I am using ipfw with tables of IP addresses. Tables get updated few times a hour with a sequence like this:
This.. sort of works, but once in a while some IP address hangs in the table and cannot be cleared. I have this behavior on systems like
The first one has IPFW in kernel, the second one loads it as a module.
Addresses get struck in IPFW, because the sequence
produces non-empty output.
On the system, where IPFW is loaded as module, upon unload of the module, this is produced:
(usually 1 allocation is leaked)
Also, today on that system I noticed that each time above reloading of the table happens, an message is produced:
I was expecting this table bug to be fixed sometimes after 7.1, as probably a lot of people are using this functionality, but perhaps are not reloading it that often? Or is there a better method to manipulate/update tables?
Code:
ipfw table 1 flush
cat file | while read line;do
ipfw table 1 add $line 1
done
Code:
# uname -a
FreeBSD xxx1 7.1-STABLE FreeBSD 7.1-STABLE #0: Tue Feb 3 11:36:55 EET 2009 root@xxx1:/usr/obj/usr/src/sys/ROUTER3 amd64
Code:
# uname -a
FreeBSD xxx2 8.2-STABLE FreeBSD 8.2-STABLE #0: Mon May 9 15:29:46 EEST 2011 root@xxx2:/usr/obj/usr/src/sys/GENERIC amd64
Addresses get struck in IPFW, because the sequence
# ipfw table 1 flush
# ipfw table 1 list
produces non-empty output.
On the system, where IPFW is loaded as module, upon unload of the module, this is produced:
Code:
Sep 12 10:49:04 xxx2 kernel: Warning: memory type ipfw_tbl leaked memory on destroy (9 allocations, 2304 bytes leaked).
(usually 1 allocation is leaked)
Also, today on that system I noticed that each time above reloading of the table happens, an message is produced:
Code:
Sep 12 10:49:04 xxx2 kernel: rn_delete: couldn't find our annotation
I was expecting this table bug to be fixed sometimes after 7.1, as probably a lot of people are using this functionality, but perhaps are not reloading it that often? Or is there a better method to manipulate/update tables?