Does this version fix the panic/crashes that occur in ipf 4.1.8 (and earlier) on Solaris 8?
Aka Aug 5 02:05:00 gate1 unix: [ID 836849 kern.notice] Aug 5 02:05:00 gate1 panic[cpu1]/thread=2a10007dd20: Aug 5 02:05:00 gate1 unix: [ID 103648 kern.notice] mutex_enter: bad mutex, lp=30004d8c2d8 owner=2a100097d20 thread=2a10007dd20 Aug 5 02:05:00 gate1 unix: [ID 100000 kern.notice] Aug 5 02:05:00 gate1 genunix: [ID 723222 kern.notice] 000002a10007c180 unix:mutex_panic+5c (10415fb0, 30004d8c2d8, 4, 0, 1, 30005c70678) Aug 5 02:05:00 gate1 genunix: [ID 179002 kern.notice] %l0-3: 000003000002fb80 0000030004d8c2d8 0000030005a43e24 00000000000005dc Aug 5 02:05:00 gate1 %l4-7: 00000000000021f2 00000300084b16c0 000000000ace0650 000002a10001f910 Aug 5 02:05:00 gate1 genunix: [ID 723222 kern.notice] 000002a10007c230 ipf:fr_stinsert+48 (30005c70678, 0, 20, ffffffa5, 0, 0) Aug 5 02:05:01 gate1 genunix: [ID 179002 kern.notice] %l0-3: 0000000000000001 00000300084b16c0 0000030001964e50 0000000000000035 Aug 5 02:05:01 gate1 %l4-7: 0000000000000000 0000000000000000 0000000000000000 000003000344fc00 Aug 5 02:05:01 gate1 genunix: [ID 723222 kern.notice] 000002a10007c300 ipf:fr_addstate+1118 (2a10007c8c0, 0, 0, ae7c3f, 780e5748, 2a10007c8c0) Aug 5 02:05:01 gate1 genunix: [ID 179002 kern.notice] %l0-3: 000000007805cbd8 00000000100492cc 0000030005f31b40 0000000000000000 Aug 5 02:05:01 gate1 %l4-7: 00000300001a3448 0000030008ecdb40 0000000000000000 0000000000000000 Aug 5 02:05:01 gate1 genunix: [ID 723222 kern.notice] 000002a10007c6d0 ipf:fr_firewall+5f0 (2a10007c8c0, 2a10007c8b4, 2a10007c8c0, ffffffa4, 0, 0) Aug 5 02:05:01 gate1 genunix: [ID 179002 kern.notice] %l0-3: 0000030001964618 0000000000000002 0000000000000044 0000000000000000 Aug 5 02:05:01 gate1 %l4-7: 00000000101b09d8 000002a10007cba5 0000000000000000 0000000000000005 Aug 5 02:05:01 gate1 genunix: [ID 723222 kern.notice] 000002a10007c7b0 ipf:fr_check+5dc (30005a43e24, 14, 3000287dd08, 1, 2a10007cb40, 2a10007cd88) Aug 5 02:05:01 gate1 genunix: [ID 179002 kern.notice] %l0-3: 0000030000033380 000003000159c978 0000000000000000 0000030001933840 Aug 5 02:05:01 gate1 %l4-7: 0000030005bc4440 0000030008ecdb40 00000000000002ee 000002a100657ba0 Aug 5 02:05:01 gate1 genunix: [ID 723222 kern.notice] 000002a10007c9a0 pfil:pfil_precheck+e14 (30002879d78, 2a10007cd88, 2, 3000287dd08, 0, 0) Aug 5 02:05:02 gate1 genunix: [ID 179002 kern.notice] %l0-3: 00000300019645b0 0000030001964690 0000030002879d78 0000000000000000 Aug 5 02:05:02 gate1 %l4-7: 0000000078057cd0 0000000000000000 0000000000000000 00000300057fbb00 Aug 5 02:05:02 gate1 genunix: [ID 723222 kern.notice] 000002a10007cbe0 pfil:pfilmodwput+260 (30002879d78, 30008677a00, 20, 30005bc4440, 30005d71720, 30005c63480) Aug 5 02:05:02 gate1 genunix: [ID 179002 kern.notice] %l0-3: 000000001046f008 0000000000000000 00000000ffffff00 000000000ace0650 Aug 5 02:05:02 gate1 %l4-7: 0000000000000205 0000030008ec9360 0000000000000000 0000000000000004 Aug 5 02:05:02 gate1 genunix: [ID 723222 kern.notice] 000002a10007cd00 unix:putnext+218 (100, 3000167b5f8, 1bf10, 30008677a00, 0, 0) Aug 5 02:05:02 gate1 genunix: [ID 179002 kern.notice] %l0-3: 0000030002879d78 0000030002879e58 00000300028793f8 0000000000000000 Aug 5 02:05:02 gate1 %l4-7: 000000007806aaac 0000000000000000 0000000000000205 000000000000000e Aug 5 02:05:02 gate1 genunix: [ID 723222 kern.notice] 000002a10007cdb0 