From owner-freebsd-stable@FreeBSD.ORG Fri May 28 19:44:50 2010 Return-Path: Delivered-To: freebsd-stable@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 4642C1065675; Fri, 28 May 2010 19:44:50 +0000 (UTC) (envelope-from julian@elischer.org) Received: from out-0.mx.aerioconnect.net (outs.internet-mail-service.net [216.240.47.242]) by mx1.freebsd.org (Postfix) with ESMTP id 20D8D8FC21; Fri, 28 May 2010 19:44:49 +0000 (UTC) Received: from idiom.com (postfix@mx0.idiom.com [216.240.32.160]) by out-0.mx.aerioconnect.net (8.13.8/8.13.8) with ESMTP id o4SJimvO024921; Fri, 28 May 2010 12:44:48 -0700 X-Client-Authorized: MaGic Cook1e X-Client-Authorized: MaGic Cook1e X-Client-Authorized: MaGic Cook1e X-Client-Authorized: MaGic Cook1e Received: from julian-mac.elischer.org (h-67-100-89-137.snfccasy.static.covad.net [67.100.89.137]) by idiom.com (Postfix) with ESMTP id 8FC862D601B; Fri, 28 May 2010 12:44:47 -0700 (PDT) Message-ID: <4C001D39.8060003@elischer.org> Date: Fri, 28 May 2010 12:44:57 -0700 From: Julian Elischer User-Agent: Mozilla/5.0 (Macintosh; U; PPC Mac OS X 10.4; en-US; rv:1.9.1.9) Gecko/20100317 Thunderbird/3.0.4 MIME-Version: 1.0 To: Giulio Ferro References: <4BFF589F.2050102@zirakzigil.org> <4BFFA0EC.2050609@zirakzigil.org> In-Reply-To: <4BFFA0EC.2050609@zirakzigil.org> Content-Type: text/plain; charset=ISO-8859-1; format=flowed Content-Transfer-Encoding: 7bit X-Scanned-By: MIMEDefang 2.67 on 216.240.47.51 Cc: freebsd-net@freebsd.org, freebsd-stable@freebsd.org, max@love2party.net Subject: Re: PF + BRIDGE still causes system freezing X-BeenThere: freebsd-stable@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: Production branch of FreeBSD source code List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 28 May 2010 19:44:50 -0000 On 5/28/10 3:54 AM, Giulio Ferro wrote: > On 28.05.2010 07:46, Giulio Ferro wrote: > > Would it be a good idea to try netgraph bridge? > Or the underlying implementation is the same as in if_bridge? netgraph bridging (see /usr/share/examples/netgraph) is a completely different implimentation with different strengths and weaknesses. you may find it works for you. > > >> Months ago I reported a system freezing whenever bridge was used >> with pf. This still happens now in 8.1 prerelease: after several >> minutes to hours >> that the bridge is active the system becomes unresponsive. >> >> # uname -a >> FreeBSD firewall1 8.1-PRERELEASE FreeBSD 8.1-PRERELEASE #0: Thu May 27 >> 18:03:48 CEST 2010 root@data1:/usr/obj/usr/src/sys/FIREWALL amd64 >> >>> cat /etc/sysctl.conf >> net.inet.ip.forwarding=1 >> net.inet.ip.fastforwarding=1 >> net.inet.carp.preempt=1 >> >> Services running : sshd, named, inetd, ntpd, openvpn (tap), racoon, >> pptp, asterisk >> >> 2 physical interfaces : bce0, bce1 >> 11 vlan interfaces : vlan1, ..., vlan11 (vlandev bce1) >> 11 carp interfaces ; carp1, ..., carp11 (carp1 has 23 alias addresses) >> 1 bridge interfaces : bridge0 addm vlan35 (used by openvpn) >> 2 gif interfaces : gif0, gif1 (racoon / IPSEC) >> >> 8 static routes >> >> pf packet filter : 12 rdr rules, 3 nat rules, set skip{lo0, bridge0, >> vlan35}, 4 pass quick, block log all, about 30 pass keep state >> >> >> >> When the system freezes, I get this from the debugger >> --------------------------------------------------------------------- >> db> show allchains >> db> show alllocks >> Process 12 (intr) thread 0xffffff00024293e0 (100028) >> exclusive sleep mutex if_bridge (if_bridge) r = 0 (0xffffff000270ea18) >> locked @ /usr/src/sys/net/if_bridge.c:2184 >> Process 12 (intr) thread 0xffffff00022693e0 (100016) >> exclusive sleep mutex Giant (Giant) r = 1 (0xffffffff80c93dc0) locked >> @ /usr/src/sys/dev/usb/usb_transfer.c:3023 >> Process 12 (intr) thread 0xffffff00022607c0 (1000006) >> exclusive sleep mutex carp_if (carp_if) r = 0 (0xffffff00027329e0) >> locked @ /usr/src/sys/netinet/ip_carp.c:881 >> db> >> --------------------------------------------------------------------- >> >> Even if there is no solution yet, is there any quick and dirty >> workaround I can try? >> I need this rather badly... >> >> Thanks. >> >> _______________________________________________ >> freebsd-stable@freebsd.org mailing list >> http://lists.freebsd.org/mailman/listinfo/freebsd-stable >> To unsubscribe, send any mail to "freebsd-stable-unsubscribe@freebsd.org" > > _______________________________________________ > freebsd-net@freebsd.org mailing list > http://lists.freebsd.org/mailman/listinfo/freebsd-net > To unsubscribe, send any mail to "freebsd-net-unsubscribe@freebsd.org"