Date: Mon, 21 Feb 2011 16:07:49 +0300 From: Andrey Smagin <samspeed@mail.ru> To: Pawel Tyll <ptyll@nitronet.pl> Cc: Brandon Gooch <jamesbrandongooch@gmail.com>, freebsd-ipfw@freebsd.org, Luigi Rizzo <rizzo@iet.unipi.it>, Jack Vogel <jfvogel@gmail.com>, freebsd-net@freebsd.org Subject: Re[2]: problem analysys (Re: [Panic] Dummynet/IPFW related recurring crash.) Message-ID: <E1PrVUT-0006Fh-00.samspeed-mail-ru@f119.mail.ru> In-Reply-To: <1167743969.20110221001312@nitronet.pl> References: <20110220231825.GA10566@onelab2.iet.unipi.it> <410175608.20110220013900@nitronet.pl> <1167743969.20110221001312@nitronet.pl>
next in thread | previous in thread | raw e-mail | index | archive | help
I think problem may be like there http://lists.freebsd.org/pipermail/freebsd-net/2010-April/025156.html what type of IFace for your FWD rules ? I have crash only for ng IF. over gif fwd work without problem. But it only for my case. Mon, 21 Feb 2011 00:13:12 +0100 письмо от Pawel Tyll <ptyll@nitronet.pl>: > > understood. I am just saying that for instance the vlan presence and > > changes is quite significant in this context. > > You say vlans are "pretty much static" but can you tell us who adds/remove > > them, assign addresses ? > It's not that much work and changes are simple and far between. I do > that personally. IP addresses don't change, however I sometimes > (rarely) destroy and recreate vlans. Panics don't happen immediately > after this operation, or while it happens, and there were times from > panic to panic that I didn't touch a thing. > > > Also the ruleset must have something more than those two rules. > > From the stack trace, the panic seems to occur in a call to the > > "antispoof" option which presumably is somewhere in your ruleset. > > If not, then the stack is corrupt. > Full ruleset with IP addresses removed: > 00010 1691 128516 deny ip from any to any not antispoof in > 00020 87440010 6826835332 fwd [removed] ip from table(60) to table(61) > 00050 3246 156244 allow tcp from any to [removed] dst-port 53 // > DNS Rules 50-59 > 00051 2463493 260607132 allow udp from any to [removed] // DNS Rules > 50-59 > 00059 23891 1091822 deny ip from any to [removed] // DNS Rules > 50-59 > 00100 32 2176 allow ip from any to any via lo0 > 00100 929493 48342523 deny ip from any to table(10) dst-port > 131-139,445 > 00102 56574 2779124 fwd [removed] tcp from table(1) to not table(5) > dst-port 80 > 00103 0 0 fwd [removed] tcp from table(2) to not table(5) > dst-port 80 > 00104 427 17244 fwd [removed] tcp from table(3) to not table(5) > 00105 6 808 deny ip from table(3) to not table(5) > 00200 0 0 deny ip from any to 127.0.0.0/8 > 00300 0 0 deny ip from 127.0.0.0/8 to any > 00400 0 0 deny ip from any to ::1 > 00500 0 0 deny ip from ::1 to any > 00600 0 0 allow ipv6-icmp from :: to ff02::/16 > 00700 0 0 allow ipv6-icmp from fe80::/10 to fe80::/10 > 00800 0 0 allow ipv6-icmp from fe80::/10 to ff02::/16 > 00900 0 0 allow ipv6-icmp from any to any ip6 icmp6types > 1 > 01000 0 0 allow ipv6-icmp from any to any ip6 icmp6types > 2,135,136 > 30000 462392089 204487140826 pipe tablearg ip from table(100) to any in > 30001 535282183 461888428313 pipe tablearg ip from any to table(101) out > 34900 11650783 1216622001 skipto 35001 ip from table(10) to table(10) > 35000 597825867 244960831012 fwd [removed] ip from 192.168.0.0/16 to not > 192.168.0.0/16 > 65534 1595697378 1254723485778 allow ip from any to any > 65535 0 0 allow ip from any to any > > 12:07AM up 1 day, 21 mins, 1 user, load averages: 0.08, 0.06, 0.01 > > Should IP addresses be required, I'll gladly send "uncensored" ruleset > to you privately. > > > _______________________________________________ > freebsd-ipfw@freebsd.org mailing list > http://lists.freebsd.org/mailman/listinfo/freebsd-ipfw > To unsubscribe, send any mail to "freebsd-ipfw-unsubscribe@freebsd.org"
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?E1PrVUT-0006Fh-00.samspeed-mail-ru>