Skip site navigation (1)Skip section navigation (2) 
Date:      Fri, 28 May 2010 12:54:36 +0200
From:      Giulio Ferro <auryn@zirakzigil.org>
To:        freebsd-net@freebsd.org, freebsd-stable@freebsd.org,  max@love2party.net
Subject:   Re: PF + BRIDGE still causes system freezing
Message-ID:  <4BFFA0EC.2050609@zirakzigil.org>
In-Reply-To: <4BFF589F.2050102@zirakzigil.org>
References:  <4BFF589F.2050102@zirakzigil.org>
next in thread | previous in thread | raw e-mail | index | archive | help 
On 28.05.2010 07:46, Giulio Ferro wrote:

Would it be a good idea to try netgraph bridge?
Or the underlying implementation is the same as in if_bridge?


> Months ago I reported a system freezing whenever bridge was used
> with pf. This still happens now in 8.1 prerelease: after several 
> minutes to hours
> that the bridge is active the system becomes unresponsive.
>
> # uname -a
> FreeBSD firewall1 8.1-PRERELEASE FreeBSD 8.1-PRERELEASE #0: Thu May 27 
> 18:03:48 CEST 2010     root@data1:/usr/obj/usr/src/sys/FIREWALL  amd64
>
>> cat /etc/sysctl.conf
> net.inet.ip.forwarding=1
> net.inet.ip.fastforwarding=1
> net.inet.carp.preempt=1
>
> Services running : sshd, named, inetd, ntpd, openvpn (tap), racoon, 
> pptp, asterisk
>
> 2 physical interfaces : bce0, bce1
> 11 vlan interfaces : vlan1, ..., vlan11 (vlandev bce1)
> 11 carp interfaces ; carp1, ..., carp11  (carp1 has 23 alias addresses)
> 1 bridge interfaces : bridge0 addm vlan35 (used by openvpn)
> 2 gif interfaces : gif0, gif1 (racoon / IPSEC)
>
> 8 static routes
>
> pf packet filter : 12 rdr rules, 3 nat rules, set skip{lo0, bridge0, 
> vlan35}, 4 pass quick, block log all, about 30 pass keep state
>
>
>
> When the system freezes, I get this from the debugger
> ---------------------------------------------------------------------
> db> show allchains
> db> show alllocks
> Process 12 (intr) thread 0xffffff00024293e0 (100028)
> exclusive sleep mutex if_bridge (if_bridge) r = 0 (0xffffff000270ea18) 
> locked @ /usr/src/sys/net/if_bridge.c:2184
> Process 12 (intr) thread 0xffffff00022693e0 (100016)
> exclusive sleep mutex Giant (Giant) r = 1 (0xffffffff80c93dc0) locked 
> @ /usr/src/sys/dev/usb/usb_transfer.c:3023
> Process 12 (intr) thread 0xffffff00022607c0 (1000006)
> exclusive sleep mutex carp_if (carp_if) r = 0 (0xffffff00027329e0) 
> locked @ /usr/src/sys/netinet/ip_carp.c:881
> db>
> ---------------------------------------------------------------------
>
> Even if there is no solution yet, is there any quick and dirty 
> workaround I can try?
> I need this rather badly...
>
> Thanks.
>
> _______________________________________________
> freebsd-stable@freebsd.org mailing list
> http://lists.freebsd.org/mailman/listinfo/freebsd-stable
> To unsubscribe, send any mail to "freebsd-stable-unsubscribe@freebsd.org"

Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?4BFFA0EC.2050609>