From owner-freebsd-pf@FreeBSD.ORG Sun Feb 2 09:49:19 2014 Return-Path: Delivered-To: freebsd-pf@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [8.8.178.115]) (using TLSv1 with cipher ADH-AES256-SHA (256/256 bits)) (No client certificate requested) by hub.freebsd.org (Postfix) with ESMTPS id C67E4C98 for ; Sun, 2 Feb 2014 09:49:19 +0000 (UTC) Received: from mail-qa0-x229.google.com (mail-qa0-x229.google.com [IPv6:2607:f8b0:400d:c00::229]) (using TLSv1 with cipher ECDHE-RSA-RC4-SHA (128/128 bits)) (No client certificate requested) by mx1.freebsd.org (Postfix) with ESMTPS id 7E62F1DED for ; Sun, 2 Feb 2014 09:49:19 +0000 (UTC) Received: by mail-qa0-f41.google.com with SMTP id w8so8608359qac.14 for ; Sun, 02 Feb 2014 01:49:18 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=dudu.ro; s=google; h=mime-version:from:date:message-id:subject:to:content-type; bh=p5N8aMYBYpZhWAq7radCccMk/XHvckKnmSI4Ki3lBbM=; b=GBIlfIgQDcfBKTnj9Eb4jVul4rojFgNjZ2Tgx6AuHjYvNP1y3I6O1LzqY8tEU2hmcJ ZZRQenrpLEMo09xRK4GytSkWvWzBnBegIWvIWupFHOQX4m+s6YDeZvY9pi04QpewiJXu dzTo+boZaTuKoBvzXeLArBi1QvRv2tynAQXAg= X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20130820; h=x-gm-message-state:mime-version:from:date:message-id:subject:to :content-type; bh=p5N8aMYBYpZhWAq7radCccMk/XHvckKnmSI4Ki3lBbM=; b=TT7n4CK8CLQZHHJp1s9RFTuiuxiF4yJGHg8UbX3LZxxCFoWW1KSdSRJRryJf/8U1RM pNaF4cXNrCiPSspdSKmjlcUmGHiIMeSeYq6FPaTU6mTTIQuTCGzFfSGNFnB1Qiurq3NI QCckQnmYQugS1xXj8D0fmSiH9StBo8fzbBbKK6LHToZROkELX+eximxKFoEhTVbK94MN iQFfqWZqIcD4Dgx8h5zcWHjRT/ERO2VN5Rq3iTvcmsaW9qrm62L5t4DU25pSqLPYAtzi wsrrVqups1ONBu/wJMM1yhD1xLVgcNfJSXbrIvHeb4A4/NAGlk2oEf+rzCY9kuZ/wle9 yVbw== X-Gm-Message-State: ALoCoQkZNZKHwjcJFMTpZf22u7xwa+EQq44VmOT+ShoyQZiw6HVHSd3rWYhL2LSC89KQIVfqH2xN X-Received: by 10.229.71.69 with SMTP id g5mr46491747qcj.6.1391334558493; Sun, 02 Feb 2014 01:49:18 -0800 (PST) MIME-Version: 1.0 Received: by 10.224.205.138 with HTTP; Sun, 2 Feb 2014 01:48:38 -0800 (PST) From: Vlad Galu Date: Sun, 2 Feb 2014 09:48:38 +0000 Message-ID: Subject: Crash in pf_normalize_ip() in 10-STABLE (r261024) To: freebsd-pf@freebsd.org, "freebsd-stable@FreeBSD.org" Content-Type: text/plain; charset=ISO-8859-1 X-BeenThere: freebsd-pf@freebsd.org X-Mailman-Version: 2.1.17 Precedence: list List-Id: "Technical discussion and general questions about packet filter \(pf\)" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sun, 02 Feb 2014 09:49:19 -0000 Unfortunately, although dmesg indicates the coredump being written to the swap partition, savecore did not leave anything in /var/crash after the machine automatically rebooted. All I got is this backtrace: -- cut here -- Fatal trap 12: page fault while in kernel mode cpuid = 5; apic id = 05 fault virtual address = 0xe fault code = supervisor write data, page not present instruction pointer = 0x20:0xffffffff80757455 stack pointer = 0x28:0xfffffe04529a83e0 frame pointer = 0x28:0xfffffe04529a84d0 code segment = base 0x0, limit 0xfffff, type 0x1b = DPL 0, pres 1, long 1, def32 0, gran 1 processor eflags = interrupt enabled, resume, IOPL = 0 current process = 12 (swi5: fast taskq) trap number = 12 panic: page fault cpuid = 5 KDB: stack backtrace: db_trace_self_wrapper() at db_trace_self_wrapper+0x2b/frame 0xfffffe04529a7ec0 kdb_backtrace() at kdb_backtrace+0x39/frame 0xfffffe04529a7f70 panic() at panic+0x155/frame 0xfffffe04529a7ff0 trap_fatal() at