Kernel Panic
Joe Jones
joe at stream-technologies.com
Thu Mar 1 17:43:23 UTC 2018
Hi Kristo,
It's just the master that crashed, the backup can take over.
We think the panic we got by compiling with witness and invariant may be
a red herring.
We are now looking rules like
nat on $isp_if from <napts> to any -> <external_napts> sticky-address
if we replace the external_napts table with a single address rather than
a block of addresses the box does not crash.
We are following this line of investigation at the moment.
Regards
Joe Jones
On 01/03/18 09:57, Kristof Provost wrote:
> On 1 Mar 2018, at 15:37, Joe Jones wrote:
>> yes we use pfsync. Yesterday we tried with pfsync switched off, the
>> box still locked up but this time without a panic.
>>
>> We make the DIOCRADDADDRS ioctl on the master and the backup (we use
>> CARPed pairs).
>>
> Interesting. It might be related to pfsync. Is is the master that
> panics or the backup? Or both?
>
> Regards,
> Kristof
More information about the freebsd-pf
mailing list