ipfw: switching sets does stall the machine
Peter
pmc at citylink.dinoex.sub.org
Fri Jun 14 17:13:15 UTC 2019
Hi,
I am trying to use two different configurations (production and test)
loaded into different sets, and switch between them with
# ipfw set disable ... enable ...
When testing my script, this did work, except once the machine went
into "swap_pager indefinite wait" and was lost.
Then, after reboot (and automatically loading the production rules) I
tried to load and switch to the test rules, and immediately got ATA
COMMAND TIMEOUT and the machine was lost.
I repeated this a few times, it is nicely reproducible: withing 3-5
seconds after the new rules are loaded, the machine locks up and is
lost.
I analyzed more closely by running "top -HPS" in rtprio, and found
this:
* loading the rules is no problem.
* when switching sets, the command returns, but then within few
seconds the machine gets unresponsive and stays so until watchdog
hits.
* The last thing seen in "top" (before it freezes) is this thread
eating 85% CPU (and running with high priority):
[irq12: uhci0 uhci1]
It there a known workaround?
Details:
Machine : i386
OS : FreeBSD 11.2-RELEASE-p10
Command : ipfw set disable 1 2 3 4 5 6 7 8 9 10 11 12 13 14 enable 16
17 18 19 20 21 22 23 24 25 26 27 28 29
More information about the freebsd-ipfw
mailing list