kern/74930: pf crashes the system (unknown reasons)
Daniel Hartmeier
dhartmei at FreeBSD.org
Mon Dec 13 01:18:05 PST 2004
Synopsis: pf crashes the system (unknown reasons)
Responsible-Changed-From-To: freebsd-bugs->dhartmei at freebsd.org
Responsible-Changed-By: dhartmei
Responsible-Changed-When: Mon Dec 13 09:10:35 GMT 2004
Responsible-Changed-Why:
There can be only one connection using the same source/destination
address/port quadruple at the same time. When using static-port,
this rule is easily violated (when opening multiple connections
from the same source port to the same destination address/port),
i.e. if you have only one NAT address, you can have only one
concurrent connection like that. To support N concurrent connections
(to the same server and port), you need N addresses in the NAT pool.
Maybe the protocol does not require static source addresses, and
you can just remove the 'static-port' option.
However, locking up the kernel (in an endless loop trying to find
an available NAT address) is a bug in pf. You should get an error
like ""pf: NAT proxy port allocation (0-0) failed" instead. A fix
is being worked on.
http://www.freebsd.org/cgi/query-pr.cgi?pr=74930
More information about the freebsd-bugs
mailing list