Page MenuHomeFreeBSD
Differential D53050

Do not report random errors as table-managing errors in ipfw
ClosedPublic
Actions

Authored by lytboris_gmail.com on Oct 12 2025, 4:02 PM.
Tags
None
Referenced Files
Unknown Object (File)
Sat, Nov 8, 2:24 PM
Unknown Object (File)
Wed, Nov 5, 7:06 AM
Unknown Object (File)
Tue, Nov 4, 1:07 AM
Unknown Object (File)
Mon, Nov 3, 3:53 AM
Unknown Object (File)
Sun, Nov 2, 2:27 PM
Unknown Object (File)
Sun, Nov 2, 2:27 PM
Unknown Object (File)
Sun, Nov 2, 2:27 PM
Unknown Object (File)
Sun, Nov 2, 2:27 PM
View All 44 Files
Subscribers
dhw
donner

Details

Reviewers
imp
butcher
ae
Commits
rG317a5dd0288e: ipfw: do not use errno value for error reporting
rGdfd822b1f084: ipfw: do not use errno value for error reporting
Summary

https://github.com/freebsd/freebsd-src/pull/1221 (commit) is not needed as table_do_modify_record() copies errno into the return value.

Current code grabs errno from a random failed syscall. E.g. in https://lists.freebsd.org/archives/freebsd-current/2025-October/009048.html it gets an Inappropriate ioctl for device error from a isatty() call way up in the calling stack.

The fix is to remove copying completely in table_modify_record()

Test Plan
sh
#!/bin/sh

IPFW=/usr/obj/usr/src/amd64.amd64/sbin/ipfw/ipfw.full

tbl_block=4

${IPFW} table $tbl_block create type addr or-flush
while read -r line
do ${IPFW} table $tbl_block atomic add $line
done  <<-HEREDOC
45.143.220.228/32
68.64.211.117/32
68.64.211.117/32
45.143.220.229/32
HEREDOC

Yields:

added: 45.143.220.228/32 0
added: 68.64.211.117/32 0
exists: 68.64.211.117/32 0
ipfw.full: Adding record failed: record already exists
added: 45.143.220.229/32 0

as expected

Diff Detail

Repository
rG FreeBSD src repository
Lint
Lint Not Applicable
Unit
Tests Not Applicable

Event Timeline

lytboris_gmail.com created this revision.Oct 12 2025, 4:02 PM
Herald added a subscriber: donner. · View Herald TranscriptOct 12 2025, 4:02 PM
lytboris_gmail.com requested review of this revision.Oct 12 2025, 4:02 PM
lytboris_gmail.com edited the summary of this revision. (Show Details)Oct 12 2025, 4:06 PM
lytboris_gmail.com updated this revision to Diff 164060.Oct 13 2025, 6:09 AM
lytboris_gmail.com updated this revision to Diff 164068.Oct 13 2025, 7:32 AM
lytboris_gmail.com edited the summary of this revision. (Show Details)
lytboris_gmail.com edited the summary of this revision. (Show Details)
lytboris_gmail.com edited the summary of this revision. (Show Details)Oct 13 2025, 7:35 AM
lytboris_gmail.com edited the test plan for this revision. (Show Details)Oct 13 2025, 7:50 AM
ae accepted this revision.Oct 13 2025, 9:27 AM
This revision is now accepted and ready to land.Oct 13 2025, 9:27 AM
dhw added a subscriber: dhw.Oct 13 2025, 10:20 AM

Looks believable; will test & report a bit later today.

dhw added a comment.Oct 13 2025, 12:40 PM

OK; I took the opportunity during my daily update cycle to (hand-)make the above change for a laptop that attempts to populate 3 ipfw tables once it gets a DHCP lease. This has been working from late 2008 up through stable/14, but was recently seen to be failing for both stable/15 and head.
TL;DR: the change is effective.
Evidence:
First, head, showing failing condition:

g1-96(14.3-R-p3)[6] ssh -xt g1-48 'uname -aUK && sudo ipfw table 1 list | wc -l'
FreeBSD g1-48.catwhisker.org 16.0-CURRENT FreeBSD 16.0-CURRENT #460 main-n281070-1129bf441e99: Sun Oct 12 11:16:31 UTC 2025     root@g1-48.catwhisker.org:/common/S4/obj/usr/src/amd64.amd64/sys/CANARY amd64 1600001 1600001
Password:
       1
Connection to g1-48.catwhisker.org closed.

After update, table 1 is populated correctly:

g1-96(14.3-R-p3)[7] ssh -xt g1-48 'uname -aUK && sudo ipfw table 1 list | wc -l'
FreeBSD g1-48.catwhisker.org 16.0-CURRENT FreeBSD 16.0-CURRENT #461 main-n281113-c8e077e57b25-dirty: Mon Oct 13 11:29:28 UTC 2025     root@g1-48.catwhisker.org:/common/S4/obj/usr/src/amd64.amd64/sys/CANARY amd64 1600001 1600001
Password:
   15447
Connection to g1-48.catwhisker.org closed.

And for stable/15; before update:

g1-96(14.3-R-p3)[8] ssh -xt g1-48 'uname -aUK && sudo ipfw table 1 list | wc -l'
FreeBSD g1-48.catwhisker.org 15.0-STABLE FreeBSD 15.0-STABLE #455 stable/15-n280668-998dd4a11a2b: Sun Oct 12 12:46:36 UTC 2025     root@g1-48.catwhisker.org:/common/S3/obj/usr/src/amd64.amd64/sys/CANARY amd64 1500500 1500500
Password:
       1
Connection to g1-48.catwhisker.org closed.

And after:

g1-96(14.3-R-p3)[9] ssh -xt g1-48 'uname -aUK && sudo ipfw table 1 list | wc -l'
FreeBSD g1-48.catwhisker.org 15.0-STABLE FreeBSD 15.0-STABLE #456 stable/15-n280674-53fcc7f9b0de-dirty: Mon Oct 13 12:11:17 UTC 2025     root@g1-48.catwhisker.org:/common/S3/obj/usr/src/amd64.amd64/sys/CANARY amd64 1500500 1500500
Password:
   15447
Connection to g1-48.catwhisker.org closed.

I am not prepared to test to validate that there are no failures that could have been caught with the existing code that are not caught with the proposed change, but from the "poking around" I did while investigating the problem, I expect that nothing would turn up even if I were (& did).

Summary: Looks good to me.

Closed by commit rGdfd822b1f084: ipfw: do not use errno value for error reporting (authored by lytboris_gmail.com, committed by ae). · Explain WhyOct 14 2025, 8:15 AM
This revision was automatically updated to reflect the committed changes.
ae added a commit: rGdfd822b1f084: ipfw: do not use errno value for error reporting.
ae added a commit: rG317a5dd0288e: ipfw: do not use errno value for error reporting.Sat, Oct 18, 12:05 PM

Revision Contents
Changeset List

PathSize
sbin/
ipfw/
3 lines

Diff 164126

View Options

sbin/ipfw/tables.c

Loading...