From nobody Sun Dec 28 12:33:33 2025 X-Original-To: freebsd-current@mlmmj.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mlmmj.nyi.freebsd.org (Postfix) with ESMTP id 4dfJhG34kTz6LkRw for ; Sun, 28 Dec 2025 12:34:38 +0000 (UTC) (envelope-from freebsd@gushi.org) Received: from prime.gushi.org (prime.gushi.org [IPv6:2620:137:6000:10::142]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256 client-signature ECDSA (secp384r1) client-digest SHA384) (Client CN "prime.gushi.org", Issuer "E7" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 4dfJhF6lTNz3wcv for ; Sun, 28 Dec 2025 12:34:37 +0000 (UTC) (envelope-from freebsd@gushi.org) Authentication-Results: mx1.freebsd.org; none Received: from smtpclient.apple ([IPv6:2001:500:6b:200:c000:0:0:71f]) (authenticated bits=0) by prime.gushi.org (8.18.1/8.18.1) with ESMTPSA id 5BSCXkQJ070610 (version=TLSv1.2 cipher=ECDHE-ECDSA-AES256-GCM-SHA384 bits=256 verify=NOT); Sun, 28 Dec 2025 12:33:47 GMT (envelope-from freebsd@gushi.org) DKIM-Filter: OpenDKIM Filter v2.10.3 prime.gushi.org 5BSCXkQJ070610 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gushi.org; s=prime2014; t=1766925228; bh=9nRNuxsz54yACroCANg70sQC/nqH7hC1WF70d4Zae+g=; h=From:Subject:Date:In-Reply-To:Cc:To:References; z=From:=20"Dan=20Mahoney=20(ports)"=20|Subject:= 20Re:=20CURRENT:=20kernel=20panic=20in=20IPFW=20while=20stopping=2 0jails|Date:=20Sun,=2028=20Dec=202025=2004:33:33=20-0800|In-Reply- To:=20<291e26bfbe2b51835f7672db3a2e3593@riseup.net>|Cc:=20A=20Free BSD=20User=20,=0D=0A=20Ronald=20Klop=20,=0D=0A=20FreeBSD=20CURRENT=20,=0D=0A=20David=20Wolfskill=20|T o:=20Alastair=20Hogge=20|References:=20<2025122517 0828.7aef61df@hermann>=0D=0A=20<902742484.3865.1766683845222@local host>=20<20251225190836.6769e6d6@hermann>=0D=0A=20<20251226103308. 72204662@thor.sb211.local>=0D=0A=20<291e26bfbe2b51835f7672db3a2e35 93@riseup.net>; b=I8vrhbz/Hc642BbZTK3q4euDnk2tL6terRiY78MhToMwG86VjQpq/+smkpVMPEYl4 UxBgrciHi4sluWehtov+x3sQLvOIgFuryQGwG4zijF4EcL9U5eCgcF1vD4bQlIUn2q ZYdsoAliMGwVlmBHzn9F0WsynLnJDHdS9KYneQv6r9EAZVbn5vkpQOWWNzfYnpdcQ4 GVkJ4grC3TJTmAlq8VjkXqIfMESuj+9IHkD4i6zKLe2iij2shCRW7AYPh1eLEygw5p LaUEVMqdWRa314yRBGlGGrE9bKmPYBGs/9WPfm35qcIZOpKZiUz1VIDGZ7JrvYdd/+ tBlmYBWYgAJMw== X-Authentication-Warning: prime.gushi.org: Host [IPv6:2001:500:6b:200:c000:0:0:71f] claimed to be smtpclient.apple From: "Dan Mahoney (ports)" Message-Id: <8E7598CD-640D-4E15-8576-2A4DE38A4C13@gushi.org> Content-Type: multipart/alternative; boundary="Apple-Mail=_5E4599F8-0D63-4CF7-B601-AEEBB1F7037A" List-Id: Discussions about the use of FreeBSD-current List-Archive: https://lists.freebsd.org/archives/freebsd-current List-Help: List-Post: List-Subscribe: List-Unsubscribe: Sender: owner-freebsd-current@FreeBSD.org Mime-Version: 1.0 (Mac OS X Mail 16.0 \(3864.300.41.1.7\)) Subject: Re: CURRENT: kernel panic in IPFW while stopping jails Date: Sun, 28 Dec 2025 04:33:33 -0800 In-Reply-To: <291e26bfbe2b51835f7672db3a2e3593@riseup.net> Cc: A FreeBSD User , Ronald Klop , FreeBSD CURRENT , David Wolfskill To: Alastair Hogge References: <20251225170828.7aef61df@hermann> <902742484.3865.1766683845222@localhost> <20251225190836.6769e6d6@hermann> <20251226103308.72204662@thor.sb211.local> <291e26bfbe2b51835f7672db3a2e3593@riseup.net> X-Mailer: