From owner-freebsd-i386@FreeBSD.ORG Tue May 3 07:30:02 2005 Return-Path: Delivered-To: freebsd-i386@hub.freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id D988B16A4CF for ; Tue, 3 May 2005 07:30:02 +0000 (GMT) Received: from freefall.freebsd.org (freefall.freebsd.org [216.136.204.21]) by mx1.FreeBSD.org (Postfix) with ESMTP id 4BF4D43D6A for ; Tue, 3 May 2005 07:30:02 +0000 (GMT) (envelope-from gnats@FreeBSD.org) Received: from freefall.freebsd.org (gnats@localhost [127.0.0.1]) by freefall.freebsd.org (8.13.3/8.13.3) with ESMTP id j437U2RM065644 for ; Tue, 3 May 2005 07:30:02 GMT (envelope-from gnats@freefall.freebsd.org) Received: (from gnats@localhost) by freefall.freebsd.org (8.13.3/8.13.1/Submit) id j437U2pi065643; Tue, 3 May 2005 07:30:02 GMT (envelope-from gnats) Resent-Date: Tue, 3 May 2005 07:30:02 GMT Resent-Message-Id: <200505030730.j437U2pi065643@freefall.freebsd.org> Resent-From: FreeBSD-gnats-submit@FreeBSD.org (GNATS Filer) Resent-To: freebsd-i386@FreeBSD.org Resent-Reply-To: FreeBSD-gnats-submit@FreeBSD.org, Josef Karthauser Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 86E0D16A4CE for ; Tue, 3 May 2005 07:23:30 +0000 (GMT) Received: from mailhost.tao.org.uk (transwarp.tao.org.uk [212.135.162.50]) by mx1.FreeBSD.org (Postfix) with ESMTP id 8E62F43D69 for ; Tue, 3 May 2005 07:23:28 +0000 (GMT) (envelope-from joe@tao.org.uk) Received: by mailhost.tao.org.uk (Postfix, from userid 1000) id F0C47A62E; Tue, 3 May 2005 08:22:41 +0100 (BST) Message-Id: <20050503072241.F0C47A62E@mailhost.tao.org.uk> Date: Tue, 3 May 2005 08:22:41 +0100 (BST) From: Josef Karthauser To: FreeBSD-gnats-submit@FreeBSD.org X-Send-Pr-Version: 3.113 Subject: i386/80572: bridge/ipfw works intermittantly. X-BeenThere: freebsd-i386@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list Reply-To: Josef Karthauser List-Id: I386-specific issues for FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 03 May 2005 07:30:03 -0000 >Number: 80572 >Category: i386 >Synopsis: bridge/ipfw works intermittantly. >Confidential: no >Severity: critical >Priority: high >Responsible: freebsd-i386 >State: open >Quarter: >Keywords: >Date-Required: >Class: sw-bug >Submitter-Id: current-users >Arrival-Date: Tue May 03 07:30:01 GMT 2005 >Closed-Date: >Last-Modified: >Originator: Josef Karthauser >Release: FreeBSD 5.4-RC4 i386 >Organization: >Environment: System: FreeBSD transwarp.tao.org.uk 5.4-RC4 FreeBSD 5.4-RC4 #44: Mon May 2 21:10:57 BST 2005 joe@transwarp.tao.org.uk:/usr/obj/usr/src/sys/TRANSWARP i386 This machine has just been upgraded from 4.11 to 5.4-rc3 using a buildworld. The box is an intel SMP (dual processor PIII-800MHz) with two fxp ethernet interfaces. Copyright (c) 1992-2005 The FreeBSD Project. Copyright (c) 1979, 1980, 1983, 1986, 1988, 1989, 1991, 1992, 1993, 1994 The Regents of the University of California. All rights reserved. FreeBSD 5.4-RC4 #44: Mon May 2 21:10:57 BST 2005 joe@transwarp.tao.org.uk:/usr/obj/usr/src/sys/TRANSWARP ACPI APIC Table: Timecounter "i8254" frequency 1193182 Hz quality 0 CPU: Intel Pentium III (796.54-MHz 686-class CPU) Origin = "GenuineIntel" Id = 0x683 Stepping = 3 Features=0x383fbff real memory = 536805376 (511 MB) avail memory = 515629056 (491 MB) ioapic0 irqs 0-23 on motherboard npx0: on motherboard npx0: INT 16 interface acpi0: on motherboard acpi0: Power Button (fixed) Timecounter "ACPI-safe" frequency 3579545 Hz quality 1000 acpi_timer0: <24-bit timer at 3.579545MHz> port 0xc08-0xc0b on acpi0 cpu0: on acpi0 pcib0: port 0xcf8-0xcff on acpi0 pci0: on pcib0 agp0: mem 0xf8000000-0xfbffffff at device 0.0 on pci0 pcib1: at device 1.0 on pci0 pci1: on pcib1 pcib2: at device 15.0 on pci1 pci2: on pcib2 ahc0: port 0x3000-0x30ff mem 0xf4300000-0xf4300fff irq 20 at device 4.0 on pci2 aic7890/91: Ultra2 Wide Channel A, SCSI Id=7, 32/253 SCBs fxp0: port 0x3400-0x343f mem 0xf4200000-0xf42fffff,0xf4301000-0xf4301fff irq 23 at device 7.0 on pci2 miibus0: on fxp0 inphy0: on miibus0 inphy0: 10baseT, 10baseT-FDX, 100baseTX, 100baseTX-FDX, auto fxp0: Ethernet address: 00:d0:b7:74:51:af ahc1: port 0x2000-0x20ff mem 0xf4100000-0xf4100fff irq 19 at device 12.0 on pci0 aic7896/97: Ultra2 Wide