From owner-freebsd-pf@FreeBSD.ORG Thu Sep 16 03:53:42 2004 Return-Path: Delivered-To: freebsd-pf@freebsd.org Received: by hub.freebsd.org (Postfix, from userid 674) id D92C516A4CF; Thu, 16 Sep 2004 03:53:42 +0000 (GMT) Delivered-To: mlaier@vampire.homelinux.org Received: (qmail 10817 invoked by uid 1005); 3 Oct 2003 07:00:10 -0000 Delivered-To: max@vampire.homelinux.org Received: (qmail 10814 invoked from network); 3 Oct 2003 07:00:09 -0000 Received: from moutng.kundenserver.de (212.227.126.171) by pd9e3900c.dip.t-dialin.net with SMTP; 3 Oct 2003 07:00:09 -0000 Received: from [212.227.126.152] (helo=mxng01.kundenserver.de) by moutng.kundenserver.de with esmtp (Exim 3.35 #1) id 1A5KmN-0004rc-00 for max@vampire.homelinux.org; Fri, 03 Oct 2003 09:55:11 +0200 Received: from [206.53.239.180] (helo=turing.freelists.org) by mxng01.kundenserver.de with esmtp (Exim 3.35 #1) id 1A5KmJ-0004cm-00 for max@love2party.net; Fri, 03 Oct 2003 09:55:08 +0200 Received: from turing (localhost [127.0.0.1])ESMTP id 9317E3909CE; Fri, 3 Oct 2003 02:47:55 -0500 (EST) Received: with ECARTIS (v1.0.0; list pf4freebsd); Fri, 03 Oct 2003 02:47:49 -0500 (EST) X-Original-To: pf4freebsd@freelists.org Delivered-To: pf4freebsd@freelists.org Received: from ns.kt-is.co.kr (ns.kt-is.co.kr [211.218.149.125]) ESMTP id 89CE33907DE for ; Fri, 3 Oct 2003 02:47:41 -0500 (EST) Received: from michelle.kt-is.co.kr (ns2.kt-is.co.kr [220.76.118.193]) (authenticated bits=128) by ns.kt-is.co.kr (8.12.10/8.12.10) with ESMTP id h937qB5G059054 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=FAIL) for ; Fri, 3 Oct 2003 16:52:11 +0900 (KST) Received: from michelle.kt-is.co.kr (localhost.kt-is.co.kr [127.0.0.1]) by michelle.kt-is.co.kr (8.12.9/8.12.9) with ESMTP id h937prRB016923 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=NO) for ; Fri, 3 Oct 2003 16:51:53 +0900 (KST) (envelope-from yongari@kt-is.co.kr) Received: (from yongari@localhost) by michelle.kt-is.co.kr (8.12.9/8.12.9/Submit) id h937pq16016922 for pf4freebsd@freelists.org; Fri, 3 Oct 2003 16:51:52 +0900 (KST) (envelope-from yongari@kt-is.co.kr) From: Pyun YongHyeon To: pf4freebsd@freelists.org Message-ID: <20031003075152.GA16760@kt-is.co.kr> References: <1065107810.3f7c4162b252a@mrna.ist.utl.pt> <19920876018.20031002175427@love2party.net> <3F7CB204.9030506@dequim.ist.utl.pt> Mime-Version: 1.0 Content-type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <3F7CB204.9030506@dequim.ist.utl.pt> User-Agent: Mutt/1.4.1i X-Filter-Version: 1.11a (ns.kt-is.co.kr) X-archive-position: 184 X-ecartis-version: Ecartis v1.0.0 Sender: pf4freebsd-bounce@freelists.org Errors-To: pf4freebsd-bounce@freelists.org X-original-sender: yongari@kt-is.co.kr Precedence: normal X-list: pf4freebsd Content-Transfer-Encoding: quoted-printable X-UID: 299 X-Length: 7474 X-Mailman-Approved-At: Thu, 16 Sep 2004 03:55:51 +0000 Subject: [pf4freebsd] Re: pf errors meaning X-BeenThere: freebsd-pf@freebsd.org X-Mailman-Version: 2.1.1 Reply-To: pf4freebsd@freelists.org List-Id: Technical discussion and general questions about packet filter (pf) List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Date: Thu, 16 Sep 2004 03:53:43 -0000 X-Original-Date: Fri, 3 Oct 2003 16:51:52 +0900 X-List-Received-Date: Thu, 16 Sep 2004 03:53:43 -0000 On Fri, Oct 03, 2003 at 12:17:24AM +0100, Bruno Afonso wrote: > Hey Max, >=20 > > Well ... what do you mean by "due to dnscache"? Any traces, dumps or > > anything that might help to really debug? >=20 > I couldn't think right since my "boss" was yelling at me. Here's the=20 > only thing I have: >=20 > db> show map > Task map 0xc01c3745: pmap=3D0x82444c7, nentries=3D-1324417024, version= =3D203703495 > map entry 0xc0850000: start=3D0, end=3D0 > prot=3D0/0/share, object=3D0, offset=3D0x0 >=20 >=20 > Fatal trap 12: page fault while in kernel mode > fault virtual address =3D 0x14 > fault code =3D supervisor read, page not present > instruction pointer =3D 0x8:0xc031d976 > stack pointer =3D 0x10:0xdfbaaa44 > frame pointer =3D 0x10:0xdfbaaa64 > code segment =3D base 0x0, limit 0xfffff, type 0x1b > =3D DPL 0, pres 1, def32 1, gran 1 > processor eflags =3D resume, IOPL =3D 0 > current process =3D 591 (dnscache) > kernel: type 12 trap, code=3D0 > Stopped at _fget+0x15: movl $0,0(%edx) >=20 It seems the fault was caused by dnscache application. May be NULL pointer reference in kernel space. You can see the offending function _fget() in /sys/kern/kern_descrip.c. I believe this error is not related with FreeBSD pf. However, you don't have traces so I can't sure that. >=20 > Stupid me forgot to do a trace.... >=20 > > BA> I must say that the machine has been routing ~1megbyte/sec for 2= 4h+. Can this > > BA> be too much of a stress ? :> > >=20 > > Should not ... obviously. >=20 > We're at about 10% max... >=20 > > These are strange (and should not exist). First of all such should o= nly > > show up when you remove the pf module and even then, they should not= . > > The meaning of it, is that some tables could not be freed as expecte= d. > > In the long run that's bad. Check the output of "vmstat -z | grep ^p= f" >=20 > I'm dumping now every 10min vmstat -z |grep ^pf into a file. >=20 > > BA> thoughts? > >=20 > > Hmmm ... for some reason your seem to remove/stop pf right after (23= sec) > > you loaded/started it. That might come from old pf.sh scripts lurkin= g > > around in /usr/local/etc/rc.d from a previous ports installation. Pl= ease > > check kdlstat output once the box booted to make sure that you reall= y > > have pf in place. Additionally you'd make sure that you only have th= e > > up2date modules and not old ones in /usr/local/modules from a previo= us > > port installation. >=20 > I had only .sh start script. the others were .sh~ and .sh.d, which=20 > shouldn't run at all. Anyway, I've removed them. > No pf modules in local/modules :> > The box boots ok, as I have just rebooted it. It started fine, pf et a= l. >=20 Did you have two kernel modules in your system?(/boot/kernel and /usr/local/modules) Did you patch your kernel after installing FreeBSD pf? Can you tell me the exact procure you used while loading and unloading pf? Can you post your rule file and comment on your network setup? Did your rule file have table rules? > > If you keep getting panics it'd be quite interesting to see at least= a > > trace of those. Without it, it's impossible to tell what's the reaso= n > > for it. >=20 > I know. I posted hoping for some feedback... apparently, it's not pf=20 > related as no one else seems to be having problems. I had to disable n= ow=20 No. It does not necessarily mean FreeBSD pf is error free. There might be bugs creeping through pf module. > the break into ddb as I can't afford the box down for a couple hours := -( > Unfortunately, someone pressed the restart button before I could get t= o=20 > ddb via serial console... >=20 You dont't have to let the box down for a while. At least, we need a trace report to identify the problem. At DDB propmt you can invoke 'trace' command and write down the output. If you have enabled kernel debugging options, you may get valuable crash dump file. This is the most perferrable one. > Bruno, hoping in case any other panic occurs, the machine can restart=20 > doing its business... :> >=20 --=20 Pyun YongHyeon KTIS, Inc. +82-2-597-0600