trap_fatal+0x3a2/frame 0xfffffe04529a8050 trap_pfault() at trap_pfault+0x2c9/frame 0xfffffe04529a8100 trap() at trap+0x5e6/frame 0xfffffe04529a8320 calltrap() at calltrap+0x8/frame 0xfffffe04529a8320 --- trap 0xc, rip = 0xffffffff80757455, rsp = 0xfffffe04529a83e0, rbp = 0xfffffe04529a84d0 --- pf_normalize_ip() at pf_normalize_ip+0x1a65/frame 0xfffffe04529a84d0 pf_test() at pf_test+0x211/frame 0xfffffe04529a8660 pf_check_in() at pf_check_in+0x1d/frame 0xfffffe04529a8680 pfil_run_hooks() at pfil_run_hooks+0x83/frame 0xfffffe04529a8710 ip_input() at ip_input+0x38e/frame 0xfffffe04529a8760 netisr_dispatch_src() at netisr_dispatch_src+0x60/frame 0xfffffe04529a87d0 ether_demux() at ether_demux+0x12a/frame 0xfffffe04529a8800 ether_nh_input() at ether_nh_input+0x35f/frame 0xfffffe04529a8860 netisr_dispatch_src() at netisr_dispatch_src+0x60/frame 0xfffffe04529a88d0 re_rxeof() at re_rxeof+0x4f4/frame 0xfffffe04529a8930 re_int_task() at re_int_task+0x9f/frame 0xfffffe04529a8970 taskqueue_run_locked() at taskqueue_run_locked+0xe6/frame 0xfffffe04529a89c0 taskqueue_run() at taskqueue_run+0x81/frame 0xfffffe04529a89e0 intr_event_execute_handlers() at intr_event_execute_handlers+0xab/frame 0xfffffe04529a8a20 ithread_loop() at ithread_loop+0x96/frame 0xfffffe04529a8a70 fork_exit() at fork_exit+0x9a/frame 0xfffffe04529a8ab0 fork_trampoline() at fork_trampoline+0xe/frame 0xfffffe04529a8ab0 --- trap 0, rip = 0, rsp = 0xfffffe04529a8b70, rbp = 0 --- -- and here -- As a workaround I have temporarily disabled scrubbing and the system has run smoothly for a few days. Please CC me, I am not subscribed to these lists. Regards Vlad From owner-freebsd-pf@FreeBSD.ORG Mon Feb 3 11:06:51 2014 Return-Path: Delivered-To: freebsd-pf@FreeBSD.org Received: from mx1.freebsd.org (mx1.freebsd.org [8.8.178.115]) (using TLSv1 with cipher ADH-AES256-SHA (256/256 bits)) (No client certificate requested) by hub.freebsd.org (Postfix) with ESMTPS id 6FF51158 for ; Mon, 3 Feb 2014 11:06:51 +0000 (UTC) Received: from freefall.freebsd.org (freefall.freebsd.org [IPv6:2001:1900:2254:206c::16:87]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by mx1.freebsd.org (Postfix) with ESMTPS id 5B8A71A52 for ; Mon, 3 Feb 2014 11:06:51 +0000 (UTC) Received: from freefall.freebsd.org (localhost [127.0.0.1]) by freefall.freebsd.org (8.14.7/8.14.7) with ESMTP id s13B6pBT022720 for ; Mon, 3 Feb 2014 11:06:51 GMT (envelope-from owner-bugmaster@FreeBSD.org) Received: (from gnats@localhost) by freefall.freebsd.org (8.14.8/8.14.8/Submit) id s13B6oEg022718 for freebsd-pf@FreeBSD.org; Mon, 3 Feb 2014 11:06:50 GMT (envelope-from owner-bugmaster@FreeBSD.org) Date: Mon, 3 Feb 2014 11:06:50 GMT Message-Id: <201402031106.s13B6oEg022718@freefall.freebsd.org> X-Authentication-Warning: freefall.freebsd.org: gnats set sender to owner-bugmaster@FreeBSD.org using -f From: FreeBSD bugmaster To: freebsd-pf@FreeBSD.org Subject: Current problem reports assigned to freebsd-pf@FreeBSD.org X-BeenThere: freebsd-pf@freebsd.org X-Mailman-Version: 2.1.17 Precedence: list List-Id: "Technical discussion and general questions about packet filter \(pf\)" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 03 Feb 2014 11:06:51 -0000 Note: to view an individual PR, use: http://www.freebsd.org/cgi/query-pr.cgi?pr=(number). The following is a listing of current problems submitted by FreeBSD users. These represent problem