From owner-freebsd-net@FreeBSD.ORG Fri Jun 5 13:58:07 2009 Return-Path: Delivered-To: freebsd-net@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id E336310656BF for ; Fri, 5 Jun 2009 13:58:07 +0000 (UTC) (envelope-from to.my.trociny@gmail.com) Received: from fg-out-1718.google.com (fg-out-1718.google.com [72.14.220.153]) by mx1.freebsd.org (Postfix) with ESMTP id 688A38FC13 for ; Fri, 5 Jun 2009 13:58:07 +0000 (UTC) (envelope-from to.my.trociny@gmail.com) Received: by fg-out-1718.google.com with SMTP id e12so218758fga.12 for ; Fri, 05 Jun 2009 06:58:06 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=gamma; h=domainkey-signature:received:received:to:cc:subject:references :organization:from:date:in-reply-to:message-id:user-agent :mime-version:content-type; bh=FVvwnTGu/YmAb+mjp28Fx306v5nmX/EOfSQUsw9zISo=; b=WX32XSy5K40Fff2CNv5YrljVlKVDyAYnS45eM/a/wYIDPUd7ocAhcD2AXYt4OCUIR9 ZZNrXExHS8CaBUmGN4luPcKqIJavAQTrjhBH6ba8+EZ7673E1OcyULCv9OGnqfnXInKL lDSXP+sV0IkdrZ4XU0F2NTfNYD9KkoIuGe6kY= DomainKey-Signature: a=rsa-sha1; c=nofws; d=gmail.com; s=gamma; h=to:cc:subject:references:organization:from:date:in-reply-to :message-id:user-agent:mime-version:content-type; b=TmgVCt1TBdh4yAdwdoiGiwL5I1bacl1hGqcKiKwPldSBTjVBJ939vPA+wUhC73f7ls vrBM0kgY+8NriE3hRGEaVa+2JzhHp8XXaN9laxJgQWayDL+8jJLaQeES3n/2hjb4b5P6 bfdEMR6SdSN/mSToE3Z/E3DCRmEdqDmjopoWY= Received: by 10.86.57.9 with SMTP id f9mr3868482fga.57.1244210286396; Fri, 05 Jun 2009 06:58:06 -0700 (PDT) Received: from localhost (ms.singlescrowd.net [80.85.90.67]) by mx.google.com with ESMTPS id 3sm1995404fge.4.2009.06.05.06.57.53 (version=TLSv1/SSLv3 cipher=RC4-MD5); Fri, 05 Jun 2009 06:57:54 -0700 (PDT) To: Oleg Bulyzhin References: <864ov9htgq.fsf@kopusha.onet> <81bpp8l6de.fsf@zhuzha.ua1> <20090603170311.GA18104@lath.rinet.ru> <20090604204720.GA49677@lath.rinet.ru> Organization: TOA Ukraine From: Mikolaj Golub Date: Fri, 05 Jun 2009 16:57:52 +0300 In-Reply-To: <20090604204720.GA49677@lath.rinet.ru> (Oleg Bulyzhin's message of "Fri\, 5 Jun 2009 00\:47\:20 +0400") Message-ID: <81hbyuvl3z.fsf@zhuzha.ua1> User-Agent: Gnus/5.11 (Gnus v5.11) Emacs/22.3 (berkeley-unix) MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Cc: freebsd-net@FreeBSD.org Subject: Re: panic with ng_ipfw+ng_car and net.inet.ip.fw.one_pass=0 X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 05 Jun 2009 13:58:09 -0000 On Fri, 5 Jun 2009 00:47:20 +0400 Oleg Bulyzhin wrote: > On Wed, Jun 03, 2009 at 09:03:11PM +0400, Oleg Bulyzhin wrote: >> On Mon, Jun 01, 2009 at 11:12:45AM +0300, Mikolaj Golub wrote: >> >> > It looks the problem has not drawn much attention :-). >> >> I was on vacation so did not reply in time. >> Dummynet like solution is not enough, dummynet is affected by this problem >> too. >> I'll send patch to you for testing tomorrow. > > Please test attached patch and let me know results. > Patch made for -current and it changes ABI, so rebuilding ipfw with new > headers required. It works for me. With the patch I has not managed to crash the system using my test. Some notes: - only ng_ipfw/ng_car subsystem has been tested (not dummynet). - my -current box is under qemu (I don't have real server running -current to test this). If you are interesting in some testing of dummynet before commiting this to current, let me know. I could try some tests but only the next week. If you are going to commit this to -current could you please fix ng_ipfw(4) man page too? Index: share/man/man4/ng_ipfw.4 =================================================================== --- share/man/man4/ng_ipfw.4 (revision 193478) +++ share/man/man4/ng_ipfw.4 (working copy) @@ -84,11 +84,12 @@ struct ng_ipfw_tag { struct m_tag mt; /* tag header */ struct ip_fw *rule; /* matching rule */ + uint32_t rule_id; /* matching rule id */ + uint32_t chain_id; /* ruleset id */ struct ifnet *ifp; /* interface, for ip_output */ int dir; /* packet direction */ #define NG_IPFW_OUT 0 #define NG_IPFW_IN 1 - int flags; /* flags, for ip_output() */ }; .Ed .Pp -- Mikolaj Golub