Channel A, SCSI Id=7, 32/253 SCBs ahc2: port 0x2400-0x24ff mem 0xf4101000-0xf4101fff irq 19 at device 12.1 on pci0 aic7896/97: Ultra2 Wide Channel B, SCSI Id=7, 32/253 SCBs fxp1: port 0x2800-0x283f mem 0xf4000000-0xf40fffff,0xf4102000-0xf4102fff irq 21 at device 14.0 on pci0 miibus1: on fxp1 inphy1: on miibus1 inphy1: 10baseT, 10baseT-FDX, 100baseTX, 100baseTX-FDX, auto fxp1: Ethernet address: 00:d0:b7:88:c8:20 isab0: at device 18.0 on pci0 isa0: on isab0 atapci0: port 0x2860-0x286f,0x376,0x170-0x177,0x3f6,0x1f0-0x1f7 at device 18.1 on pci0 ata0: channel #0 on atapci0 ata1: channel #1 on atapci0 uhci0: port 0x2840-0x285f irq 21 at device 18.2 on pci0 usb0: on uhci0 usb0: USB revision 1.0 uhub0: Intel UHCI root hub, class 9/0, rev 1.00/1.00, addr 1 uhub0: 2 ports with 2 removable, self powered pci0: at device 18.3 (no driver attached) pci0: at device 20.0 (no driver attached) atkbdc0: port 0x64,0x60 irq 1 on acpi0 atkbd0: irq 1 on atkbdc0 kbd0 at atkbd0 fdc0: port 0x3f2-0x3f5 irq 6 drq 2 on acpi0 fd0: <1440-KB 3.5" drive> on fdc0 drive 0 ppc0: port 0x778-0x77f,0x378-0x37f irq 7 drq 3 on acpi0 ppc0: Generic chipset (ECP/PS2/NIBBLE) in COMPATIBLE mode ppc0: FIFO with 16/16/8 bytes threshold ppbus0: on ppc0 plip0: on ppbus0 lpt0: on ppbus0 lpt0: Interrupt-driven port ppi0: on ppbus0 sio0: <16550A-compatible COM port> port 0x3f8-0x3ff irq 4 flags 0x10 on acpi0 sio0: type 16550A sio1: <16550A-compatible COM port> port 0x2f8-0x2ff irq 3 on acpi0 sio1: type 16550A pmtimer0 on isa0 orm0: at iomem 0xcf000-0xcffff,0xce800-0xcefff,0xcd800-0xce7ff,0xc8000-0xcd7ff,0xc0000-0xc7fff on isa0 sc0: at flags 0x100 on isa0 sc0: VGA <16 virtual consoles, flags=0x300> vga0: at port 0x3c0-0x3df iomem 0xa0000-0xbffff on isa0 aue0: USBs USB 10/100 Fast Ethernet, rev 1.10/1.01, addr 2 miibus2: on aue0 ukphy0: on miibus2 ukphy0: 10baseT, 10baseT-FDX, 100baseTX, 100baseTX-FDX, auto aue0: Ethernet address: 00:50:ba:82:4c:24 aue0: if_start running deferred for Giant Timecounter "TSC" frequency 796540873 Hz quality 800 Timecounters tick every 10.000 msec ipfw2 initialized, divert disabled, rule-based forwarding disabled, default to deny, logging disabled ad0: 117246MB [238216/16/63] at ata0-master UDMA33 acd0: CDROM at ata1-master PIO4 Waiting 2 seconds for SCSI devices to settle sa0 at ahc0 bus 0 target 5 lun 0 sa0: Removable Sequential Access SCSI-2 device sa0: 10.000MB/s transfers (10.000MHz, offset 15) da0 at ahc1 bus 0 target 0 lun 0 da0: Fixed Direct Access SCSI-3 device da0: 80.000MB/s transfers (40.000MHz, offset 63, 16bit), Tagged Queueing Enabled da0: 35003MB (71687372 512 byte sectors: 255H 63S/T 4462C) da1 at ahc1 bus 0 target 1 lun 0 da1: Fixed Direct Access SCSI-3 device da1: 80.000MB/s transfers (40.000MHz, offset 31, 16bit), Tagged Queueing Enabled da1: 8761MB (17942584 512 byte sectors: 255H 63S/T 1116C) da2 at ahc1 bus 0 target 3 lun 0 da2: Fixed Direct Access SCSI-3 device da2: 80.000MB/s transfers (40.000MHz, offset 15, 16bit), Tagged Queueing Enabled da2: 35239MB (72170879 512 byte sectors: 255H 63S/T 4492C) Mounting root from ufs:/dev/da0s1a >Description: Using bridge.ko in conjunction with ipfw.ko to create a bridging firewall gives a firewall that works for a few minutes and then stops forwarding packets. The same hardware was working correctly in this configuration under FreeBSD-4.11 until it was upgraded directly to RELENG_5_4 (5.4-rc3) yesterday using the 'make world' method. >How-To-Repeat: The bridge is created using: /etc/sysctl.conf: net.link.ether.bridge.enable=1 net.link.ether.bridge.ipfw=1 net.link.ether.bridge.config=fxp0,fxp1 /etc/rc.conf: firewall_enable="YES" # Set to YES to enable firewall functionality firewall_script="/etc/rc.firewall-ours" # Which script to run to set up the fire wall firewall_type="ours" # Firewall type (see /etc/rc.firewall) The rc.firewall-ours file is a modified rc.firewall. It's actual contents aren't important for this problem. >Fix: After a reboot the firewall behaves correctly for a few minutes and then stops forwarding packets. The problem can be fixed by running: # kldunload ipfw && sleep 20 && kldload ipfw && /etc/netstart >Release-Note: >Audit-Trail: >Unformatted: