Skip site navigation (1)Skip section navigation (2)
Date:      Thu, 12 Apr 2012 14:16:32 +0300
From:      Theodor-Iulian Ciobanu <thciobanu@nth.ro>
To:        freebsd-pf@freebsd.org
Subject:   Re: Panic in packet filter
Message-ID:  <20120412141632.00007c72@unknown>
In-Reply-To: <D25EB30E-9241-4B81-A312-E37861DA5017@apple-park.kiev.ua>
References:  <CAOxY2CotiKHHcw%2Bjv2pAi6CbZ7oM3V7ohMrwHY0XhrwTAaRz1w@mail.gmail.com> <CAPBZQG16nbu09Bj8rKYUQbuRvCFikvF28REcM41t2urVzn7c1w@mail.gmail.com> <CAOxY2Cph2rt-1wnoQRBdsr%2BmLCHyBaMAYW2o8Z08W%2B3Dz-_7iw@mail.gmail.com> <D25EB30E-9241-4B81-A312-E37861DA5017@apple-park.kiev.ua>

next in thread | previous in thread | raw e-mail | index | archive | help
Hello,

I came across this same issue yesterday on a system I have just set up.
I'm currently using the default kernel:

FreeBSD changeme 9.0-RELEASE FreeBSD 9.0-RELEASE #0: Tue Jan  3 07:46:30
UTC 2012 root@farrell.cse.buffalo.edu:/usr/obj/usr/src/sys/GENERIC
amd64

with pf obviously loaded as a module. Even with kern.smp.disabled=1 pf
will crash as soon as it matches a rule that contains tables with
counters (I added such a table with just three addresses).

I'll have this machine around for testing for about a week or so and am
willing to try out any available patches to help fix the issue.

On Fri Feb 24 14:47:53 2012
iskander at apple-park.kiev.ua (Alexander Vyrlanovich) wrote:

