Date: Mon, 7 Oct 2002 15:50:10 +0200 (CEST) From: Frederic Laurencin <frederic.laurencin@cw.com> To: FreeBSD-gnats-submit@FreeBSD.org Cc: Hugues Lepesant <hlepesant@fr.cw.net>, Hugues Lepesant <hlepesant@isdnet.net>, Frederic Laurencin <flaurencin@isdnet.net> Subject: kern/43769: Re: ipfw kernel panic Message-ID: <20021007154639.B22175-100000@flaurencin.fr.cw.net> In-Reply-To: <200210041735.g94HZ7SH025770@flaurencin.fr.cw.net>
next in thread | previous in thread | raw e-mail | index | archive | help
>Number: 43769 >Category: kern >Synopsis: ipfw kernel panic >Confidential: no >Severity: critical >Priority: medium >Responsible: freebsd-bugs >State: open >Quarter: >Keywords: >Date-Required: >Class: sw-bug >Submitter-Id: current-users >Arrival-Date: Mon Oct 07 07:00:13 PDT 2002 >Closed-Date: >Last-Modified: >Originator: Frederic Laurencin >Release: FreeBSD 4.6.2-RELEASE-p2 i386 >Organization: Cable and Wireless >Environment: System: FreeBSD fw-mut-master.isdnet.net 4.6.2-RELEASE-p2 FreeBSD 4.6.2-RELEASE-p2 #0: Fri Oct 4 17:43:49 CEST 2002 root@fw-mut-master.isdnet.net:/usr/src/sys/compile/FWMUT i386 > > > machine i386 > cpu I686_CPU > ident FWMUT > maxusers 0 > > #makeoptions DEBUG=-g #Build kernel with gdb(1) debug symbols > > options MATH_EMULATE #Support for x87 emulation > options INET #InterNETworking > options INET6 #IPv6 communications protocols > options FFS #Berkeley Fast Filesystem > options FFS_ROOT #FFS usable as root device [keep this!] > options SOFTUPDATES #Enable FFS soft updates support > options UFS_DIRHASH #Improve performance on big directories > options MFS #Memory Filesystem > options MD_ROOT #MD is a potential root device > options NFS #Network Filesystem > options NFS_ROOT #NFS usable as root device, NFS required > options CD9660 #ISO 9660 Filesystem > options CD9660_ROOT #CD-ROM usable as root, CD9660 required > options PROCFS #Process filesystem > options COMPAT_43 #Compatible with BSD 4.3 [KEEP THIS!] > options SCSI_DELAY=5000 #Delay (in ms) before probing SCSI > options UCONSOLE #Allow users to grab the console > options USERCONFIG #boot -c editor > options VISUAL_USERCONFIG #visual boot -c editor > options KTRACE #ktrace(1) support > options SYSVSHM #SYSV-style shared memory > options SYSVMSG #SYSV-style message queues > options SYSVSEM #SYSV-style semaphores > options P1003_1B #Posix P1003_1B real-time extensions > options _KPOSIX_PRIORITY_SCHEDULING > options ICMP_BANDLIM #Rate limit bad replies > options KBD_INSTALL_CDEV # install a CDEV entry in /dev > > # IPSEC > options IPSEC #IP security > options IPSEC_ESP #IP security (crypto; define w/ IPSEC) > options IPSEC_DEBUG #debug for IP security > > > device isa > device eisa > device pci > > # Floppy drives > device fdc0 at isa? port IO_FD1 irq 6 drq 2 > device fd0 at fdc0 drive 0 > device fd1 at fdc0 drive 1 > > # ATA and ATAPI devices > device ata0 at isa? port IO_WD1 irq 14 > device ata1 at isa? port IO_WD2 irq 15 > device ata > options ATA_STATIC_ID #Static device numbering > > # SCSI Controllers > device ahc # AHA2940 and onboard AIC7xxx devices > # Allow ncr to attach legacy NCR devices when > # both sym and ncr are configured > > # SCSI peripherals > device scbus # SCSI bus (required) > device da # Direct Access (disks) > device sa # Sequential Access (tape etc) > device pass # Passthrough device (direct SCSI access) > > # atkbdc0 controls both the keyboard and the PS/2 mouse > device atkbdc0 at isa? port IO_KBD > device atkbd0 at atkbdc? irq 1 flags 0x1 > device psm0 at atkbdc? irq 12 > > device vga0 at isa? > > # splash screen/screen saver > pseudo-device splash > > # syscons is the default console driver, resembling an SCO console > device sc0 at isa? flags 0x100 > > # Floating point support - do not disable. > device npx0 at nexus? port IO_NPX irq 13 > > # Power management support (see