pf crashes in pfr_update_stats()
David Siebörger
d.sieborger at ru.ac.za
Thu Jan 26 15:48:37 UTC 2012
On Thursday, 26 January 2012 5:35 PM Ermal Luçi wrote:
> On Thu, Jan 26, 2012 at 3:38 PM, David Siebörger
<d.sieborger at ru.ac.za> wrote:
> > I have a pair of FreeBSD 9.0-RELEASE firewalls which are crashing
> > repeatedly. I've been able to connect to one of them with remote
> > kgdb after it crashed (see kgdb session attached), but I haven't
> > been able to get to the bottom of what's wrong. Is anyone able to
> > shed more light on this?
> >
> > The first problem that I see is that the kt argument to
> > pfr_update_stats() is null, so the kernel panics as soon as that's
> > dereferenced.
> >
> > Where pfr_update_stats() is called from pf_test(), kgdb tells me
> > that "Variable "tr" is not available." (Is that because of a gcc
> > optimisation?) But, tr ought to equal r in this instance, and r
> > is available, so I looked at r. r->dst.addr.p.tbl is indeed null.
>
> I have seen this in 8.x versions also.
> Are you doing frequent updating of tables or loading larde lists of
> addresses in them?
I started seeing something similar in 8.x, too, so I upgraded in the
hope that the problem would go away.
Yes, we do update the tables regularly (generally once an hour during
working hours, sometimes more frequently), and some of the tables are
large (one has 1929 entries, another 272, and there are eleven more
which are <=43). The table that's mentioned in r->dst.addr.v.tblname
has 24 entries.
--
David Siebörger
System Administrator, IT Division, Rhodes University
More information about the freebsd-pf
mailing list