Skip site navigation (1)Skip section navigation (2) 
Date:      Sat, 29 Apr 2000 14:41:33 +0200
From:      Marc Fonvieille <fonvi@easynet.fr>
To:        freebsd-stable@freebsd.org
Cc:        Philippe Thin <phthin@club-internet.fr>
Subject:   "/kernel: invalid state: 0x1" with ipfw under 4.0S
Message-ID:  <20000429144133.A1225@vobiscum.styx.org>
next in thread | raw e-mail | index | archive | help 

Hello,

Since, i'm using 4.0, i've got a lot of:
/kernel: invalid state: 0x1
or 
/kernel: invalid state: 0x0
in my logs.

I use ipfw's stateful features, here's my rules:

00100	0  0 allow ip from any to any via lo0
00200   0  0 deny ip from any to 127.0.0.0/8
00300   0  0 allow ip from 192.168.1.200 to 192.168.1.0/24 out xmit ed1
00400   0  0 allow ip from 192.168.1.0/24 to 192.168.1.200 in recv ed1
00500   0  0 check-state
00600 	0  0 allow ip from any to any keep-state out xmit ppp0
00700 	0  0 allow ip from any to any via ed0
00800   0  0 deny log logamount 1000 ip from 127.0.0.0/8 to 127.0.0.0/8
in recv ppp0
00900   0  0 deny log logamount 1000 ip from 192.168.0.0/16 to any in
recv ppp0
01000   0  0 deny log logamount 1000 ip from 172.16.0.0/12 to any in
recv ppp0
01100   0  0 deny log logamount 1000 ip from 10.0.0.0/8 to any in
recv ppp0
01200   0  0 deny log logamount 1000 ip from any to 192.168.1.0/24 in
recv ppp0
01300   0  0 reset tcp from any to any 113 in recv ppp0
01400   0  0 allow icmp from any to any in recv ppp0 icmptype 3
01500   0  0 allow icmp from any to any in recv ppp0 icmptype 11
01600   0  0 deny tcp from any 80 to any in recv ppp0
65534   0  0 deny log logamount 1000 ip from any to any
65535   0  0 deny ip from any to any

I had no problems with these rules under 3.4S
I know there was some changes in source of ip_fw.c between 3.4S and
4.0S:

in 4.0S:

	default:
            /* reset or some invalid combination */
	    if ( (q->state & ((TH_RST << 8)|TH_RST)) == 0)
		printf("invalid state: 0x%x\n", q->state);
	    q->expire = time_second + dyn_rst_lifetime ;
	    break ;


in 3.4S:

	default:
#if 0
	   /* reset or some invalid combination, but can also
	    * occur if we use keep-state the wrong way.
	    */
	    if ( (q->state & ((TH_RST << 8)|TH_RST)) == 0)
	    	printf("invalid state: 0x%x\n", q->state);
#endif
	    q->expire = time_second + dyn_rst_lifetime ;
	    break ;

If i understand this code in 3.4 the #if and #endif avoid the print of
invalid state in my logs.

So what should i do to avoid these msgs under 4.0S without change the
ip_fw.c? Maybe my rules are wrong?

Thanks for any advice.

Marc


To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-stable" in the body of the message

Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20000429144133.A1225>