LINT for more options) > device apm0 at nexus? disable flags 0x20 # Advanced Power Management > > # Serial (COM) ports > device sio0 at isa? port IO_COM1 flags 0x10 irq 4 > device sio1 at isa? port IO_COM2 irq 3 > device sio2 at isa? disable port IO_COM3 irq 5 > device sio3 at isa? disable port IO_COM4 irq 9 > > # PCI Ethernet NICs that use the common MII bus controller code. > # NOTE: Be sure to keep the 'device miibus' line in order to use these NICs! > device miibus # MII bus support > device fxp # Intel EtherExpress PRO/100B (82557, 82558) > > # Pseudo devices - the number indicates how many units to allocate. > pseudo-device loop # Network loopback > pseudo-device ether # Ethernet support > pseudo-device tun # Packet tunnel. > pseudo-device pty # Pseudo-ttys (telnet etc) > pseudo-device md # Memory "disks" > pseudo-device gif # IPv6 and IPv4 tunneling > pseudo-device faith 1 # IPv6-to-IPv4 relaying (translation) > > # The `bpf' pseudo-device enables the Berkeley Packet Filter. > # Be aware of the administrative consequences of enabling this! > pseudo-device bpf 132 #Berkeley packet filter > > > # IPFIREWALL > options IPFIREWALL #firewall > options IPFIREWALL_VERBOSE #enable logging to syslogd(8) > options IPFIREWALL_FORWARD #enable transparent proxy support > options IPFIREWALL_DEFAULT_TO_ACCEPT #allow everything by default > > # VLAN > pseudo-device vlan 130 #VLAN support > > # NETGRAPH > options NETGRAPH #netgraph(4) system > options NETGRAPH_ASYNC > options NETGRAPH_BPF > options NETGRAPH_CISCO > options NETGRAPH_ECHO > options NETGRAPH_ETHER > options NETGRAPH_FRAME_RELAY > options NETGRAPH_HOLE > options NETGRAPH_IFACE > options NETGRAPH_KSOCKET > options NETGRAPH_LMI > options NETGRAPH_PPP > options NETGRAPH_PPPOE > options NETGRAPH_PPTPGRE > options NETGRAPH_RFC1490 > options NETGRAPH_SOCKET > options NETGRAPH_TEE > options NETGRAPH_UI > options NETGRAPH_VJC > > > >Description: > I'v got 132 /dev/bpf and 128 vlans > > here is the list off my processes > PID TT STAT TIME COMMAND > 0 ?? DLs 0:00.00 (swapper) > 1 ?? ILs 0:00.01 /sbin/init -- > 2 ?? DL 0:00.00 (pagedaemon) > 3 ?? DL 0:00.00 (vmdaemon) > 4 ?? DL 0:00.01 (bufdaemon) > 5 ?? DL 0:00.01 (vnlru) > 6 ?? DL 0:00.03 (syncer) > 21 ?? Is 0:00.00 adjkerntz -i > 127 ?? Is 0:00.02 /usr/sbin/syslogd -s > 134 ?? Is 0:00.00 /usr/sbin/inetd -wW > 136 ?? Is 0:00.01 /usr/sbin/cron > 138 ?? Is 0:00.00 /usr/sbin/sshd > 141 ?? Ss 0:00.03 sendmail: accepting connections (sendmail) > 144 ?? Is 0:00.00 sendmail: Queue runner@00:30:00 for /var/spool/client > 195 v0 Is 0:00.03 login -p \^[[A\^[[Broot > 210 v0 I 0:00.01 -bash (bash) > 211 v0 I+ 0:00.01 /bin/sh /usr/bin/send-pr > 257 v0 S+ 0:00.32 vi /tmp/pf.3t8m4jME > 297 v0 R+ 0:00.00 ps -ax > 298 v0 R+ 0:00.00 vi /tmp/pf.3t8m4jME > 261 v1 Is 0:00.03 login -p \^[[A\^[[B\^[[B > 262 v1 I+ 0:00.02 -bash (bash) > 197 v2 Is+ 0:00.00 /usr/libexec/getty Pc ttyv2 > 198 v3 Is+ 0:00.00 /usr/libexec/getty Pc ttyv3 > 199 v4 Is+ 0:00.00 /usr/libexec/getty Pc ttyv4 > 200 v5 Is+ 0:00.00 /usr/libexec/getty Pc ttyv5 > 201 v6 Is+ 0:00.00 /usr/libexec/getty Pc ttyv6 > 202 v7 Is+ 0:00.00 /usr/libexec/getty Pc ttyv7 > > > Just inserting these rules in ipfw and attempting an ssh make a Kernel Panic :( > add 00001 check-state > add 00002 allow tcp from 62.4.0.0/24 1024-65535 to 62.4.0.82 22 keep-state tcpflags syn > > >How-To-Repeat: > > I'v got a p3 800 with fxp ethernet cards. Try it. > > >Fix: > > did'nt find anything at the moment arg It was a stupid thing I did!! I placed may sysctl net.inet.ip.fw.curr_dyn_buckets: to a stupid value 20480. Sorry for the trouble generate. > >Description: >How-To-Repeat: >Fix: >Release-Note: >Audit-Trail: >Unformatted: To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-bugs" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20021007154639.B22175-100000>