ipf 3.4.35 woes

Damian Gerow dgerow at afflictions.org
Wed Jun 23 02:08:27 GMT 2004

The upgrade to ipf 3.4.35 is causing me grief.  And yes, my kernel and
userland are in sync:

    ipf: IP Filter: v3.4.35 (336)
    Kernel: IP Filter: v3.4.35              
    Running: yes
    Log Flags: 0 = none set
    Default: block all, Logging: available
    Active list: 1

I get a panic right after bringing up lo0 on regular boot.  If I boot into
single user mode, bring up lo0, bring up my main interface, and then load
the rules, I don't panic.  My rules are simple -- a pass in quick/pass out
quick pair for every interface on the machine, and a general pass in
quick/pass out quick for all IPv6.

There are four interfaces on this machine: lo0, rl0, fxp0, and a
freshly-added ath0.  The only ones that come up during boot are lo0 and

Since the panic passed through pen and paper, whitespace may be off.  But
here's the boot log/panic:

Enabling ipfilter.
lo0: <standard lo0 information>

kernel trap 12 with interrupts disabled

Fatal trap 12: page fault while in kernel mode
cpuid = 0, apic id = 0
fault virtual address   = 0x10
fault code              = supervisor read, page not present
instruction pointer     = 0x8:0xc055dbe0
stack pointer           = 0x10:0xe554b95c
frame pointer           = 0x10:0xe554b95c
code segment            = base 0x0, limit 0xfffff, type 0x1b
                        = DPL 0, pres 1, def32 1, gran 1
processor eflags        = resume, IOPL = 0
current process         = 3346 (ipf)
kernel: type 12 trap, code 0
Stopped at      turnstile_head+0x6:       movl    0(%eax),%eax
db> trace
turnstile_head(0,1000000,e554b998,c052b2d2,0) at turnstile_head+0x6
_mtx_unlock_sleep(c07c2d00,0,0,0,0) at _mtx_unlock_sleep+0x4d
frsync(c1b86600,c1d8fa28,c1a7abe0,e554b9bc,0) at frsync+0xfb
iplioctl(c1b86600,80047249,e554bc58,3,c1a7abe0) at iplioctl+0x563
spec_ioctl(e554bb80,e554bc2c,c05a41ec,e554bb80,c1eb7a18) at spec_ioctl+0x168
spec_vnoperate(e554bb80,c1cb7a18,3,c0706c52,c07a9960) at spec_vnoperate+0x18
vn_ioctl(e1cb7a18,80047249,e554bc58,c197e600,c1a7abe0)at vn_ioctl+0x18c
ioctl(c1a7abe0,e554bd14,c,280ce000,3) at ioctl+0x5a4
syscall(2f,2f,2f,bfbfeec8,2) at syscall+0x2f0
Xint0x80_syscall() at Xint0x80_syscall+0x1f
--- syscall (54, FreeBSD ELF32, ioctl), eip = 0x280ce657, esp = 0xbfbfee5c, ebp = 0xbfbfee78 ---

  - Damian

More information about the freebsd-current mailing list