Apple Mail (2.3864.300.41.1.7) X-Spamd-Bar: ---- X-Spamd-Result: default: False [-4.00 / 15.00]; REPLY(-4.00)[]; ASN(0.00)[asn:393507, ipnet:2620:137:6000::/44, country:US] X-Rspamd-Pre-Result: action=no action; module=replies; Message is reply to one we originated X-Rspamd-Queue-Id: 4dfJhF6lTNz3wcv --Apple-Mail=_5E4599F8-0D63-4CF7-B601-AEEBB1F7037A Content-Transfer-Encoding: quoted-printable Content-Type: text/plain; charset=utf-8 > On Dec 28, 2025, at 3:36=E2=80=AFAM, Alastair Hogge = wrote: ...sending from the right account this time... (Mail clients break = becausse they only see the list-address in the To: header so don't use = the right role). Removing my final "log" rule fixes this for me, yes. (That probably = should be sufficient for anyone else to reproduce, I posted earlier in = thread, but my final rule (before the automatic ones at 65535) is "reset = log ip from any to any"). My panic output looks like this (there might be slight character misses = because this is text copy/pasted from a screenshot (so the console zero = font gets grabbed as =C3=98) I don't have good knowledge of how to drive = the kernel debugger. Feel free to email me privately on-list if you can = tell me a command=20 I didn't want to reopen the other bug, but it might belong there. -Dan=20 panic: Assertion tap !=3D NULL failed at = /usr/src/sys/netpfil/ipfw/ip_fw_bpf.c:127 cpuid =3D 9 tie =3D 1766922462 KDB: stack backtrace: db_trace_self_wrapper() at db_trace_self_wrapper+@x2b/frame = =C3=98xfffffe0123=C3=98a35c=C3=98 vpanic() at vpanic+0x136/frame =C3=98xfffffe01230a36f0 panic() at panic+0x43/frame =C3=98xfffffe01230a3750 ipfw_bpf_tap() at ipfw_bpf_tap+@x104/frame =C3=98xfffffe01230a3760 ipfw_chk() at ipfw_chk+@x1e37/frame =C3=98xfffffe01230a3990 ipfw_check_packet() at ipfw_check_packet+@xf6/frame 0xfffffe01230a3a80 pfil_mbuf_in() at pfil_mbuf_in+@x58/frame @xfffffe01230a3ab0 ip input ) at ip_input+@x3f9/frame Bxfffffe01230a3b10 netisr_dispatch_src() at netisr_dispatch_src+@xb4/frame = =C3=98xfffffe=C3=98123=C3=98a3b7=C3=98 ether_demux() at ether_demux+0x16a/frame =C3=98xfffffe01230a3ba=C3=98 ether_nh_input() at ether_nh_input+@x3ce/frame =C3=98xfffffe01230a3bf0 _src+0xb4/frame netisr_dispatch_src() at netisr_dispatch_src+=C3=98xb4/frame = =C3=98xfffffe0123=C3=98a3c50 ether_input () at ether_input+@xd5/frame @xfffffe01230a3cb0 tcp_lro_flush_all() at top_lro_flush_all+@xdc/frame =C3=98xfffffe01230a3d0= 0 iflib_rxeof() at iflib_rxeof+@xbef/frame =C3=98xfffffe01230a3e00 _task_in_rx() at _task _fn_rx+@x7a/frame =C3=98xfffffe01230a3e40 gtaskqueue_run_locked() at gtaskqueue_run_locked+0x18e/frame = =C3=98xfffffe01230a3ec0 gtaskqueue_thread_loop() at gtaskqueue_thread_loop+@xd3/frame = @xfffffe01230a3ef0 _1oop+@xd3/frame fork_exit() at fork_exit+0x82/frame =C3=98xfffffe01230a3f30 fork_trampoline() at fork_trampoline+@xe/frame Bxfffffe01230a3f30 But I don't actually get a kernel dump. lb> bt Tracing pid 8 tid 100032 td Bxfffff80004725000 kdb_enter() at kdb_enter+=C3=98x33/frame =C3=98xfffffe=C3=98123=C3=98a36f0= panic() at panic+0x43/frame =C3=98xfffffe01230a3750 ipfw_bpf_tap() at ipfw_bpf_tap+@x184/frame =C3=98xfffffe=C3=98123=C3=98a37= 60 ipfw_chk() at ipfw_chk+@x1e37/frame =C3=98xfffffe01230a3990 ipfw_check_packet() at ipfw_check_packet+=C3=98xf6/frame = =C3=98xfffffe=C3=98123=C3=98a3a8=C3=98 pfil_mbuf _in() at pfil_mbuf_in+@x58/frame BxfffffeB1230a3ab0 ip_input() at ip_input+@x3f9/frame =C3=98xfffffe01230a3b10 netisr_dispatch_src() at netisr_dispatch_src+@xb4/frame = =C3=98xfffffe01230a3b70 ether_demux() at ether_de=D0=BCux+@x16a/frame Bxfffffe01230a3ba=C3=B8 ether_nh_input() at ether_nh_input+=C3=98x3ce/frame Bxfffffe01230a3bf8 netisr_dispatch_src() at netisr _dispatch_src+@xb4/fra=D0=BCe =C3=98xfffffe0123=C3=98a3c5=C3=98 ether_input() at ether_input+0xd5/frame Bxfffffe0123=C3=98a3cb=C3=98 top_lro_flush_alll) at top_lro_flush_all+@xdc/frame @xfffffe01230a3dB0 iflib_rxeof() at iflib_rxeof+@xbef/frame =C3=98xfffffe01230a3eB8 _task_fn_rx() at _task_fn_rx+@x7a/frame =C3=98xfffffe0123=C3=98a3e40 gtaskqueue_run_locked() at gtaskqueue_run_locked+@x18e/frame = =C3=98xfffffe01230a3ec=C3=98 gtaskqueue_thread_loop() at gtaskqueue_thread _1oop+=C3=98xd3/frame =C3=98xfffffe0123=C3=98a3efE fork_exit() at fork_exit+0x82/fra=D0=BCe =C3=98xfffffe0123=C3=98a3f30 fork_trampoline() at fork_trampoline+@xe/frame Bxfffffe0123=C3=98a3f30 >=20 > On 2025-12-26 17:32, A FreeBSD User wrote: >> Am Tage des Herren Thu, 25 Dec 2025 19:08:36 +0100 >> FreeBSD User schrieb: >>=20 >>> On Thu, 25 Dec 2025 18:30:45 +0100 (CET) >>> Ronald Klop wrote: >>>=20 >>>> Do you use bpf or tap in your ipfw rules? >>>> A panic with that was mentioned on the 20th. And fixed in the mean = time of I >>>> remember correctly. = https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=3D291854 >>>> Regards,Ronald =20 >>>=20 >>> Indeed, all boxes in question do have a tap0 at least defined -but = in only one >>> case used. >>>=20 >>> Kind regards, >>>=20 >>> oh >>>=20 >>>=20 >>>>=20 >>>> Van: FreeBSD User >>>> Datum: 25 december 2025 17:09 >>>> Aan: FreeBSD CURRENT >>>> Onderwerp: CURRENT: kernel panic in IPFW while stopping jails >>>>=20 >>>>>=20 >>>>>=20 >>>>> Hello, >>>>>=20 >>>>> on recent CURRENT ipfw (in my case compiled into kernel) either = restarting >>>>> "ipfw" via "service ipfw restart" or restarting jails using also = ipfw on a >>>>> host also using ipfw (jail-hoster also ipfw compiled into kernel) = causes a >>>>> fatal kernel crash. >>>>>=20 >>>>> This issue is present since last week an wreak havok to several = boxes with >>>>> OS installed on UFS/FFS SSDs. In one case I have only = pictures/screenshots >>>>> made via smartphone - while crashing, kernel debugger input pops = up on >>>>> console, but I'm able to typein something within the first seconds = and this >>>>> is mostly "reboot" but gets stuck with "re" in most cases. "bt" = freezes >>>>> system immediately. >>>>>=20 >>>>> At least I can reproduce this misbehaviour on all recent CURRENT = were IPFW >>>>> is compiled into kernel. Anybody else havong this trouble? >>>>>=20 >>>>> Kind regards, >>>>>=20 >>>>> Oliver >>>>>=20 >>>>> Merry Christmas to everyone. >>>>>=20 >>>>> --=20 >>>>>=20 >>>>> A FreeBSD user >>>>>=20 >>>>>=20 >>>>>=20 >>>>>=20 >>>>>=20 >>>=20 >>>=20 >>=20 >> tap0 disabled/deleted. Same issue on every box. >=20 > $ git bisect log > git bisect start > # status: waiting for both good and bad commits > # bad: [086bedb11a853801e82234b8a1a64f0df52d9e52] tools.build: also = add > sys/_visible.h to SYSINCS > git bisect bad 086bedb11a853801e82234b8a1a64f0df52d9e52 > # status: waiting for good commit(s), bad commit known > # good: [44cb1e857f048d2326bdc1a032ccd2c04d2bcdc9] tcp: improve > credential handling in syncache > git bisect good 44cb1e857f048d2326bdc1a032ccd2c04d2bcdc9 > # good: [b0c7eaf83d21bbc333e247ab9e136965b3ca54ed] bhyve/slirp: Drop > privileges before entering capability mode > git bisect good b0c7eaf83d21bbc333e247ab9e136965b3ca54ed > # good: [6a75e3951506c12b42428a47710d07cadcdd723e] ofed/libibverbs: > remove strdupa() hack from config.h > git bisect good 6a75e3951506c12b42428a47710d07cadcdd723e > # bad: [1fad49baf390cb52f238e6c352d0bc0893c008c3] sdhci: Try to = complete > the last transaction if dumping > git bisect bad 1fad49baf390cb52f238e6c352d0bc0893c008c3 > # good: [9d9974457ce8c6cf9023884ab457d4712dcc237f] bhyvectl: fix build > without BHYVE_SNAPSHOT > git bisect good 9d9974457ce8c6cf9023884ab457d4712dcc237f > # bad: [52395203f9ac40d321ed55d93e9887300261d3bf] MFV: Import = blocklist > 2025-12-15 (8a4b011) > git bisect bad 52395203f9ac40d321ed55d93e9887300261d3bf > # good: [c112ad75605ccdfcb8bbce2f57b0e7a077f057f8] options: describe > WITH_IPFILTER_IPFS > git bisect good c112ad75605ccdfcb8bbce2f57b0e7a077f057f8 > # good: [8774a990ee4094f16d596d4b78e0f3239e5d0c88] bpf: modularize > ifnet(9) part of bpf > git bisect good 8774a990ee4094f16d596d4b78e0f3239e5d0c88 > # bad: [1615eff94cda8619561b73186ec8098cc8b14c5c] usb: don't create > ifnet(9) for usbus devices > git bisect bad 1615eff94cda8619561b73186ec8098cc8b14c5c > # good: [ddf4f9eda9c295082f17e7f26963666b72c97bb9] ipfw: create = "ipfw0" > and "ipfwlog0" bpf tapping points without ifnet(9) > git bisect good ddf4f9eda9c295082f17e7f26963666b72c97bb9 > # bad: [3daae1ac1d82ecdcd855101bab5206e914b12350] ipfw: create a bpf = tap > point for every log rule > git bisect bad 3daae1ac1d82ecdcd855101bab5206e914b12350 > # good: [1c5021f5251b231b614ad9cd175bcb4250495c12] ifconfig: print > warning and return success on ipfw0, ipfwlog0 cloning > git bisect good 1c5021f5251b231b614ad9cd175bcb4250495c12 > # first bad commit: [3daae1ac1d82ecdcd855101bab5206e914b12350] ipfw: > create a bpf tap point for every log rule >=20 > = https://codeberg.org/FreeBSD/freebsd-src/commit/3daae1ac1d82ecdcd855101bab= 5206e914b12350 > ipfw: create a bpf tap point for every log rule >=20 > Dynamically allocate bpf tap points for every rule that has "log". > The name is "ipfw%u", where %u is substituted to the rule number. > The default catch all "ipfw0" tap still exists for compatibility > and it will catch packets in case if there are no bpf listeners > on a per-rule tap. >=20 > Reviewed by: ae > Differential Revision: https://reviews.freebsd.org/D53877 --Apple-Mail=_5E4599F8-0D63-4CF7-B601-AEEBB1F7037A Content-Transfer-Encoding: quoted-printable Content-Type: text/html; charset=utf-8

