Darren Reed wrote:
Dave Ockwell-Jenner wrote:
....
I've attached a snippet from /var/adm/messages [1] showing the actual
panic message. I've also included the stack trace from the resulting
crash dump file [2]. Curiously, this issue existed with IP Filter
4.1.16 and pfil 2.1.11, which I was running until recently. I upgraded
to 4.1.20 in the hope that it would correct this issue. Needless to
say, the stock IP Filter that shipped in Solaris 10 panic'd every time
an IPsec connection attempt was made.
Are you using the ipsec/ike proxy in ipfilter?
Yes, indeed. The relevant line from ipnat.conf is:
map eri0 192.168.1.0/24 -> 0.0.0.0/32 proxy port 500 ipsec/udp
udp port 500 is passed through the firewall, as well as ESP and AH
protocols, a-la:
pass in log on eri0 proto udp from any to any port = 500 group 110
pass in log on eri0 proto esp from any to any
pass in log on eri0 proto ah from any to any
Darren, or anyone who has a better clue than me - could you point me
in the right direction if it's something I'm doing wrong?
[1]
May 1 16:43:15 hostname ^Mpanic[cpu0]/thread=2a100047cc0:
May 1 16:43:15 hostname unix: [ID 799565 kern.notice] BAD TRAP:
type=31 rp=2a100046e00 addr=6ac54ab0 mmu_fsr=0
May 1 16:43:15 hostname unix: [ID 100000 kern.notice]
May 1 16:43:15 hostname unix: [ID 839527 kern.notice] sched:
May 1 16:43:15 hostname unix: [ID 520581 kern.notice] trap type = 0x31
May 1 16:43:15 hostname unix: [ID 381800 kern.notice] addr=0x6ac54ab0
May 1 16:43:15 hostname unix: [ID 101969 kern.notice] pid=0,
pc=0x1040d24, sp=0x2a1000466a1, tstate=0x4480001600, context=0x0
...
# adb -w ./unix.2 ./vmcore.2
If you can do this in adb:
0x6ac54ab0/x
0x1040d24/i
Here you go:
0x6ac54ab0/x
adb: failed to read data from target: no mapping for address
0x1040d24/i
mutex_enter+4: casx [%o0] , %g0, %o1
mutex_enter+8: brnz,pn %o1, +0x10 <mutex_enter+0x18>
mutex_enter+0xc:membar #LoadLoad
mutex_enter+0x10: retl
mutex_enter+0x14: nop
mutex_enter+0x18: sethi %hi(0x105a800), %o2
mutex_enter+0x1c: jmp %o2 + 0x330
mutex_enter+0x20: nop
mutex_tryenter:
mutex_tryenter: mov %g7, %o1
mutex_tryenter+4: casx [%o0] , %g0, %o1
mutex_tryenter+8: brnz,pn %o1, +0x10
<mutex_tryenter+0x18>
mutex_tryenter+0xc: membar #LoadLoad
mutex_tryenter+0x10: retl
mutex_tryenter+0x14: or %o0, 1, %o0
mutex_tryenter+0x18: sethi %hi(0x105ac00), %o2
mutex_tryenter+0x1c: jmp %o2 + 0x3dc
mutex_tryenter+0x20: nop
mutex_adaptive_tryenter:
mutex_adaptive_tryenter: mov %g7, %o1
mutex_adaptive_tryenter+4: casx [%o0] , %g0, %o1
mutex_adaptive_tryenter+8: brnz,pn %o1, +0x10
<mutex_adaptive_tryenter+0x18>
mutex_adaptive_tryenter+0xc: membar #LoadLoad
mutex_adaptive_tryenter+0x10: retl
mutex_adaptive_tryenter+0x14: or %o0, 1, %o0
mutex_adaptive_tryenter+0x18: retl
mutex_adaptive_tryenter+0x1c: clr %o0
0x1040d88: illtrap 0
0x1040d8c: illtrap 0
0x1040d90: illtrap 0
0x1040d94: illtrap 0
0x1040d98: illtrap 0
0x1040d9c: illtrap 0
mutex_exit:
mutex_exit: ldx [%o0], %o1
mutex_exit+4: membar #LoadStore|#StoreStore
mutex_exit+8: cmp %g7, %o1
mutex_exit+0xc: be,a,pt %xcc, +0xc <mutex_exit+0x18>
mutex_exit+0x10:clrx [%o0]
mutex_exit+0x14:ba,a,pt %xcc, +0x1a2c8 <mutex_vector_exit>
mutex_exit+0x18:retl
mutex_exit+0x1c:nop
rw_enter:
rw_enter: cmp %o1, 0
rw_enter+4: be,a,pn %icc, +0x4c <rw_enter+0x50>
rw_enter+8: or %g7, 4, %o5
rw_enter+0xc: ld [%g7 + 0x1d0], %o3
rw_enter+0x10: ldx [%o0], %o4
rw_enter+0x14: add %o3, 1, %o3
rw_enter+0x18: st %o3, [%g7 + 0x1d0]
rw_enter+0x1c: btst 6, %o4
rw_enter+0x20: be,pt %xcc, +0x14 <rw_enter+0x34>
rw_enter+0x24: add %o4, 8, %o5
rw_enter+0x28: sethi %hi(0x105f400), %o2
rw_enter+0x2c: jmp %o2 + 0x264
rw_enter+0x30: nop
rw_enter+0x34: casx [%o0] , %o4, %o5
rw_enter+0x38: cmp %o4, %o5
rw_enter+0x3c: bne,pn %xcc, -0x20 <rw_enter+0x1c>
rw_enter+0x40: mov %o5, %o4
rw_enter+0x44: membar #LoadLoad
rw_enter+0x48: retl
rw_enter+0x4c: nop
rw_enter+0x50: casx [%o0] , %g0, %o5
rw_enter+0x54: brz,pt %o5, +0x14 <rw_enter+0x68>
rw_enter+0x58: membar #LoadLoad
rw_enter+0x5c: sethi %hi(0x105f400), %o2
rw_enter+0x60: jmp %o2 + 0x264
rw_enter+0x64: nop
rw_enter+0x68: retl
rw_enter+0x6c: nop
