From owner-freebsd-ipfw@FreeBSD.ORG Sun Jun 27 04:21:56 2010 Return-Path: Delivered-To: freebsd-ipfw@hub.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id A3272106564A; Sun, 27 Jun 2010 04:21:56 +0000 (UTC) (envelope-from linimon@FreeBSD.org) Received: from freefall.freebsd.org (freefall.freebsd.org [IPv6:2001:4f8:fff6::28]) by mx1.freebsd.org (Postfix) with ESMTP id 7B0E88FC1D; Sun, 27 Jun 2010 04:21:56 +0000 (UTC) Received: from freefall.freebsd.org (localhost [127.0.0.1]) by freefall.freebsd.org (8.14.4/8.14.4) with ESMTP id o5R4LuUh036055; Sun, 27 Jun 2010 04:21:56 GMT (envelope-from linimon@freefall.freebsd.org) Received: (from linimon@localhost) by freefall.freebsd.org (8.14.4/8.14.4/Submit) id o5R4Luw5036051; Sun, 27 Jun 2010 04:21:56 GMT (envelope-from linimon) Date: Sun, 27 Jun 2010 04:21:56 GMT Message-Id: <201006270421.o5R4Luw5036051@freefall.freebsd.org> To: linimon@FreeBSD.org, freebsd-amd64@FreeBSD.org, freebsd-ipfw@FreeBSD.org From: linimon@FreeBSD.org Cc: Subject: Re: amd64/148157: [ipfw] IPFW in kernel nat BUG found in FreeBSD 8.1-PRERELEASE X-BeenThere: freebsd-ipfw@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: IPFW Technical Discussions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sun, 27 Jun 2010 04:21:56 -0000 Old Synopsis: IPFW in kernel nat BUG found in FreeBSD 8.1-PRERELEASE New Synopsis: [ipfw] IPFW in kernel nat BUG found in FreeBSD 8.1-PRERELEASE Responsible-Changed-From-To: freebsd-amd64->freebsd-ipfw Responsible-Changed-By: linimon Responsible-Changed-When: Sun Jun 27 04:21:37 UTC 2010 Responsible-Changed-Why: Over to maintainer(s). http://www.freebsd.org/cgi/query-pr.cgi?pr=148157 From owner-freebsd-ipfw@FreeBSD.ORG Sun Jun 27 04:42:36 2010 Return-Path: Delivered-To: freebsd-ipfw@hub.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 2C66F106564A; Sun, 27 Jun 2010 04:42:36 +0000 (UTC) (envelope-from dougb@FreeBSD.org) Received: from freefall.freebsd.org (freefall.freebsd.org [IPv6:2001:4f8:fff6::28]) by mx1.freebsd.org (Postfix) with ESMTP id 02D978FC21; Sun, 27 Jun 2010 04:42:36 +0000 (UTC) Received: from freefall.freebsd.org (localhost [127.0.0.1]) by freefall.freebsd.org (8.14.4/8.14.4) with ESMTP id o5R4gZIt053946; Sun, 27 Jun 2010 04:42:35 GMT (envelope-from dougb@freefall.freebsd.org) Received: (from dougb@localhost) by freefall.freebsd.org (8.14.4/8.14.4/Submit) id o5R4gZeD053942; Sun, 27 Jun 2010 04:42:35 GMT (envelope-from dougb) Date: Sun, 27 Jun 2010 04:42:35 GMT Message-Id: <201006270442.o5R4gZeD053942@freefall.freebsd.org> To: dougb@FreeBSD.org, freebsd-rc@FreeBSD.org, freebsd-ipfw@FreeBSD.org From: dougb@FreeBSD.org Cc: Subject: Re: conf/148144: [patch] add ipfw_nat support for rc.firewall simple type X-BeenThere: freebsd-ipfw@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: IPFW Technical Discussions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sun, 27 Jun 2010 04:42:36 -0000 Synopsis: [patch] add ipfw_nat support for rc.firewall simple type Responsible-Changed-From-To: freebsd-rc->freebsd-ipfw Responsible-Changed-By: dougb Responsible-Changed-When: Sun Jun 27 04:41:51 UTC 2010 Responsible-Changed-Why: Not rc.d related, and I think the -ipfw folks are in a better position to determine if nat config falls into the "simple" category or not. http://www.freebsd.org/cgi/query-pr.cgi?pr=148144 From owner-freebsd-ipfw@FreeBSD.ORG Sun Jun 27 04:44:39 2010 Return-Path: Delivered-To: freebsd-ipfw@hub.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id D78A5106564A; Sun, 27 Jun 2010 04:44:39 +0000 (UTC) (envelope-from dougb@FreeBSD.org) Received: from freefall.freebsd.org (freefall.freebsd.org [IPv6:2001:4f8:fff6::28]) by mx1.freebsd.org (Postfix) with ESMTP id B00108FC23; Sun, 27 Jun 2010 04:44:39 +0000 (UTC) Received: from freefall.freebsd.org (localhost [127.0.0.1]) by freefall.freebsd.org (8.14.4/8.14.4) with ESMTP id o5R4idX0054012; Sun, 27 Jun 2010 04:44:39 GMT (envelope-from dougb@freefall.freebsd.org) Received: (from dougb@localhost) by freefall.freebsd.org (8.14.4/8.14.4/Submit) id o5R4idLq054008; Sun, 27 Jun 2010 04:44:39 GMT (envelope-from dougb) Date: Sun, 27 Jun 2010 04:44:39 GMT Message-Id: <201006270444.o5R4idLq054008@freefall.freebsd.org> To: dougb@FreeBSD.org, freebsd-rc@FreeBSD.org, freebsd-ipfw@FreeBSD.org From: dougb@FreeBSD.org Cc: Subject: Re: conf/148137: [ipfw] call order of natd and ipfw startup scripts X-BeenThere: freebsd-ipfw@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: IPFW Technical Discussions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sun, 27 Jun 2010 04:44:39 -0000 Synopsis: [ipfw] call order of natd and ipfw startup scripts Responsible-Changed-From-To: freebsd-rc->freebsd-ipfw Responsible-Changed-By: dougb Responsible-Changed-When: Sun Jun 27 04:43:52 UTC 2010 Responsible-Changed-Why: I vote the latter. :) http://www.freebsd.org/cgi/query-pr.cgi?pr=148137 From owner-freebsd-ipfw@FreeBSD.ORG Sun Jun 27 07:00:13 2010 Return-Path: Delivered-To: freebsd-ipfw@hub.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 5F56B106566C for ; Sun, 27 Jun 2010 07:00:13 +0000 (UTC) (envelope-from gnats@FreeBSD.org) Received: from freefall.freebsd.org (freefall.freebsd.org [IPv6:2001:4f8:fff6::28]) by mx1.freebsd.org (Postfix) with ESMTP id 3456A8FC14 for ; Sun, 27 Jun 2010 07:00:13 +0000 (UTC) Received: from freefall.freebsd.org (localhost [127.0.0.1]) by freefall.freebsd.org (8.14.4/8.14.4) with ESMTP id o5R70CZH074160 for ; Sun, 27 Jun 2010 07:00:12 GMT (envelope-from gnats@freefall.freebsd.org) Received: (from gnats@localhost) by freefall.freebsd.org (8.14.4/8.14.4/Submit) id o5R70Cb8074158; Sun, 27 Jun 2010 07:00:12 GMT (envelope-from gnats) Date: Sun, 27 Jun 2010 07:00:12 GMT Message-Id: <201006270700.o5R70Cb8074158@freefall.freebsd.org> To: freebsd-ipfw@FreeBSD.org From: Shant Kassardjian Cc: Subject: RE: amd64/148157: IPFW in kernel nat BUG found in FreeBSD 8.1-PRERELEASE X-BeenThere: freebsd-ipfw@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list Reply-To: Shant Kassardjian List-Id: IPFW Technical Discussions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sun, 27 Jun 2010 07:00:13 -0000 The following reply was made to PR amd64/148157; it has been noted by GNATS. From: Shant Kassardjian To: Cc: Subject: RE: amd64/148157: IPFW in kernel nat BUG found in FreeBSD 8.1-PRERELEASE Date: Sun, 27 Jun 2010 06:47:13 +0000 --_2b7ea459-4f83-4d6d-bb13-f83fbb741e5c_ Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: quoted-printable Hi Garrett=2C I just tried to perform a kernel dump with dumpdev=3D"YES" and had no luck= =2C I keep getting: Cannot dump. Device not defined or unavailable. my custom kernel is set to disable: #options KTRACE # ktrace(1) support #options KDTRACE_FRAME # Ensure frames are compiled in #options KDTRACE_HOOKS # Kernel DTrace hooks must recompile kernel to enable tracing?=20 I'm currently using the intel pro 1000 chipset / em0 driver=2C I've been ex= periencing all sorts of network stability problems for a while now(ever sin= ce I upgrade to stable a month ago). It looks like the em0 driver for amd64= needs alot of work however a couple of days ago when I recompiled my box t= o the latest stable 8.1-prerelease I saw alot of improvments and my ipfw/du= mmynet firewall seems to be running stable with no crashes/lockups so far..= .=20 It is very easy for me to replicate the in nat kernel problem=2C i just can= t get a dump to provide you the additional info. Let me know how I can help. Thanks=2C Shant K > Date: Sat=2C 26 Jun 2010 11:52:01 -0700 > Subject: Re: amd64/148157: IPFW in kernel nat BUG found in FreeBSD 8.1-P= RERELEASE > From: yanefbsd@gmail.com > To: pookme@hotmail.com > CC: freebsd-gnats-submit@freebsd.org >=20 > Hi=2C > Do you have a backtrace for the issue (bt from ddb=2C or the > equivalent bt from kgdb)? I'm asking because I saw various issues > running with in kernel nat as well in various bits of the kernel -- > one was the ip routing code=2C one was the ipfw_nat code=2C and the other > was the network driver that I was using=2C bce(4). All items suggested > that there's a locking issue. The reference to the mail thread I > started is here: > http://lists.freebsd.org/pipermail/freebsd-net/2010-June/025594.html > (note that it's an issue with 8.1-* and 9-CURRENT). > Thanks=2C > -Garrett =20 _________________________________________________________________ Turn down-time into play-time with Messenger games http://go.microsoft.com/?linkid=3D9734385= --_2b7ea459-4f83-4d6d-bb13-f83fbb741e5c_ Content-Type: text/html; charset="iso-8859-1" Content-Transfer-Encoding: quoted-printable Hi Garrett=2C


I just tried to perform a kernel dump with dumpdev= =3D"YES" and had no luck=2C I keep getting:


Cannot dump. Device = not defined or unavailable.


my custom kernel is set to disable:<= BR>

#options KTRACE # ktrace(1) support
<= BR>#options KDTRACE_FRAME # Ensure frames are compiled in<= BR>#options KDTRACE_HOOKS # Kernel DTrace hooks

must recompile kernel to enable tracing?=A0


I'm currently using= the intel pro 1000 chipset / em0 driver=2C I've been experiencing all sort= s of network stability problems for a while now(ever since I upgrade to sta= ble a month ago). It looks like the em0 driver for amd64 needs alot of work= however a couple of days ago when I recompiled my box to the latest stable= 8.1-prerelease I saw alot of improvments and my ipfw/dummynet firewall see= ms to be running stable with no crashes/lockups so far...=A0


It = is very easy for me to replicate the in nat kernel problem=2C i just cant g= et a dump to provide you the additional info.


