Date: Wed, 03 Feb 2016 18:47:28 -0600 From: Matthew Grooms <mgrooms@shrew.net> To: freebsd-stable@freebsd.org, freebsd-net@freebsd.org Subject: Re: 10.2-RELEASE-p12 pf+GRE crashing Message-ID: <56B29FA0.4080000@shrew.net> In-Reply-To: <56B285B0.8010306@shrew.net> References: <56B285B0.8010306@shrew.net>
next in thread | previous in thread | raw e-mail | index | archive | help
On 2/3/2016 4:56 PM, Matthew Grooms wrote: > All, > > I recently upgraded a pair of 10.0-RELEASE firewalls in the hope that > I could avoid the local patching required to keep it up and running. > Unfortunately, it crashes whenever I reload my pf firewall rule set. > If I remove the GRE tunnel configurations from rc.conf, it happily > reloads the rule set all day long. The kernel config is mostly GENERIC > with the following additions ... > > # Packet Filter > device pf # PF OpenBSD packet-filter firewall > device pflog # Logging support interface for PF > device pfsync # Synchronization interface for PF > device carp # Common Address Redundancy Protocol > > # IPsec > device crypto > device enc > options IPSEC > > The crash is easy to reproduce as pfctl -f /etc/pf.conf does it every > time. I should also mention that I tried with and without the > following additional commits applied, but get the same result ... > > https://svnweb.freebsd.org/base?view=revision&revision=272695 > https://svnweb.freebsd.org/base?view=revision&revision=288529 > > I'm also a bit confused as to why these patches haven't made it into > 10 STABLE yet. The former doesn't mention an MFC and the latter has an > MFC of 1 week, but was never done. In any case, here is the output > from kgdb ... This turned out to be another issue that was patched in head but not back ported to stable. I can't explain why it didn't get tripped when GRE tunnels were disabled. With the patch applied, I can reload my rule sets again without crashing ... https://svnweb.freebsd.org/base?view=revision&revision=264689 (kgdb) bt #0 doadump (textdump=<value optimized out>) at pcpu.h:219 #1 0xffffffff807c81f2 in kern_reboot (howto=260) at ../../../kern/kern_shutdown.c:451 #2 0xffffffff807c85d5 in vpanic (fmt=<value optimized out>, ap=<value optimized out>) at ../../../kern/kern_shutdown.c:758 #3 0xffffffff807c8463 in panic (fmt=0x0) at ../../../kern/kern_shutdown.c:687 #4 0xffffffff80bdc10b in trap_fatal (frame=<value optimized out>, eva=<value optimized out>) at ../../../amd64/amd64/trap.c:851 #5 0xffffffff80bdc40d in trap_pfault (frame=0xfffffe0000233a80, usermode=<value optimized out>) at ../../../amd64/amd64/trap.c:674 #6 0xffffffff80bdbaaa in trap (frame=0xfffffe0000233a80) at ../../../amd64/amd64/trap.c:440 #7 0xffffffff80bc1fa2 in calltrap () at ../../../amd64/amd64/exception.S:236 #8 0xffffffff809c07f4 in pfr_detach_table (kt=0x0) at ../../../netpfil/pf/pf_table.c:2047 #9 0xffffffff809a91f4 in pf_empty_pool (poola=0xffffffff813c3d68) at ../../../netpfil/pf/pf_ioctl.c:354 #10 0xffffffff809ab3e5 in pfioctl (dev=<value optimized out>, cmd=<value optimized out>, addr=0xfffff8005eaf6800 "", flags=<value optimized out>, td=<value optimized out>) at ../../../netpfil/pf/pf_ioctl.c:2189 #11 0xffffffff806b5659 in devfs_ioctl_f (fp=0xfffff8000a2927d0, com=3295691827, data=0xfffff8005eaf6800, cred=<value optimized out>, td=0xfffff8000a25f000) at ../../../fs/devfs/devfs_vnops.c:785 #12 0xffffffff8081b805 in kern_ioctl (td=0xfffff8000a25f000, fd=<value optimized out>, com=2) at file.h:320 #13 0xffffffff8081b500 in sys_ioctl (td=0xfffff8000a25f000, uap=0xfffffe0000234b40) at ../../../kern/sys_generic.c:718 #14 0xffffffff80bdca27 in amd64_syscall (td=0xfffff8000a25f000, traced=0) at subr_syscall.c:134 #15 0xffffffff80bc228b in Xfast_syscall () at ../../../amd64/amd64/exception.S:396 #16 0x0000000800dd9fda in ?? () Previous frame inner to this frame (corrupt stack?) Current language: auto; currently minimal -Matthew
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?56B29FA0.4080000>