Date: Thu, 20 Jul 2006 12:02:01 -0400 From: Michael Proto <mike@jellydonut.org> To: Michal Mertl <mime@traveller.cz> Cc: freebsd-stable@freebsd.org Subject: Re: Kernel panic with PF Message-ID: <44BFA8F9.8010403@jellydonut.org> In-Reply-To: <1153410809.1126.66.camel@genius.i.cz> References: <1153410809.1126.66.camel@genius.i.cz>
next in thread | previous in thread | raw e-mail | index | archive | help
Michal Mertl wrote: > Hello, > > I am deploying FreeBSD based application proxies' based firewall > (www.kernun.com, but not much English there) and am having frequent > panics of RELENG_6_1 under load. The server has IP forwarding disabled. > > I've got two machines in a carp cluster and the transparent proxies use > PF to get the data. > > I don't know much about kernel internals and PF but from the following > backtrace I understand that the crash happens because rpool->cur on line > 2158 in src/sys/contrib/pf/net/pf.c is NULL and is dereferenced. It > probably shouldn't happen yet it does. > > The machines are SMP and were running SMP kernel. The only places where > pool.cur (or pool->cur) is assigned to are in pf_ioctl.c. It seems there > are some lock operations though so it is probably believed that the > coder is properly locked. > > I have been running with kern.smp.disabled=1 for a moment before I put > the old firewall in place and haven't seen the panic but the time was > deffinitely too short to make me believe it fixes the issue. Can setting > debug.mpsafenet to 0 possibly also help? > ... Are you using user and/or group rules in your PF ruleset? If so, then you will want to set debug.mpsafenet to 0 as its a known issue with pf(4) currently. -Proto
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?44BFA8F9.8010403>