kern/168190: [pf] panic when using pf and route-to (maybe: bad
fragment handling?)
Joerg Pulz
Joerg.Pulz at frm2.tum.de
Tue May 22 12:00:16 UTC 2012
The following reply was made to PR kern/168190; it has been noted by GNATS.
From: Joerg Pulz <Joerg.Pulz at frm2.tum.de>
To: Daniel Hartmeier <daniel at benzedrine.cx>
Cc: FreeBSD-gnats-submit at freebsd.org, freebsd-pf at freebsd.org
Subject: Re: kern/168190: [pf] panic when using pf and route-to (maybe: bad
fragment handling?)
Date: Tue, 22 May 2012 13:51:51 +0200 (CEST)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
On Tue, 22 May 2012, Daniel Hartmeier wrote:
> This (or something similar) was reported before:
>
> help w/panic under heavy load - 5.4
> http://www.mail-archive.com/freebsd-hackers@freebsd.org/msg52452.html
>
> panic on ip_input, ip_len byte ordering problem?
> http://lists.freebsd.org/pipermail/freebsd-net/2009-July/022473.html
>
> But no resolutions were posted. Maybe Max remembers?
>
> Are you using other pfil hooks (ipfw, ipfilter, etc.)?
>
> IP fast forwarding? divert? netgraph? dup-to?
>
> What network interfaces are used (enc, gre, gif, fxp0)?
>
> What checksumming support (ifconfig if)?
Daniel,
mails to your personal eMail address are bouncing.
relay=insomnia.benzedrine.cx. [62.65.145.30], dsn=4.0.0, stat=Deferred:
insomnia.benzedrine.cx.: No route to host
I've found another report and a patch which i already tried without
success, so i reverted back to stock 9.0-p1.
http://lists.freebsd.org/pipermail/freebsd-pf/2005-March/000922.html
I've the following relevant options in the kernel configuration:
options IPFIREWALL
options IPFIREWALL_VERBOSE
options IPFIREWALL_VERBOSE_LIMIT=100
options IPFIREWALL_DEFAULT_TO_ACCEPT
options IPDIVERT
options IPFILTER
options IPFILTER_LOG
options IPSTEALTH
options ALTQ
options ALTQ_CBQ # Class Bases Queueing
options ALTQ_RED # Random Early Drop
options ALTQ_RIO # RED In/Out
options ALTQ_HFSC # Hierarchical Packet Scheduler
options ALTQ_CDNR # Traffic conditioner
options ALTQ_PRIQ # Priority Queueing
options ALTQ_NOPCC # Required for SMP build
options IPSEC
options IPSEC_NAT_T
device crypto
device cryptodev
device hifn
device enc
device pf # PF OpenBSD packet-filter firewall
device pflog # logging support interface for PF
device pfsync # synchronization interface for PF
device carp # common address redundancy protocol
Only pf(4) is configured and used.
net.inet.ip.forwarding: 1
net.inet.ip.fastforwarding: 0
net.inet6.ip6.forwarding: 0
No netgraph, divert or dup-to.
Interface list:
bge0: flags=8843<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST> metric 0 mtu 1500
options=8009b<RXCSUM,TXCSUM,VLAN_MTU,VLAN_HWTAGGING,VLAN_HWCSUM,LINKSTATE>
bge1: flags=8843<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST> metric 0 mtu 1500
options=8009b<RXCSUM,TXCSUM,VLAN_MTU,VLAN_HWTAGGING,VLAN_HWCSUM,LINKSTATE>
pflog0: flags=0<> metric 0 mtu 33152
pfsync0: flags=0<> metric 0 mtu 1500
ipfw0: flags=8801<UP,SIMPLEX,MULTICAST> metric 0 mtu 65536
lo0: flags=8049<UP,LOOPBACK,RUNNING,MULTICAST> metric 0 mtu 16384
options=3<RXCSUM,TXCSUM>
enc0: flags=0<> metric 0 mtu 1536
Only bge0 and bge1 are configured and used. bge0 ist $ext_if and bge1 is
$int_if.
Kind regards
Joerg
- --
The beginning is the most important part of the work.
-Plato
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2.0.18 (FreeBSD)
iD8DBQFPu33aSPOsGF+KA+MRAjkLAJ0Z6K0Smp5M2p9r/VcSAUy1nqnkAACgqMq7
oHMudSKOjU3nQIGaq3M0fAo=
=SuIg
-----END PGP SIGNATURE-----
More information about the freebsd-pf
mailing list