> 
> On 24 Feb 2012, at 11:10, Ali Mdidech wrote:
> 
> > Hi Ermal,
> >
> > 2012/2/24 Ermal Lu?i <eri@freebsd.org>:
> >> On Thu, Feb 23, 2012 at 8:44 AM, Ali Mdidech <ali@moua7.com> wrote:
> >>> Hi List,
> >>>
> >>> I've a box that panics multiple times randomly since a year
> >>> whatever the release is (8 or 9)
> >>> The crash dump shows that the problem is related to pf.
> >>> Is this some sort of identified bug?
> >>> Below some info and my pf.conf file.
> >>>
> >>> Thank you very much for your help.
> >>>
> >>
> >> Can you try do disable SMP through sysctl and see if you still
> >> get this?
> >> What are you doing to get the panic?
> >
> > Well, I'm able now to avoid or reproduce the panic.
> > Disabling counters in <ssh_brute> table makes the server stable
> > enough and no panic for 48 hours.
> > Restoring the counters and adding a host in the table by hand (pfctl
> > -t ssh_brute -T add someip) provokes the panic within few seconds.
> > I've disabled smp (adding kern.smp.disabled=1 in loader.conf and
> > rebooting) => kernel still panics.
> >
> > FreeBSD somehost 9.0-RELEASE FreeBSD 9.0-RELEASE #1: Sat Jan 21
> > 09:31:30 CET 2012     root@somehost:/usr/obj/usr/src/sys/DDX3KRNL
> > i386
> I can confirm that problem with counters in pf tables persist
> at last on i386 and amd64. My systems is:
> 
> FreeBSD gw 9.0-RELEASE FreeBSD 9.0-RELEASE #1: Tue Jan  3 15:55:41
> EET 2012
> root@gw:/usr/obj/usr/src/sys/GW3  amd64
> 
> FreeBSD gw2 9.0-RELEASE FreeBSD 9.0-RELEASE #0: Wed Jan 25 13:52:48  
> EET 2012
> root@gw2:/usr/obj/usr/src/sys/GWS90  i386
> 
> pf + altq compiled in kernel
> 
> Same result: kernel panic. Without counters systems is rock solid.
> 
> >> Also its very helpful to know the `uname -a` command output.
> >>
> >>> panic: page fault
> >>>
> >>> GNU gdb 6.1.1 [FreeBSD]
> >>> Copyright 2004 Free Software Foundation, Inc.
> >>> GDB is free software, covered by the GNU General Public License,  
> >>> and you are
> >>> welcome to change it and/or distribute copies of it under
> >>> certain conditions.
> >>> Type "show copying" to see the conditions.
> >>> There is absolutely no warranty for GDB.  Type "show warranty"
> >>> for details.
> >>> This GDB was configured as "i386-marcel-freebsd"...
> >>>
> >>> Unread portion of the kernel message buffer:
> >>>
> >>>
> >>> Fatal trap 12: page fault while in kernel mode
> >>> cpuid = 0; apic id = 00
> >>> fault virtual address   = 0x6c
> >>> fault code              = supervisor read, page not present
> >>> instruction pointer     = 0x20:0xc0a25dc0
> >>> stack pointer           = 0x28:0xc4df5910
> >>> frame pointer           = 0x28:0xc4df5954
> >>> code segment            = base 0x0, limit 0xfffff, type 0x1b
> >>>                        = DPL 0, pres 1, def32 1, gran 1
> >>> processor eflags        = interrupt enabled, resume, IOPL = 0
> >>> current process         = 12 (irq256: em0:rx 0)
> >>> trap number             = 12
> >>> panic: page fault
> >>> cpuid = 0
> >>> KDB: stack backtrace:
> >>> #0 0xc08380b7 at kdb_backtrace+0x47
> >>> #1 0xc0805617 at panic+0x117
> >>> #2 0xc0aebcc3 at trap_fatal+0x323
> >>> #3 0xc0aec802 at trap+0x182
> >>> #4 0xc0ad5f8c at calltrap+0x6
> >>> #5 0xc589f7cc at pfr_update_stats+0x1cc
> >>> #6 0xc588de21 at pf_test+0x981
> >>> #7 0xc5895e79 at pf_check_in+0x39
> >>> #8 0xc08c3c68 at pfil_run_hooks+0x78
> >>> #9 0xc08e18ae at ip_input+0x24e
> >>> #10 0xc08c2d9f at netisr_dispatch_src+0x8f
> >>> #11 0xc08c3040 at netisr_dispatch+0x20
> >>> #12 0xc08b9721 at ether_demux+0x171
> >>> #13 0xc08b9b6f at ether_nh_input+0x37f
> >>> #14 0xc08c2d9f at netisr_dispatch_src+0x8f
> >>> #15 0xc08c3040 at netisr_dispatch+0x20
> >>> #16 0xc08b9269 at ether_input+0x19
> >>> #17 0xc05b383f at em_rxeof+0x30f
> >>> Uptime: 1h45m44s
> >>> Physical memory: 2002 MB
> >>> Dumping 185 MB: 170 154 138 122 106 90 74 58 42 26 10
> >>>
> >>> Reading symbols from /boot/kernel/pf.ko...Reading symbols from
> >>> /boot/kernel/pf.ko.symbols...
> >>> done.
> >>> done.
> >>> Loaded symbols for /boot/kernel/pf.ko
> >>> #0  doadump (textdump=1) at pcpu.h:244
> >>> 244     pcpu.h: No such file or directory.
> >>>        in pcpu.h
> >>> (kgdb) #0  doadump (textdump=1) at pcpu.h:244
> >>> #1  0xc08053ba in kern_reboot (howto=260)
> >>>    at /usr/src/sys/kern/kern_shutdown.c:442
> >>> #2  0xc0805651 in panic (fmt=Variable "fmt" is not available.
> >>> ) at /usr/src/sys/kern/kern_shutdown.c:607
> >>> #3  0xc0aebcc3 in trap_fatal (frame=0xc4df58d0, eva=108)
> >>>    at /usr/src/sys/i386/i386/trap.c:975
> >>> #4  0xc0aec802 in trap (frame=0xc4df58d0) at /usr/src/sys/i386/ 
