Hello,
I have a serious problem with CP FW1 SP3 running on a Redhat-Linuxbox.
We use Securemote with IKE, certificates and LDAP-Accountmanagement.
Sometimes crashes the firewall, if a clients wants to authorize with
securemote. I have no idea what the problem is. The firewall only
crashes in this situation. Sometimes there are logentries in
/var/log/messages like:
xxx kernel: Unable to handle kernel paging request at virtual address
8ac90af2
xxx kernel: current->tss.cr3 = 0eeb9000, %%cr3 = 0eeb9000
xxx kernel: *pde = 00000000
xxx kernel: Oops: 0000
xxx kernel: CPU: 0
xxx kernel: EIP: 0010:[fwmod.2.2.x:fw_kbuf_free_+53/192]
xxx kernel: EFLAGS: 00010046
xxx kernel: eax: 00000006 ebx: 8ac90afe ecx: 00000018 edx:
00000001
xxx kernel: esi: 000001b1 edi: e01559e4 ebp: cf4153e4 esp:
cf4153d4
xxx kernel: ds: 0018 es: 0018 ss: 0018
xxx kernel: Process fw (pid: 4614, process nr: 28, stackpage=cf415000)
xxx kernel: Stack: e074d00c e0676020 e0685000 e0685ef4 cf415414 e00c85aa
8ac90afe e01559e4
xxx kernel: 000001b1 00000004 e0676014 e0676014 00000000 dadd9260
e0800000 00002000
xxx kernel: cf415444 e00c862e e074d00c e0676014 00000000 00000000
00000000 e0676014
xxx kernel: Call Trace:
[ians:__insmod_ians_S.bss_L2248+6857292/204176816] [ians:
__insmod_ians_S.bss_L2248+5976672/205057436]
[ians:__insmod_ians_S.bss_L2248+6038080/204996028] [ian
s:__insmod_ians_S.bss_L2248+6041908/204992200]
[fwmod.2.2.x:fwstack_destroy+618/1056] [fwmod.2.2.x:_
_insmod_fwmod.2.2.x_S.rodata_L285108+5060/285120]
[ians:__insmod_ians_S.bss_L2248+5976660/205057448]
or
xxx kernel:Code: 8b 53 f4 81 fa 9a e0 ff 61 74 20 83 c4 f8 8b 43 f8 50
53 52
xxx kernel: fw_lock: already locked. current = fw_filter (out), previous
= fwk_atomic_cparams, level=2
xxx kernel: FW-1: panic(1): fw_lock
xxx kernel: Unable to handle kernel paging request at virtual address
58584f4e
xxx kernel: current->tss.cr3 = 1ad78000, %%cr3 = 1ad78000
xxx kernel: *pde = 00000000
xxx kernel: Oops: 0000
xxx kernel: CPU: 3
xxx kernel: EIP: 0010:[fwmod.2.2.x:h_lookup+51/288]
xxx kernel: EFLAGS: 00010002
xxx kernel: eax: 00000005 ebx: e06940f0 ecx: db85bbf0 edx:
00000e26
xxx kernel: esi: 00000005 edi: 58584f46 ebp: db85ba7c esp:
db85ba5c
xxx kernel: ds: 0018 es: 0018 ss: 0018
xxx kernel: Process fwm (pid: 30098, process nr: 30, stackpage=db85b000)
xxx kernel: Stack: 00000005 e069e3d4 db85bb2c d4235b6c 00000016 db85ba90
8ac98f05 0000000b
xxx kernel: db85baac e00cae15 e074d00c db85bbec 00000005 e00f4c54
db85bb2c c524108c
xxx kernel: 00000006 00000000 c5241078 c524108c db85bc0c e00ddcb3
00000016 db85bbec
xxx kernel: Call Trace:
[ians:__insmod_ians_S.bss_L2248+6141460/204892648] [fwmod
.2.2.x:ld_get_wto_ttl_ref+229/672]
[ians:__insmod_ians_S.bss_L2248+6857292/204176816] [fwmod.2.2.x:f
w_ifmask+20/176] [fwmod.2.2.x:fw_icmp_unreach+3779/8128]
[ians:__insmod_ians_S.bss_L2248+6141580/204
892528] [fwmod.2.2.x:ld_get_wto_ttl_ref+229/672]
Here is the configuration: Redhat 6.2 with smp-kernel 2.2.12, CP FW1
SP3
Has anyone the same experiences and can help me ??
Mit freundlichen Gr��en
Daniel Fitzner
------------------------------------------------------------------------
----
Daniel Fitzner
Abteilung Service & Netze
T-Systems debis Systemhaus GEI GmbH / GS Berlin
debis Haus am Potsdamer Platz
10875 Berlin
E-Mail: [EMAIL PROTECTED]
Tel: +49 30 2554-3266
Fax: +49 30 2554-3187
================================================================================
To unsubscribe from this mailing list, please see the instructions at
http://www.checkpoint.com/services/mailing.html
================================================================================
