Date: Thu, 24 May 2012 15:50:04 +0200 (CEST) From: Joerg Pulz <Joerg.Pulz@frm2.tum.de> To: Daniel Hartmeier <daniel@benzedrine.cx> Cc: bug-followup@FreeBSD.org, freebsd-pf@FreeBSD.org Subject: Re: kern/168190: [pf] panic when using pf and route-to (maybe: bad fragment handling?) Message-ID: <alpine.BSF.2.00.1205241533230.89783@unqrf.nqzva.sez2> In-Reply-To: <20120524094354.GK29536@insomnia.benzedrine.cx> References: <201205240910.q4O9A4rt044627@freefall.freebsd.org> <20120524094354.GK29536@insomnia.benzedrine.cx>
next in thread | previous in thread | raw e-mail | index | archive | help
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 On Thu, 24 May 2012, Daniel Hartmeier wrote: > On Thu, May 24, 2012 at 09:10:04AM +0000, Joerg Pulz wrote: > >> panic: ipfw_check_hook:281 ASSERT_HOST_BYTE_ORDER 45056 176 >> ipfw_check_hook() at ipfw_check_hook+0x511 >> pfil_run_hooks() at pfil_run_hooks+0xf1 >> ip_output() at ip_output+0x6de >> ip_forward() at ip_forward+0x19e >> ip_input() at ip_input+0x680 >> swi_net() at swi_net+0x15a > > OK, this convinces me that the problem is in ipfw. > > You enabled it with > > options IPFIREWALL > options IPFIREWALL_VERBOSE > options IPFIREWALL_VERBOSE_LIMIT=100 > options IPFIREWALL_DEFAULT_TO_ACCEPT > > but say you're not using it? > > The above will actually enable ipfw's packet inspection with a default > pass rule. And a non-trivial amount of code runs, unlike pf (and > ipfilter), which must first be enabled (like with pfctl -e) first. > > Could you rebuild a kernel without the above options, just to confirm > the theory that the problem is related to ipfw? > > We can try to find the problem within ipfw, maybe asking the ipfw > developers for help. Daniel, exactly, ipfw was enabled with the above kernel options but not configured to filter or do anything but the DEFAULT_TO_ACCEPT. I've rebuilt the kernel without IPFIREWALL options. The system is running now for about three and a half hours. Time will show if this solved our problem. I'm still wondering why these panics showed up in irregular unreproducable intervals. Thanks for writing to the ipfw list. I'm really interested in tracking this further down to fix it forever, so nobody will stumble over it again. Thanks for all your help. Feel free to contact me if you have new ideas or things i should try. Kind regards Joerg - -- The beginning is the most important part of the work. -Plato -----BEGIN PGP SIGNATURE----- Version: GnuPG v2.0.18 (FreeBSD) iD8DBQFPvjyPSPOsGF+KA+MRAqgqAJ0Z8uuoOLHpbEcUTSrg1oXgNu7sowCfem2Z r8rPTyO39GMo9qJa10z+zzM= =pq7s -----END PGP SIGNATURE-----
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?alpine.BSF.2.00.1205241533230.89783>