reports covering all versions including experimental development code and obsolete releases. S Tracker Resp. Description -------------------------------------------------------------------------------- o kern/182401 pf [pf] pf state for some IPs reaches 4294967295 suspicou o kern/182350 pf [pf] core dump with packet filter -- pf_overlad_task o kern/179392 pf [pf] [ip6] Incorrect TCP checksums in rdr return packe o kern/177810 pf [pf] traffic dropped by accepting rules is not counted o kern/177808 pf [pf] [patch] route-to rule forwarding traffic inspite o kern/176268 pf [pf] [patch] synproxy not working with route-to o bin/172888 pf [patch] authpf(8) feature enhancement o kern/172648 pf [pf] [ip6]: 'scrub reassemble tcp' breaks IPv6 packet o kern/171733 pf [pf] PF problem with modulate state in [regression] o kern/169630 pf [pf] [patch] pf fragment reassembly of padded (undersi o kern/168952 pf [pf] direction scrub rules don't work o kern/168190 pf [pf] panic when using pf and route-to (maybe: bad frag o kern/166336 pf [pf] kern.securelevel 3 +pf reload o kern/165315 pf [pf] States never cleared in PF with DEVICE_POLLING o kern/164402 pf [pf] pf crashes with a particular set of rules when fi o kern/164271 pf [pf] not working pf nat on FreeBSD 9.0 [regression] o kern/163208 pf [pf] PF state key linking mismatch o kern/160370 pf [pf] Incorrect pfctl check of pf.conf o kern/155736 pf [pf] [altq] borrow from parent queue does not work wit o kern/153307 pf [pf] Bug with PF firewall o kern/148290 pf [pf] "sticky-address" option of Packet Filter (PF) blo o kern/148260 pf [pf] [patch] pf rdr incompatible with dummynet o kern/147789 pf [pf] Firewall PF no longer drops connections by sendin o kern/143543 pf [pf] [panic] PF route-to causes kernel panic o bin/143504 pf [patch] outgoing states are not killed by authpf(8) o conf/142961 pf [pf] No way to adjust pidfile in pflogd o conf/142817 pf [patch] etc/rc.d/pf: silence pfctl o kern/141905 pf [pf] [panic] pf kernel panic on 7.2-RELEASE with empty o kern/140697 pf [pf] pf behaviour changes - must be documented o kern/137982 pf [pf] when pf can hit state limits, random IP failures o kern/136781 pf [pf] Packets appear to drop with pf scrub and if_bridg o kern/135948 pf [pf] [gre] pf not natting gre protocol o kern/134996 pf [pf] Anchor tables not included when pfctl(8) is run w o kern/133732 pf [pf] max-src-conn issue o conf/130381 pf [rc.d] [pf] [ip6] ipv6 not fully configured when pf st o kern/127920 pf [pf] ipv6 and synproxy don't play well together o conf/127814 pf [pf] The flush in pf_reload in /etc/rc.d/pf does not w o kern/127121 pf [pf] [patch] pf incorrect log priority o kern/127042 pf [pf] [patch] pf recursion panic if interface group is o kern/125467 pf [pf] pf keep state bug while handling sessions between s kern/124933 pf [pf] [ip6] pf does not support (drops) IPv6 fragmented o kern/122773 pf [pf] pf doesn't log uid or pid when configured to o kern/122014 pf [pf] [panic] FreeBSD 6.2 panic in pf o kern/120281 pf [pf] [request] lost returning packets to PF for a rdr o kern/120057 pf [pf] [patch] Allow proper settings of ALTQ_HFSC. The c o bin/118355 pf [pf] [patch] pfctl(8) help message options order false o kern/114567 pf [pf] [lor] pf_ioctl.c + if.c o kern/103283 pf pfsync fails to sucessfully transfer some sessions o kern/93825 pf [pf] pf reply-to doesn't work o sparc/93530 