Panic in ipfw
Ian FREISLICH
ianf at clue.co.za
Thu Sep 6 00:09:41 PDT 2007
Ian FREISLICH wrote:
> Ian FREISLICH wrote:
> > "Andrey V. Elsukov" wrote:
> > > Hi, Ian.
> > >
> > > > I got this panic yesterday on a fairly busy firewall. I have some
> > > > private patches to ip_fw2.c and to the em driver (see the earlier
> > > > "em0 hijacking traffic to port 623" thread). I don't think this
> > > > panic is a result of those changes.
> > >
> > > > It occurred round about the time an address was added to an interface.
> > >
> > > I have a patch that can help you (i guess..).
> > > Can you test this patch?
> > >
> > > http://butcher.heavennet.ru/patches/kernel/inaddr_locking/
> >
> > Thanks. Wow, that looks like it touches a lot more than just ipfw.
> > It took about 1.5 years of production at 2.3 billion backets a day
> > to trigger this condition twice. It's going to be difficult to
> > tell if this patch fixes the problem.
>
> This code is touched by Andrey's patch. I'm going to put that patch
> into production tomorrow - this locking issue is raising it's head
> too often now.
That didn't go too well. The onsite admins messed up the serial
console arangement so I couldn't see what happened when things went
wrong. But they did. The only difference to the kernel was the
inclusion of Audrey's patch.
After about 6 hours we started seeing about 90% packet loss.
I'm not sure if I'll get another chance to try this patch.
Ian
--
Ian Freislich
More information about the freebsd-current
mailing list