PF + BRIDGE + PFSYNC causes system freezing
Giulio Ferro
auryn at zirakzigil.org
Thu Mar 18 20:38:02 UTC 2010
On 18.03.2010 20:35, Max Laier wrote:
> Okay ... so it looks like this is a live lock (not a deadlock) and it's
> probably caused by relooping packets. Now we "only" have to find the culprit
> for the loop ...
>
> can you share your setup details, again? The simpler the better.
>
>
Ok
> uname -a
FreeBSD firewall-1.acme.com 8.0-STABLE FreeBSD 8.0-STABLE #2: Thu Mar 18
15:59:27 CET 2010 root at acme.com:/usr/obj/usr/src/sys/FIREWALL amd64
> cat /etc/sysctl.conf
net.inet.ip.forwarding=1
net.inet.ip.fastforwarding=1
net.inet.carp.preempt=1
Services running : sshd, named, inetd, ntpd, openvpn (tap), racoon,
pptp, asterisk
2 physical interfaces : bce0, bce1
11 vlan interfaces : vlan1, ..., vlan11 (vlandev bce1)
11 carp interfaces ; carp1, ..., carp11 (carp1 has 23 alias addresses)
1 bridge interfaces : bridge0 addm vlan35 (used by openvpn)
2 gif interfaces : gif0, gif1 (racoon / IPSEC)
8 static routes
pf packet filter : 12 rdr rules, 3 nat rules, set skip{lo0, bridge0}, 4
pass quick, block log all, about 30 pass keep state
This should be all.
I'm available for any test / patch...
Thanks.
More information about the freebsd-net
mailing list