Fwd: pf problems
Sergey Lapin
slapinid at gmail.com
Wed Aug 10 09:22:00 GMT 2005
On 8/6/05, Max Laier <max at love2party.net> wrote:
> Sergey,
>
> On Friday 05 August 2005 13:29, Sergey Lapin wrote:
> > Hi, all:
> <...>
> > Test case:
> > (done from Linix machine from 1.1.1.128/25)
> >
> > tcpreplay -e 1.1.1.133:255.255.255.255 -i eth0 packet
> > (where packet is random captured UDP packet using tcpdump -peni)
> >
> > or
> >
> > tcpreplay -e 1.1.1.133:10.2.2.2 -i eth0 packet
> > (where packet is random captured UDP packet)
> >
> > kills machine.
> > Machine hangs and doesn't react on keyboard, whatever.
> > Only reset helps.
> > Directly blocking addresses in pf.conf help and normal connections
> > with UDP disabled
> > work well.
> > Any ideas?
>
> What version of FreeBSD are you running? Do you have a SMP/PREEMPTION kernel?
> Does setting debug.mpsafenet=0 in loader.conf change the situation? Do you
> have a chance to attach a remote debugger or can you try to break into the
> debugger from the console?
Status update:
It's not SMP/PREEMPTION kernel
debug.mpsafenet=0 doesn't help
I couldn't break into debugger - machine is locked and looped somehow.
It sends that packet in loop even when we stop sending it.
More than that - the situation doesn't replicate in vmware.
More on that - when we set everything on VLANs and use only one
physical interface (fxp),
about 30 seconds passes before machine dies and if we stop sending
traffic, it survives.
Seems like some buffer filling...
When we use several physical interfaces(fxp, xl0, xl1) without vlans
system die immediately.
Any ideas?
More information about the freebsd-pf
mailing list