pf [pf] Incorrect checksums when using pf's route-to on s o kern/92949 pf [pf] PF + ALTQ problems with latency o kern/87074 pf [pf] pf does not log dropped packets when max-* statef a kern/86752 pf [pf] pf does not use default timeouts when reloading c o bin/86635 pf [patch] pfctl(8): allow new page character (^L) in pf. o kern/82271 pf [pf] cbq scheduler cause bad latency 55 problems total. From owner-freebsd-pf@FreeBSD.ORG Tue Feb 4 09:57:10 2014 Return-Path: Delivered-To: freebsd-pf@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [8.8.178.115]) (using TLSv1 with cipher ADH-AES256-SHA (256/256 bits)) (No client certificate requested) by hub.freebsd.org (Postfix) with ESMTPS id 057FD94D for ; Tue, 4 Feb 2014 09:57:10 +0000 (UTC) Received: from vbmtbmg004.vodasecure.co.za (vbmtbmg004.vodasecure.co.za [41.0.3.228]) by mx1.freebsd.org (Postfix) with ESMTP id B24FA18A0 for ; Tue, 4 Feb 2014 09:57:07 +0000 (UTC) Received: from Exchange2010.Apsap.co.za (Not Verified[41.0.19.186]) by vbmtbmg004.vodasecure.co.za with MailMarshal (v7, 0, 2, 4629) id ; Tue, 04 Feb 2014 11:42:39 +0200 Received: from EXCHANGE2010.Apsap.co.za ([::1]) by Exchange2010.Apsap.co.za ([::1]) with mapi id 14.01.0218.012; Tue, 4 Feb 2014 11:39:31 +0200 From: Doyoyo Patricia To: "freebsd-pf@freebsd.org" Subject: FREEBSD PF, Securing a R150, 000 Personal Loan in 1 Hour is that Easy - Super-Loan.co.za Thread-Topic: FREEBSD PF, Securing a R150, 000 Personal Loan in 1 Hour is that Easy - Super-Loan.co.za Thread-Index: Ac8hjP+Rgq4acvTNR52vZnAFOJIDNQ== Date: Tue, 4 Feb 2014 09:39:30 +0000 Message-ID: Accept-Language: en-ZA, en-US Content-Language: en-US X-MS-Has-Attach: X-MS-TNEF-Correlator: x-cr-puzzleid: {1FF04FDF-4618-4225-9F53-96BD8085EC22} x-cr-hashedpuzzle: Awnv BJdz B/8E DWGX E7K/ FEiT F/Xn G0cn G6BP HFEZ HlCG I85y J6PY KRMk KreA K7aE; 1; ZgByAGUAZQBiAHMAZAAtAHAAZgBAAGYAcgBlAGUAYgBzAGQALgBvAHIAZwA=; Sosha1_v1; 7; {1FF04FDF-4618-4225-9F53-96BD8085EC22}; ZABvAHkAbwB5AG8AcABAAGEAcABzAGEAcAAuAGMAbwAuAHoAYQA=; Tue, 04 Feb 2014 09:39:28 GMT; RgBSAEUARQBCAFMARAAgAFAARgAsACAAUwBlAGMAdQByAGkAbgBnACAAYQAgAFIAMQA1ADAALAAKACAAMAAwADAAIABQAGUAcgBzAG8AbgBhAGwAIABMAG8AYQBuACAAaQBuACAAMQAgAEgAbwB1AHIAIABpAHMAIAB0AGgAYQB0ACAARQBhAHMAeQAgAC0AIABTAHUAcABlAHIALQBMAG8AYQBuAC4AYwBvAC4AegBhAA== x-originating-ip: [172.16.30.58] MIME-Version: 1.0 Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: quoted-printable X-Content-Filtered-By: Mailman/MimeDel 2.1.17 X-BeenThere: freebsd-pf@freebsd.org X-Mailman-Version: 2.1.17 Precedence: list List-Id: "Technical discussion and general questions about packet filter \(pf\)" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 04 Feb 2014 09:57:10 -0000 Hi there, =20I would like to apply for a loan of R30 000.00, and pay it over 36 mon= ths. Regards, Patricia Doyoyo Accounts Controller Tel: 011 570 5034 Fax: 011 570 5285 E-Mail: doyoyop@airproducts.co.za Web: www.airproducts.co.za Attention: =0AThis message contains information intended solely for the a= ddressee, which is confidential or private in nature and subject to legal= =20privilege. If you are not the intended recipient, you may not peruse, = use, disseminate, distribute or copy this message or any file attached to= =20this message. Any such unauthorised use is prohibited and may be unlaw= ful. If you have received this message in error, please notify the sender= =20immediately by e-mail, facsimile or telephone and thereafter delete th= e original message from your machine.