From owner-freebsd-net@FreeBSD.ORG Mon Feb 21 13:25:15 2011 Return-Path: Delivered-To: freebsd-net@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id B97DC106566B; Mon, 21 Feb 2011 13:25:15 +0000 (UTC) (envelope-from samspeed@mail.ru) Received: from fallback3.mail.ru (fallback3.mail.ru [94.100.176.58]) by mx1.freebsd.org (Postfix) with ESMTP id 2F7238FC16; Mon, 21 Feb 2011 13:25:14 +0000 (UTC) Received: from f119.mail.ru (f119.mail.ru [217.69.129.112]) by fallback3.mail.ru (mPOP.Fallback_MX) with ESMTP id 61E495A7721A; Mon, 21 Feb 2011 16:08:30 +0300 (MSK) DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=mail.ru; s=mail; h=Message-Id:Content-Transfer-Encoding:Content-Type:Reply-To:In-Reply-To:References:Date:Mime-Version:Subject:Cc:To:From; bh=OgcrlTn/vkFWFLekYw2Jl3iX+dWFbR4YhhzGOVgrVmE=; b=GxN7l1sxZRnHjk+9/Rldz4dfrAums1h97J2659gooKLciKraDPPlXHxZds39kN5VSLs/jCnPdTzlfTDLeyEFlKjebm2cBKVcujrmr7LkwhSBLN/tfYNZDTWdIiOrT9mw; Received: from mail by f119.mail.ru with local id 1PrVUT-0006Fh-00; Mon, 21 Feb 2011 16:07:49 +0300 Received: from [77.45.152.48] by e.mail.ru with HTTP; Mon, 21 Feb 2011 16:07:49 +0300 From: Andrey Smagin To: Pawel Tyll Mime-Version: 1.0 X-Mailer: mPOP Web-Mail 2.19 X-Originating-IP: [77.45.152.48] Date: Mon, 21 Feb 2011 16:07:49 +0300 References: <20110220231825.GA10566@onelab2.iet.unipi.it> <410175608.20110220013900@nitronet.pl> <1167743969.20110221001312@nitronet.pl> In-Reply-To: <1167743969.20110221001312@nitronet.pl> Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: 8bit Message-Id: X-Spam: Not detected X-Mras: Ok Cc: Brandon Gooch , freebsd-ipfw@freebsd.org, Luigi Rizzo , Jack Vogel , freebsd-net@freebsd.org Subject: Re[2]: problem analysys (Re: [Panic] Dummynet/IPFW related recurring crash.) X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list Reply-To: Andrey Smagin List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 21 Feb 2011 13:25:15 -0000 I think problem may be like there http://lists.freebsd.org/pipermail/freebsd-net/2010-April/025156.html what type of IFace for your FWD rules ? I have crash only for ng IF. over gif fwd work without problem. But it only for my case. Mon, 21 Feb 2011 00:13:12 +0100 письмо от Pawel Tyll : > > understood. I am just saying that for instance the vlan presence and > > changes is quite significant in this context. > > You say vlans are "pretty much static" but can you tell us who adds/remove > > them, assign addresses ? > It's not that much work and changes are simple and far between. I do > that personally. IP addresses don't change, however I sometimes > (rarely) destroy and recreate vlans. Panics don't happen immediately > after this operation, or while it happens, and there were times from > panic to panic that I didn't touch a thing. > > > Also the ruleset must have something more than those two rules. > > From the stack trace, the panic seems to occur in a call to the > > "antispoof" option which presumably is somewhere in your ruleset. > > If not, then the stack is corrupt. > Full ruleset with IP addresses removed: > 00010 1691 128516 deny ip from any to any not antispoof in > 00020 87440010 6826835332 fwd [removed] ip from table(60) to table(61) > 00050 3246 156244 allow tcp from any to [removed] dst-port 53 // > DNS Rules 50-59 > 00051 2463493 260607132 allow udp from any to [removed] // DNS Rules > 50-59 > 00059 23891 1091822 deny ip from any to [removed] // DNS Rules > 50-59 > 00100 32 2176 allow ip from any to any via lo0 > 00100 929493 48342523 deny ip from any to table(10) dst-port > 131-139,445 > 00102 56574 2779124 fwd [removed] tcp from table(1) to not table(5) > dst-port 80 > 00103 0 0 fwd [removed] tcp from table(2) to not table(5) > dst-port 80 > 00104 427 17244 fwd [removed] tcp from table(3) to not table(5) > 00105 6 808 deny ip from table(3) to not table(5) > 00200 0 0 deny ip from any to 127.0.0.0/8 > 00300 0 0 deny ip from 127.0.0.0/8 to any > 00400 0 0 deny ip from any to ::1 > 00500 0 0 deny ip from ::1 to any > 00600 0 0 allow ipv6-icmp from :: to ff02::/16 > 00700 0 0 allow ipv6-icmp from fe80::/10 to fe80::/10 > 00800 0 0 allow ipv6-icmp from fe80::/10 to ff02::/16 > 00900 0 0 allow ipv6-icmp from any to any ip6 icmp6types > 1 > 01000 0 0 allow ipv6-icmp from any to any ip6 icmp6types > 2,135,136 > 30000 462392089 204487140826 pipe tablearg ip from table(100) to any in > 30001 535282183 461888428313 pipe tablearg ip from any to table(101) out > 34900 11650783 1216622001 skipto 35001 ip from table(10) to table(10) > 35000 597825867 244960831012 fwd [removed] ip from 192.168.0.0/16 to not > 192.168.0.0/16 > 65534 1595697378 1254723485778 allow ip from any to any > 65535 0 0 allow ip from any to any > > 12:07AM up 1 day, 21 mins, 1 user, load averages: 0.08, 0.06, 0.01 > > Should IP addresses be required, I'll gladly send "uncensored" ruleset > to you privately. > > > _______________________________________________ > freebsd-ipfw@freebsd.org mailing list > http://lists.freebsd.org/mailman/listinfo/freebsd-ipfw > To unsubscribe, send any mail to "freebsd-ipfw-unsubscribe@freebsd.org"