On 2/3/2016 4:56 PM, Matthew Grooms wrote:
All,
I recently upgraded a pair of 10.0-RELEASE firewalls in the hope that
I could avoid the local patching required to keep it up and running.
Unfortunately, it crashes whenever I reload my pf firewall rule set.
If I remove the GRE tunnel configurations from rc.conf, it happily
reloads the rule set all day long. The kernel config is mostly GENERIC
with the following additions ...
# Packet Filter
device pf # PF OpenBSD packet-filter firewall
device pflog # Logging support interface for PF
device pfsync # Synchronization interface for PF
device carp # Common Address Redundancy Protocol
# IPsec
device crypto
device enc
options IPSEC
The crash is easy to reproduce as pfctl -f /etc/pf.conf does it every
time. I should also mention that I tried with and without the
following additional commits applied, but get the same result ...
https://svnweb.freebsd.org/base?view=revision&revision=272695
https://svnweb.freebsd.org/base?view=revision&revision=288529
I'm also a bit confused as to why these patches haven't made it into
10 STABLE yet. The former doesn't mention an MFC and the latter has an
MFC of 1 week, but was never done. In any case, here is the output
from kgdb ...
This turned out to be another issue that was patched in head but not
back ported to stable. I can't explain why it didn't get tripped when
GRE tunnels were disabled. With the patch applied, I can reload my rule
sets again without crashing ...
https://svnweb.freebsd.org/base?view=revision&revision=264689
(kgdb) bt
#0 doadump (textdump=<value optimized out>) at pcpu.h:219
#1 0xffffffff807c81f2 in kern_reboot (howto=260) at
../../../kern/kern_shutdown.c:451
#2 0xffffffff807c85d5 in vpanic (fmt=<value optimized out>, ap=<value
optimized out>)
at ../../../kern/kern_shutdown.c:758
#3 0xffffffff807c8463 in panic (fmt=0x0) at
../../../kern/kern_shutdown.c:687
#4 0xffffffff80bdc10b in trap_fatal (frame=<value optimized out>,
eva=<value optimized out>) at ../../../amd64/amd64/trap.c:851
#5 0xffffffff80bdc40d in trap_pfault (frame=0xfffffe0000233a80,
usermode=<value optimized out>) at ../../../amd64/amd64/trap.c:674
#6 0xffffffff80bdbaaa in trap (frame=0xfffffe0000233a80)
at ../../../amd64/amd64/trap.c:440
#7 0xffffffff80bc1fa2 in calltrap () at
../../../amd64/amd64/exception.S:236
#8 0xffffffff809c07f4 in pfr_detach_table (kt=0x0) at
../../../netpfil/pf/pf_table.c:2047
#9 0xffffffff809a91f4 in pf_empty_pool (poola=0xffffffff813c3d68)
at ../../../netpfil/pf/pf_ioctl.c:354
#10 0xffffffff809ab3e5 in pfioctl (dev=<value optimized out>, cmd=<value
optimized out>,
addr=0xfffff8005eaf6800 "", flags=<value optimized out>, td=<value
optimized out>)
at ../../../netpfil/pf/pf_ioctl.c:2189
#11 0xffffffff806b5659 in devfs_ioctl_f (fp=0xfffff8000a2927d0,
com=3295691827,
data=0xfffff8005eaf6800, cred=<value optimized out>,
td=0xfffff8000a25f000)
at ../../../fs/devfs/devfs_vnops.c:785
#12 0xffffffff8081b805 in kern_ioctl (td=0xfffff8000a25f000, fd=<value
optimized out>,
com=2) at file.h:320
#13 0xffffffff8081b500 in sys_ioctl (td=0xfffff8000a25f000,
uap=0xfffffe0000234b40)
at ../../../kern/sys_generic.c:718
#14 0xffffffff80bdca27 in amd64_syscall (td=0xfffff8000a25f000, traced=0)
at subr_syscall.c:134
#15 0xffffffff80bc228b in Xfast_syscall () at
../../../amd64/amd64/exception.S:396
#16 0x0000000800dd9fda in ?? ()
Previous frame inner to this frame (corrupt stack?)
Current language: auto; currently minimal
-Matthew
_______________________________________________
freebsd-net@freebsd.org mailing list
https://lists.freebsd.org/mailman/listinfo/freebsd-net
To unsubscribe, send any mail to "freebsd-net-unsubscr...@freebsd.org"