On Dec 28, 2025, at 3:36=E2=80=AFAM, Alastair Hogge = <agh@riseup.net> = wrote:

...sending from the right = account this time... (Mail clients break becausse they only see the = list-address in the To: header so don't use the right = role).

Removing my final "log" rule fixes = this for me, yes.  (That probably should be sufficient for anyone = else to reproduce, I posted earlier in thread, but my final rule (before = the automatic ones at 65535) is "reset log ip from any to = any").

My panic output looks like this (there = might be slight character misses because this is text copy/pasted from a = screenshot (so the console zero font gets grabbed as =C3=98) I don't = have good knowledge of how to drive the kernel debugger. Feel free to = email me privately on-list if you can tell me a = command 

I didn't want to reopen the other = bug, but it might belong = there.

-Dan 

panic: Assertion tap !=3D NULL failed = at /usr/src/sys/netpfil/ipfw/ip_fw_bpf.c:127

cpuid =3D 9

tie =3D 1766922462

KDB: stack backtrace:

db_trace_self_wrapper() at = db_trace_self_wrapper+@x2b/frame =C3=98xfffffe0123=C3=98a35c=C3=98

vpanic() at vpanic+0x136/frame = =C3=98xfffffe01230a36f0

panic() at = panic+0x43/frame =C3=98xfffffe01230a3750

ipfw_bpf_tap() at = ipfw_bpf_tap+@x104/frame =C3=98xfffffe01230a3760

ipfw_chk() at ipfw_chk+@x1e37/frame = =C3=98xfffffe01230a3990

ipfw_check_packet() at ipfw_check_packet+@xf6/frame

0xfffffe01230a3a80

pfil_mbuf_in() at = pfil_mbuf_in+@x58/frame @xfffffe01230a3ab0

ip input ) at ip_input+@x3f9/frame = Bxfffffe01230a3b10

netisr_dispatch_src() at netisr_dispatch_src+@xb4/frame = =C3=98xfffffe=C3=98123=C3=98a3b7=C3=98

ether_demux() at = ether_demux+0x16a/frame =C3=98xfffffe01230a3ba=C3=98

ether_nh_input() at = ether_nh_input+@x3ce/frame =C3=98xfffffe01230a3bf0

_src+0xb4/frame

netisr_dispatch_src() at = netisr_dispatch_src+=C3=98xb4/frame =C3=98xfffffe0123=C3=98a3c50

ether_input () at = ether_input+@xd5/frame @xfffffe01230a3cb0

tcp_lro_flush_all() at = top_lro_flush_all+@xdc/frame =C3=98xfffffe01230a3d00

iflib_rxeof() at = iflib_rxeof+@xbef/frame =C3=98xfffffe01230a3e00

_task_in_rx() at _task

_fn_rx+@x7a/frame = =C3=98xfffffe01230a3e40

gtaskqueue_run_locked() at gtaskqueue_run_locked+0x18e/frame = =C3=98xfffffe01230a3ec0

gtaskqueue_thread_loop() at gtaskqueue_thread_loop+@xd3/frame = @xfffffe01230a3ef0

_1oop+@xd3/frame

fork_exit() = at fork_exit+0x82/frame =C3=98xfffffe01230a3f30

fork_trampoline() at = fork_trampoline+@xe/frame = Bxfffffe01230a3f30


But I don't actually get = a kernel dump.

