service restart (390 bytes, patch)
2019-10-02 13:51 UTC, Jose Luis Duran
no flags Details | Diff
Disable logging and destroy ipfw0 interface upon service stop (522 bytes, patch)
2020-07-07 08:49 UTC, Jose Luis Duran
no flags Details | Diff
Disable the interface ipfw0 upon service stop (402 bytes, patch)
2020-07-07 15:55 UTC, Jose Luis Duran
no flags Details | Diff
Less destructive approach (503 bytes, patch)
2020-07-13 11:43 UTC, Jose Luis Duran
no flags Details | Diff
Tell the user if the interface already existed (593 bytes, patch)
2020-07-13 13:11 UTC, Jose Luis Duran
no flags Details | Diff

Note You need to log in before you can comment on or make changes to this bug.
Description Jose Luis Duran 2019-10-02 13:51:19 UTC
Created attachment 208032 [details]
Silence firewall_logif on ipfw service restart

Once the ipfw0 interface has been created, ifconfig(8) create will throw a warning: `ifconfig: create: bad value' when trying to create it again.
    
This patch silences it.
Comment 1 Jose Luis Duran 2020-07-07 08:36:49 UTC
(In reply to Jose Luis Duran from comment #0)

The warning message is more descriptive now.  Not sure if silencing it is really a benefit:

    ifconfig: interface ipfw0 already exists
Comment 2 Jose Luis Duran 2020-07-07 08:49:55 UTC
Created attachment 216277 [details]
Disable logging and destroy ipfw0 interface upon service stop

Second option just in case.
Comment 3 Lutz Donnerhacke freebsd_committer 2020-07-07 15:51:18 UTC
I oppose this approach.

Modifying a sysctl value in the background is surprising to the user.

I do not see any code for retaining the old value for the next usage. So if the service is restarted, the log-sysctl value will unconditionally lost and any new messages will be suppressed.
Comment 4 Jose Luis Duran 2020-07-07 15:54:22 UTC
(In reply to lutz from comment #3)

That is understandable. Attached is patch3 (also just in case) which disables only the interface.
Comment 5 Jose Luis Duran 2020-07-07 15:55:31 UTC
Created attachment 216298 [details]
Disable the interface ipfw0 upon service stop

Destroy just the interface and leave the sysctl on. (option 3).
Comment 6 Jose Luis Duran 2020-07-13 11:43:22 UTC
Created attachment 216416 [details]
Less destructive approach

Take 4: Do not attempt to create interface if it already exists.
Comment 7 Jose Luis Duran 2020-07-13 13:11:03 UTC
Created attachment 216419 [details]
Tell the user if the interface already existed
Comment 8 Lutz Donnerhacke freebsd_committer 2021-05-02 20:55:50 UTC
Please have a look at: https://reviews.freebsd.org/D30083
Comment 9 commit-hook freebsd_committer 2021-05-03 10:29:16 UTC
A commit in branch main references this bug:

URL: https://cgit.FreeBSD.org/src/commit/?id=5c4fe2ac81a5e05062266d684fb53b9faefd0d38

commit 5c4fe2ac81a5e05062266d684fb53b9faefd0d38
Author:     Lutz Donnerhacke <donner@FreeBSD.org>
AuthorDate: 2021-05-02 20:47:04 +0000
Commit:     Lutz Donnerhacke <donner@FreeBSD.org>
CommitDate: 2021-05-03 10:27:20 +0000

    service/ipfw: Silence warning on restart

    Once the ipfw0 interface has been created, ifconfig(8) create will
    throw a warning: ifconfig: create: bad value' when trying to create it
    again.

    PR:             241013
    Submitted by:   Jose Luis Duran
    Approved by:    kp
    MFC after:      2 weeks
    Differential Revision: https://reviews.freebsd.org/D30083

 libexec/rc/rc.d/ipfw | 10 ++++++++--
 1 file changed, 8 insertions(+), 2 deletions(-)