From owner-freebsd-stable Sat Apr 29 5:41: 8 2000 Delivered-To: freebsd-stable@freebsd.org Received: from zmail6.easynet.fr (email.easynet.fr [195.114.64.207]) by hub.freebsd.org (Postfix) with SMTP id 5699537B86D for ; Sat, 29 Apr 2000 05:40:54 -0700 (PDT) (envelope-from fonvi@easynet.fr) Received: (qmail 12174 invoked from network); 29 Apr 2000 12:40:47 -0000 Received: from mailgate2.easynet.fr (192.168.1.3) by mailserver.easynet.fr with QMQP; 29 Apr 2000 12:40:47 -0000 Received: from adsl-92-1-135.pops.easynet.fr (HELO vobiscum.styx.org) (212.11.34.135) by mrelay2.easynet.fr with SMTP; 29 Apr 2000 12:40:47 -0000 Received: (from marc@localhost) by vobiscum.styx.org (8.9.3/8.9.3/ - 6/08/98) id OAA01958; Sat, 29 Apr 2000 14:41:33 +0200 (CEST) (envelope-from marc) Date: Sat, 29 Apr 2000 14:41:33 +0200 From: Marc Fonvieille To: freebsd-stable@freebsd.org Cc: Philippe Thin Subject: "/kernel: invalid state: 0x1" with ipfw under 4.0S Message-ID: <20000429144133.A1225@vobiscum.styx.org> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii X-Mailer: Mutt 1.0.1i X-Useless-Header: Black Metal inc. X-Operating-System: FreeBSD 4.0-STABLE Sender: owner-freebsd-stable@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.ORG Hello, Since, i'm using 4.0, i've got a lot of: /kernel: invalid state: 0x1 or /kernel: invalid state: 0x0 in my logs. I use ipfw's stateful features, here's my rules: 00100 0 0 allow ip from any to any via lo0 00200 0 0 deny ip from any to 127.0.0.0/8 00300 0 0 allow ip from 192.168.1.200 to 192.168.1.0/24 out xmit ed1 00400 0 0 allow ip from 192.168.1.0/24 to 192.168.1.200 in recv ed1 00500 0 0 check-state 00600 0 0 allow ip from any to any keep-state out xmit ppp0 00700 0 0 allow ip from any to any via ed0 00800 0 0 deny log logamount 1000 ip from 127.0.0.0/8 to 127.0.0.0/8 in recv ppp0 00900 0 0 deny log logamount 1000 ip from 192.168.0.0/16 to any in recv ppp0 01000 0 0 deny log logamount 1000 ip from 172.16.0.0/12 to any in recv ppp0 01100 0 0 deny log logamount 1000 ip from 10.0.0.0/8 to any in recv ppp0 01200 0 0 deny log logamount 1000 ip from any to 192.168.1.0/24 in recv ppp0 01300 0 0 reset tcp from any to any 113 in recv ppp0 01400 0 0 allow icmp from any to any in recv ppp0 icmptype 3 01500 0 0 allow icmp from any to any in recv ppp0 icmptype 11 01600 0 0 deny tcp from any 80 to any in recv ppp0 65534 0 0 deny log logamount 1000 ip from any to any 65535 0 0 deny ip from any to any I had no problems with these rules under 3.4S I know there was some changes in source of ip_fw.c between 3.4S and 4.0S: in 4.0S: default: /* reset or some invalid combination */ if ( (q->state & ((TH_RST << 8)|TH_RST)) == 0) printf("invalid state: 0x%x\n", q->state); q->expire = time_second + dyn_rst_lifetime ; break ; in 3.4S: default: #if 0 /* reset or some invalid combination, but can also * occur if we use keep-state the wrong way. */ if ( (q->state & ((TH_RST << 8)|TH_RST)) == 0) printf("invalid state: 0x%x\n", q->state); #endif q->expire = time_second + dyn_rst_lifetime ; break ; If i understand this code in 3.4 the #if and #endif avoid the print of invalid state in my logs. So what should i do to avoid these msgs under 4.0S without change the ip_fw.c? Maybe my rules are wrong? Thanks for any advice. Marc To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-stable" in the body of the message