lb> bt

Tracing pid 8 tid 100032 td = Bxfffff80004725000

kdb_enter() = at kdb_enter+=C3=98x33/frame =C3=98xfffffe=C3=98123=C3=98a36f0

panic() at panic+0x43/frame = =C3=98xfffffe01230a3750

ipfw_bpf_tap() at ipfw_bpf_tap+@x184/frame = =C3=98xfffffe=C3=98123=C3=98a3760

ipfw_chk() at ipfw_chk+@x1e37/frame = =C3=98xfffffe01230a3990

ipfw_check_packet() at ipfw_check_packet+=C3=98xf6/frame = =C3=98xfffffe=C3=98123=C3=98a3a8=C3=98

pfil_mbuf

_in() at pfil_mbuf_in+@x58/frame = BxfffffeB1230a3ab0

ip_input() = at ip_input+@x3f9/frame =C3=98xfffffe01230a3b10

netisr_dispatch_src() at = netisr_dispatch_src+@xb4/frame =C3=98xfffffe01230a3b70

ether_demux() at = ether_de=D0=BCux+@x16a/frame Bxfffffe01230a3ba=C3=B8

ether_nh_input() at = ether_nh_input+=C3=98x3ce/frame Bxfffffe01230a3bf8

netisr_dispatch_src() at netisr

_dispatch_src+@xb4/fra=D0=BCe = =C3=98xfffffe0123=C3=98a3c5=C3=98

ether_input() at = ether_input+0xd5/frame Bxfffffe0123=C3=98a3cb=C3=98

top_lro_flush_alll) at

top_lro_flush_all+@xdc/frame = @xfffffe01230a3dB0

iflib_rxeof() at iflib_rxeof+@xbef/frame = =C3=98xfffffe01230a3eB8

_task_fn_rx() at _task_fn_rx+@x7a/frame = =C3=98xfffffe0123=C3=98a3e40

gtaskqueue_run_locked() at gtaskqueue_run_locked+@x18e/frame = =C3=98xfffffe01230a3ec=C3=98

gtaskqueue_thread_loop() at gtaskqueue_thread

_1oop+=C3=98xd3/frame = =C3=98xfffffe0123=C3=98a3efE

fork_exit() = at fork_exit+0x82/fra=D0=BCe =C3=98xfffffe0123=C3=98a3f30

fork_trampoline() at = fork_trampoline+@xe/frame Bxfffffe0123=C3=98a3f30





On = 2025-12-26 17:32, A FreeBSD User wrote:
Am = Tage des Herren Thu, 25 Dec 2025 19:08:36 +0100
FreeBSD User = <freebsd@walstatt-de.de> schrieb:

On Thu, 25 Dec 2025 18:30:45 +0100 (CET)
Ronald Klop = <ronald-lists@klop.ws> wrote:

Do = you use bpf or tap in your ipfw rules?
A panic with that was = mentioned on the 20th. And fixed in the mean time of I
remember = correctly. = https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=3D291854
Regards,Rona= ld  

Indeed, all boxes in question do have a = tap0 at least defined -but in only one
case used.

Kind = regards,

oh



Van: FreeBSD = User <freebsd@walstatt-de.de>
Datum: 25 december 2025 = 17:09
Aan: FreeBSD CURRENT = <freebsd-current@freebsd.org>
Onderwerp: CURRENT: kernel panic = in IPFW while stopping jails



Hello,

on recent CURRENT ipfw (in my case = compiled into kernel) either restarting
"ipfw" via "service ipfw = restart" or restarting jails using also ipfw on a
host also using = ipfw (jail-hoster also ipfw compiled into kernel) causes a
fatal = kernel crash.

This issue is present since last week an wreak = havok to several boxes with
OS installed on UFS/FFS SSDs. In one case = I have only pictures/screenshots
made via smartphone - while = crashing, kernel debugger input pops up on
console, but I'm able to = typein something within the first seconds and this
is mostly "reboot" = but gets stuck with "re" in most cases. "bt" freezes
system = immediately.

At least I can reproduce this misbehaviour on all = recent CURRENT were IPFW
is compiled into kernel. Anybody else havong = this trouble?