=0A =0AFurthermore, the information = contained in this message, and any attachments thereto, is for informatio= n purposes only and may contain the personal views and opinions of the au= thor, which are not necessarily the views and opinions of Air Products (S= outh Africa) (Proprietary) Limited. Air Products therefore does not accep= t liability for any claims, loss or damages of whatsoever nature, arising= =20as a result of the reliance on such information by anyone. =0AWhilst a= ll reasonable steps are taken to ensure the accuracy and integrity of inf= ormation transmitted electronically and to preserve the confidentiality t= hereof, Air Products accepts no liability or responsibility whatsoever if= =20information or data is, for whatsoever reason, incorrect, corrupted or= =20does not reach its intended destination. From owner-freebsd-pf@FreeBSD.ORG Tue Feb 4 11:23:29 2014 Return-Path: Delivered-To: freebsd-pf@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [8.8.178.115]) (using TLSv1 with cipher ADH-AES256-SHA (256/256 bits)) (No client certificate requested) by hub.freebsd.org (Postfix) with ESMTPS id 33017439 for ; Tue, 4 Feb 2014 11:23:29 +0000 (UTC) Received: from mail-wg0-x233.google.com (mail-wg0-x233.google.com [IPv6:2a00:1450:400c:c00::233]) (using TLSv1 with cipher ECDHE-RSA-RC4-SHA (128/128 bits)) (No client certificate requested) by mx1.freebsd.org (Postfix) with ESMTPS id B7999111A for ; Tue, 4 Feb 2014 11:23:28 +0000 (UTC) Received: by mail-wg0-f51.google.com with SMTP id z12so12796637wgg.30 for ; Tue, 04 Feb 2014 03:23:27 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=message-id:reply-to:sensitivity:importance:subject:to:from:date :content-type:mime-version; bh=IMU46ansaYilMMbZEDgbn7pTmlr8jBsvSXahM0bAAjs=; b=tF3JNouee7l7+qSdJH5ZwuicEbtKkwcnCZRMdgt49/ovP5swBLFgMjyjEIHSD2BpOJ Jd115E4sQ3OB4rf2seMrIJawXk7JhuP/NG4IjjbhOKE24NfIuYcHZmiussnhfkuimt5G b7X3fTjI3npLpeCXpZliWBTmIuyRKhrKjcpj2bo4HGWccRgj9m4qtwZ9Kibxo5y1NfuZ w52Lh+PxyaVj9zQWvTVVh1wuK1fULOGseKD2Ve+sDBmqAYyM3x+4uy9U10+Dt1NOxqSe RoU08Q1uNXBpA4hcQdxGtt9rIVHY+MrhEPdS1YhZwyRwbjnVPcrFMld3L6Crvw9mwG+0 eYcw== X-Received: by 10.194.82.105 with SMTP id h9mr1111277wjy.52.1391513007086; Tue, 04 Feb 2014 03:23:27 -0800 (PST) Received: from 172.18.201.194 (bda-178-239-84-113.bis7.eu.blackberry.com. [178.239.84.113]) by mx.google.com with ESMTPSA id q15sm51808022wjw.18.2014.02.04.03.23.24 for (version=TLSv1 cipher=RC4-SHA bits=128/128); Tue, 04 Feb 2014 03:23:25 -0800 (PST) X-rim-org-msg-ref-id: 1386029535 Message-ID: <1386029535-1391513003-cardhu_decombobulator_blackberry.rim.net-1921069873-@b2.c8.bise7.blackberry> X-Priority: Normal Sensitivity: Normal Importance: Normal Subject: FREEBSD PF, Securing a R150, 000 Personal Loan in 1 Hour is that Easy - Super-Loan.co.za To: freebsd-pf@freebsd.org From: "rene" <1960reneb@gmail.com> Date: Tue, 4 Feb 2014 13:25:36 +0000 Content-Type: text/plain MIME-Version: 1.0 X-BeenThere: freebsd-pf@freebsd.org X-Mailman-Version: 2.1.17 Precedence: list Reply-To: 1960reneb@gmail.com List-Id: "Technical discussion and general questions about packet filter \(pf\)" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 04 Feb 2014 11:23:29 -0000 Good day, I'm looking for an urgent loan to pay off debt and buy food. I can't get loans