From owner-freebsd-pf@FreeBSD.ORG Fri May 25 07:27:05 2012 Return-Path: Delivered-To: freebsd-pf@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [69.147.83.52]) by hub.freebsd.org (Postfix) with ESMTP id 55EB21065670; Fri, 25 May 2012 07:27:05 +0000 (UTC) (envelope-from Joerg.Pulz@frm2.tum.de) Received: from mailhost.frm2.tum.de (mailhost.frm2.tum.de [129.187.179.12]) by mx1.freebsd.org (Postfix) with ESMTP id BF1658FC08; Fri, 25 May 2012 07:27:04 +0000 (UTC) Received: from mailhost.frm2.tum.de (localhost [127.0.0.1]) by mailhost.frm2.tum.de (8.14.4/8.14.4) with ESMTP id q4P7Pifr053141; Fri, 25 May 2012 09:25:44 +0200 (CEST) (envelope-from Joerg.Pulz@frm2.tum.de) X-Virus-Scanned: at mailhost.frm2.tum.de Received: from hades.admin.frm2 (hades.admin.frm2 [172.25.1.10]) (authenticated bits=0) by mailhost.frm2.tum.de (8.14.4/8.14.4) with ESMTP id q4P7Pfks053138 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=NOT); Fri, 25 May 2012 09:25:42 +0200 (CEST) (envelope-from Joerg.Pulz@frm2.tum.de) Date: Fri, 25 May 2012 09:25:38 +0200 (CEST) From: Joerg Pulz To: Daniel Hartmeier In-Reply-To: Message-ID: References: <201205240910.q4O9A4rt044627@freefall.freebsd.org> <20120524094354.GK29536@insomnia.benzedrine.cx> MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII; format=flowed X-Greylist: Sender succeeded SMTP AUTH, not delayed by milter-greylist-4.2.6 (mailhost.frm2.tum.de [129.187.179.12]); Fri, 25 May 2012 09:25:42 +0200 (CEST) Cc: bug-followup@freebsd.org, freebsd-pf@freebsd.org Subject: Re: kern/168190: [pf] panic when using pf and route-to (maybe: bad fragment handling?) X-BeenThere: freebsd-pf@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: "Technical discussion and general questions about packet filter \(pf\)" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 25 May 2012 07:27:05 -0000 -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 On Thu, 24 May 2012, Joerg Pulz wrote: > Daniel, > > exactly, ipfw was enabled with the above kernel options but not configured > to filter or do anything but the DEFAULT_TO_ACCEPT. > I've rebuilt the kernel without IPFIREWALL options. The system is running > now for about three and a half hours. > Time will show if this solved our problem. > I'm still wondering why these panics showed up in irregular unreproducable > intervals. > > Thanks for writing to the ipfw list. I'm really interested in tracking > this further down to fix it forever, so nobody will stumble over it again. > > Thanks for all your help. Feel free to contact me if you have new ideas or > things i should try. Daniel, the system is still running without panic, but i found the following log entries from last night: May 24 23:28:57 charon kernel: pf_route: m0->m_len < sizeof(struct ip) May 24 23:28:57 charon kernel: pf_route: m0->m_len < sizeof(struct ip) Do you think that this may be related to the panics? I've found this error message two times in contrib/pf/net/pf.c. I can't say which of them or both have printed the message. Kind regards Joerg - -- The beginning is the most important part of the work. -Plato -----BEGIN PGP SIGNATURE----- Version: GnuPG v2.0.18 (FreeBSD) iD8DBQFPvzP1SPOsGF+KA+MRAngoAJ4wk4PSjEtYvpCak2H8Qze8GaUbfwCgg2dq 2sQgy+3qWttRKxCj/WctPvY= =ejhQ -----END PGP SIGNATURE-----