From owner-freebsd-pf@FreeBSD.ORG  Thu Jun 14 18:00:32 2007
Return-Path: <owner-freebsd-pf@FreeBSD.ORG>
X-Original-To: freebsd-pf@freebsd.org
Delivered-To: freebsd-pf@freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org [69.147.83.52])
	by hub.freebsd.org (Postfix) with ESMTP id 20CF016A46D
	for <freebsd-pf@freebsd.org>; Thu, 14 Jun 2007 18:00:32 +0000 (UTC)
	(envelope-from rmiranda@digitalrelay.ca)
Received: from wrdsl02.terago.ca (wrdsl02.terago.ca [207.54.102.194])
	by mx1.freebsd.org (Postfix) with ESMTP id EE5C113C487
	for <freebsd-pf@freebsd.org>; Thu, 14 Jun 2007 18:00:31 +0000 (UTC)
	(envelope-from rmiranda@digitalrelay.ca)
Received: from [192.168.0.12] (unknown [64.201.181.165])
	by wrdsl02.terago.ca (Postfix) with ESMTP id 4128486EA5;
	Thu, 14 Jun 2007 13:00:30 -0500 (CDT)
From: Roger Miranda <rmiranda@digitalrelay.ca>
Organization: Digital Relay Inc.
To: Volker <volker@vwsoft.com>
Date: Thu, 14 Jun 2007 13:01:13 -0500
User-Agent: KMail/1.9.4
References: <200706140833.50583.rmiranda@digitalrelay.ca>
	<200706140921.53115.rmiranda@digitalrelay.ca>
	<46715C7F.4060602@vwsoft.com>
In-Reply-To: <46715C7F.4060602@vwsoft.com>
MIME-Version: 1.0
Content-Type: text/plain;
  charset="iso-8859-1"
Content-Transfer-Encoding: 7bit
Content-Disposition: inline
Message-Id: <200706141301.14854.rmiranda@digitalrelay.ca>
Cc: "FreeBSD \(PF\)" <freebsd-pf@freebsd.org>
Subject: Re: PF error message looping on screen.  System Locked.
X-BeenThere: freebsd-pf@freebsd.org
X-Mailman-Version: 2.1.5
Precedence: list
List-Id: "Technical discussion and general questions about packet filter
	\(pf\)" <freebsd-pf.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-pf>,
	<mailto:freebsd-pf-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-pf>
List-Post: <mailto:freebsd-pf@freebsd.org>
List-Help: <mailto:freebsd-pf-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-pf>,
	<mailto:freebsd-pf-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Thu, 14 Jun 2007 18:00:32 -0000

> Roger,
>
> I don't think this message is related to your trouble. I think you can
> also avoid these messages by adding 'no scrub' to your pf.conf (I'm
> currently not aware of any side effects by adding this).
>
> Probably Max has some more suggestions on not scrubbing packets.
>
> You should get a debugger into your kernel (like Max suggested) and
> probably also use `pfctl -x loud' or `pfctl -x misc' to get more
> messages out of pf. If these messages are popping up again, break the
> system into the debugger and look for the messages (using 'scroll
> lock' to scroll back some pages), ps and a backtrace.
>
> HTH
>
> Volker


I found the following in Dmesg just a while ago ("BAD STATE" Line).  Look 
simalier to what is loop on the screen when the sytem locks up.  Could Pf be 
mixing or confusing states?

pf_normalize_ip: reass frag 21897 @ 0-1480
pf_normalize_ip: reass frag 21897 @ 1480-2960
pf_normalize_ip: reass frag 21897 @ 2960-4440
pf_normalize_ip: reass frag 21897 @ 4440-5920
pf_normalize_ip: reass frag 21897 @ 5920-5940
pf_reassemble: 5940 < 5940?
pf_reassemble: complete: 0xc413be00(5960)
pf: BAD state: TCP 127.0.0.1:3128 207.253.106.226:80 192.168.0.103:2700 
[lo=2780948104 high=2781013640 win=16384 modulator=0] [lo=3673678172 
high=3673694556 win=65535 modulator=0] 4:2 R seq=2780948104 ack=3673678172 
len=0 ackskew=0 pkts=1:1 dir=in,fwd
pf: State failure on:         |    
pf: BAD state: TCP 127.0.0.1:3128 207.253.106.226:80 192.168.0.103:2700 
[lo=2780948104 high=2781013640 win=16384 modulator=0] [lo=3673678172 
high=3673694556 win=65535 modulator=0] 4:2 R seq=2780948104 ack=3673678172 
len=0 ackskew=0 pkts=1:2 dir=in,fwd
pf: State failure on:         |    
pf: BAD state: TCP 127.0.0.1:3128 207.253.106.226:80 192.168.0.103:2700 
[lo=2780948104 high=2781013640 win=16384 modulator=0] [lo=3673678172 
high=3673694556 win=65535 modulator=0] 4:2 R seq=2780948104 ack=3673678172 
len=0 ackskew=0 pkts=1:3 dir=in,fwd
pf: State failure on:         |    
pf_normalize_ip: reass frag 22153 @ 0-1480
pf_normalize_ip: reass frag 22153 @ 1480-2960
pf_normalize_ip: reass frag 22153 @ 2960-4440
pf_normalize_ip: reass frag 22153 @ 4440-5920
pf_normalize_ip: reass frag 22153 @ 5920-5940
pf_reassemble: 5940 < 5940?
pf_reassemble: complete: 0xc43c1800(5960)
pf_normalize_ip: reass frag 22409 @ 0-1480
pf_normalize_ip: reass frag 22409 @ 1480-2960
pf_normalize_ip: reass frag 22409 @ 2960-4440
pf_normalize_ip: reass frag 22409 @ 4440-5920
pf_normalize_ip: reass frag 22409 @ 5920-5940
pf_reassemble: 5940 < 5940?
pf_reassemble: complete: 0xc4409c00(5960)
pf_normalize_ip: reass frag 22665 @ 0-1480
pf_normalize_ip: reass frag 22665 @ 1480-2960
pf_normalize_ip: reass frag 22665 @ 2960-4440
pf_normalize_ip: reass frag 22665 @ 4440-5920
pf_normalize_ip: reass frag 22665 @ 5920-5940
pf_reassemble: 5940 < 5940?
pf_reassemble: complete: 0xc4335a00(5960)