> >>> i386/trap.c:352
> >>> #5  0xc0ad5f8c in calltrap () at /usr/src/sys/i386/i386/ 
> >>> exception.s:168
> >>> #6  0xc0a25dc0 in uma_zalloc_arg (zone=0x0, udata=0x0, flags=257)
> >>>    at pcpu.h:244
> >>> #7  0xc589f7cc in pfr_update_stats (kt=0xc58d44d8, a=0xc56aa01a,  
> >>> af=2 '\002',
> >>>    len=52, dir_out=0, op_pass=0, notrule=0) at uma.h:305
> >>> #8  0xc588de21 in pf_test (dir=1, ifp=0xc5253c00, m0=0xc4df5acc,  
> >>> eh=0x0,
> >>>    inp=0x0) at /usr/src/sys/modules/pf/../../contrib/pf/net/pf.c: 
> >>> 7057
> >>> #9  0xc5895e79 in pf_check_in (arg=0x0, m=0xc4df5acc,  
> >>> ifp=0xc5253c00, dir=1,
> >>>    inp=0x0) at /usr/src/sys/modules/pf/../../contrib/pf/net/ 
> >>> pf_ioctl.c:4139
> >>> #10 0xc08c3c68 in pfil_run_hooks (ph=0xc0d685e0, mp=0xc4df5b24,
> >>>    ifp=0xc5253c00, dir=1, inp=0x0) at /usr/src/sys/net/pfil.c:82
> >>> #11 0xc08e18ae in ip_input (m=0xc567db00)
> >>>    at /usr/src/sys/netinet/ip_input.c:510
> >>> #12 0xc08c2d9f in netisr_dispatch_src (proto=1, source=0,  
> >>> m=0xc567db00)
> >>>    at /usr/src/sys/net/netisr.c:1013
> >>> #13 0xc08c3040 in netisr_dispatch (proto=1, m=0xc567db00)
> >>>    at /usr/src/sys/net/netisr.c:1104
> >>> #14 0xc08b9721 in ether_demux (ifp=0xc5253c00, m=0xc567db00)
> >>>    at /usr/src/sys/net/if_ethersubr.c:937
> >>> #15 0xc08b9b6f in ether_nh_input (m=0xc567db00)
> >>>    at /usr/src/sys/net/if_ethersubr.c:756
> >>> #16 0xc08c2d9f in netisr_dispatch_src (proto=9, source=0,  
> >>> m=0xc567db00)
> >>>    at /usr/src/sys/net/netisr.c:1013
> >>> #17 0xc08c3040 in netisr_dispatch (proto=9, m=0xc567db00)
> >>>    at /usr/src/sys/net/netisr.c:1104
> >>> #18 0xc08b9269 in ether_input (ifp=0xc5253c00, m=0xc567db00)
> >>>    at /usr/src/sys/net/if_ethersubr.c:797
> >>> #19 0xc05b383f in em_rxeof (rxr=0xc520bc00, count=99, done=0x0)
> >>>    at /usr/src/sys/dev/e1000/if_em.c:4340
> >>> #20 0xc05b3a06 in em_msix_rx (arg=0xc520bc00)
> >>>    at /usr/src/sys/dev/e1000/if_em.c:1577
> >>> #21 0xc07da6eb in intr_event_execute_handlers (p=0xc5157588,  
> >>> ie=0xc5241680)
> >>>    at /usr/src/sys/kern/kern_intr.c:1257
> >>> #22 0xc07dbeaa in ithread_loop (arg=0xc52506e0)
> >>>    at /usr/src/sys/kern/kern_intr.c:1270
> >>> #23 0xc07d78f7 in fork_exit (callout=0xc07dbe30 <ithread_loop>,
> >>>    arg=0xc52506e0, frame=0xc4df5d28) at /usr/src/sys/kern/ 
> >>> kern_fork.c:995
> >>> #24 0xc0ad6004 in fork_trampoline () at /usr/src/sys/i386/i386/ 
> >>> exception.s:275
> >>> (kgdb)
> >>>
> >>>
> >>> ################## pf.conf ##################
> >>> ext_if = "em0"
> >>>
> >>> public_tcp_ports = "{21,25,53,80,143,443,873,993,50021:50121}"
> >>> public_udp_ports = "53"
> >>>
> >>> table <secure> {someip}
> >>> table <ssh_brute> persist counters
> >>>
> >>> ### Redirection for SMTP
> >>> rdr on $ext_if proto tcp from any to $ext_if port 225 -> $ext_if  
> >>> port 25
> >>>
> >>> ### Block everything in an pass everything out
> >>> pass out on $ext_if all modulate state
> >>> block in on $ext_if all
> >>>
> >>> ### secure users
> >>> pass in quick on $ext_if proto tcp from <secure> to any flags
> >>> S/SA \ modulate state
> >>>
> >>> ### public tcp/udp ports rules
> >>> pass in on $ext_if proto udp to $ext_if port $public_udp_ports
> >>> pass in on $ext_if proto tcp to $ext_if port $public_tcp_ports  
> >>> flags S/SA \
> >>> modulate state
> >>>
> >>> ### block ssh bruteforce
> >>> block in quick from <ssh_brute>
> >>> pass in quick on $ext_if proto tcp to $ext_if port 22 flags S/SA
> >>> modulate state \
> >>> (max-src-conn 5, max-src-conn-rate 10/60, overload <ssh_brute>  
> >>> flush global)
> >>>
> >>> ### block icmp timestamp request/response
> >>> block in quick on $ext_if inet proto icmp all icmp-type {13, 14}
> >>> pass in quick on $ext_if proto icmp all
> >>>
> >>> ############ end pf.conf ##############
> >>>
> >>> --
> >>> Ali Mdidech
> >>> _______________________________________________
> >>> freebsd-pf@freebsd.org mailing list
> >>> http://lists.freebsd.org/mailman/listinfo/freebsd-pf
> >>> To unsubscribe, send any mail to "freebsd-pf- 
> >>> unsubscribe@freebsd.org"
> >>
> >>
> >>
> >> --
> >> Ermal
> >
> > -- 
> > Ali Mdidech
> > _______________________________________________
> > freebsd-pf@freebsd.org mailing list
> > http://lists.freebsd.org/mailman/listinfo/freebsd-pf
> > To unsubscribe, send any mail to
> > "freebsd-pf-unsubscribe@freebsd.org"
> 
> ????????? ??????????
> --------------------------
> ????????? ?????????????
> ??? "???"

-- 
Theo



Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20120412141632.00007c72>