kern/168190: [pf] panic when using pf and route-to (maybe: bad
fragment handling?)
Ermal Luçi
eri at freebsd.org
Wed May 23 13:33:44 UTC 2012
On Wed, May 23, 2012 at 9:05 AM, Joerg Pulz <Joerg.Pulz at frm2.tum.de> wrote:
> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
>
>
> On Tue, 22 May 2012, Ermal Luçi wrote:
>
>> iirc this is from fastforwarding being enabled.
>> Just from memory though, cause i remember seeing this panic as well.
>>
>> Again, from memory this is fastforwarding related, try disabling it.
>> If it was pf(4) surely in pfSense would have been seen more frequently
>> and in pfSense fastforwarding is not used but normal path....
>
>
> Ermal,
>
> thanks for your reply to this.
> As i already stated in a previous mail, fastforwarding is not and was never
> used on this system.
>
Heh i might have misread.
Can you try with this patch
https://github.com/bsdperimeter/pfsense-tools/blob/master/patches/RELENG_8_3/pf_route-to_fragemnts.RELENG_8.diff
>From the commit message seems this is realted with your issue:
commit 164f4705fe4474d264d5d561ac3e3d60a512d2f7
Author: Ermal <eri at pfsense.org>
Date: Sun Mar 21 19:01:34 2010 +0000
Add patch that fixes sending of fragmented packets with policy-routing.
>
> net.inet.ip.forwarding: 1
> net.inet.ip.fastforwarding: 0
> net.inet6.ip6.forwarding: 0
>
> Kind regards
> Joerg
>
> - -- The beginning is the most important part of the work.
> -Plato
> -----BEGIN PGP SIGNATURE-----
> Version: GnuPG v2.0.18 (FreeBSD)
>
> iD8DBQFPvIxISPOsGF+KA+MRAmIUAJ4gth6QsTMXmHRCnKhsm4XQ2S0ibQCeOB8h
> W3C84aefIPrpu9O69pIrmEM=
> =/wga
> -----END PGP SIGNATURE-----
--
Ermal
More information about the freebsd-pf
mailing list