From owner-freebsd-stable@FreeBSD.ORG Mon Jun 13 06:44:13 2005 Return-Path: X-Original-To: freebsd-stable@freebsd.org Delivered-To: freebsd-stable@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id F083B16A41C for ; Mon, 13 Jun 2005 06:44:13 +0000 (GMT) (envelope-from vlado@botka.homeunix.org) Received: from smtp-out3.iol.cz (smtp-out3.iol.cz [194.228.2.91]) by mx1.FreeBSD.org (Postfix) with ESMTP id 4A97B43D1F for ; Mon, 13 Jun 2005 06:44:13 +0000 (GMT) (envelope-from vlado@botka.homeunix.org) Received: from antivir3.iol.cz (unknown [192.168.30.206]) by smtp-out3.iol.cz (Internet on Line ESMTP server) with ESMTP id 243813180E5; Mon, 13 Jun 2005 08:44:09 +0200 (CEST) Received: from localhost (antivir3.iol.cz [127.0.0.1]) by antivir3.iol.cz (Postfix) with ESMTP id 185176DC008; Mon, 13 Jun 2005 08:44:09 +0200 (CEST) Received: from smtp-out3.iol.cz (unknown [192.168.30.28]) by antivir3.iol.cz (Postfix) with ESMTP id 3F7D66DC005; Mon, 13 Jun 2005 08:44:08 +0200 (CEST) Received: from ace.botka.homeunix.org (3.77.broadband2.iol.cz [83.208.77.3]) by smtp-out3.iol.cz (Internet on Line ESMTP server) with ESMTP id 6610F3BEEC; Mon, 13 Jun 2005 08:44:01 +0200 (CEST) Received: by ace.botka.homeunix.org (Postfix, from userid 1001) id 72D4F5CCA; Mon, 13 Jun 2005 08:43:59 +0200 (CEST) Received: from srv (ac.botka.homeunix.org [192.168.1.5]) (using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits)) (No client certificate requested) by ace.botka.homeunix.org (Postfix) with ESMTP id 9E83A5C44; Mon, 13 Jun 2005 08:43:53 +0200 (CEST) Date: Mon, 13 Jun 2005 08:43:53 +0200 (CEST) From: Vladimir Botka X-X-Sender: vlado@localhost To: Damon Hopkins In-Reply-To: <42ACA2F4.80105@hopkins-family.org> Message-ID: <20050613084033.R23434@localhost> References: <42ACA2F4.80105@hopkins-family.org> MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII; format=flowed X-Spam-Checker-Version: SpamAssassin 3.0.3 (2005-04-27) on ace.botka.homeunix.org X-Spam-Level: X-Spam-Status: No, score=-2.8 required=5.0 tests=ALL_TRUSTED,AWL autolearn=ham version=3.0.3 X-Virus-Scanned: by amavisd-new at iol.cz Cc: freebsd-stable@freebsd.org Subject: Re: ipf Kernel Panic log.. w/ Vonage linksys RT31P2, 5.4 Stable, IPF + IPNAT X-BeenThere: freebsd-stable@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: Production branch of FreeBSD source code List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 13 Jun 2005 06:44:14 -0000 Hello, if your "Vonage linksys RT31P2" talks H323 try /usr/ports/net/gatekeeper in proxy mode. Cheers, Vladimir Botka On Sun, 12 Jun 2005, Damon Hopkins wrote: > I can reproduce this very easily.. I pick up my phone and make a call > Current Setup > -------- > \------ > > I've tried various nap rules and ipf filter settings.. here are the > current mappings and setup.. the kernel is GENERIC w/ the debuggong > stuff put in it. > ---------------- IPNAT RULES -------------------- > map vr0 10.69.0.0/24 -> 0/32 proxy port ftp ftp/tcp > map vr0 10.69.0.0/24 -> 0/32 > > ----------------- IPF RULES --------------------- > pass in quick on lo0 proto tcp from any to any flags S keep state > pass in quick on lo0 proto udp from any to any keep state > pass in quick on lo0 proto icmp from any to any keep state > pass in quick on lo0 all keep state > pass out quick on lo0 proto tcp from any to any flags S keep state > pass out quick on lo0 proto udp from any to any keep state > pass out quick on lo0 proto icmp from any to any keep state > pass out quick on lo0 all keep state > > pass in quick on rl0 proto tcp from any to any flags S keep state > pass in log first quick on rl0 