ipf 3.4.35 woes

Jaeho Shin netj at ropas.snu.ac.kr
Wed Jun 30 13:39:03 PDT 2004 

On Tue, 2004-06-22 22:08:01 -0400, Damian Gerow wrote:
> The upgrade to ipf 3.4.35 is causing me grief.  And yes, my kernel and
> userland are in sync:
...
> I get a panic right after bringing up lo0 on regular boot.  If I boot into
> single user mode, bring up lo0, bring up my main interface, and then load
> the rules, I don't panic.  My rules are simple -- a pass in quick/pass out
> quick pair for every interface on the machine, and a general pass in
> quick/pass out quick for all IPv6.
> 
> There are four interfaces on this machine: lo0, rl0, fxp0, and a
> freshly-added ath0.  The only ones that come up during boot are lo0 and
> fxp0.
> 
> Since the panic passed through pen and paper, whitespace may be off.  But
> here's the boot log/panic:
> 
> Enabling ipfilter.
> lo0: <standard lo0 information>
> 
> kernel trap 12 with interrupts disabled
> 

My box has a similar hardware configuration to yours.  I had a very same
problem with yesterday's source, but by applying the patch below, which
was posted to current@ many times, fixed the problem.  It looks like it
was commited recently so either by applying it or cvsup'ing again will
give you the right source.

%%
Index: sys/contrib/ipfilter/netinet/fil.c
===================================================================
RCS file: /home/ncvs/src/sys/contrib/ipfilter/netinet/fil.c,v
retrieving revision 1.38
diff -u -r1.38 fil.c
--- sys/contrib/ipfilter/netinet/fil.c  21 Jun 2004 22:46:35 -0000      1.38
+++ sys/contrib/ipfilter/netinet/fil.c  24 Jun 2004 19:17:33 -0000
@@ -2155,9 +2155,6 @@
                ip_natsync(ifp);
                ip_statesync(ifp);
        }
-#  if defined(__FreeBSD_version) && (__FreeBSD_version >= 500043)
-       IFNET_RUNLOCK();
-#  endif
        ip_natsync((struct ifnet *)-1);
 #  if defined(__FreeBSD_version) && (__FreeBSD_version >= 500043)
        IFNET_RUNLOCK();
%%

-- 
신재호 | Jaeho Shin <netj at ropas.snu.ac.kr> | http://netj.org/
Research On Program Analysis System, Seoul National University
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 186 bytes
Desc: not available
Url : http://lists.freebsd.org/pipermail/freebsd-current/attachments/20040630/f0af6cf8/attachment.bin

More information about the freebsd-current mailing list