Date: Tue, 22 May 2012 12:00:16 GMT From: Joerg Pulz <Joerg.Pulz@frm2.tum.de> To: freebsd-pf@FreeBSD.org Subject: Re: kern/168190: [pf] panic when using pf and route-to (maybe: bad fragment handling?) Message-ID: <201205221200.q4MC0Gtg085514@freefall.freebsd.org>
next in thread | raw e-mail | index | archive | help
The following reply was made to PR kern/168190; it has been noted by GNATS. From: Joerg Pulz <Joerg.Pulz@frm2.tum.de> To: Daniel Hartmeier <daniel@benzedrine.cx> Cc: FreeBSD-gnats-submit@freebsd.org, freebsd-pf@freebsd.org Subject: Re: kern/168190: [pf] panic when using pf and route-to (maybe: bad fragment handling?) Date: Tue, 22 May 2012 13:51:51 +0200 (CEST) -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 On Tue, 22 May 2012, Daniel Hartmeier wrote: > This (or something similar) was reported before: > > help w/panic under heavy load - 5.4 > http://www.mail-archive.com/freebsd-hackers@freebsd.org/msg52452.html > > panic on ip_input, ip_len byte ordering problem? > http://lists.freebsd.org/pipermail/freebsd-net/2009-July/022473.html > > But no resolutions were posted. Maybe Max remembers? > > Are you using other pfil hooks (ipfw, ipfilter, etc.)? > > IP fast forwarding? divert? netgraph? dup-to? > > What network interfaces are used (enc, gre, gif, fxp0)? > > What checksumming support (ifconfig if)? Daniel, mails to your personal eMail address are bouncing. relay=insomnia.benzedrine.cx. [62.65.145.30], dsn=4.0.0, stat=Deferred: insomnia.benzedrine.cx.: No route to host I've found another report and a patch which i already tried without success, so i reverted back to stock 9.0-p1. http://lists.freebsd.org/pipermail/freebsd-pf/2005-March/000922.html I've the following relevant options in the kernel configuration: options IPFIREWALL options IPFIREWALL_VERBOSE options IPFIREWALL_VERBOSE_LIMIT=100 options IPFIREWALL_DEFAULT_TO_ACCEPT options IPDIVERT options IPFILTER options IPFILTER_LOG options IPSTEALTH options ALTQ options ALTQ_CBQ # Class Bases Queueing options ALTQ_RED # Random Early Drop options ALTQ_RIO # RED In/Out options ALTQ_HFSC # Hierarchical Packet Scheduler options ALTQ_CDNR # Traffic conditioner options ALTQ_PRIQ # Priority Queueing options ALTQ_NOPCC # Required for SMP build options IPSEC options IPSEC_NAT_T device crypto device cryptodev device hifn device enc device pf # PF OpenBSD packet-filter firewall device pflog # logging support interface for PF device pfsync # synchronization interface for PF device carp # common address redundancy protocol Only pf(4) is configured and used. net.inet.ip.forwarding: 1 net.inet.ip.fastforwarding: 0 net.inet6.ip6.forwarding: 0 No netgraph, divert or dup-to. Interface list: bge0: flags=8843<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST> metric 0 mtu 1500 options=8009b<RXCSUM,TXCSUM,VLAN_MTU,VLAN_HWTAGGING,VLAN_HWCSUM,LINKSTATE> bge1: flags=8843<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST> metric 0 mtu 1500 options=8009b<RXCSUM,TXCSUM,VLAN_MTU,VLAN_HWTAGGING,VLAN_HWCSUM,LINKSTATE> pflog0: flags=0<> metric 0 mtu 33152 pfsync0: flags=0<> metric 0 mtu 1500 ipfw0: flags=8801<UP,SIMPLEX,MULTICAST> metric 0 mtu 65536 lo0: flags=8049<UP,LOOPBACK,RUNNING,MULTICAST> metric 0 mtu 16384 options=3<RXCSUM,TXCSUM> enc0: flags=0<> metric 0 mtu 1536 Only bge0 and bge1 are configured and used. bge0 ist $ext_if and bge1 is $int_if. Kind regards Joerg - -- The beginning is the most important part of the work. -Plato -----BEGIN PGP SIGNATURE----- Version: GnuPG v2.0.18 (FreeBSD) iD8DBQFPu33aSPOsGF+KA+MRAjkLAJ0Z6K0Smp5M2p9r/VcSAUy1nqnkAACgqMq7 oHMudSKOjU3nQIGaq3M0fAo= =SuIg -----END PGP SIGNATURE-----
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?201205221200.q4MC0Gtg085514>