Michael Proto wrote: > Michal Mertl wrote: > > Hello, > > > > I am deploying FreeBSD based application proxies' based firewall > > (www.kernun.com, but not much English there) and am having frequent > > panics of RELENG_6_1 under load. The server has IP forwarding disabled. > > > > I've got two machines in a carp cluster and the transparent proxies use > > PF to get the data. > > > > I don't know much about kernel internals and PF but from the following > > backtrace I understand that the crash happens because rpool->cur on line > > 2158 in src/sys/contrib/pf/net/pf.c is NULL and is dereferenced. It > > probably shouldn't happen yet it does. > > > > The machines are SMP and were running SMP kernel. The only places where > > pool.cur (or pool->cur) is assigned to are in pf_ioctl.c. It seems there > > are some lock operations though so it is probably believed that the > > coder is properly locked. > > > > I have been running with kern.smp.disabled=1 for a moment before I put > > the old firewall in place and haven't seen the panic but the time was > > deffinitely too short to make me believe it fixes the issue. Can setting > > debug.mpsafenet to 0 possibly also help? > > > ... > > Are you using user and/or group rules in your PF ruleset? If so, then > you will want to set debug.mpsafenet to 0 as its a known issue with > pf(4) currently.
Thank you. No, I am not using it and I am quite sure the proxies aren't doing it behind my back either. In fact there isn't a single entry in the rules tables - there are only rdr rules generated on the fly by the proxies. I will try to set this (in addition to running UP) to see whether it helps anyway. Thanks Michal _______________________________________________ freebsd-stable@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-stable To unsubscribe, send any mail to "[EMAIL PROTECTED]"