From owner-freebsd-ipfw@FreeBSD.ORG Mon Jan 12 22:48:53 2004 Return-Path: Delivered-To: freebsd-ipfw@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id EA00416A4CE for ; Mon, 12 Jan 2004 22:48:52 -0800 (PST) Received: from router7206.usww.net (router7206.usww.net [216.104.145.5]) by mx1.FreeBSD.org (Postfix) with ESMTP id 8E9FE43D39 for ; Mon, 12 Jan 2004 22:47:37 -0800 (PST) (envelope-from freebsd@usww.com) Received: from usww.com (local41.usww.net [10.0.1.41]) by sub250.usww.net (8.12.8/8.11.6) with ESMTP id i0D6FoNK006284 for ; Tue, 13 Jan 2004 01:15:52 -0500 (EST) (envelope-from freebsd@usww.com) X-HELO: |usww.com| XH-ClientName: |local41.usww.net| XH-ClientAddr: |10.0.1.41| XH-To: || XH-From: |freebsd@usww.com| XH-infoX: |HELO:usww.com|ClientName:local41.usww.net|ClientAddr:10.0.1.41|Email:|From:freebsd@usww.com| XH-info1: (HopCnt:0)(Cur-Ctime-Date:Tue Jan 13 01:15:52 2004)(Unk:) XH-info2: (from:freebsd@usww.com)(Ret:freebsd@usww.com)(DestHost:freebsd.org.)(QueueID:i0D6FoNK006284) XH-info3: (Loc:sub250.usww.net)(Loc:sub250.usww.net)(Unk:)(FQDN:usww.net)(MAILDA:MAILER-DAEMON)(Unk:) XH-info4: (PID:6284)(Unk:)(Proto:ESMTP)(SendHost:usww.com)(Date:200401130615) XH-info5: (To:)(Ver:8.12.8)(Host:sub250)(FNamesender:)(Unk::) XH-info7: (CD:)(SndrAddr:local41.usww.net [10.0.1.41])(CD:)(CD:)(CD:) XH-info8: (Bodyty:)(ClientAddr:10.0.1.41)(ClientName:local41.usww.net)(ClientPort:16138) XH-info9: (Envid:)(DelivMode:q)(SendFlag:d) Message-ID: <400390EE.385042D2@usww.com> Date: Tue, 13 Jan 2004 01:32:14 -0500 From: freebsd@usww.com Organization: USWW (United States Wide Web) X-Mailer: Mozilla 4.79 [en] (Win98; U) X-Accept-Language: en MIME-Version: 1.0 To: freebsd-ipfw@freebsd.org X-Priority: 2 (High) References: <200401121901.i0CJ1Wfd025289@freefall.freebsd.org> Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit Subject: 4.9 Release ipfw2 - OUCH using limit - reboots X-BeenThere: freebsd-ipfw@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: IPFW Technical Discussions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 13 Jan 2004 06:48:53 -0000 Has anyone seen a problem using 4.9 release with IPFW2 using limit causing crashes/reboots and 'OUCH! cannot remove rule, count 65535' in the logfile? Or, does anyone see a problem with my logic. Any help would be appreciated, Ben sysctl config settings: sysctl net.link.ether.bridge_cfg=xl0:0,xl1:0 sysctl net.link.ether.bridge_ipfw=1 sysctl net.link.ether.bridge=1 ---INTERNAL COMPUTERS---xl1--Gateway--xl0---WWW--- # xl0 goes to the WWW from the gateway # xl0: flags=8943 mtu 1500 # inet XX.XX.XX.XX netmask 0xffffff00 broadcast XX.XX.XX.255 # ether 00:60:97:XX:XX:XX # media: Ethernet autoselect (10baseT/UTP) status: active # xl1 goes to internal computers from the gateway # xl1: flags=8943 mtu 1500 # ether 00:a0:24:XX:XX:XX # media: Ethernet autoselect (100baseTX ) status: active The following 3 type lines have been working fine for some time. I have 9 pipes for 9 machines. The first two simple counts the packets/bytes to and from the ethernet card The third manages outgoing bandwidth from one of the several ip's. Dest Source ipfw -q add 100 count mac YY:YY:YY:YY:YY:YY XX:XX:XX:XX:XX:XX ipfw -q add 100 count mac XX:XX:XX:XX:XX:XX YY:YY:YY:YY:YY:YY ipfw -q add 155 pipe 3 tcp from 216.XX.XX.6 20,21,25,80,110 to any;ipfw pipe 3 config bw 512Kbit/s sample use of limit seeming to cause the problem: ipfw -q add 00182 allow log logamount 1000 tcp from any to 216.XX.XX.6 setup limit src-addr 3 in via xl1 Adding the above limit works fine until a large amount of traffic occurs then the gateway reboots If you try to ipfw delete 182 the following is put in /var/log/messages Jan 9 18:48:20 router7206 /kernel: Mounting root from ufs:/dev/ad0s1a Jan 9 18:48:20 router7206 /kernel: WARNING: / was not properly dismounted Jan 9 18:48:24 router7206 /kernel: xl0: promiscuous mode enabled Jan 9 18:48:24 router7206 /kernel: xl1: promiscuous mode enabled Jan 9 18:48:45 router7206 su: ben to root on /dev/ttyp0 ## The following error was put in the log when 'ipfw delete 182' was executed. Jan 9 18:48:46 router7206 /kernel: OUCH! cannot remove rule, count 65535 Jan 9 18:48:46 router7206 last message repeated 2 times Jan 9 18:48:49 router7206 /kernel: bad block -65536, ino 84588 Jan 9 18:48:49 router7206 /kernel: pid 6 (syncer), uid 0 on /var: bad block Jan 9 18:48:49 router7206 /kernel: handle_workitem_freeblocks: block count Jan 9 18:50:58 router7206 /kernel: Mounting root from ufs:/dev/ad0s1a Jan 9 18:50:58 router7206 /kernel: WARNING: / was not properly dismounted Jan 9 18:51:03 router7206 /kernel: xl0: promiscuous mode enabled Jan 9 18:51:03 router7206 /kernel: xl1: promiscuous mode enabled Jan 9 18:51:27 router7206 /kernel: bad block -65536, ino 21135 Jan 9 18:51:27 router7206 /kernel: pid 6 (syncer), uid 0 on /var: bad block Jan 9 18:51:27 router7206 /kernel: handle_workitem_freeblocks: block count Jan 9 18:51:27 router7206 /kernel: bad block -65536, ino 21131 Jan 9 18:51:27 router7206 /kernel: pid 6 (syncer), uid 0 on /var: bad block Jan 9 18:51:48 router7206 su: ben to root on /dev/ttyp0 ## The following error was put in the log when 'ipfw delete 182' was executed. Jan 9 18:52:54 router7206 /kernel: OUCH! cannot remove rule, count 65535