ip:ip_wput_ire+e40 (0, 300028793f8, 3000992ce80, 0, ffff, 300028793f8) Aug 5 02:05:02 gate1 genunix: [ID 179002 kern.notice] %l0-3: 0000000000000000 000003000992ce80 0000030005a43e24 00000000000005dc Aug 5 02:05:02 gate1 %l4-7: 00000000000021f2 00000300084b16c0 000000000ace0650 000002a10001f910 Aug 5 02:05:02 gate1 genunix: [ID 723222 kern.notice] 000002a10007cf20 ip:ire_send+170 (300084b16c0, 3000992ce80, 30005a43e24, 300028793f8, 0, 0) Aug 5 02:05:03 gate1 genunix: [ID 179002 kern.notice] %l0-3: 0000030000033380 00000300084b16c0 0000030001964e50 0000000000000035 Aug 5 02:05:03 gate1 %l4-7: 0000000000000000 0000000000000000 0000000000000000 000003000344fc00 Aug 5 02:05:03 gate1 genunix: [ID 723222 kern.notice] 000002a10007cfd0 ip:ire_add_then_send+a8 (3000992ce80, 30001957998, 30000347240, 300028793f8, 0, 0) Aug 5 02:05:03 gate1 genunix: [ID 179002 kern.notice] %l0-3: 000000007805cbd8 00000000100492cc 0000030005f31b40 0000000000000000 Aug 5 02:05:03 gate1 %l4-7: 00000300001a3448 0000030008ecdb40 0000000000000000 0000000000000000 Aug 5 02:05:03 gate1 genunix: [ID 723222 kern.notice] 000002a10007d080 unix:putnext+218 (100, 3000167b5f8, 0, 30008ecdb40, 30001673f48, 0) Aug 5 02:05:03 gate1 genunix: [ID 179002 kern.notice] %l0-3: 00000300028793f8 0000030001679ea8 0000030002878cd8 00000300090f8698 Aug 5 02:05:03 gate1 %l4-7: 00000000101b09d8 0000000000000000 0000000000000000 7fffffffffffffff Aug 5 02:05:03 gate1 genunix: [ID 723222 kern.notice] 000002a10007d130 arp:ar_query_reply+188 (30001608d00, 0, 0, 81, ffffffffffffffff, 30001608d00) Aug 5 02:05:03 gate1 genunix: [ID 179002 kern.notice] %l0-3: 0000030002878cd8 000003000159c978 0000000000000000 0000030001933840 Aug 5 02:05:03 gate1 %l4-7: 0000030005bc4440 0000030008ecdb40 00000000000002ee 000002a100657ba0 Aug 5 02:05:04 gate1 genunix: [ID 723222 kern.notice] 000002a10007d1e0 arp:ar_ce_resolve_all+f8 (3000159c978, 6, 30008ec9350, 4, 30008ec9356, 0) Aug 5 02:05:04 gate1 genunix: [ID 179002 kern.notice] %l0-3: 000003000159c978 0000000000000800 0000030008ec9356 0000000000000000 Aug 5 02:05:04 gate1 %l4-7: 00000000000002ee 0000030008785510 0000000000000001 00000300057fbb00 Aug 5 02:05:04 gate1 genunix: [ID 723222 kern.notice] 000002a10007d290 arp:ar_rput+4a0 (30008ec9350, 104a75e8, 104a7190, 30009856680, 1, 3000884cd98) Aug 5 02:05:04 gate1 genunix: [ID 179002 kern.notice] %l0-3: 0000000000000002 0000030005f31b40 000003000159c978 00000300057f7950 Aug 5 02:05:04 gate1 %l4-7: 0000000000000006 0000030008ec9360 0000030008ec9356 0000000000000004 Aug 5 02:05:04 gate1 genunix: [ID 723222 kern.notice] 000002a10007d370 unix:putnext+218 (0, 3000167b160, 5ff83, 30009856680, 0, 0) Aug 5 02:05:04 gate1 genunix: [ID 179002 kern.notice] %l0-3: 0000030002878e58 0000030001679c28 00000300028790b8 0000000014bde8da Aug 5 02:05:04 gate1 %l4-7: 0000000010293548 0000000000000000 0000000000000000 000000007815cca8 Aug 5 02:05:04 gate1 genunix: [ID 723222 kern.notice] 000002a10007d420 pfil:pfilmodrput+5ac (300028790b8, 30009856680, 20, 30005f31b40, 300001a3448, 30001949800) Aug 5 02:05:04 gate1 genunix: [ID 179002 kern.notice] %l0-3: 000004000ff81a18 0008000000000000 0000030000082008 000000001000a408 Aug 5 02:05:04 gate1 %l4-7: 0000030001949800 0000000000000000 0000000000000000 000002a10001f910 Aug 5 02:05:05 gate1 genunix: [ID 723222 kern.notice] 000002a10007d550 unix:putnext+218 (100, 3000167b160, 100492cc, 