PF error message looping on screen. System Locked.
Max Laier
max at love2party.net
Thu Jun 14 17:42:15 UTC 2007
On Thursday 14 June 2007, Roger Miranda wrote:
> > I don't think this message is related to your trouble. I think you
> > can also avoid these messages by adding 'no scrub' to your pf.conf
> > (I'm currently not aware of any side effects by adding this).
>
> I did add it.
>
> > Probably Max has some more suggestions on not scrubbing packets.
> >
> > You should get a debugger into your kernel (like Max suggested)
>
> The debugger is in the kernel. I can break to it during normal
> operation. Except when these messages are loop through the screen.
>
> > and
> > probably also use `pfctl -x loud' or `pfctl -x misc' to get more
> > messages out of pf. If these messages are popping up again, break the
> > system into the debugger and look for the messages (using 'scroll
> > lock' to scroll back some pages), ps and a backtrace.
>
> I have set debug to loud.
>
> I found this after I rebooted in dmesg:
> ----------------------------------------------------
>
> pf_reassemble: complete: 0xc4338100(1504)
> pf_normalize_ip: reass frag 39811 @ 0-1480
> pf_normalize_ip: reass frag 39811 @ 1480-1484
> pf_reassemble: 1484 < 1484?
That's a configuration problem. Something seems to assume a MTU of 1484
while there really is a bottleneck with only 1480 which leads to heavy
fragmentation. You should find the offender and reduce its MTU. If
those messages show up, you did not use "no scrub" however.
--
/"\ Best regards, | mlaier at freebsd.org
\ / Max Laier | ICQ #67774661
X http://pf4freebsd.love2party.net/ | mlaier at EFnet
/ \ ASCII Ribbon Campaign | Against HTML Mail and News
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 187 bytes
Desc: not available
Url : http://lists.freebsd.org/pipermail/freebsd-pf/attachments/20070614/3cc7e9b9/attachment.pgp
More information about the freebsd-pf
mailing list