Date: Thu, 16 Nov 2023 16:40:45 +0000 From: bugzilla-noreply@freebsd.org To: ipfw@FreeBSD.org Subject: [Bug 132774] [ipfw] IPFW with uid/gid/jail rules may lead to lockup Message-ID: <bug-132774-8303-iqDfpRPBzG@https.bugs.freebsd.org/bugzilla/> In-Reply-To: <bug-132774-8303@https.bugs.freebsd.org/bugzilla/> References: <bug-132774-8303@https.bugs.freebsd.org/bugzilla/>
next in thread | previous in thread | raw e-mail | index | archive | help
https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=3D132774 vincent.jancso@outlook.com changed: What |Removed |Added ---------------------------------------------------------------------------- CC| |vincent.jancso@outlook.com --- Comment #5 from vincent.jancso@outlook.com --- Looks like I am hitting the same issue. I upgraded several hosts from 12.4 = to 13.2. Virtual machines are not affected, only physical hosts. I was able to narrow it down to some IPFW rules. Here is the setup: Host A: Recently upgraded, physical host with FreeBSD 13.2 Host B: Also physical host with FreeBSD 13.2, runs a webserver (10.1.1.20) Host A has this IPFW rule: $IPFW_CMD add 2040 allow ip from me to 10.1.1.20/32 uid 0 Host B has this IPFW rule: $IPFW_CMD add 3000 allow tcp from any to 10.1.1.20 80,443 keep-state I can reproduce a freeze by repeatedly fetching a file on Host A from Host = B: [root@host-a] $ while true; do curl -v=C2=A0http://10.1.1.2/test.txt=C2=A0-= -output /dev/null; done After a few seconds, the network connection of Host A is lost. I can still = log in through a local shell, but after about 20 seconds the host freezes completely. No kernel panic, nothing in the logs. Host B is still running fine and never freezes. - Freezes do NOT happen if I remove the uid 0 selector from Host A's rule or stop IPFW completely. - Freezes also do NOT happen if I remove the keep-state of Host B's rule or stop IPFW completely. @Stefan Rink Are you also maybe using an Intel NIC with the ixbge driver? My guess is an issue in combination with the driver and IPFW. [root@host-a] $ pciconf -lv | grep -A1 -B3 network ix0@pci0:6:0:0: class=3D0x020000 rev=3D0x01 hdr=3D0x00 vendor=3D0x8086 devi= ce=3D0x10f8 subvendor=3D0x103c subdevice=3D0x18d0 vendor =3D 'Intel Corporation' device =3D '82599 10 Gigabit Dual Port Backplane Connection' class =3D network subclass =3D ethernet ix1@pci0:6:0:1: class=3D0x020000 rev=3D0x01 hdr=3D0x00 vendor=3D0x8086 devi= ce=3D0x10f8 subvendor=3D0x103c subdevice=3D0x18d0 vendor =3D 'Intel Corporation' device =3D '82599 10 Gigabit Dual Port Backplane Connection' class =3D network subclass =3D ethernet --=20 You are receiving this mail because: You are the assignee for the bug.=
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?bug-132774-8303-iqDfpRPBzG>