Let me know how I = can help.




Thanks=2C
Shant K



>=3B Dat= e: Sat=2C 26 Jun 2010 11:52:01 -0700
>=3B Subject: Re: amd64/148157: I= PFW in kernel nat BUG found in FreeBSD 8.1-PRERELEASE
>=3B From: yane= fbsd@gmail.com
>=3B To: pookme@hotmail.com
>=3B CC: freebsd-gnats= -submit@freebsd.org
>=3B
>=3B Hi=2C
>=3B Do you have a = backtrace for the issue (bt from ddb=2C or the
>=3B equivalent bt from= kgdb)? I'm asking because I saw various issues
>=3B running with in k= ernel nat as well in various bits of the kernel --
>=3B one was the ip= routing code=2C one was the ipfw_nat code=2C and the other
>=3B was t= he network driver that I was using=2C bce(4). All items suggested
>=3B= that there's a locking issue. The reference to the mail thread I
>=3B= started is here:
>=3B http://lists.freebsd.org/pipermail/freebsd-net/= 2010-June/025594.html
>=3B (note that it's an issue with 8.1-* and 9-C= URRENT).
>=3B Thanks=2C
>=3B -Garrett

= Your Photo on Bing.ca: You Could WIN on Canada Day! Submit a Photo Now! = --_2b7ea459-4f83-4d6d-bb13-f83fbb741e5c_-- From owner-freebsd-ipfw@FreeBSD.ORG Sun Jun 27 07:10:03 2010 Return-Path: Delivered-To: freebsd-ipfw@hub.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id D20F7106566B for ; Sun, 27 Jun 2010 07:10:03 +0000 (UTC) (envelope-from gnats@FreeBSD.org) Received: from freefall.freebsd.org (freefall.freebsd.org [IPv6:2001:4f8:fff6::28]) by mx1.freebsd.org (Postfix) with ESMTP id C0E9C8FC13 for ; Sun, 27 Jun 2010 07:10:03 +0000 (UTC) Received: from freefall.freebsd.org (localhost [127.0.0.1]) by freefall.freebsd.org (8.14.4/8.14.4) with ESMTP id o5R7A3QS082227 for ; Sun, 27 Jun 2010 07:10:03 GMT (envelope-from gnats@freefall.freebsd.org) Received: (from gnats@localhost) by freefall.freebsd.org (8.14.4/8.14.4/Submit) id o5R7A3kg082226; Sun, 27 Jun 2010 07:10:03 GMT (envelope-from gnats) Date: Sun, 27 Jun 2010 07:10:03 GMT Message-Id: <201006270710.o5R7A3kg082226@freefall.freebsd.org> To: freebsd-ipfw@FreeBSD.org From: Garrett Cooper Cc: Subject: Re: amd64/148157: IPFW in kernel nat BUG found in FreeBSD 8.1-PRERELEASE X-BeenThere: freebsd-ipfw@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list Reply-To: Garrett Cooper List-Id: IPFW Technical Discussions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sun, 27 Jun 2010 07:10:03 -0000 The following reply was made to PR amd64/148157; it has been noted by GNATS. From: Garrett Cooper To: Shant Kassardjian Cc: freebsd-gnats-submit@freebsd.org Subject: Re: amd64/148157: IPFW in kernel nat BUG found in FreeBSD 8.1-PRERELEASE Date: Sun, 27 Jun 2010 00:04:16 -0700 Hi Shant, Please bottom post from here on out. On Sat, Jun 26, 2010 at 11:47 PM, Shant Kassardjian wrote: > Hi Garrett, > > > I just tried to perform a kernel dump with dumpdev="YES" and had no luck, I > keep getting: dumpdev="" always appears to fail to me as well (contrary to what others have claimed). Try doing the following after booting up: dumpon `awk '$3 == swap { print $1 }'` Then you'll be able to reproduce the problem and grab the resulting kernel core dump. > Cannot dump. Device not defined or unavailable. > > my custom kernel is set to disable: > > > #options KTRACE # ktrace(1) support > > #options KDTRACE_FRAME # Ensure frames are compiled in > #options KDTRACE_HOOKS # Kernel DTrace hooks > > must recompile kernel to enable tracing? No. > I'm currently using the intel pro 1000 chipset / em0 driver, I've been > experiencing all sorts of network stability problems for a while now(ever > since I upgrade to stable a month ago). It looks like the em0 driver for > amd64 needs alot of work however a couple of days ago when I recompiled my > box to the latest stable 8.1-prerelease I saw alot of improvments and my > ipfw/dummynet firewall seems to be running stable with no crashes/lockups so > far... > > > It is very easy for me to replicate the in nat kernel problem, i just cant > get a dump to provide you the additional info. From owner-freebsd-ipfw@FreeBSD.ORG Sun Jun 27 08:30:04 2010 Return-Path: Delivered-To: freebsd-ipfw@hub.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 1E26E106564A for ; Sun, 27 Jun 2010 08:30:04 +0000 (UTC) (envelope-from gnats@FreeBSD.org) Received: from freefall.freebsd.org (freefall.freebsd.org [IPv6:2001:4f8:fff6::28]) by mx1.freebsd.org (Postfix) with ESMTP id E6F278FC12 for ; Sun, 27 Jun 2010 08:30:03 +0000 (UTC) Received: from freefall.freebsd.org (localhost [127.0.0.1]) by freefall.freebsd.org (8.14.4/8.14.4) with ESMTP id o5R8U3To079212 for ; Sun, 27 Jun 2010 08:30:03 GMT (envelope-from gnats@freefall.freebsd.org) Received: (from gnats@localhost) by freefall.freebsd.org (8.14.4/8.14.4/Submit) id o5R8U3fq079207; Sun, 27 Jun 2010 08:30:03 GMT (envelope-from gnats) Date: Sun, 27 Jun 2010 08:30:03 GMT Message-Id: <201006270830.o5R8U3fq079207@freefall.freebsd.org> To: freebsd-ipfw@FreeBSD.org From: Ian Smith Cc: Subject: Re: conf/148144: [patch] add ipfw_nat support for rc.firewall simple type X-BeenThere: freebsd-ipfw@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list Reply-To: Ian Smith List-Id: IPFW Technical Discussions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sun, 27 Jun 2010 08:30:04 -0000 The following reply was made to PR conf/148144; it has been noted by GNATS. From: Ian Smith To: bug-followup@FreeBSD.org, naylor.b.david@gmail.com Cc: Subject: Re: conf/148144: [patch] add ipfw_nat support for rc.firewall simple type Date: Sun, 27 Jun 2010 18:29:38 +1000 This is a multi-part message in MIME format. --------------050308060205000900020401 Content-Type: text/plain; charset=us-ascii; format=flowed Content-Transfer-Encoding: 7bit This patch is certainly needed to make 'simple' usable out of the box. I'd like to offer an alternative patch, reusing rather than duplicating the existing NAT code, making it a function with the same functionality. This patch also adds allowing outbound pings and essential ICMP to both 'client' and 'simple' rulesets, another long-term omission. I'd have also included the complementary ipv6-icmp rules from 'workstation' but I have no way to test and confirm their correctness. cheers, Ian --------------050308060205000900020401 Content-Type: text/plain; name="rc.firewall.patch" Content-Transfer-Encoding: 7bit Content-Disposition: inline; filename="rc.firewall.patch" --- rc.firewall.1.69 Sun Jun 27 16:43:48 2010 +++ rc.firewall Sun Jun 27 17:48:15 2010 @@ -142,20 +142,19 @@ setup_ipv6_mandatory ############ -# Network Address Translation. All packets are passed to natd(8) -# before they encounter your remaining rules. The firewall rules -# will then be run again on each packet after translation by natd -# starting at the rule number following the divert rule. +# Network Address Translation. All packets are passed to natd(8) or +# kernel nat before they encounter your remaining rules. The firewall +# rules will then be run again on each packet after nat translation +# starting at the rule number following the divert or nat rule. # -# For ``simple'' firewall type the divert rule should be put to a +# For ``simple'' firewall type the divert or nat rule is included in a # different place to not interfere with address-checking rules. # -case ${firewall_type} in -[Oo][Pp][Ee][Nn]|[Cc][Ll][Ii][Ee][Nn][Tt]) +setup_nat () { case ${natd_enable} in [Yy][Ee][Ss]) if [ -n "${natd_interface}" ]; then - ${fwcmd} add 50 divert natd ip4 from any to any via ${natd_interface} + ${fwcmd} add $1 divert natd ip4 from any to any via ${natd_interface} fi ;; esac @@ -169,11 +168,11 @@ firewall_nat_flags="if ${firewall_nat_interface} ${firewall_nat_flags}" fi ${fwcmd} nat 123 config log ${firewall_nat_flags} - ${fwcmd} add 50 nat 123 ip4 from any to any via ${firewall_nat_interface} + ${fwcmd} add $1 nat 123 ip4 from any to any via ${firewall_nat_interface} fi ;; esac -esac +} ############ # If you just configured ipfw in the kernel as a tool to solve network @@ -188,6 +187,7 @@ # case ${firewall_type} in [Oo][Pp][Ee][Nn]) + setup_nat 50 ${fwcmd} add 65000 pass all from any to any ;; @@ -205,6 +205,8 @@ net="$firewall_client_net" net6="$firewall_client_net_ipv6" + setup_nat 50 + # Allow limited broadcast traffic from my own net. ${fwcmd} add pass all from ${net} to 255.255.255.255 @@ -245,6 +247,12 @@ # Allow NTP queries out in the world ${fwcmd} add pass udp from me to any 123 keep-state + # Allow outbound pings + ${fwcmd} add pass icmp from me to any out icmptypes 8 keep-state + + # Allow essential ICMP: unreachable, source quench, TTL exceeded + ${fwcmd} add pass icmp from any to any icmptypes 3,4,11 + # Everything else is denied by default, unless the # IPFIREWALL_DEFAULT_TO_ACCEPT option is set in your kernel # config file. @@ -311,13 +319,7 @@ # translated by natd(8) would match the `deny' rule above. Similarly # an outgoing packet originated from it before being translated would # match the `deny' rule below. - case ${natd_enable} in - [Yy][Ee][Ss]) - if [ -n "${natd_interface}" ]; then - ${fwcmd} add divert natd ip4 from any to any via ${natd_interface} - fi - ;; - esac + setup_nat # Stop RFC1918 nets on the outside interface ${fwcmd} add deny all from 10.0.0.0/8 to any via ${oif} @@ -414,6 +416,12 @@ # Allow NTP queries out in the world ${fwcmd} add pass udp from me to any 123 keep-state + + # Allow outbound pings from our net + ${fwcmd} add pass icmp from any to any out icmptypes 8 keep-state + + # Allow essential ICMP: unreachable, source quench, TTL exceeded + ${fwcmd} add pass icmp from any to any icmptypes 3,4,11 # Everything else is denied by default, unless the # IPFIREWALL_DEFAULT_TO_ACCEPT option is set in your kernel --------------050308060205000900020401-- From owner-freebsd-ipfw@FreeBSD.ORG Sun Jun 27 18:30:05 2010 Return-Path: Delivered-To: freebsd-ipfw@hub.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 044DF106564A for ; Sun, 27 Jun 2010 18:30:05 +0000 (UTC) (envelope-from gnats@FreeBSD.org) Received: from freefall.freebsd.org (freefall.freebsd.org [IPv6:2001:4f8:fff6::28]) by mx1.freebsd.org (Postfix) with ESMTP id E26008FC12 for ; Sun, 27 Jun 2010 18:30:04 +0000 (UTC) Received: from freefall.freebsd.org (localhost [127.0.0.1]) by freefall.freebsd.org (8.14.4/8.14.4) with ESMTP id o5RIU40W093840 for ; Sun, 27 Jun 2010 18:30:04 GMT (envelope-from gnats@freefall.freebsd.org) Received: (from gnats@localhost) by freefall.freebsd.org (8.14.4/8.14.4/Submit) id o5RIU4vC093836; Sun, 27 Jun 2010 18:30:04 GMT (envelope-from gnats) Date: Sun, 27 Jun 2010 18:30:04 GMT Message-Id: <201006271830.o5RIU4vC093836@freefall.freebsd.org> To: freebsd-ipfw@FreeBSD.org From: Shant Kassardjian Cc: Subject: RE: amd64/148157: IPFW in kernel nat BUG found in FreeBSD 8.1-PRERELEASE X-BeenThere: freebsd-ipfw@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list Reply-To: Shant Kassardjian List-Id: IPFW Technical Discussions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sun, 27 Jun 2010 18:30:05 -0000 The following reply was made to PR amd64/148157; it has been noted by GNATS. From: Shant Kassardjian To: Cc: Subject: RE: amd64/148157: IPFW in kernel nat BUG found in FreeBSD 8.1-PRERELEASE Date: Sun, 27 Jun 2010 18:25:25 +0000 --_43033f25-eecb-4513-8fa9-20d8fad19493_ Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: quoted-printable > Date: Sun=2C 27 Jun 2010 00:04:16 -0700 > Subject: Re: amd64/148157: IPFW in kernel nat BUG found in FreeBSD 8.1-P= RERELEASE > From: yanefbsd@gmail.com > To: pookme@hotmail.com > CC: freebsd-gnats-submit@freebsd.org >=20 > Hi Shant=2C > Please bottom post from here on out. >=20 > On Sat=2C Jun 26=2C 2010 at 11:47 PM=2C Shant Kassardjian wrote: > > Hi Garrett=2C > > > > > > I just tried to perform a kernel dump with dumpdev=3D"YES" and had no l= uck=2C I > > keep getting: >=20 > dumpdev=3D"" always appears to fail to me as well (contrary to > what others have claimed). Try doing the following after booting up: >=20 > dumpon `awk '$3 =3D=3D swap { print $1 }'` >=20 > Then you'll be able to reproduce the problem and grab the resulting > kernel core dump. Hi Garrett=2C I still can't get it to dump. Perhaps it's because my system does not have = any swap space allocated? Here's what I added in my /etc/rc.conf to simulate an swap device: dumpdev=3D"YES" dumpdir=3D"/home/crash/" swapfile=3D"/home/crash/swap0" Then I ran: core# sh /tmp/ipfw_test = ~ 00001 nat 100 ip from any to any via em0 ipfw nat 100 config ip 192.168.1.104 redirect_port tcp 172.25.1.1:22 22 core# dumpon `awk '$3 =3D=3D swap { print $1 }'` = ~ Fatal trap 12: page fault while in kernel mode cpuid =3D 0=3B apic id =3D 00 fault virtual address =3D 0xc fault code =3D supervisor write data=2C page not present instruction pointer =3D 0x20:0xffffffff801d5cd6 stack pointer =3D 0x28:0xffffff8074fbc370 frame pointer =3D 0x28:0xffffff8074fbc620 code segment =3D base 0x0=2C limit 0xfffff=2C type 0x1b =3D DPL 0=2C pres 1=2C long 1=2C def32 0=2C gran 1 processor eflags =3D interrupt enabled=2C resume=2C IOPL =3D 0 current process =3D 1818 (sshd) trap number =3D 12 panic: page fault cpuid =3D 0 Uptime: 2m36s Cannot dump. Device not defined or unavailable. Automatic reboot in 15 seconds - press a key on the console to abort I'm still getting the "Cannot dump" error message=2C any idea what I can do= next? Many thanks. Shant K >=20 > > Cannot dump. Device not defined or unavailable. > > > > my custom kernel is set to disable: > > > > > > #options KTRACE # ktrace(1) support > > > > #options KDTRACE_FRAME # Ensure frames are compiled in > > #options KDTRACE_HOOKS # Kernel DTrace hooks > > > > must recompile kernel to enable tracing? >=20 > No. >=20 > > I'm currently using the intel pro 1000 chipset / em0 driver=2C I've bee= n > > experiencing all sorts of network stability problems for a while now(ev= er > > since I upgrade to stable a month ago). It looks like the em0 driver fo= r > > amd64 needs alot of work however a couple of days ago when I recompiled= my > > box to the latest stable 8.1-prerelease I saw alot of improvments and m= y > > ipfw/dummynet firewall seems to be running stable with no crashes/locku= ps so > > far... > > > > > > It is very easy for me to replicate the in nat kernel problem=2C i just= cant > > get a dump to provide you the additional info. =20 _________________________________________________________________ Learn more ways to connect with your buddies now http://go.microsoft.com/?linkid=3D9734388= --_43033f25-eecb-4513-8fa9-20d8fad19493_ Content-Type: text/html; charset="iso-8859-1" Content-Transfer-Encoding: quoted-printable