30009856680, 0, 0) Aug 5 02:05:05 gate1 genunix: [ID 179002 kern.notice] %l0-3: 00000300028790b8 0000030002879278 0000030001964e50 000003000962e980 Aug 5 02:05:05 gate1 %l4-7: 000000007806adcc 0000000000000000 0000000000000000 000003000344fc00 Aug 5 02:05:05 gate1 genunix: [ID 723222 kern.notice] 000002a10007d600 gld:gld_sendup+230 (2a10007d6e0, 30005f31b40, 7805912c, 780630a0, 30001949800, 10084810) Aug 5 02:05:05 gate1 genunix: [ID 179002 kern.notice] %l0-3: 000000007805cbd8 00000000100492cc 0000030005f31b40 00000300001a3328 Aug 5 02:05:05 gate1 %l4-7: 00000300001a3448 00000300001a3328 000003000157fea8 000003000157fea0 Aug 5 02:05:05 gate1 genunix: [ID 723222 kern.notice] 000002a10007d700 gld:gld_recv+1a4 (300019644d0, 30005f31b40, 30001949800, 30008ec933a, 300001ee560, 1b0) Aug 5 02:05:05 gate1 genunix: [ID 179002 kern.notice] %l0-3: 0000000000000000 00000300001bac50 00000000000000f0 00000300090f8698 Aug 5 02:05:06 gate1 %l4-7: 00000000000002ee 0000030008785510 0000000000000001 00000300057fbb00 Aug 5 02:05:06 gate1 genunix: [ID 723222 kern.notice] 000002a10007da60 pcisch:pci_intr_wrapper+80 (104933d0, 10493408, 30000082008, 3000159cd30, 300001c5028, 0) -----Original Message----- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Darren Reed Sent: Sunday, August 14, 2005 2:04 AM To: [email protected] Subject: IPFilter 4.1.9 A number of small changes have popped up over the preceeding months, so it is about time they all got bundled up. Of note is some code I've added to support AIX. The port to AIX doesn't work yet and I'm not sure I have the time or patience to deal with AIX - it is quite simply a real shit to deal with as a developer compared to others. If you're interested in picking this up, please drop me an email. Darren http://coombs.anu.edu.au/~avalon/ip_fil4.1.9.tar.gz http://coombs.anu.edu.au/~avalon/patch-4.1.9.gz 4.1.9 - Released 13 August 2005 make ipfilter fix IPv4 header checksums for outgoing packets if BRIDGE_IPF is defined when compiled. move the definition of SIOCPROXY from ip_nat.h to ip_proxy.h make the BSD/upgrade script more instructive about the requiements for ip_rules.[ch] when it is run register for interface events on FreeBSD (>5.2.1) and NetBSD so that "ipf -y" is not not requried to tell ipfilter about interface changes. for "quick" rules that do "keep state", move the state adding into the rule evaluation so that we can detect it failing as rules are evaluated and continue on to the next rather than wait until we're done and it's too late to recover for more rule processing. mark ICMP packets advertising an MTU that's too small as being bad rework ipv6 header parsing to get better code reuse and fix logic errors in dealing with ipv6 packets containing fragment headers. Also, where a protocol handler was doing both v4 & v6, make a seperate function for each. build for both amd64 and i86pc (32bit) on Solaris10 and later, if possible include start of work to get IPFilter working on AIX 5.3 Use FI_ICMPERR flag rather than try to compute its equivalent all the time Add missing timeout on Linux Fix for locking when reading from ipsync (Frank Volf) Fix insertion/appending of rules that use a collection number Somehow turning up the spl knob to splnet disappeared on platforms that still use the spl interface. fix problems with "ipf -T" not listing multiple variables properly 4.1.8 - Released 29 March 2005
