panic with ng_ipfw+ng_car and net.inet.ip.fw.one_pass=0
Mikolaj Golub
to.my.trociny at gmail.com
Fri Jun 5 13:58:09 UTC 2009
On Fri, 5 Jun 2009 00:47:20 +0400 Oleg Bulyzhin wrote:
> On Wed, Jun 03, 2009 at 09:03:11PM +0400, Oleg Bulyzhin wrote:
>> On Mon, Jun 01, 2009 at 11:12:45AM +0300, Mikolaj Golub wrote:
>>
>> > It looks the problem has not drawn much attention :-).
>>
>> I was on vacation so did not reply in time.
>> Dummynet like solution is not enough, dummynet is affected by this problem
>> too.
>> I'll send patch to you for testing tomorrow.
>
> Please test attached patch and let me know results.
> Patch made for -current and it changes ABI, so rebuilding ipfw with new
> headers required.
It works for me. With the patch I has not managed to crash the system using my
test. Some notes:
- only ng_ipfw/ng_car subsystem has been tested (not dummynet).
- my -current box is under qemu (I don't have real server running -current to
test this).
If you are interesting in some testing of dummynet before commiting this to
current, let me know. I could try some tests but only the next week.
If you are going to commit this to -current could you please fix ng_ipfw(4)
man page too?
Index: share/man/man4/ng_ipfw.4
===================================================================
--- share/man/man4/ng_ipfw.4 (revision 193478)
+++ share/man/man4/ng_ipfw.4 (working copy)
@@ -84,11 +84,12 @@
struct ng_ipfw_tag {
struct m_tag mt; /* tag header */
struct ip_fw *rule; /* matching rule */
+ uint32_t rule_id; /* matching rule id */
+ uint32_t chain_id; /* ruleset id */
struct ifnet *ifp; /* interface, for ip_output */
int dir; /* packet direction */
#define NG_IPFW_OUT 0
#define NG_IPFW_IN 1
- int flags; /* flags, for ip_output() */
};
.Ed
.Pp
--
Mikolaj Golub
More information about the freebsd-net
mailing list