>=3B Date: Sun=2C 27 Jun 2010 00:04:16 -0700
>=3B Subject: R= e: amd64/148157: IPFW in kernel nat BUG found in FreeBSD 8.1-PRERELEASE>=3B From: yanefbsd@gmail.com
>=3B To: pookme@hotmail.com
>=3B= CC: freebsd-gnats-submit@freebsd.org
>=3B
>=3B Hi Shant=2C
&= gt=3B Please bottom post from here on out.
>=3B
>=3B On Sat= =2C Jun 26=2C 2010 at 11:47 PM=2C Shant Kassardjian <=3Bpookme@hotmail.co= m>=3B wrote:
>=3B >=3B Hi Garrett=2C
>=3B >=3B
>=3B &g= t=3B
>=3B >=3B I just tried to perform a kernel dump with dumpdev=3D= "YES" and had no luck=2C I
>=3B >=3B keep getting:
>=3B
>= =3B dumpdev=3D"<=3Bblah>=3B" always appears to fail to me as well (cont= rary to
>=3B what others have claimed). Try doing the following after = booting up:
>=3B
>=3B dumpon `awk '$3 =3D=3D swap { print $1 }'`=
>=3B
>=3B Then you'll be able to reproduce the problem and grab= the resulting
>=3B kernel core dump.


Hi Garrett=2C

=
I still can't get it to dump. Perhaps it's because my system does not h= ave any swap space allocated?


Here's what I added in my /etc/rc.= conf to simulate an swap device:


dumpdev=3D"YES"
dumpdir=3D"/= home/crash/"
swapfile=3D"/home/crash/swap0"

Then I ran:

co= re# sh /tmp/ipfw_test = ~
00001 nat 100 ip from any to any via em0
ipfw nat 100 config ip 19= 2.168.1.104 redirect_port tcp 172.25.1.1:22 22
core# dumpon `awk '$3 =3D= =3D swap { print $1 }'` ~


Fatal= trap 12: page fault while in kernel mode
cpuid =3D 0=3B apic id =3D 00<= BR>fault virtual address =3D 0xc
fault code =3D superviso= r write data=2C page not present
instruction pointer =3D 0x20:0xffff= ffff801d5cd6
stack pointer =3D 0x28:0xffffff8074fbc370
fram= e pointer =3D 0x28:0xffffff8074fbc620
code segment = =3D base 0x0=2C limit 0xfffff=2C type 0x1b
=3D D= PL 0=2C pres 1=2C long 1=2C def32 0=2C gran 1
processor eflags = =3D interrupt enabled=2C resume=2C IOPL =3D 0
current process = =3D 1818 (sshd)
trap number =3D 12
panic: page fault
c= puid =3D 0
Uptime: 2m36s
Cannot dump. Device not defined or unavailab= le.
Automatic reboot in 15 seconds - press a key on the console to abort=


I'm still getting the "Cannot dump" error message=2C any idea w= hat I can do next?


Many thanks.
Shant K

>=3B
>= =3B >=3B Cannot dump. Device not defined or unavailable.
>=3B >=3B=
>=3B >=3B my custom kernel is set to disable:
>=3B >=3B
&= gt=3B >=3B
>=3B >=3B #options KTRACE # ktrace(1) support
>=3B= >=3B
>=3B >=3B #options KDTRACE_FRAME # Ensure frames are compile= d in
>=3B >=3B #options KDTRACE_HOOKS # Kernel DTrace hooks
>= =3B >=3B
>=3B >=3B must recompile kernel to enable tracing?
>= =3B
>=3B No.
>=3B
>=3B >=3B I'm currently using the inte= l pro 1000 chipset / em0 driver=2C I've been
>=3B >=3B experiencing = all sorts of network stability problems for a while now(ever
>=3B >= =3B since I upgrade to stable a month ago). It looks like the em0 driver fo= r
>=3B >=3B amd64 needs alot of work however a couple of days ago wh= en I recompiled my
>=3B >=3B box to the latest stable 8.1-prerelease= I saw alot of improvments and my
>=3B >=3B ipfw/dummynet firewall s= eems to be running stable with no crashes/lockups so
>=3B >=3B far..= .
>=3B >=3B
>=3B >=3B
>=3B >=3B It is very easy for me= to replicate the in nat kernel problem=2C i just cant
>=3B >=3B get= a dump to provide you the additional info.

