Re: IPFilter update for the end of the weekend

Tue, 09 May 2006 05:04:34 -0700 

Hi Darren,

It did install fine, was able to load my ipf.conf rules succesfully.
But after just five minutes i had a kernel panic.
Kernel panic - not syncing: /usr/local/src/ip_fil4.1next/Linux/ Linux-2.6.9-34.EL-i686//ip_state.c:1266: spin_lock(/usr/local/src/ ip_fil4.1next/Linux/Linux-2.6.9-34.EL-i686//ip_state.c:c126bc00) already locked by /usr/local/src/ip_fil4.1next/Linux/ Linux-2.6.9-34.EL-i686//ip_state.c/1266 


I'm running CentOS 4.3 Final with kernel version 2.6.9-34.EL.

Additional infos below:

[EMAIL PROTECTED] ~]# uname -a
Linux shear.local 2.6.9-34.EL #1 Wed Mar 8 00:07:35 CST 2006 i686 i686 i386 GNU/Linux 

[EMAIL PROTECTED] ~]# ipf -V
ipf: IP Filter: v4.1next (396)
Kernel: IP Filter: v4.1next
Running: yes
Log Flags: 0 = none set
Default: pass all, Logging: available
Active list: 0
Feature mask: 0x86

[EMAIL PROTECTED] ~]# ipfstat -hio
0 pass out quick on eth0 proto tcp from any to any flags S/FSRA keep state 
0 block out on eth0 proto tcp from any to any
1 pass out quick on eth0 proto udp from any to any port = domain keep state 
0 block out on eth0 proto udp from any to any
2 block in on eth0 proto tcp from any to any
2 pass in quick on eth0 proto tcp from any to any port = ssh keep state
1 block in on eth0 proto udp from any to any


[EMAIL PROTECTED] ~]# ipfstat
bad packets:            in 0    out 0
input packets:         blocked 1 passed 150 nomatch 0 counted 0 short 0
output packets:         blocked 0 passed 98 nomatch 0 counted 0 short 0
input packets logged:  blocked 0 passed 0
output packets logged:  blocked 0 passed 0
packets logged:        input 0 output 0
log failures:          input 0 output 0
fragment state(in):     kept 0  lost 0  not fragmented 0
fragment state(out):    kept 0  lost 0  not fragmented 0
packet state(in):       kept 2  lost 0
packet state(out):      kept 1  lost 0
ICMP replies:   0       TCP RSTs sent:  0
Invalid source(in):     0
Result cache hits(in):  0       (out):  0
IN Pullups succeeded:   0       failed: 0
OUT Pullups succeeded:  0       failed: 0
Fastroute successes:    0       failures:       0
TCP cksum fails(in):    0       (out):  0
IPF Ticks:      142
Packet log flags set: (0)
        none
Kernel panic - not syncing: /usr/local/src/ip_fil4.1next/Linux/ Linux-2.6.9-34.EL-i686//ip_state.c:1266: spin_lock(/usr/local/src/ ip_fil4.1next/Linux/Linux-2.6.9-34.EL-i686//ip_state.c:c126bc00) already locked by /usr/local/src/ip_fil4.1next/Linux/ Linux-2.6.9-34.EL-i686//ip_state.c/1266 




On 05 8, 06, at 6:48 PM, Darren Reed wrote:



So, I made mention that by the end of the weekend I'd have something
to try on systems with Linux 2.6 kernels:

http://coombs.anu.edu.au/~avalon/ip_fil4.1next.tar.gz

I've had to completely change the way information to be printed for

Reply via email to