ipfw: switching sets does stall the machine
Freddie Cash
fjwcash at gmail.com
Fri Jun 14 17:22:07 UTC 2019
On Fri, Jun 14, 2019 at 10:13 AM Peter <pmc at citylink.dinoex.sub.org> wrote:
> Hi,
> I am trying to use two different configurations (production and test)
> loaded into different sets, and switch between them with
>
> # ipfw set disable ... enable ...
>
> When testing my script, this did work, except once the machine went
> into "swap_pager indefinite wait" and was lost.
>
> Then, after reboot (and automatically loading the production rules) I
> tried to load and switch to the test rules, and immediately got ATA
> COMMAND TIMEOUT and the machine was lost.
>
> I repeated this a few times, it is nicely reproducible: withing 3-5
> seconds after the new rules are loaded, the machine locks up and is
> lost.
>
> I analyzed more closely by running "top -HPS" in rtprio, and found
> this:
> * loading the rules is no problem.
> * when switching sets, the command returns, but then within few
> seconds the machine gets unresponsive and stays so until watchdog
> hits.
> * The last thing seen in "top" (before it freezes) is this thread
> eating 85% CPU (and running with high priority):
> [irq12: uhci0 uhci1]
>
>
> It there a known workaround?
>
> Details:
> Machine : i386
> OS : FreeBSD 11.2-RELEASE-p10
> Command : ipfw set disable 1 2 3 4 5 6 7 8 9 10 11 12 13 14 enable 16
> 17 18 19 20 21 22 23 24 25 26 27 28 29
>
Can't speak to this specific lockup, but I'm curious to know if it works
when you enable first, then disable (it's how we've used sets here at work).
--
Freddie Cash
fjwcash at gmail.com
More information about the freebsd-ipfw
mailing list