Ente= r for a chance to get your town photo on Bing.ca! Submit a Photo Now! = --_43033f25-eecb-4513-8fa9-20d8fad19493_-- From owner-freebsd-ipfw@FreeBSD.ORG Sun Jun 27 18:30:07 2010 Return-Path: Delivered-To: freebsd-ipfw@hub.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 3FFBA106566B for ; Sun, 27 Jun 2010 18:30:07 +0000 (UTC) (envelope-from gnats@FreeBSD.org) Received: from freefall.freebsd.org (freefall.freebsd.org [IPv6:2001:4f8:fff6::28]) by mx1.freebsd.org (Postfix) with ESMTP id 2AC108FC08 for ; Sun, 27 Jun 2010 18:30:07 +0000 (UTC) Received: from freefall.freebsd.org (localhost [127.0.0.1]) by freefall.freebsd.org (8.14.4/8.14.4) with ESMTP id o5RIU7cO094019 for ; Sun, 27 Jun 2010 18:30:07 GMT (envelope-from gnats@freefall.freebsd.org) Received: (from gnats@localhost) by freefall.freebsd.org (8.14.4/8.14.4/Submit) id o5RIU7Ke094016; Sun, 27 Jun 2010 18:30:07 GMT (envelope-from gnats) Date: Sun, 27 Jun 2010 18:30:07 GMT Message-Id: <201006271830.o5RIU7Ke094016@freefall.freebsd.org> To: freebsd-ipfw@FreeBSD.org From: Garrett Cooper Cc: Subject: Re: amd64/148157: IPFW in kernel nat BUG found in FreeBSD 8.1-PRERELEASE X-BeenThere: freebsd-ipfw@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list Reply-To: Garrett Cooper List-Id: IPFW Technical Discussions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sun, 27 Jun 2010 18:30:07 -0000 The following reply was made to PR amd64/148157; it has been noted by GNATS. From: Garrett Cooper To: Shant Kassardjian Cc: bug-followup@freebsd.org Subject: Re: amd64/148157: IPFW in kernel nat BUG found in FreeBSD 8.1-PRERELEASE Date: Sun, 27 Jun 2010 11:27:42 -0700 On Sun, Jun 27, 2010 at 11:25 AM, Shant Kassardjian wrote: > > >> Date: Sun, 27 Jun 2010 00:04:16 -0700 >> Subject: Re: amd64/148157: IPFW in kernel nat BUG found in FreeBSD >> 8.1-PRERELEASE >> From: yanefbsd@gmail.com >> To: pookme@hotmail.com >> CC: freebsd-gnats-submit@freebsd.org >> >> Hi Shant, >> Please bottom post from here on out. >> >> On Sat, Jun 26, 2010 at 11:47 PM, Shant Kassardjian >> wrote: >> > Hi Garrett, >> > >> > >> > I just tried to perform a kernel dump with dumpdev="YES" and had no >> > luck, I >> > keep getting: >> >> dumpdev="" always appears to fail to me as well (contrary to >> what others have claimed). Try doing the following after booting up: >> >> dumpon `awk '$3 == swap { print $1 }'` >> >> Then you'll be able to reproduce the problem and grab the resulting >> kernel core dump. > > > Hi Garrett, > > > I still can't get it to dump. Perhaps it's because my system does not have > any swap space allocated? > > > Here's what I added in my /etc/rc.conf to simulate an swap device: > > > dumpdev="YES" > dumpdir="/home/crash/" > swapfile="/home/crash/swap0" > > Then I ran: > > core# sh /tmp/ipfw_test ~ > 00001 nat 100 ip from any to any via em0 > ipfw nat 100 config ip 192.168.1.104 redirect_port tcp 172.25.1.1:22 22 > core# dumpon `awk '$3 == swap { print $1 }'` ~ > > > Fatal trap 12: page fault while in kernel mode > cpuid = 0; apic id = 00 > fault virtual address = 0xc > fault code = supervisor write data, page not present > instruction pointer = 0x20:0xffffffff801d5cd6 > stack pointer = 0x28:0xffffff8074fbc370 > frame pointer = 0x28:0xffffff8074fbc620 > code segment = base 0x0, limit 0xfffff, type 0x1b > = DPL 0, pres 1, long 1, def32 0, gran 1 > processor eflags = interrupt enabled, resume, IOPL = 0 > current process = 1818 (sshd) > trap number = 12 > panic: page fault > cpuid = 0 > Uptime: 2m36s > Cannot dump. Device not defined or unavailable. > Automatic reboot in 15 seconds - press a key on the console to abort > > > I'm still getting the "Cannot dump" error message, any idea what I can do > next? Yeah.. you need a swap device otherwise you're not going to be able to get a coredump... >> > Cannot dump. Device not defined or unavailable. >> > >> > my custom kernel is set to disable: >> > >> > >> > #options KTRACE # ktrace(1) support >> > >> > #options KDTRACE_FRAME # Ensure frames are compiled in >> > #options KDTRACE_HOOKS # Kernel DTrace hooks >> > >> > must recompile kernel to enable tracing? >> >> No. >> >> > I'm currently using the intel pro 1000 chipset / em0 driver, I've been >> > experiencing all sorts of network stability problems for a while >> > now(ever >> > since I upgrade to stable a month ago). It looks like the em0 driver for >> > amd64 needs alot of work however a couple of days ago when I recompiled >> > my >> > box to the latest stable 8.1-prerelease I saw alot of improvments and my >> > ipfw/dummynet firewall seems to be running stable with no >> > crashes/lockups so >> > far... >> > >> > >> > It is very easy for me to replicate the in nat kernel problem, i just >> > cant >> > get a dump to provide you the additional info. From owner-freebsd-ipfw@FreeBSD.ORG Mon Jun 28 11:06:55 2010 Return-Path: Delivered-To: freebsd-ipfw@FreeBSD.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 3975410656C0 for ; Mon, 28 Jun 2010 11:06:55 +0000 (UTC) (envelope-from owner-bugmaster@FreeBSD.org) Received: from freefall.freebsd.org (freefall.freebsd.org [IPv6:2001:4f8:fff6::28]) by mx1.freebsd.org (Postfix) with ESMTP id 278B28FC08 for ; Mon, 28 Jun 2010 11:06:55 +0000 (UTC) Received: from freefall.freebsd.org (localhost [127.0.0.1]) by freefall.freebsd.org (8.14.4/8.14.4) with ESMTP id o5SB6tjf086549 for ; Mon, 28 Jun 2010 11:06:55 GMT (envelope-from owner-bugmaster@FreeBSD.org) Received: (from gnats@localhost) by freefall.freebsd.org (8.14.4/8.14.4/Submit) id o5SB6sMw086547 for freebsd-ipfw@FreeBSD.org; Mon, 28 Jun 2010 11:06:54 GMT (envelope-from owner-bugmaster@FreeBSD.org) Date: Mon, 28 Jun 2010 11:06:54 GMT Message-Id: <201006281106.o5SB6sMw086547@freefall.freebsd.org> X-Authentication-Warning: freefall.freebsd.org: gnats set sender to owner-bugmaster@FreeBSD.org using -f From: FreeBSD bugmaster To: freebsd-ipfw@FreeBSD.org Cc: Subject: Current problem reports assigned to freebsd-ipfw@FreeBSD.org X-BeenThere: freebsd-ipfw@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: IPFW Technical Discussions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 28 Jun 2010 11:06:55 -0000 Note: to view an individual PR, use: http://www.freebsd.org/cgi/query-pr.cgi?pr=(number). The following is a listing of current problems submitted by FreeBSD users. These represent problem reports covering all versions including experimental development code and obsolete releases. S Tracker Resp. Description -------------------------------------------------------------------------------- o kern/148157 ipfw [ipfw] IPFW in kernel nat BUG found in FreeBSD 8.1-PRE o conf/148144 ipfw [patch] add ipfw_nat support for rc.firewall simple ty o conf/148137 ipfw [ipfw] call order of natd and ipfw startup scripts o kern/147798 ipfw [ipfw]: skipto skips over the complex rule o kern/147720 ipfw [ipfw] ipfw dynamic rules and fwd o kern/145733 ipfw [ipfw] [patch] ipfw flaws with ipv6 fragments o kern/145305 ipfw [ipfw] ipfw problems, panics, data corruption, ipv6 so o kern/145167 ipfw [ipfw] ipfw nat does not follow its documentation o kern/144869 ipfw [ipfw] [panic] Instant kernel panic when adding NAT ru o kern/144269 ipfw [ipfw] problem with ipfw tables o kern/144187 ipfw [ipfw] deadlock using multiple ipfw nat and multiple l o kern/143973 ipfw [ipfw] [panic] ipfw forward option causes kernel reboo o kern/143653 ipfw [ipfw] [patch] ipfw nat redirect_port "buf is too smal o kern/143621 ipfw [ipfw] [dummynet] [patch] dummynet and vnet use result o kern/143474 ipfw [ipfw] ipfw table contains the same address f kern/142951 ipfw [dummynet] using pipes&queues gives OUCH! pipe should o kern/139581 ipfw [ipfw] "ipfw pipe" not limiting bandwidth o kern/139226 ipfw [ipfw] install_state: entry already present, done o kern/137346 ipfw [ipfw] ipfw nat redirect_proto is broken o kern/137232 ipfw [ipfw] parser troubles o kern/136695 ipfw [ipfw] [patch] fwd reached after skipto in dynamic rul o kern/135476 ipfw [ipfw] IPFW table breaks after adding a large number o o bin/134975 ipfw [patch] ipfw(8) can't work with set in rule file. o kern/132553 ipfw [ipfw] ipfw doesn't understand ftp-data port o kern/131817 ipfw [ipfw] blocks layer2 packets that should not be blocke o kern/131601 ipfw [ipfw] [panic] 7-STABLE panic in nat_finalise (tcp=0) o kern/131558 ipfw [ipfw] Inconsistent "via" ipfw behavior o bin/130132 ipfw [patch] ipfw(8): no way to get mask from ipfw pipe sho o kern/129103 ipfw [ipfw] IPFW check state does not work =( o kern/129093 ipfw [ipfw] ipfw nat must not drop packets o kern/129036 ipfw [ipfw] 'ipfw fwd' does not change outgoing interface n o kern/128260 ipfw [ipfw] [patch] ipfw_divert damages IPv6 packets o kern/127230 ipfw [ipfw] [patch] Feature request to add UID and/or GID l o kern/127209 ipfw [ipfw] IPFW table become corrupted after many changes o bin/125370 ipfw [ipfw] [patch] increase a line buffer limit o conf/123119 ipfw [patch] rc script for ipfw does not handle IPv6 o kern/122963 ipfw [ipfw] tcpdump does not show packets redirected by 'ip s kern/121807 ipfw [request] TCP and UDP port_table in ipfw o kern/121382 ipfw [dummynet]: 6.3-RELEASE-p1 page fault in dummynet (cor o kern/121122 ipfw [ipfw] [patch] add support to ToS IP PRECEDENCE fields o kern/118993 ipfw [ipfw] page fault - probably it's a locking problem o bin/117214 ipfw ipfw(8) fwd with IPv6 treats input as IPv4 o kern/116009 ipfw [ipfw] [patch] Ignore errors when loading ruleset from o docs/113803 ipfw [patch] ipfw(8) - don't get bitten by the fwd rule p kern/113388 ipfw [ipfw] [patch] Addition actions with rules within spec