[pf4freebsd] Re: pf errors meaning

Pyun YongHyeon yongari at kt-is.co.kr
Wed Sep 15 20:53:58 PDT 2004 

On Sun, Oct 05, 2003 at 04:34:45PM +0100, Bruno Afonso wrote:
 > Pyun YongHyeon wrote:
 > 
 > > You can see the offending function _fget() in /sys/kern/kern_descrip.c.
 > > I believe this error is not related with FreeBSD pf.
 > > However, you don't have traces so I can't sure that.
 > 
 > yes :-(
 > 
 > > Did you have two kernel modules in your system?(/boot/kernel and
 > > /usr/local/modules) Did you patch your kernel after installing
 > > FreeBSD pf? Can you tell me the exact procure you used while loading
 > > and unloading pf? Can you post your rule file and comment on your
 > > network setup? Did your rule file have table rules?
 > 
 > Only have one model.
 > I used stock kernel from releng_5_1 with only some options added. :-)
 > I'm using a port based rc.d script... I only changed the file paths.
 > I use tables... I have a 10.10.0.0/20 table, and some other tables 
 > collecting a lot of /24 and /22 networks.
 > I have also removed one synproxy rule I had for http... Since I had 
 > problems with it in the past, I removed it once again. (re-introduced it 
 > when installing 1.66)
 > 
 > > No. It does not necessarily mean FreeBSD pf is error free. There
 > > might be bugs creeping through pf module.
 > 
 > I have had no more panics since I removed the synproxy rule and disabled 
 > dnscache. But this is irrelevant as we can't really know what caused the 
 > panics. :-(
 > I never heard anyone having dnscache panics, so I found that *odd*.
 > 

Interesting. Then I'll check synproxy code. However, as I didn't see
any related problems up to date, it may take a long time to scrutinize.

 > 
 > >  > the break into ddb as I can't afford the box down for a couple hours :-(
 > >  > Unfortunately, someone pressed the restart button before I could get to 
 > >  > ddb via serial console...
 > >  > 
 > > You dont't have to let the box down for a while. At least, we need a
 > > trace report to identify the problem. At DDB propmt you can invoke
 > > 'trace' command and write down the output. If you have enabled kernel
 > > debugging options, you may get valuable crash dump file. This is the
 > > most perferrable one.
 > 
 > I'm not working full time, this is a college and I'm a poor student 
 > being explored. :-)
 > I am going to look into crash dumps.
 > 

Regards,
Pyun YongHyeon
-- 
Pyun YongHyeon <http://www.kr.freebsd.org/~yongari>

More information about the freebsd-pf mailing list