kern/168190: [pf] panic when using pf and route-to (maybe: bad
fragment handling?)
Joerg Pulz
Joerg.Pulz at frm2.tum.de
Fri May 25 07:27:05 UTC 2012
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
On Thu, 24 May 2012, Joerg Pulz wrote:
> Daniel,
>
> exactly, ipfw was enabled with the above kernel options but not configured
> to filter or do anything but the DEFAULT_TO_ACCEPT.
> I've rebuilt the kernel without IPFIREWALL options. The system is running
> now for about three and a half hours.
> Time will show if this solved our problem.
> I'm still wondering why these panics showed up in irregular unreproducable
> intervals.
>
> Thanks for writing to the ipfw list. I'm really interested in tracking
> this further down to fix it forever, so nobody will stumble over it again.
>
> Thanks for all your help. Feel free to contact me if you have new ideas or
> things i should try.
Daniel,
the system is still running without panic, but i found the following log
entries from last night:
May 24 23:28:57 charon kernel: pf_route: m0->m_len < sizeof(struct ip)
May 24 23:28:57 charon kernel: pf_route: m0->m_len < sizeof(struct ip)
Do you think that this may be related to the panics?
I've found this error message two times in contrib/pf/net/pf.c.
I can't say which of them or both have printed the message.
Kind regards
Joerg
- --
The beginning is the most important part of the work.
-Plato
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2.0.18 (FreeBSD)
iD8DBQFPvzP1SPOsGF+KA+MRAngoAJ4wk4PSjEtYvpCak2H8Qze8GaUbfwCgg2dq
2sQgy+3qWttRKxCj/WctPvY=
=ejhQ
-----END PGP SIGNATURE-----
More information about the freebsd-pf
mailing list