From owner-freebsd-pf@FreeBSD.ORG Fri Feb 24 07:20:34 2012 Return-Path: Delivered-To: freebsd-pf@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id EF0CF1065673 for ; Fri, 24 Feb 2012 07:20:34 +0000 (UTC) (envelope-from ermal.luci@gmail.com) Received: from mail-iy0-f182.google.com (mail-iy0-f182.google.com [209.85.210.182]) by mx1.freebsd.org (Postfix) with ESMTP id B0CBD8FC12 for ; Fri, 24 Feb 2012 07:20:34 +0000 (UTC) Received: by iaeo4 with SMTP id o4so3470094iae.13 for ; Thu, 23 Feb 2012 23:20:34 -0800 (PST) Received-SPF: pass (google.com: domain of ermal.luci@gmail.com designates 10.50.15.234 as permitted sender) client-ip=10.50.15.234; Authentication-Results: mr.google.com; spf=pass (google.com: domain of ermal.luci@gmail.com designates 10.50.15.234 as permitted sender) smtp.mail=ermal.luci@gmail.com; dkim=pass header.i=ermal.luci@gmail.com Received: from mr.google.com ([10.50.15.234]) by 10.50.15.234 with SMTP id a10mr1239157igd.29.1330068034162 (num_hops = 1); Thu, 23 Feb 2012 23:20:34 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=gamma; h=mime-version:sender:in-reply-to:references:date :x-google-sender-auth:message-id:subject:from:to:cc:content-type :content-transfer-encoding; bh=Y9GST2jbceO5865IC/48sTKc/fOGxDTPa3OLSyeZBXM=; b=EoKjTL2tmO6dqJcaAuRcXQzn50OcQx60qeKub4DPQm5nJ/LHxwtEsON/PWTiagONSW DAlSqGJ8Jd5F0UaPwohP9qmwevd7W/Cn1QmaVbD/7iCChYbKWzdr35PXCigb9SeSMOcM nM9rTEaTVyxgXWnBnM1pKcmqlErFORAym/0K0= MIME-Version: 1.0 Received: by 10.50.15.234 with SMTP id a10mr1011208igd.29.1330068034088; Thu, 23 Feb 2012 23:20:34 -0800 (PST) Sender: ermal.luci@gmail.com Received: by 10.231.44.209 with HTTP; Thu, 23 Feb 2012 23:20:34 -0800 (PST) In-Reply-To: References: Date: Fri, 24 Feb 2012 07:20:34 +0000 X-Google-Sender-Auth: j35J_GwuZZqNo7GOPAyKwV_C3i0 Message-ID: From: =?ISO-8859-1?Q?Ermal_Lu=E7i?= To: Ali Mdidech Content-Type: text/plain; charset=ISO-8859-1 Content-Transfer-Encoding: quoted-printable Cc: freebsd-pf@freebsd.org Subject: Re: Panic in packet filter X-BeenThere: freebsd-pf@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: "Technical discussion and general questions about packet filter \(pf\)" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 24 Feb 2012 07:20:35 -0000 On Thu, Feb 23, 2012 at 8:44 AM, Ali Mdidech wrote: > Hi List, > > I've a box that panics multiple times randomly since a year whatever > the release is (8 or 9) > The crash dump shows that the problem is related to pf. > Is this some sort of identified bug? > Below some info and my pf.conf file. > > Thank you very much for your help. > Can you try do disable SMP through sysctl and see if you still get this? What are you doing to get the panic? Also its very helpful to know the `uname -a` command output. > panic: page fault > > GNU gdb 6.1.1 [FreeBSD] > Copyright 2004 Free Software Foundation, Inc. > GDB is free software, covered by the GNU General Public License, and you = are > welcome to change it and/or distribute copies of it under certain conditi= ons. > Type "show copying" to see the conditions. > There is absolutely no warranty for GDB. =A0Type "show warranty" for deta= ils. > This GDB was configured as "i386-marcel-freebsd"... > > Unread portion of the kernel message buffer: > > > Fatal trap 12: page fault while in kernel mode > cpuid =3D 0; apic id =3D 00 > fault virtual address =A0 =3D 0x6c > fault code =A0 =A0 =A0 =A0 =A0 =A0 =A0=3D supervisor read, page not prese= nt > instruction pointer =A0 =A0 =3D 0x20:0xc0a25dc0 > stack pointer =A0 =A0 =A0 =A0 =A0 =3D 0x28:0xc4df5910 > frame pointer =A0 =A0 =A0 =A0 =A0 =3D 0x28:0xc4df5954 > code segment =A0 =A0 =A0 =A0 =A0 =A0=3D base 0x0, limit 0xfffff, type 0x1= b > =A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0=3D DPL 0, pres 1, def32 1= , gran 1 > processor eflags =A0 =A0 =A0 =A0=3D interrupt enabled, resume, IOPL =3D 0 > current process =A0 =A0 =A0 =A0 =3D 12 (irq256: em0:rx 0) > trap number =A0 =A0 =A0 =A0 =A0 =A0 =3D 12 > panic: page fault > cpuid =3D 0 > KDB: stack backtrace: > #0 0xc08380b7 at kdb_backtrace+0x47 > #1 0xc0805617 at panic+0x117 > #2 0xc0aebcc3 at trap_fatal+0x323 > #3 0xc0aec802 at trap+0x182 > #4 0xc0ad5f8c at calltrap+0x6 > #5 0xc589f7cc at pfr_update_stats+0x1cc > #6 0xc588de21 at pf_test+0x981 > #7 0xc5895e79 at pf_check_in+0x39 > #8 0xc08c3c68 at pfil_run_hooks+0x78 > #9 0xc08e18ae at ip_input+0x24e > #10 0xc08c2d9f at netisr_dispatch_src+0x8f > #11 0xc08c3040 at netisr_dispatch+0x20 > #12 0xc08b9721 at ether_demux+0x171 > #13 0xc08b9b6f at ether_nh_input+0x37f > #14 0xc08c2d9f at netisr_dispatch_src+0x8f > #15 0xc08c3040 at netisr_dispatch+0x20 > #16 0xc08b9269 at ether_input+0x19 > #17 0xc05b383f at em_rxeof+0x30f > Uptime: 1h45m44s > Physical memory: 2002 MB > Dumping 185 MB: 170 154 138 122 106 90 74 58 42 26 10 > > Reading symbols from /boot/kernel/pf.ko...Reading symbols from > /boot/kernel/pf.ko.symbols... > done. > done. > Loaded symbols for /boot/kernel/pf.ko > #0 =A0doadump (textdump=3D1) at pcpu.h:244 > 244 =A0 =A0 pcpu.h: No such file or directory. > =A0 =A0 =A0 =A0in pcpu.h > (kgdb) #0 =A0doadump (textdump=3D1) at pcpu.h:244 > #1 =A00xc08053ba in kern_reboot (howto=3D260) > =A0 =A0at /usr/src/sys/kern/kern_shutdown.c:442 > #2 =A00xc0805651 in panic (fmt=3DVariable "fmt" is not available. > ) at /usr/src/sys/kern/kern_shutdown.c:607 > #3 =A00xc0aebcc3 in trap_fatal (frame=3D0xc4df58d0, eva=3D108) > =A0 =A0at /usr/src/sys/i386/i386/trap.c:975 > #4 =A00xc0aec802 in trap (frame=3D0xc4df58d0) at /usr/src/sys/i386/i386/t= rap.c:352 > #5 =A00xc0ad5f8c in calltrap () at /usr/src/sys/i386/i386/exception.s:168 > #6 =A00xc0a25dc0 in uma_zalloc_arg (zone=3D0x0, udata=3D0x0, flags=3D257) > =A0 =A0at pcpu.h:244 > #7 =A00xc589f7cc in pfr_update_stats (kt=3D0xc58d44d8, a=3D0xc56aa01a, af= =3D2 '\002', > =A0 =A0len=3D52, dir_out=3D0, op_pass=3D0, notrule=3D0) at uma.h:305 > #8 =A00xc588de21 in pf_test (dir=3D1, ifp=3D0xc5253c00, m0=3D0xc4df5acc, = eh=3D0x0, > =A0 =A0inp=3D0x0) at /usr/src/sys/modules/pf/../../contrib/pf/net/pf.c:70= 57 > #9 =A00xc5895e79 in pf_check_in (arg=3D0x0, m=3D0xc4df5acc, ifp=3D0xc5253= c00, dir=3D1, > =A0 =A0inp=3D0x0) at /usr/src/sys/modules/pf/../../contrib/pf/net/pf_ioct= l.c:4139 > #10 0xc08c3c68 in pfil_run_hooks (ph=3D0xc0d685e0, mp=3D0xc4df5b24, > =A0 =A0ifp=3D0xc5253c00, dir=3D1, inp=3D0x0) at /usr/src/sys/net/pfil.c:8= 2 > #11 0xc08e18ae in ip_input (m=3D0xc567db00) > =A0 =A0at /usr/src/sys/netinet/ip_input.c:510 > #12 0xc08c2d9f in netisr_dispatch_src (proto=3D1, source=3D0, m=3D0xc567d= b00) > =A0 =A0at /usr/src/sys/net/netisr.c:1013 > #13 0xc08c3040 in netisr_dispatch (proto=3D1, m=3D0xc567db00) > =A0 =A0at /usr/src/sys/net/netisr.c:1104 > #14 0xc08b9721 in ether_demux (ifp=3D0xc5253c00, m=3D0xc567db00) > =A0 =A0at /usr/src/sys/net/if_ethersubr.c:937 > #15 0xc08b9b6f in ether_nh_input (m=3D0xc567db00) > =A0 =A0at /usr/src/sys/net/if_ethersubr.c:756 > #16 0xc08c2d9f in netisr_dispatch_src (proto=3D9, source=3D0, m=3D0xc567d= b00) > =A0 =A0at /usr/src/sys/net/netisr.c:1013 > #17 0xc08c3040 in netisr_dispatch (proto=3D9, m=3D0xc567db00) > =A0 =A0at /usr/src/sys/net/netisr.c:1104 > #18 0xc08b9269 in ether_input (ifp=3D0xc5253c00, m=3D0xc567db00) > =A0 =A0at /usr/src/sys/net/if_ethersubr.c:797 > #19 0xc05b383f in em_rxeof (rxr=3D0xc520bc00, count=3D99, done=3D0x0) > =A0 =A0at /usr/src/sys/dev/e1000/if_em.c:4340 > #20 0xc05b3a06 in em_msix_rx (arg=3D0xc520bc00) > =A0 =A0at /usr/src/sys/dev/e1000/if_em.c:1577 > #21 0xc07da6eb in intr_event_execute_handlers (p=3D0xc5157588, ie=3D0xc52= 41680) > =A0 =A0at /usr/src/sys/kern/kern_intr.c:1257 > #22 0xc07dbeaa in ithread_loop (arg=3D0xc52506e0) > =A0 =A0at /usr/src/sys/kern/kern_intr.c:1270 > #23 0xc07d78f7 in fork_exit (callout=3D0xc07dbe30 , > =A0 =A0arg=3D0xc52506e0, frame=3D0xc4df5d28) at /usr/src/sys/kern/kern_fo= rk.c:995 > #24 0xc0ad6004 in fork_trampoline () at /usr/src/sys/i386/i386/exception.= s:275 > (kgdb) > > > ################## pf.conf ################## > ext_if =3D "em0" > > public_tcp_ports =3D "{21,25,53,80,143,443,873,993,50021:50121}" > public_udp_ports =3D "53" > > table {someip} > table persist counters > > ### Redirection for SMTP > rdr on $ext_if proto tcp from any to $ext_if port 225 -> $ext_if port 25 > > ### Block everything in an pass everything out > pass out on $ext_if all modulate state > block in on $ext_if all > > ### secure users > pass in quick on $ext_if proto tcp from to any flags S/SA \ > modulate state > > ### public tcp/udp ports rules > pass in on $ext_if proto udp to $ext_if port $public_udp_ports > pass in on $ext_if proto tcp to $ext_if port $public_tcp_ports flags S/SA= \ > modulate state > > ### block ssh bruteforce > block in quick from > pass in quick on $ext_if proto tcp to $ext_if port 22 flags S/SA > modulate state \ > (max-src-conn 5, max-src-conn-rate 10/60, overload flush glob= al) > > ### block icmp timestamp request/response > block in quick on $ext_if inet proto icmp all icmp-type {13, 14} > pass in quick on $ext_if proto icmp all > > ############ end pf.conf ############## > > -- > Ali Mdidech > _______________________________________________ > freebsd-pf@freebsd.org mailing list > http://lists.freebsd.org/mailman/listinfo/freebsd-pf > To unsubscribe, send any mail to "freebsd-pf-unsubscribe@freebsd.org" --=20 Ermal