o kern/112561 ipfw [ipfw] ipfw fwd does not work with some TCP packets o kern/105330 ipfw [ipfw] [patch] ipfw (dummynet) does not allow to set q o bin/104921 ipfw [patch] ipfw(8) sometimes treats ipv6 input as ipv4 (a o kern/104682 ipfw [ipfw] [patch] Some minor language consistency fixes a o kern/103454 ipfw [ipfw] [patch] [request] add a facility to modify DF b o kern/103328 ipfw [ipfw] [request] sugestions about ipfw table o kern/102471 ipfw [ipfw] [patch] add tos and dscp support o kern/98831 ipfw [ipfw] ipfw has UDP hickups o kern/97951 ipfw [ipfw] [patch] ipfw does not tie interface details to o kern/97504 ipfw [ipfw] IPFW Rules bug o kern/95084 ipfw [ipfw] [regression] [patch] IPFW2 ignores "recv/xmit/v o kern/93300 ipfw [ipfw] ipfw pipe lost packets o kern/91847 ipfw [ipfw] ipfw with vlanX as the device o kern/88659 ipfw [modules] ipfw and ip6fw do not work properly as modul o kern/87032 ipfw [ipfw] [patch] ipfw ioctl interface implementation o kern/86957 ipfw [ipfw] [patch] ipfw mac logging o bin/83046 ipfw [ipfw] ipfw2 error: "setup" is allowed for icmp, but s o kern/82724 ipfw [ipfw] [patch] [request] Add setnexthop and defaultrou s kern/80642 ipfw [ipfw] [patch] ipfw small patch - new RULE OPTION o bin/78785 ipfw [patch] ipfw(8) verbosity locks machine if /etc/rc.fir o kern/74104 ipfw [ipfw] ipfw2/1 conflict not detected or reported, manp o kern/73910 ipfw [ipfw] serious bug on forwarding of packets after NAT o kern/72987 ipfw [ipfw] ipfw/dummynet pipe/queue 'queue [BYTES]KBytes ( o kern/71366 ipfw [ipfw] "ipfw fwd" sometimes rewrites destination mac a o kern/69963 ipfw [ipfw] install_state warning about already existing en o kern/60719 ipfw [ipfw] Headerless fragments generate cryptic error mes o kern/55984 ipfw [ipfw] [patch] time based firewalling support for ipfw o kern/51274 ipfw [ipfw] [patch] ipfw2 create dynamic rules with parent o kern/48172 ipfw [ipfw] [patch] ipfw does not log size and flags o kern/46159 ipfw [ipfw] [patch] [request] ipfw dynamic rules lifetime f a kern/26534 ipfw [ipfw] Add an option to ipfw to log gid/uid of who cau 76 problems total. From owner-freebsd-ipfw@FreeBSD.ORG Tue Jun 29 16:49:00 2010 Return-Path: Delivered-To: freebsd-ipfw@hub.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 28938106564A; Tue, 29 Jun 2010 16:49:00 +0000 (UTC) (envelope-from glebius@FreeBSD.org) Received: from freefall.freebsd.org (freefall.freebsd.org [IPv6:2001:4f8:fff6::28]) by mx1.freebsd.org (Postfix) with ESMTP id F321E8FC17; Tue, 29 Jun 2010 16:48:59 +0000 (UTC) Received: from freefall.freebsd.org (localhost [127.0.0.1]) by freefall.freebsd.org (8.14.4/8.14.4) with ESMTP id o5TGmxVD053699; Tue, 29 Jun 2010 16:48:59 GMT (envelope-from glebius@freefall.freebsd.org) Received: (from glebius@localhost) by freefall.freebsd.org (8.14.4/8.14.4/Submit) id o5TGmxmO053695; Tue, 29 Jun 2010 16:48:59 GMT (envelope-from glebius) Date: Tue, 29 Jun 2010 16:48:59 GMT Message-Id: <201006291648.o5TGmxmO053695@freefall.freebsd.org> To: glebius@FreeBSD.org, freebsd-ipfw@FreeBSD.org, glebius@FreeBSD.org From: glebius@FreeBSD.org Cc: Subject: Re: kern/147798: [ipfw]: skipto skips over the complex rule X-BeenThere: freebsd-ipfw@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: IPFW Technical Discussions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 29 Jun 2010 16:49:00 -0000 Synopsis: [ipfw]: skipto skips over the complex rule Responsible-Changed-From-To: freebsd-ipfw->glebius Responsible-Changed-By: glebius Responsible-Changed-When: Tue Jun 29 16:48:11 UTC 2010 Responsible-Changed-Why: Take this one. The problem in the starting "no" operand of the skipto rule. http://www.freebsd.org/cgi/query-pr.cgi?pr=147798 From owner-freebsd-ipfw@FreeBSD.ORG Wed Jun 30 04:00:16 2010 Return-Path: Delivered-To: freebsd-ipfw@hub.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 2422D106566B for ; Wed, 30 Jun 2010 04:00:16 +0000 (UTC) (envelope-from gnats@FreeBSD.org) Received: from freefall.freebsd.org (freefall.freebsd.org [IPv6:2001:4f8:fff6::28]) by mx1.freebsd.org (Postfix) with ESMTP id 11D068FC18 for ; Wed, 30 Jun 2010 04:00:16 +0000 (UTC) Received: from freefall.freebsd.org (localhost [127.0.0.1]) by freefall.freebsd.org (8.14.4/8.14.4) with ESMTP id o5U40FlM027187 for ; Wed, 30 Jun 2010 04:00:15 GMT (envelope-from gnats@freefall.freebsd.org) Received: (from gnats@localhost) by freefall.freebsd.org (8.14.4/8.14.4/Submit) id o5U40FMW027185; Wed, 30 Jun 2010 04:00:15 GMT (envelope-from gnats) Date: Wed, 30 Jun 2010 04:00:15 GMT Message-Id: <201006300400.o5U40FMW027185@freefall.freebsd.org> To: freebsd-ipfw@FreeBSD.org From: Shant Kassardjian Cc: Subject: RE: amd64/148157: IPFW in kernel nat BUG found in FreeBSD 8.1-PRERELEASE X-BeenThere: freebsd-ipfw@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list Reply-To: Shant Kassardjian List-Id: IPFW Technical Discussions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 30 Jun 2010 04:00:16 -0000 The following reply was made to PR kern/148157; it has been noted by GNATS. From: Shant Kassardjian To: Cc: Subject: RE: amd64/148157: IPFW in kernel nat BUG found in FreeBSD 8.1-PRERELEASE Date: Wed, 30 Jun 2010 03:41:44 +0000 --_6eb28895-d6d3-44cd-8867-bfa249256909_ Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: quoted-printable Hi Garette=2C Just to let you know=2C I will follow these steps from the FreeBSD handbook= for adding swap space to my system http://www.freebsd.org/doc/en/books/han= dbook/adding-swap-space.html If all goes well=2C I should have an update wi= th some debug logs. I've been very busy lately... best regards=2C Shant K > Date: Sun=2C 27 Jun 2010 11:27:42 -0700 > Subject: Re: amd64/148157: IPFW in kernel nat BUG found in FreeBSD 8.1-P= RERELEASE > From: yanefbsd@gmail.com > To: pookme@hotmail.com > CC: bug-followup@freebsd.org >=20 > On Sun=2C Jun 27=2C 2010 at 11:25 AM=2C Shant Kassardjian wrote: > > > > > >> Date: Sun=2C 27 Jun 2010 00:04:16 -0700 > >> Subject: Re: amd64/148157: IPFW in kernel nat BUG found in FreeBSD > >> 8.1-PRERELEASE > >> From: yanefbsd@gmail.com > >> To: pookme@hotmail.com > >> CC: freebsd-gnats-submit@freebsd.org > >> > >> Hi Shant=2C > >> Please bottom post from here on out. > >> > >> On Sat=2C Jun 26=2C 2010 at 11:47 PM=2C Shant Kassardjian > >> wrote: > >> > Hi Garrett=2C > >> > > >> > > >> > I just tried to perform a kernel dump with dumpdev=3D"YES" and had n= o > >> > luck=2C I > >> > keep getting: > >> > >> dumpdev=3D"" always appears to fail to me as well (contrary to > >> what others have claimed). Try doing the following after booting up: > >> > >> dumpon `awk '$3 =3D=3D swap { print $1 }'` > >> > >> Then you'll be able to reproduce the problem and grab the resulting > >> kernel core dump. > > > > > > Hi Garrett=2C > > > > > > I still can't get it to dump. Perhaps it's because my system does not h= ave > > any swap space allocated? > > > > > > Here's what I added in my /etc/rc.conf to simulate an swap device: > > > > > > dumpdev=3D"YES" > > dumpdir=3D"/home/crash/" > > swapfile=3D"/home/crash/swap0" > > > > Then I ran: > > > > core# sh /tmp/ipfw_test ~ > > 00001 nat 100 ip from any to any via em0 > > ipfw nat 100 config ip 192.168.1.104 redirect_port tcp 172.25.1.1:22 22 > > core# dumpon `awk '$3 =3D=3D swap { print $1 }'` ~ > > > > > > Fatal trap 12: page fault while in kernel mode > > cpuid =3D 0=3B apic id =3D 00 > > fault virtual address =3D 0xc > > fault code =3D supervisor write data=2C page not present > > instruction pointer =3D 0x20:0xffffffff801d5cd6 > > stack pointer =3D 0x28:0xffffff8074fbc370 > > frame pointer =3D 0x28:0xffffff8074fbc620 > > code segment =3D base 0x0=2C limit 0xfffff=2C type 0x1b > > =3D DPL 0=2C pres 1=2C long 1=2C def32 0=2C gran 1 > > processor eflags =3D interrupt enabled=2C resume=2C IOPL =3D 0 > > current process =3D 1818 (sshd) > > trap number =3D 12 > > panic: page fault > > cpuid =3D 0 > > Uptime: 2m36s > > Cannot dump. Device not defined or unavailable. > > Automatic reboot in 15 seconds - press a key on the console to abort > > > > > > I'm still getting the "Cannot dump" error message=2C any idea what I ca= n do > > next? >=20 > Yeah.. you need a swap device otherwise you're not going to be able to > get a coredump... >=20 > >> > Cannot dump. Device not defined or unavailable. > >> > > >> > my custom kernel is set to disable: > >> > > >> > > >> > #options KTRACE # ktrace(1) support > >> > > >> > #options KDTRACE_FRAME # Ensure frames are compiled in > >> > #options KDTRACE_HOOKS # Kernel DTrace hooks > >> > > >> > must recompile kernel to enable tracing? > >> > >> No. > >> > >> > I'm currently using the intel pro 1000 chipset / em0 driver=2C I've = been > >> > experiencing all sorts of network stability problems for a while > >> > now(ever > >> > since I upgrade to stable a month ago). It looks like the em0 driver= for > >> > amd64 needs alot of work however a couple of days ago when I recompi= led > >> > my > >> > box to the latest stable 8.1-prerelease I saw alot of improvments an= d my > >> > ipfw/dummynet firewall seems to be running stable with no > >> > crashes/lockups so > >> > far... > >> > > >> > > >> > It is very easy for me to replicate the in nat kernel problem=2C i j= ust > >> > cant > >> > get a dump to provide you the additional info. =20 _________________________________________________________________ Turn down-time into play-time with Messenger games http://go.microsoft.com/?linkid=3D9734385= --_6eb28895-d6d3-44cd-8867-bfa249256909_ Content-Type: text/html; charset="iso-8859-1" Content-Transfer-Encoding: quoted-printable Hi Garette=2C


