Date: Thu, 18 Mar 2010 21:37:54 +0100 From: Giulio Ferro <auryn@zirakzigil.org> To: Max Laier <max@love2party.net> Cc: freebsd-net@freebsd.org, Greg Hennessy <Greg.Hennessy@nviz.net>, freebsd-pf@freebsd.org Subject: Re: PF + BRIDGE + PFSYNC causes system freezing Message-ID: <4BA28F22.6080401@zirakzigil.org> In-Reply-To: <201003182035.56363.max@love2party.net> References: <4B8E4850.1060104@zirakzigil.org> <201003181526.00442.max@love2party.net> <4BA25741.6070007@zirakzigil.org> <201003182035.56363.max@love2party.net>
next in thread | previous in thread | raw e-mail | index | archive | help
On 18.03.2010 20:35, Max Laier wrote:
> Okay ... so it looks like this is a live lock (not a deadlock) and it's
> probably caused by relooping packets. Now we "only" have to find the culprit
> for the loop ...
>
> can you share your setup details, again? The simpler the better.
>
>
Ok
> uname -a
FreeBSD firewall-1.acme.com 8.0-STABLE FreeBSD 8.0-STABLE #2: Thu Mar 18
15:59:27 CET 2010 root@acme.com:/usr/obj/usr/src/sys/FIREWALL amd64
> cat /etc/sysctl.conf
net.inet.ip.forwarding=1
net.inet.ip.fastforwarding=1
net.inet.carp.preempt=1
Services running : sshd, named, inetd, ntpd, openvpn (tap), racoon,
pptp, asterisk
2 physical interfaces : bce0, bce1
11 vlan interfaces : vlan1, ..., vlan11 (vlandev bce1)
11 carp interfaces ; carp1, ..., carp11 (carp1 has 23 alias addresses)
1 bridge interfaces : bridge0 addm vlan35 (used by openvpn)
2 gif interfaces : gif0, gif1 (racoon / IPSEC)
8 static routes
pf packet filter : 12 rdr rules, 3 nat rules, set skip{lo0, bridge0}, 4
pass quick, block log all, about 30 pass keep state
This should be all.
I'm available for any test / patch...
Thanks.
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?4BA28F22.6080401>