From owner-freebsd-pf@FreeBSD.ORG Wed May 23 13:33:44 2012 Return-Path: Delivered-To: freebsd-pf@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id B29EE106566C for ; Wed, 23 May 2012 13:33:44 +0000 (UTC) (envelope-from ermal.luci@gmail.com) Received: from mail-gh0-f182.google.com (mail-gh0-f182.google.com [209.85.160.182]) by mx1.freebsd.org (Postfix) with ESMTP id 6652C8FC08 for ; Wed, 23 May 2012 13:33:44 +0000 (UTC) Received: by ghbz22 with SMTP id z22so1561725ghb.13 for ; Wed, 23 May 2012 06:33:38 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=mime-version:sender:in-reply-to:references:date :x-google-sender-auth:message-id:subject:from:to:cc:content-type :content-transfer-encoding; bh=Ru7S0JSVPcDkKhrsH6IfOD1zgqlGd69jLWvuU9ak0FQ=; b=UQEEvrxO63HI35NCyU3S+jem8jmO5VVN/oirWlrmiiGDgqT1U6ZIv15zRmC8ci72/t BGotlPylrEyveHePjTi6ALzS4zh7YkKZ9otYKX0Rs3BMTU3Mdg6ZuDp+PH4sdN4KT/Uz jRk0VkF5tddlxZoRLYCtfMe2a+jIbLIySMaOQE9iW2n9rC4fdbZ5gKlHrZ1c901tOoQL PB9t0BZROGnOwsf0gDLJHdagD5JfisqDkcuXlJLRLMpnzEbHgBFiW4rDPxRlradn6Cjx kuNTWp0qW3T/SWmKXCqlX0KJq8LCVweiZHKXwHw86Fi2EsTtl7eu3lzEbscRJgQttos8 Y77Q== MIME-Version: 1.0 Received: by 10.42.77.9 with SMTP id g9mr1172411ick.4.1337780018165; Wed, 23 May 2012 06:33:38 -0700 (PDT) Sender: ermal.luci@gmail.com Received: by 10.231.35.202 with HTTP; Wed, 23 May 2012 06:33:37 -0700 (PDT) In-Reply-To: References: <201205221200.q4MC0Gtg085514@freefall.freebsd.org> <20120522150603.GF29536@insomnia.benzedrine.cx> Date: Wed, 23 May 2012 15:33:37 +0200 X-Google-Sender-Auth: VvmrMAjA29e_OY15Fdgc6eqq23M Message-ID: From: =?ISO-8859-1?Q?Ermal_Lu=E7i?= To: Joerg Pulz Content-Type: text/plain; charset=ISO-8859-1 Content-Transfer-Encoding: quoted-printable Cc: freebsd-pf@freebsd.org Subject: Re: kern/168190: [pf] panic when using pf and route-to (maybe: bad fragment handling?) X-BeenThere: freebsd-pf@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: "Technical discussion and general questions about packet filter \(pf\)" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 23 May 2012 13:33:44 -0000 On Wed, May 23, 2012 at 9:05 AM, Joerg Pulz wrote: > -----BEGIN PGP SIGNED MESSAGE----- > Hash: SHA1 > > > On Tue, 22 May 2012, Ermal Lu=E7i wrote: > >> iirc this is from fastforwarding being enabled. >> Just from memory though, cause i remember seeing this panic as well. >> >> Again, from memory this is fastforwarding related, try disabling it. >> If it was pf(4) surely in pfSense would have been seen more frequently >> and in pfSense fastforwarding is not used but normal path.... > > > Ermal, > > thanks for your reply to this. > As i already stated in a previous mail, fastforwarding is not and was nev= er > used on this system. > Heh i might have misread. Can you try with this patch https://github.com/bsdperimeter/pfsense-tools/blob/master/patches/RELENG_8_= 3/pf_route-to_fragemnts.RELENG_8.diff >From the commit message seems this is realted with your issue: commit 164f4705fe4474d264d5d561ac3e3d60a512d2f7 Author: Ermal Date: Sun Mar 21 19:01:34 2010 +0000 Add patch that fixes sending of fragmented packets with policy-routing. > > =A0net.inet.ip.forwarding: 1 > =A0net.inet.ip.fastforwarding: 0 > =A0net.inet6.ip6.forwarding: 0 > > Kind regards > Joerg > > - -- The beginning is the most important part of the work. > =A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0-Plato > -----BEGIN PGP SIGNATURE----- > Version: GnuPG v2.0.18 (FreeBSD) > > iD8DBQFPvIxISPOsGF+KA+MRAmIUAJ4gth6QsTMXmHRCnKhsm4XQ2S0ibQCeOB8h > W3C84aefIPrpu9O69pIrmEM=3D > =3D/wga > -----END PGP SIGNATURE----- --=20 Ermal