Date: Tue, 13 Jan 2004 01:32:14 -0500 From: freebsd@usww.com To: freebsd-ipfw@freebsd.org Subject: 4.9 Release ipfw2 - OUCH using limit - reboots Message-ID: <400390EE.385042D2@usww.com> References: <200401121901.i0CJ1Wfd025289@freefall.freebsd.org>
next in thread | previous in thread | raw e-mail | index | archive | help
Has anyone seen a problem using 4.9 release with IPFW2 using limit
causing crashes/reboots and 'OUCH! cannot remove rule, count 65535'
in the logfile? Or, does anyone see a problem with my logic.
Any help would be appreciated,
Ben
sysctl config settings:
sysctl net.link.ether.bridge_cfg=xl0:0,xl1:0
sysctl net.link.ether.bridge_ipfw=1
sysctl net.link.ether.bridge=1
---INTERNAL COMPUTERS---xl1--Gateway--xl0---WWW---
# xl0 goes to the WWW from the gateway
# xl0: flags=8943<UP,BROADCAST,RUNNING,PROMISC,SIMPLEX,MULTICAST> mtu 1500
# inet XX.XX.XX.XX netmask 0xffffff00 broadcast XX.XX.XX.255
# ether 00:60:97:XX:XX:XX
# media: Ethernet autoselect (10baseT/UTP) status: active
# xl1 goes to internal computers from the gateway
# xl1: flags=8943<UP,BROADCAST,RUNNING,PROMISC,SIMPLEX,MULTICAST> mtu 1500
# ether 00:a0:24:XX:XX:XX
# media: Ethernet autoselect (100baseTX <full-duplex>) status: active
The following 3 type lines have been working fine for some time. I have 9 pipes
for 9 machines.
The first two simple counts the packets/bytes to and from the ethernet card
The third manages outgoing bandwidth from one of the several ip's.
Dest Source
ipfw -q add 100 count mac YY:YY:YY:YY:YY:YY XX:XX:XX:XX:XX:XX
ipfw -q add 100 count mac XX:XX:XX:XX:XX:XX YY:YY:YY:YY:YY:YY
ipfw -q add 155 pipe 3 tcp from 216.XX.XX.6 20,21,25,80,110 to any;ipfw pipe 3 config bw 512Kbit/s
sample use of limit seeming to cause the problem:
ipfw -q add 00182 allow log logamount 1000 tcp from any to 216.XX.XX.6 setup limit src-addr 3 in via xl1
Adding the above limit works fine until a large amount of traffic occurs
then the gateway reboots
If you try to ipfw delete 182 the following is put in /var/log/messages
Jan 9 18:48:20 router7206 /kernel: Mounting root from ufs:/dev/ad0s1a
Jan 9 18:48:20 router7206 /kernel: WARNING: / was not properly dismounted
Jan 9 18:48:24 router7206 /kernel: xl0: promiscuous mode enabled
Jan 9 18:48:24 router7206 /kernel: xl1: promiscuous mode enabled
Jan 9 18:48:45 router7206 su: ben to root on /dev/ttyp0
## The following error was put in the log when 'ipfw delete 182' was executed.
Jan 9 18:48:46 router7206 /kernel: OUCH! cannot remove rule, count 65535
Jan 9 18:48:46 router7206 last message repeated 2 times
Jan 9 18:48:49 router7206 /kernel: bad block -65536, ino 84588
Jan 9 18:48:49 router7206 /kernel: pid 6 (syncer), uid 0 on /var: bad block
Jan 9 18:48:49 router7206 /kernel: handle_workitem_freeblocks: block count
Jan 9 18:50:58 router7206 /kernel: Mounting root from ufs:/dev/ad0s1a
Jan 9 18:50:58 router7206 /kernel: WARNING: / was not properly dismounted
Jan 9 18:51:03 router7206 /kernel: xl0: promiscuous mode enabled
Jan 9 18:51:03 router7206 /kernel: xl1: promiscuous mode enabled
Jan 9 18:51:27 router7206 /kernel: bad block -65536, ino 21135
Jan 9 18:51:27 router7206 /kernel: pid 6 (syncer), uid 0 on /var: bad block
Jan 9 18:51:27 router7206 /kernel: handle_workitem_freeblocks: block count
Jan 9 18:51:27 router7206 /kernel: bad block -65536, ino 21131
Jan 9 18:51:27 router7206 /kernel: pid 6 (syncer), uid 0 on /var: bad block
Jan 9 18:51:48 router7206 su: ben to root on /dev/ttyp0
## The following error was put in the log when 'ipfw delete 182' was executed.
Jan 9 18:52:54 router7206 /kernel: OUCH! cannot remove rule, count 65535
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?400390EE.385042D2>