Kind regards,

Oliver

Merry Christmas = to everyone.

-- 

A FreeBSD = user








tap0 disabled/deleted. Same issue on every box.

$ git bisect log
git bisect start
# status: waiting for both good and bad = commits
# bad: = [086bedb11a853801e82234b8a1a64f0df52d9e52] tools.build: also = add
sys/_visible.h to SYSINCS
git bisect bad = 086bedb11a853801e82234b8a1a64f0df52d9e52
# status: waiting for good commit(s), bad = commit known
# good: = [44cb1e857f048d2326bdc1a032ccd2c04d2bcdc9] tcp: improve
credential handling in syncache
git bisect good = 44cb1e857f048d2326bdc1a032ccd2c04d2bcdc9
# good: = [b0c7eaf83d21bbc333e247ab9e136965b3ca54ed] bhyve/slirp: Drop
privileges before entering capability = mode
git bisect good = b0c7eaf83d21bbc333e247ab9e136965b3ca54ed
# good: = [6a75e3951506c12b42428a47710d07cadcdd723e] ofed/libibverbs:
remove strdupa() hack from = config.h
git bisect good = 6a75e3951506c12b42428a47710d07cadcdd723e
# bad: = [1fad49baf390cb52f238e6c352d0bc0893c008c3] sdhci: Try to = complete
the last transaction if dumping
git bisect bad = 1fad49baf390cb52f238e6c352d0bc0893c008c3
# good: = [9d9974457ce8c6cf9023884ab457d4712dcc237f] bhyvectl: fix build
without BHYVE_SNAPSHOT
git bisect good = 9d9974457ce8c6cf9023884ab457d4712dcc237f
# bad: = [52395203f9ac40d321ed55d93e9887300261d3bf] MFV: Import = blocklist
2025-12-15 (8a4b011)
git bisect bad = 52395203f9ac40d321ed55d93e9887300261d3bf
# good: = [c112ad75605ccdfcb8bbce2f57b0e7a077f057f8] options: describe
WITH_IPFILTER_IPFS
git bisect good = c112ad75605ccdfcb8bbce2f57b0e7a077f057f8
# good: = [8774a990ee4094f16d596d4b78e0f3239e5d0c88] bpf: modularize
ifnet(9) part of bpf
git bisect good = 8774a990ee4094f16d596d4b78e0f3239e5d0c88
# bad: = [1615eff94cda8619561b73186ec8098cc8b14c5c] usb: don't create
ifnet(9) for usbus devices
git bisect bad = 1615eff94cda8619561b73186ec8098cc8b14c5c
# good: = [ddf4f9eda9c295082f17e7f26963666b72c97bb9] ipfw: create = "ipfw0"
and "ipfwlog0" bpf tapping points without = ifnet(9)
git bisect good = ddf4f9eda9c295082f17e7f26963666b72c97bb9
# bad: = [3daae1ac1d82ecdcd855101bab5206e914b12350] ipfw: create a bpf = tap
point for every log rule
git bisect bad = 3daae1ac1d82ecdcd855101bab5206e914b12350
# good: = [1c5021f5251b231b614ad9cd175bcb4250495c12] ifconfig: print
warning and return success on ipfw0, = ipfwlog0 cloning
git bisect good = 1c5021f5251b231b614ad9cd175bcb4250495c12
# first bad commit: = [3daae1ac1d82ecdcd855101bab5206e914b12350] ipfw:
create a bpf tap point for every log = rule

https://codeberg.org/FreeBSD/freebsd-src/commit/3daae1ac1d82ecdcd855= 101bab5206e914b12350
ipfw: create a bpf tap point for every log = rule

Dynamically allocate bpf tap points for = every rule that has "log".
The name is "ipfw%u", where %u is = substituted to the rule number.
The default catch all "ipfw0" tap still = exists for compatibility
and it will catch packets in case if there = are no bpf listeners
on a per-rule tap.

Reviewed by: = = ae
Differential Revision: = https://reviews.freebsd.org/D53877

<= /body>= --Apple-Mail=_5E4599F8-0D63-4CF7-B601-AEEBB1F7037A--