From owner-freebsd-stable@FreeBSD.ORG Sun Jun 12 21:02:44 2005 Return-Path: X-Original-To: freebsd-stable@freebsd.org Delivered-To: freebsd-stable@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 155C016A41C for ; Sun, 12 Jun 2005 21:02:44 +0000 (GMT) (envelope-from damon@hopkins-family.org) Received: from smtp.rtsz.com (rrcs-24-199-159-90.midsouth.biz.rr.com [24.199.159.90]) by mx1.FreeBSD.org (Postfix) with ESMTP id 65C2D43D48 for ; Sun, 12 Jun 2005 21:02:43 +0000 (GMT) (envelope-from damon@hopkins-family.org) Received: from [10.69.0.21] (unknown [10.69.0.21]) by smtp.rtsz.com (Postfix) with ESMTP id 96FF8156F01 for ; Sun, 12 Jun 2005 17:02:38 -0400 (EDT) Message-ID: <42ACA2F4.80105@hopkins-family.org> Date: Sun, 12 Jun 2005 17:02:44 -0400 From: Damon Hopkins User-Agent: Mozilla Thunderbird 1.0.2 (Macintosh/20050317) X-Accept-Language: en-us, en MIME-Version: 1.0 To: freebsd-stable@freebsd.org Content-Type: text/plain; charset=ISO-8859-1; format=flowed Content-Transfer-Encoding: 7bit X-RTS-MailScanner-Information: Please contact the System Administrator for more information X-RTS-MailScanner: Found to be clean X-RTS-MailScanner-MCPCheck: MCP-Clean, MCP-Checker (score=0, required 1) X-Spam-Flag: not spam, SpamAssassin (score=-2.573, required 4, autolearn=not spam, AWL 0.03, BAYES_00 -2.60) X-MailScanner-From: damon@hopkins-family.org Subject: ipf Kernel Panic log.. w/ Vonage linksys RT31P2, 5.4 Stable, IPF + IPNAT X-BeenThere: freebsd-stable@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: Production branch of FreeBSD source code List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sun, 12 Jun 2005 21:02:44 -0000 I can reproduce this very easily.. I pick up my phone and make a call Current Setup -------- \------ I've tried various nap rules and ipf filter settings.. here are the current mappings and setup.. the kernel is GENERIC w/ the debuggong stuff put in it. ---------------- IPNAT RULES -------------------- map vr0 10.69.0.0/24 -> 0/32 proxy port ftp ftp/tcp map vr0 10.69.0.0/24 -> 0/32 ----------------- IPF RULES --------------------- pass in quick on lo0 proto tcp from any to any flags S keep state pass in quick on lo0 proto udp from any to any keep state pass in quick on lo0 proto icmp from any to any keep state pass in quick on lo0 all keep state pass out quick on lo0 proto tcp from any to any flags S keep state pass out quick on lo0 proto udp from any to any keep state pass out quick on lo0 proto icmp from any to any keep state pass out quick on lo0 all keep state pass in quick on rl0 proto tcp from any to any flags S keep state pass in log first quick on rl0 proto udp from any to any keep state pass in log first quick on rl0 proto icmp from any to any keep state keep frags pass in quick on rl0 all keep state pass out quick on rl0 proto tcp from any to any flags S keep state pass out log first quick on rl0 proto udp from any to any keep state pass out log first quick on rl0 proto icmp from any to any keep state keep frags pass out quick on rl0 all keep state pass in quick on vr0 proto tcp from any to any flags S keep state keep frags pass in quick on vr0 proto udp from any to any keep state keep frags pass in log first quick on vr0 proto icmp from any to any keep state keep frags pass in quick on vr0 all keep state keep frags pass out quick on vr0 proto tcp from any to any flags S keep state keep frags pass out quick on vr0 proto udp from any to any keep state keep frags pass out log first quick on vr0 proto icmp from any to any keep state keep frags pass out quick on vr0 all keep state keep frags pass in quick on ng0 proto tcp from any to any flags S keep state pass in quick on ng0 proto udp from any to any keep state pass in log first quick on ng0 proto icmp from any to any keep state pass in quick on ng0 all keep state pass out quick on ng0 proto tcp from any to any flags S keep state pass out quick on ng0 proto udp from any to any keep state pass out log first quick on ng0 proto icmp from any to any keep state pass out quick on ng0 all keep state MORE ng rules form my other VPNS I've also just tried to pass everything pass in quick on vr0 all pass out quick on vr0 all but that didn't help any I've notices a lot of UDP traffic from the linksys adapter durring a phone call.. Thanks Guys.. I hope this gets fixes real fast cause my old number goes away in a few days and this is not going to be fun.. I can't put the linksys adapter in front of the firewall because it doesn't route my VPN's.. we use MPD and bgpd (zebra) Later, Damon Hopkins ------------- DEBUG OUTPUT ---------------------- Fatal trap 12: page fault while in kernel mode fault virtual address = 0xc fault code = supervisor read, page not present instruction pointer = 0x8:0xc0651550 stack pointer = 0x10:0xd3d46aec frame pointer = 0x10:0xd3d46af8 code segment = base 0x0, limit 0xfffffm type 0x1b = DPL 0, pres 1, def32 1, gran 1 processor eflags = interrupt enabled, resume, IOPL = 0 current process = 27 (swi1:net) [thread pid 27 tid 100021 ] Stopped at m_copydata+0x28: movl 0xc(%esi),%eax db> examine m_copydata+0x28: 290c468b db> trace Tracing pid 27 tid 100021 td 0xc15a4180 mcopydata(c17fa400,0,38,c193abc0,0) at m_copydata+0x28 ipllog(0,d3d46bc8,d3d46b50,d3d46b48,d3d46b40) at ipllog+0x1f1 ipflog(105819,c17fa450,d3d46bc8,c17fa400,0) at ipflog+0x18f fr_check(c17fa450,14,c16c6000,0,d3d46c70) at fr_check+0xc6c fr_check_wrapper(0,d3d46c70,c16c6000,1,0) at fr_check_wrapper+0x2a pfil_run_hooks(c08fa5c0,d3d46cbc,c16c600,1,0) at pfil_run_hooks+0xeb ip_input(c17fa400) at ip_input+0x211 netisr_processqueue(c08f9858) at netisr_processqueue+0x9f swi_net(0) at swi_net+0xee ithread_loop(c159a500,d3d46d38) at ithread_loop+0x151 fork_exit(c0609f4c,c159a500,d3d46d38) at fork_exit+0x74 fork_trampoline() at fork_trampoline+0x8 --- trap 0x1, eip = 0, esp = 0xd3d46d6c, ebp = 0 ---