kern/145305: [ipfw] ipfw problems, panics, data corruption,
ipv6 socket weirdness
Terrence Koeman
root at mediamonks.net
Wed Jun 30 10:40:08 UTC 2010
The following reply was made to PR kern/145305; it has been noted by GNATS.
From: "Terrence Koeman" <root at mediamonks.net>
To: "bug-followup at FreeBSD.org" <bug-followup at FreeBSD.org>
Cc:
Subject: Re: kern/145305: [ipfw] ipfw problems, panics, data corruption, ipv6 socket weirdness
Date: Wed, 30 Jun 2010 12:35:38 +0200
Example output of 'lsof -i 6 -nP':
CGServer 1096 root 158u IPv6 0xffffff001087f6e0 0t0 TCP [2001:610:x=
x:xxx:xxx:xxx:117:200]:18187->[::213.136.12.237]:25 (SYN_SENT)
<hundreds more>
These are accompanied by entries in /var/log/security like so:
Jun 30 12:12:28 adinava kernel: ipfw: 65529 Accept TCP 1.23.2.0:18187 213.1=
36.12.235:25 out via bce0
Obviously these will hang in SYN_SENT until they time out because the SYN p=
acket with source 1.23.2.0 gets dropped at the border (and there wouldn't b=
e a return route anyway).
I'm assuming the ipv6 '2001:610:xx:xxx:xxx:xxx:117:200' ends up being ipv4 =
'1.23.2.0' due to some conversion error.
--
Regards,
T. Koeman, MTh/BSc/BPsy; Technical Monk
MediaMonks B.V. (www.mediamonks.com)
Please quote all replies in correspondence.
More information about the freebsd-ipfw
mailing list