PF + BRIDGE still causes system freezing

Julian Elischer julian at elischer.org
Fri May 28 19:44:50 UTC 2010 

On 5/28/10 3:54 AM, Giulio Ferro wrote:
> On 28.05.2010 07:46, Giulio Ferro wrote:
>
> Would it be a good idea to try netgraph bridge?
> Or the underlying implementation is the same as in if_bridge?

netgraph bridging (see /usr/share/examples/netgraph) is a completely
different implimentation with different strengths and weaknesses.
you may find it works for you.


>
>
>> Months ago I reported a system freezing whenever bridge was used
>> with pf. This still happens now in 8.1 prerelease: after several
>> minutes to hours
>> that the bridge is active the system becomes unresponsive.
>>
>> # uname -a
>> FreeBSD firewall1 8.1-PRERELEASE FreeBSD 8.1-PRERELEASE #0: Thu May 27
>> 18:03:48 CEST 2010 root at data1:/usr/obj/usr/src/sys/FIREWALL amd64
>>
>>> cat /etc/sysctl.conf
>> net.inet.ip.forwarding=1
>> net.inet.ip.fastforwarding=1
>> net.inet.carp.preempt=1
>>
>> Services running : sshd, named, inetd, ntpd, openvpn (tap), racoon,
>> pptp, asterisk
>>
>> 2 physical interfaces : bce0, bce1
>> 11 vlan interfaces : vlan1, ..., vlan11 (vlandev bce1)
>> 11 carp interfaces ; carp1, ..., carp11 (carp1 has 23 alias addresses)
>> 1 bridge interfaces : bridge0 addm vlan35 (used by openvpn)
>> 2 gif interfaces : gif0, gif1 (racoon / IPSEC)
>>
>> 8 static routes
>>
>> pf packet filter : 12 rdr rules, 3 nat rules, set skip{lo0, bridge0,
>> vlan35}, 4 pass quick, block log all, about 30 pass keep state
>>
>>
>>
>> When the system freezes, I get this from the debugger
>> ---------------------------------------------------------------------
>> db> show allchains
>> db> show alllocks
>> Process 12 (intr) thread 0xffffff00024293e0 (100028)
>> exclusive sleep mutex if_bridge (if_bridge) r = 0 (0xffffff000270ea18)
>> locked @ /usr/src/sys/net/if_bridge.c:2184
>> Process 12 (intr) thread 0xffffff00022693e0 (100016)
>> exclusive sleep mutex Giant (Giant) r = 1 (0xffffffff80c93dc0) locked
>> @ /usr/src/sys/dev/usb/usb_transfer.c:3023
>> Process 12 (intr) thread 0xffffff00022607c0 (1000006)
>> exclusive sleep mutex carp_if (carp_if) r = 0 (0xffffff00027329e0)
>> locked @ /usr/src/sys/netinet/ip_carp.c:881
>> db>
>> ---------------------------------------------------------------------
>>
>> Even if there is no solution yet, is there any quick and dirty
>> workaround I can try?
>> I need this rather badly...
>>
>> Thanks.
>>
>> _______________________________________________
>> freebsd-stable at freebsd.org mailing list
>> http://lists.freebsd.org/mailman/listinfo/freebsd-stable
>> To unsubscribe, send any mail to "freebsd-stable-unsubscribe at freebsd.org"
>
> _______________________________________________
> freebsd-net at freebsd.org mailing list
> http://lists.freebsd.org/mailman/listinfo/freebsd-net
> To unsubscribe, send any mail to "freebsd-net-unsubscribe at freebsd.org"

More information about the freebsd-stable mailing list