proto udp from any to any keep state > pass in log first quick on rl0 proto icmp from any to any keep state keep > frags > pass in quick on rl0 all keep state > pass out quick on rl0 proto tcp from any to any flags S keep state > pass out log first quick on rl0 proto udp from any to any keep state > pass out log first quick on rl0 proto icmp from any to any keep state > keep frags > pass out quick on rl0 all keep state > > pass in quick on vr0 proto tcp from any to any flags S keep state keep frags > pass in quick on vr0 proto udp from any to any keep state keep frags > pass in log first quick on vr0 proto icmp from any to any keep state > keep frags > pass in quick on vr0 all keep state keep frags > pass out quick on vr0 proto tcp from any to any flags S keep state keep > frags > pass out quick on vr0 proto udp from any to any keep state keep frags > pass out log first quick on vr0 proto icmp from any to any keep state > keep frags > pass out quick on vr0 all keep state keep frags > > pass in quick on ng0 proto tcp from any to any flags S keep state > pass in quick on ng0 proto udp from any to any keep state > pass in log first quick on ng0 proto icmp from any to any keep state > pass in quick on ng0 all keep state > pass out quick on ng0 proto tcp from any to any flags S keep state > pass out quick on ng0 proto udp from any to any keep state > pass out log first quick on ng0 proto icmp from any to any keep state > pass out quick on ng0 all keep state > > MORE ng rules form my other VPNS > I've also just tried to pass everything > pass in quick on vr0 all > pass out quick on vr0 all > > but that didn't help any > > I've notices a lot of UDP traffic from the linksys adapter durring a phone > call.. > > Thanks Guys.. I hope this gets fixes real fast cause my old number goes away > in a few days and this is not going to be fun.. I can't put the linksys > adapter in front of the firewall because it doesn't route my VPN's.. we use > MPD and bgpd (zebra) > > > Later, > Damon Hopkins > > ------------- DEBUG OUTPUT ---------------------- > Fatal trap 12: page fault while in kernel mode > fault virtual address = 0xc > fault code = supervisor read, page not present > instruction pointer = 0x8:0xc0651550 > stack pointer = 0x10:0xd3d46aec > frame pointer = 0x10:0xd3d46af8 > code segment = base 0x0, limit 0xfffffm type 0x1b > = DPL 0, pres 1, def32 1, gran 1 > processor eflags = interrupt enabled, resume, IOPL = 0 > current process = 27 (swi1:net) > [thread pid 27 tid 100021 ] > Stopped at m_copydata+0x28: movl 0xc(%esi),%eax > db> examine > m_copydata+0x28: 290c468b > db> trace > Tracing pid 27 tid 100021 td 0xc15a4180 > mcopydata(c17fa400,0,38,c193abc0,0) at m_copydata+0x28 > ipllog(0,d3d46bc8,d3d46b50,d3d46b48,d3d46b40) at ipllog+0x1f1 > ipflog(105819,c17fa450,d3d46bc8,c17fa400,0) at ipflog+0x18f > fr_check(c17fa450,14,c16c6000,0,d3d46c70) at fr_check+0xc6c > fr_check_wrapper(0,d3d46c70,c16c6000,1,0) at fr_check_wrapper+0x2a > pfil_run_hooks(c08fa5c0,d3d46cbc,c16c600,1,0) at pfil_run_hooks+0xeb > ip_input(c17fa400) at ip_input+0x211 > netisr_processqueue(c08f9858) at netisr_processqueue+0x9f > swi_net(0) at swi_net+0xee > ithread_loop(c159a500,d3d46d38) at ithread_loop+0x151 > fork_exit(c0609f4c,c159a500,d3d46d38) at fork_exit+0x74 > fork_trampoline() at fork_trampoline+0x8 > --- trap 0x1, eip = 0, esp = 0xd3d46d6c, ebp = 0 --- > > _______________________________________________ > freebsd-stable@freebsd.org mailing list > http://lists.freebsd.org/mailman/listinfo/freebsd-stable > To unsubscribe, send any mail to "freebsd-stable-unsubscribe@freebsd.org" > > >