Just to let you know=2C I will follow these steps = from the FreeBSD handbook for adding swap space to my system http://www.fre= ebsd.org/doc/en/books/handbook/adding-swap-space.html If all goes well=2C I= should have an update with some debug logs.


I've been very busy= lately...


best regards=2C
Shant K

>=3B Date: Sun=2C= 27 Jun 2010 11:27:42 -0700
>=3B Subject: Re: amd64/148157: IPFW in ke= rnel nat BUG found in FreeBSD 8.1-PRERELEASE
>=3B From: yanefbsd@gmai= l.com
>=3B To: pookme@hotmail.com
>=3B CC: bug-followup@freebsd.o= rg
>=3B
>=3B On Sun=2C Jun 27=2C 2010 at 11:25 AM=2C Shant Kassa= rdjian <=3Bpookme@hotmail.com>=3B wrote:
>=3B >=3B
>=3B >= =3B
>=3B >=3B>=3B Date: Sun=2C 27 Jun 2010 00:04:16 -0700
>= =3B >=3B>=3B Subject: Re: amd64/148157: IPFW in kernel nat BUG found in= FreeBSD
>=3B >=3B>=3B 8.1-PRERELEASE
>=3B >=3B>=3B From:= yanefbsd@gmail.com
>=3B >=3B>=3B To: pookme@hotmail.com
>=3B= >=3B>=3B CC: freebsd-gnats-submit@freebsd.org
>=3B >=3B>=3B>=3B >=3B>=3B Hi Shant=2C
>=3B >=3B>=3B Please bottom post= from here on out.
>=3B >=3B>=3B
>=3B >=3B>=3B On Sat=2C = Jun 26=2C 2010 at 11:47 PM=2C Shant Kassardjian <=3Bpookme@hotmail.com>= =3B
>=3B >=3B>=3B wrote:
>=3B >=3B>=3B >=3B Hi Garrett= =2C
>=3B >=3B>=3B >=3B
>=3B >=3B>=3B >=3B
>=3B &= gt=3B>=3B >=3B I just tried to perform a kernel dump with dumpdev=3D"YE= S" and had no
>=3B >=3B>=3B >=3B luck=2C I
>=3B >=3B>= =3B >=3B keep getting:
>=3B >=3B>=3B
>=3B >=3B>=3B dump= dev=3D"<=3Bblah>=3B" always appears to fail to me as well (contrary to<= BR>>=3B >=3B>=3B what others have claimed). Try doing the following a= fter booting up:
>=3B >=3B>=3B
>=3B >=3B>=3B dumpon `awk = '$3 =3D=3D swap { print $1 }'`
>=3B >=3B>=3B
>=3B >=3B>= =3B Then you'll be able to reproduce the problem and grab the resulting
= >=3B >=3B>=3B kernel core dump.
>=3B >=3B
>=3B >=3B
= >=3B >=3B Hi Garrett=2C
>=3B >=3B
>=3B >=3B
>=3B >= =3B I still can't get it to dump. Perhaps it's because my system does not h= ave
>=3B >=3B any swap space allocated?
>=3B >=3B
>=3B &= gt=3B
>=3B >=3B Here's what I added in my /etc/rc.conf to simulate a= n swap device:
>=3B >=3B
>=3B >=3B
>=3B >=3B dumpdev= =3D"YES"
>=3B >=3B dumpdir=3D"/home/crash/"
>=3B >=3B swapfil= e=3D"/home/crash/swap0"
>=3B >=3B
>=3B >=3B Then I ran:
&g= t=3B >=3B
>=3B >=3B core# sh /tmp/ipfw_test ~
>=3B >=3B 000= 01 nat 100 ip from any to any via em0
>=3B >=3B ipfw nat 100 config = ip 192.168.1.104 redirect_port tcp 172.25.1.1:22 22
>=3B >=3B core# = dumpon `awk '$3 =3D=3D swap { print $1 }'` ~
>=3B >=3B
>=3B >= =3B
>=3B >=3B Fatal trap 12: page fault while in kernel mode
>= =3B >=3B cpuid =3D 0=3B apic id =3D 00
>=3B >=3B fault virtual add= ress =3D 0xc
>=3B >=3B fault code =3D supervisor write data=2C page = not present
>=3B >=3B instruction pointer =3D 0x20:0xffffffff801d5cd= 6
>=3B >=3B stack pointer =3D 0x28:0xffffff8074fbc370
>=3B >= =3B frame pointer =3D 0x28:0xffffff8074fbc620
>=3B >=3B code segment= =3D base 0x0=2C limit 0xfffff=2C type 0x1b
>=3B >=3B =3D DPL 0=2C p= res 1=2C long 1=2C def32 0=2C gran 1
>=3B >=3B processor eflags =3D = interrupt enabled=2C resume=2C IOPL =3D 0
>=3B >=3B current process = =3D 1818 (sshd)
>=3B >=3B trap number =3D 12
>=3B >=3B panic:= page fault
>=3B >=3B cpuid =3D 0
>=3B >=3B Uptime: 2m36s
= >=3B >=3B Cannot dump. Device not defined or unavailable.
>=3B >= =3B Automatic reboot in 15 seconds - press a key on the console to abort>=3B >=3B
>=3B >=3B
>=3B >=3B I'm still getting the "Can= not dump" error message=2C any idea what I can do
>=3B >=3B next?>=3B
>=3B Yeah.. you need a swap device otherwise you're not going= to be able to
>=3B get a coredump...
>=3B
>=3B >=3B>= =3B >=3B Cannot dump. Device not defined or unavailable.
>=3B >=3B= >=3B >=3B
>=3B >=3B>=3B >=3B my custom kernel is set to disa= ble:
>=3B >=3B>=3B >=3B
>=3B >=3B>=3B >=3B
>=3B = >=3B>=3B >=3B #options KTRACE # ktrace(1) support
>=3B >=3B>= =3B >=3B
>=3B >=3B>=3B >=3B #options KDTRACE_FRAME # Ensure fr= ames are compiled in
>=3B >=3B>=3B >=3B #options KDTRACE_HOOKS #= Kernel DTrace hooks
>=3B >=3B>=3B >=3B
>=3B >=3B>=3B &= gt=3B must recompile kernel to enable tracing?
>=3B >=3B>=3B
&g= t=3B >=3B>=3B No.
>=3B >=3B>=3B
>=3B >=3B>=3B >=3B = I'm currently using the intel pro 1000 chipset / em0 driver=2C I've been>=3B >=3B>=3B >=3B experiencing all sorts of network stability pro= blems for a while
>=3B >=3B>=3B >=3B now(ever
>=3B >=3B&g= t=3B >=3B since I upgrade to stable a month ago). It looks like the em0 d= river for
>=3B >=3B>=3B >=3B amd64 needs alot of work however a = couple of days ago when I recompiled
>=3B >=3B>=3B >=3B my
&g= t=3B >=3B>=3B >=3B box to the latest stable 8.1-prerelease I saw alot= of improvments and my
>=3B >=3B>=3B >=3B ipfw/dummynet firewall= seems to be running stable with no
>=3B >=3B>=3B >=3B crashes/l= ockups so
>=3B >=3B>=3B >=3B far...
>=3B >=3B>=3B >= =3B
>=3B >=3B>=3B >=3B
>=3B >=3B>=3B >=3B It is very = easy for me to replicate the in nat kernel problem=2C i just
>=3B >= =3B>=3B >=3B cant
>=3B >=3B>=3B >=3B get a dump to provide y= ou the additional info.

Your Photo on Bing.ca: Y= ou Could WIN on Canada Day! Submit a Photo Now! = --_6eb28895-d6d3-44cd-8867-bfa249256909_-- From owner-freebsd-ipfw@FreeBSD.ORG Wed Jun 30 10:10:11 2010 Return-Path: Delivered-To: freebsd-ipfw@hub.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 9FEA3106566B for ; Wed, 30 Jun 2010 10:10:11 +0000 (UTC) (envelope-from gnats@FreeBSD.org) Received: from freefall.freebsd.org (freefall.freebsd.org [IPv6:2001:4f8:fff6::28]) by mx1.freebsd.org (Postfix) with ESMTP id 7599F8FC15 for ; Wed, 30 Jun 2010 10:10:11 +0000 (UTC) Received: from freefall.freebsd.org (localhost [127.0.0.1]) by freefall.freebsd.org (8.14.4/8.14.4) with ESMTP id o5UAABL9025483 for ; Wed, 30 Jun 2010 10:10:11 GMT (envelope-from gnats@freefall.freebsd.org) Received: (from gnats@localhost) by freefall.freebsd.org (8.14.4/8.14.4/Submit) id o5UAABQv025482; Wed, 30 Jun 2010 10:10:11 GMT (envelope-from gnats) Date: Wed, 30 Jun 2010 10:10:11 GMT Message-Id: <201006301010.o5UAABQv025482@freefall.freebsd.org> To: freebsd-ipfw@FreeBSD.org From: "Terrence Koeman" Cc: Subject: Re: kern/145305: [ipfw] ipfw problems, panics, data corruption, ipv6 socket weirdness X-BeenThere: freebsd-ipfw@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list Reply-To: Terrence Koeman List-Id: IPFW Technical Discussions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 30 Jun 2010 10:10:11 -0000 The following reply was made to PR kern/145305; it has been noted by GNATS. From: "Terrence Koeman" To: "bug-followup@FreeBSD.org" Cc: Subject: Re: kern/145305: [ipfw] ipfw problems, panics, data corruption, ipv6 socket weirdness Date: Wed, 30 Jun 2010 12:08:36 +0200 I spoke too soon. The panics and corruption are gone, but there's still the= problem of local ipv6 addresses being used 'as' ipv4 addresses which resul= ts in bad source addresses: Jun 30 10:50:42 adinava kernel: ipfw: 65529 Accept TCP 1.23.2.0:28593 :25 out via bce0 I'm having tons of those, where 1.23.2.0 is obviously not a locally bound I= P but the result of the local system trying to send a SYN from a local ipv6= address to a remote ipv4 address. PS: Excuse me for signing my previous followup. -- Regards, T. Koeman, MTh/BSc/BPsy; Technical Monk MediaMonks B.V. (www.mediamonks.com) Please quote all replies in correspondence. From owner-freebsd-ipfw@FreeBSD.ORG Wed Jun 30 10:40:08 2010 Return-Path: Delivered-To: freebsd-ipfw@hub.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 836C5106564A for ; Wed, 30 Jun 2010 10:40:08 +0000 (UTC) (envelope-from gnats@FreeBSD.org) Received: from freefall.freebsd.org (freefall.freebsd.org [IPv6:2001:4f8:fff6::28]) by mx1.freebsd.org (Postfix) with ESMTP id 58A2D8FC28 for ; Wed, 30 Jun 2010 10:40:08 +0000 (UTC) Received: from freefall.freebsd.org (localhost [127.0.0.1]) by freefall.freebsd.org (8.14.4/8.14.4) with ESMTP id o5UAe86m028622 for ; Wed, 30 Jun 2010 10:40:08 GMT (envelope-from gnats@freefall.freebsd.org) Received: (from gnats@localhost) by freefall.freebsd.org (8.14.4/8.14.4/Submit) id o5UAe8tR028612; Wed, 30 Jun 2010 10:40:08 GMT (envelope-from gnats) Date: Wed, 30 Jun 2010 10:40:08 GMT Message-Id: <201006301040.o5UAe8tR028612@freefall.freebsd.org> To: freebsd-ipfw@FreeBSD.org From: "Terrence Koeman" Cc: Subject: Re: kern/145305: [ipfw] ipfw problems, panics, data corruption, ipv6 socket weirdness X-BeenThere: freebsd-ipfw@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list Reply-To: Terrence Koeman List-Id: IPFW Technical Discussions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 30 Jun 2010 10:40:08 -0000 The following reply was made to PR kern/145305; it has been noted by GNATS. From: "Terrence Koeman" To: "bug-followup@FreeBSD.org" Cc: Subject: Re: kern/145305: [ipfw] ipfw problems, panics, data corruption, ipv6 socket weirdness Date: Wed, 30 Jun 2010 12:35:38 +0200 Example output of 'lsof -i 6 -nP': CGServer 1096 root 158u IPv6 0xffffff001087f6e0 0t0 TCP [2001:610:x= x:xxx:xxx:xxx:117:200]:18187->[::213.136.12.237]:25 (SYN_SENT) These are accompanied by entries in /var/log/security like so: Jun 30 12:12:28 adinava kernel: ipfw: 65529 Accept TCP 1.23.2.0:18187 213.1= 36.12.235:25 out via bce0 Obviously these will hang in SYN_SENT until they time out because the SYN p= acket with source 1.23.2.0 gets dropped at the border (and there wouldn't b= e a return route anyway). I'm assuming the ipv6 '2001:610:xx:xxx:xxx:xxx:117:200' ends up being ipv4 = '1.23.2.0' due to some conversion error. -- Regards, T. Koeman, MTh/BSc/BPsy; Technical Monk MediaMonks B.V. (www.mediamonks.com) Please quote all replies in correspondence. From owner-freebsd-ipfw@FreeBSD.ORG Thu Jul 1 05:00:18 2010 Return-Path: Delivered-To: freebsd-ipfw@hub.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id B00C51065740 for ; Thu, 1 Jul 2010 05:00:18 +0000 (UTC) (envelope-from gnats@FreeBSD.org) Received: from freefall.freebsd.org (freefall.freebsd.org [IPv6:2001:4f8:fff6::28]) by mx1.freebsd.org (Postfix) with ESMTP id 9F1F48FC1A for ; Thu, 1 Jul 2010 05:00:18 +0000 (UTC) Received: from freefall.freebsd.org (localhost [127.0.0.1]) by freefall.freebsd.org (8.14.4/8.14.4) with ESMTP id o6150GNB082456 for ; Thu, 1 Jul 2010 05:00:16 GMT (envelope-from gnats@freefall.freebsd.org) Received: (from gnats@localhost) by freefall.freebsd.org (8.14.4/8.14.4/Submit) id o6150G1H082455; Thu, 1 Jul 2010 05:00:16 GMT (envelope-from gnats) Date: Thu, 1 Jul 2010 05:00:16 GMT Message-Id: <201007010500.o6150G1H082455@freefall.freebsd.org> To: freebsd-ipfw@FreeBSD.org From: Shant Kassardjian Cc: Subject: RE: amd64/148157: IPFW in kernel nat BUG found in FreeBSD 8.1-PRERELEASE X-BeenThere: freebsd-ipfw@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list Reply-To: Shant Kassardjian List-Id: IPFW Technical Discussions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 01 Jul 2010 05:00:18 -0000 The following reply was made to PR kern/148157; it has been noted by GNATS. From: Shant Kassardjian To: Cc: Subject: RE: amd64/148157: IPFW in kernel nat BUG found in FreeBSD 8.1-PRERELEASE Date: Thu, 1 Jul 2010 05:00:02 +0000 --_71145bc2-6c1a-4340-8c7b-20122d8b8d35_ Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: quoted-printable Hi Garette=2C I've tried everything=2C even added a swap file and used the command you pr= ovided and still no dump file... I hope you can replicate this problem on your own with an intel em0 driver = loaded=2C I can provide you all the information you need in case your requi= re. let me know if you need anything else. Thanks=2C Regards=2C Shant K > Date: Sun=2C 27 Jun 2010 11:27:42 -0700 > Subject: Re: amd64/148157: IPFW in kernel nat BUG found in FreeBSD 8.1-P= RERELEASE > From: yanefbsd@gmail.com > To: pookme@hotmail.com > CC: bug-followup@freebsd.org >=20 > On Sun=2C Jun 27=2C 2010 at 11:25 AM=2C Shant Kassardjian wrote: > > > > > >> Date: Sun=2C 27 Jun 2010 00:04:16 -0700 > >> Subject: Re: amd64/148157: IPFW in kernel nat BUG found in FreeBSD > >> 8.1-PRERELEASE > >> From: yanefbsd@gmail.com > >> To: pookme@hotmail.com > >> CC: freebsd-gnats-submit@freebsd.org > >> > >> Hi Shant=2C > >> Please bottom post from here on out. > >> > >> On Sat=2C Jun 26=2C 2010 at 11:47 PM=2C Shant Kassardjian > >> wrote: > >> > Hi Garrett=2C > >> > > >> > > >> > I just tried to perform a kernel dump with dumpdev=3D"YES" and had n= o > >> > luck=2C I > >> > keep getting: > >> > >> dumpdev=3D"" always appears to fail to me as well (contrary to > >> what others have claimed). Try doing the following after booting up: > >> > >> dumpon `awk '$3 =3D=3D swap { print $1 }'` > >> > >> Then you'll be able to reproduce the problem and grab the resulting > >> kernel core dump. > > > > > > Hi Garrett=2C > > > > > > I still can't get it to dump. Perhaps it's because my system does not h= ave > > any swap space allocated? > > > > > > Here's what I added in my /etc/rc.conf to simulate an swap device: > > > > > > dumpdev=3D"YES" > > dumpdir=3D"/home/crash/" > > swapfile=3D"/home/crash/swap0" > > > > Then I ran: > > > > core# sh /tmp/ipfw_test ~ > > 00001 nat 100 ip from any to any via em0 > > ipfw nat 100 config ip 192.168.1.104 redirect_port tcp 172.25.1.1:22 22 > > core# dumpon `awk '$3 =3D=3D swap { print $1 }'` ~ > > > > > > Fatal trap 12: page fault while in kernel mode > > cpuid =3D 0=3B apic id =3D 00 > > fault virtual address =3D 0xc > > fault code =3D supervisor write data=2C page not present > > instruction pointer =3D 0x20:0xffffffff801d5cd6 > > stack pointer =3D 0x28:0xffffff8074fbc370 > > frame pointer =3D 0x28:0xffffff8074fbc620 > > code segment =3D base 0x0=2C limit 0xfffff=2C type 0x1b > > =3D DPL 0=2C pres 1=2C long 1=2C def32 0=2C gran 1 > > processor eflags =3D interrupt enabled=2C resume=2C IOPL =3D 0 > > current process =3D 1818 (sshd) > > trap number =3D 12 > > panic: page fault > > cpuid =3D 0 > > Uptime: 2m36s > > Cannot dump. Device not defined or unavailable. > > Automatic reboot in 15 seconds - press a key on the console to abort > > > > > > I'm still getting the "Cannot dump" error message=2C any idea what I ca= n do > > next? >=20 > Yeah.. you need a swap device otherwise you're not going to be able to > get a coredump... >=20 > >> > Cannot dump. Device not defined or unavailable. > >> > > >> > my custom kernel is set to disable: > >> > > >> > > >> > #options KTRACE # ktrace(1) support > >> > > >> > #options KDTRACE_FRAME # Ensure frames are compiled in > >> > #options KDTRACE_HOOKS # Kernel DTrace hooks > >> > > >> > must recompile kernel to enable tracing? > >> > >> No. > >> > >> > I'm currently using the intel pro 1000 chipset / em0 driver=2C I've = been > >> > experiencing all sorts of network stability problems for a while > >> > now(ever > >> > since I upgrade to stable a month ago). It looks like the em0 driver= for > >> > amd64 needs alot of work however a couple of days ago when I recompi= led > >> > my > >> > box to the latest stable 8.1-prerelease I saw alot of improvments an= d my > >> > ipfw/dummynet firewall seems to be running stable with no > >> > crashes/lockups so > >> > far... > >> > > >> > > >> > It is very easy for me to replicate the in nat kernel problem=2C i j= ust > >> > cant > >> > get a dump to provide you the additional info. =20 _________________________________________________________________ Game on: Challenge friends to great games on Messenger http://go.microsoft.com/?linkid=3D9734387= --_71145bc2-6c1a-4340-8c7b-20122d8b8d35_ Content-Type: text/html; charset="iso-8859-1" Content-Transfer-Encoding: quoted-printable Hi Garette=2C


I've tried everything=2C even added a swap file an= d used the command you provided and still no dump file...



I = hope you can replicate this problem on your own with an intel em0 driver lo= aded=2C I can provide you all the information you need in case your require= .


let me know if you need anything else.


Thanks=2CRegards=2C
Shant K

>=3B Date: Sun=2C 27 Jun 2010 11:27:42 -070= 0
>=3B Subject: Re: amd64/148157: IPFW in kernel nat BUG found in Free= BSD 8.1-PRERELEASE
>=3B From: yanefbsd@gmail.com
>=3B To: pookme= @hotmail.com
>=3B CC: bug-followup@freebsd.org
>=3B
>=3B On= Sun=2C Jun 27=2C 2010 at 11:25 AM=2C Shant Kassardjian <=3Bpookme@hotmai= l.com>=3B wrote:
>=3B >=3B
>=3B >=3B
>=3B >=3B>=3B= Date: Sun=2C 27 Jun 2010 00:04:16 -0700
>=3B >=3B>=3B Subject: Re= : amd64/148157: IPFW in kernel nat BUG found in FreeBSD
>=3B >=3B>= =3B 8.1-PRERELEASE
>=3B >=3B>=3B From: yanefbsd@gmail.com
>= =3B >=3B>=3B To: pookme@hotmail.com
>=3B >=3B>=3B CC: freebsd-= gnats-submit@freebsd.org
>=3B >=3B>=3B
>=3B >=3B>=3B Hi S= hant=2C
>=3B >=3B>=3B Please bottom post from here on out.
>= =3B >=3B>=3B
>=3B >=3B>=3B On Sat=2C Jun 26=2C 2010 at 11:47 P= M=2C Shant Kassardjian <=3Bpookme@hotmail.com>=3B
>=3B >=3B>= =3B wrote:
>=3B >=3B>=3B >=3B Hi Garrett=2C
>=3B >=3B>= =3B >=3B
>=3B >=3B>=3B >=3B
>=3B >=3B>=3B >=3B I ju= st tried to perform a kernel dump with dumpdev=3D"YES" and had no
>=3B= >=3B>=3B >=3B luck=2C I
>=3B >=3B>=3B >=3B keep getting:<= BR>>=3B >=3B>=3B
>=3B >=3B>=3B dumpdev=3D"<=3Bblah>=3B" = always appears to fail to me as well (contrary to
>=3B >=3B>=3B wh= at others have claimed). Try doing the following after booting up:
>= =3B >=3B>=3B
>=3B >=3B>=3B dumpon `awk '$3 =3D=3D swap { print= $1 }'`
>=3B >=3B>=3B
>=3B >=3B>=3B Then you'll be able t= o reproduce the problem and grab the resulting
>=3B >=3B>=3B kerne= l core dump.
>=3B >=3B
>=3B >=3B
>=3B >=3B Hi Garrett= =2C
>=3B >=3B
>=3B >=3B
>=3B >=3B I still can't get it= to dump. Perhaps it's because my system does not have
>=3B >=3B any= swap space allocated?
>=3B >=3B
>=3B >=3B
>=3B >=3B H= ere's what I added in my /etc/rc.conf to simulate an swap device:
>=3B= >=3B
>=3B >=3B
>=3B >=3B dumpdev=3D"YES"
>=3B >=3B = dumpdir=3D"/home/crash/"
>=3B >=3B swapfile=3D"/home/crash/swap0">=3B >=3B
>=3B >=3B Then I ran:
>=3B >=3B
>=3B >= =3B core# sh /tmp/ipfw_test ~
>=3B >=3B 00001 nat 100 ip from any to= any via em0
>=3B >=3B ipfw nat 100 config ip 192.168.1.104 redirect= _port tcp 172.25.1.1:22 22
>=3B >=3B core# dumpon `awk '$3 =3D=3D sw= ap { print $1 }'` ~
>=3B >=3B
>=3B >=3B
>=3B >=3B Fata= l trap 12: page fault while in kernel mode
>=3B >=3B cpuid =3D 0=3B = apic id =3D 00
>=3B >=3B fault virtual address =3D 0xc
>=3B >= =3B fault code =3D supervisor write data=2C page not present
>=3B >= =3B instruction pointer =3D 0x20:0xffffffff801d5cd6
>=3B >=3B stack = pointer =3D 0x28:0xffffff8074fbc370
>=3B >=3B frame pointer =3D 0x28= :0xffffff8074fbc620
>=3B >=3B code segment =3D base 0x0=2C limit 0xf= ffff=2C type 0x1b
>=3B >=3B =3D DPL 0=2C pres 1=2C long 1=2C def32 0= =2C gran 1
>=3B >=3B processor eflags =3D interrupt enabled=2C resum= e=2C IOPL =3D 0
>=3B >=3B current process =3D 1818 (sshd)
>=3B = >=3B trap number =3D 12
>=3B >=3B panic: page fault
>=3B >= =3B cpuid =3D 0
>=3B >=3B Uptime: 2m36s
>=3B >=3B Cannot dump= . Device not defined or unavailable.
>=3B >=3B Automatic reboot in 1= 5 seconds - press a key on the console to abort
>=3B >=3B
>=3B = >=3B
>=3B >=3B I'm still getting the "Cannot dump" error message= =2C any idea what I can do
>=3B >=3B next?
>=3B
>=3B Yeah= .. you need a swap device otherwise you're not going to be able to
>= =3B get a coredump...
>=3B
>=3B >=3B>=3B >=3B Cannot dump.= Device not defined or unavailable.
>=3B >=3B>=3B >=3B
>=3B= >=3B>=3B >=3B my custom kernel is set to disable:
>=3B >=3B&g= t=3B >=3B
>=3B >=3B>=3B >=3B
>=3B >=3B>=3B >=3B #op= tions KTRACE # ktrace(1) support
>=3B >=3B>=3B >=3B
>=3B &g= t=3B>=3B >=3B #options KDTRACE_FRAME # Ensure frames are compiled in>=3B >=3B>=3B >=3B #options KDTRACE_HOOKS # Kernel DTrace hooks>=3B >=3B>=3B >=3B
>=3B >=3B>=3B >=3B must recompile ke= rnel to enable tracing?
>=3B >=3B>=3B
>=3B >=3B>=3B No.>=3B >=3B>=3B
>=3B >=3B>=3B >=3B I'm currently using the= intel pro 1000 chipset / em0 driver=2C I've been
>=3B >=3B>=3B &g= t=3B experiencing all sorts of network stability problems for a while
&g= t=3B >=3B>=3B >=3B now(ever
>=3B >=3B>=3B >=3B since I upg= rade to stable a month ago). It looks like the em0 driver for
>=3B >= =3B>=3B >=3B amd64 needs alot of work however a couple of days ago when= I recompiled
>=3B >=3B>=3B >=3B my
>=3B >=3B>=3B >= =3B box to the latest stable 8.1-prerelease I saw alot of improvments and m= y
>=3B >=3B>=3B >=3B ipfw/dummynet firewall seems to be running = stable with no
>=3B >=3B>=3B >=3B crashes/lockups so
>=3B &= gt=3B>=3B >=3B far...
>=3B >=3B>=3B >=3B
>=3B >=3B>= =3B >=3B
>=3B >=3B>=3B >=3B It is very easy for me to replicat= e the in nat kernel problem=2C i just
>=3B >=3B>=3B >=3B cant>=3B >=3B>=3B >=3B get a dump to provide you the additional info.<= BR>
Look 'em in the eye: FREE Messenger video chat <= a href=3D'http://go.microsoft.com/?linkid=3D9734382' target=3D'_new'>Chat N= ow! = --_71145bc2-6c1a-4340-8c7b-20122d8b8d35_-- From owner-freebsd-ipfw@FreeBSD.ORG Thu Jul 1 18:00:18 2010 Return-Path: Delivered-To: freebsd-ipfw@hub.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 3BA9E106564A for ; Thu, 1 Jul 2010 18:00:18 +0000 (UTC) (envelope-from gnats@FreeBSD.org) Received: from freefall.freebsd.org (freefall.freebsd.org [IPv6:2001:4f8:fff6::28]) by mx1.freebsd.org (Postfix) with ESMTP id 257BF8FC12 for ; Thu, 1 Jul 2010 18:00:18 +0000 (UTC) Received: from freefall.freebsd.org (localhost [127.0.0.1]) by freefall.freebsd.org (8.14.4/8.14.4) with ESMTP id o61I0I8R063220 for ; Thu, 1 Jul 2010 18:00:18 GMT (envelope-from gnats@freefall.freebsd.org) Received: (from gnats@localhost) by freefall.freebsd.org (8.14.4/8.14.4/Submit) id o61I0Hur063219; Thu, 1 Jul 2010 18:00:18 GMT (envelope-from gnats) Date: Thu, 1 Jul 2010 18:00:18 GMT Message-Id: <201007011800.o61I0Hur063219@freefall.freebsd.org> To: freebsd-ipfw@FreeBSD.org From: Garrett Cooper Cc: Subject: Re: amd64/148157: IPFW in kernel nat BUG found in FreeBSD 8.1-PRERELEASE X-BeenThere: freebsd-ipfw@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list Reply-To: Garrett Cooper List-Id: IPFW Technical Discussions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 01 Jul 2010 18:00:18 -0000 The following reply was made to PR kern/148157; it has been noted by GNATS. From: Garrett Cooper To: Shant Kassardjian Cc: bug-followup@freebsd.org Subject: Re: amd64/148157: IPFW in kernel nat BUG found in FreeBSD 8.1-PRERELEASE Date: Thu, 1 Jul 2010 10:58:11 -0700 On Wed, Jun 30, 2010 at 10:00 PM, Shant Kassardjian wrote: > Hi Garette, > > > I've tried everything, even added a swap file and used the command you > provided and still no dump file... > > > > I hope you can replicate this problem on your own with an intel em0 driver > loaded, I can provide you all the information you need in case your require. > > > let me know if you need anything else. The weekend's coming, and this is a potential pressing issue coming up for business use, so I'll replicate my install on another machine and try and replicate it on my own with the bce(4) driver. Thanks for the try :), -Garrett