as they say I don't have enough funds to pay it back, but how can I if I can't get a loAn. Please help. Thanks Petronella Rene Berger 6010060055087 Sent via my BlackBerry from Vodacom - let your email find you! From owner-freebsd-pf@FreeBSD.ORG Tue Feb 4 17:47:40 2014 Return-Path: Delivered-To: freebsd-pf@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) (using TLSv1 with cipher ADH-AES256-SHA (256/256 bits)) (No client certificate requested) by hub.freebsd.org (Postfix) with ESMTPS id 512BE758 for ; Tue, 4 Feb 2014 17:47:40 +0000 (UTC) Received: from sam.nabble.com (sam.nabble.com [216.139.236.26]) (using TLSv1 with cipher AES256-SHA (256/256 bits)) (No client certificate requested) by mx1.freebsd.org (Postfix) with ESMTPS id 2B66116B7 for ; Tue, 4 Feb 2014 17:47:39 +0000 (UTC) Received: from [192.168.236.26] (helo=sam.nabble.com) by sam.nabble.com with esmtp (Exim 4.72) (envelope-from ) id 1WAk5z-0008CG-1P for freebsd-pf@freebsd.org; Tue, 04 Feb 2014 09:47:39 -0800 Date: Tue, 4 Feb 2014 09:47:39 -0800 (PST) From: mm To: freebsd-pf@freebsd.org Message-ID: <1391536059015-5882971.post@n5.nabble.com> In-Reply-To: <1389886004148-5876949.post@n5.nabble.com> References: <51ED5308.3020008@gmx.com> <201307222338.09833.zec@fer.hr> <1389886004148-5876949.post@n5.nabble.com> Subject: Re: VIMAGE + PF crash in mbuf destructor MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit X-BeenThere: freebsd-pf@freebsd.org X-Mailman-Version: 2.1.17 Precedence: list List-Id: "Technical discussion and general questions about packet filter \(pf\)" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 04 Feb 2014 17:47:40 -0000 Looks like I experience this panic, too. To fix the mbuf and taskq problems, I use the following pach atm.: http://people.freebsd.org/~mm/patches/pf_mtag_taskq.patch I will take a look at the 4:00 clock issue. -- View this message in context: http://freebsd.1045724.n5.nabble.com/VIMAGE-PF-crash-in-mbuf-destructor-tp5830537p5882971.html Sent from the freebsd-pf mailing list archive at Nabble.com. From owner-freebsd-pf@FreeBSD.ORG Wed Feb 5 09:16:58 2014 Return-Path: Delivered-To: freebsd-pf@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) (using TLSv1 with cipher ADH-AES256-SHA (256/256 bits)) (No client certificate requested) by hub.freebsd.org (Postfix) with ESMTPS id D5DC745C for ; Wed, 5 Feb 2014 09:16:58 +0000 (UTC) Received: from sam.nabble.com (sam.nabble.com [216.139.236.26]) (using TLSv1 with cipher AES256-SHA (256/256 bits)) (No client certificate requested) by mx1.freebsd.org (Postfix) with ESMTPS id AAFD81245 for ; Wed, 5 Feb 2014 09:16:58 +0000 (UTC) Received: from [192.168.236.26] (helo=sam.nabble.com) by sam.nabble.com with esmtp (Exim 4.72) (envelope-from ) id 1WAybJ-0001eL-0l for freebsd-pf@freebsd.org; Wed, 05 Feb 2014 01:16:57 -0800 Date: Wed, 5 Feb 2014 01:16:56 -0800 (PST) From: mm To: freebsd-pf@freebsd.org Message-ID: <1391591816960-5883192.post@n5.nabble.com> In-Reply-To: <1389886004148-5876949.post@n5.nabble.com> References: <51ED5308.3020008@gmx.com> <201307222338.09833.zec@fer.hr> <1389886004148-5876949.post@n5.nabble.com> Subject: Re: VIMAGE + PF crash in mbuf destructor MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit X-BeenThere: freebsd-pf@freebsd.org X-Mailman-Version: 2.1.17 Precedence: list List-Id: "Technical discussion and general questions about packet filter \(pf\)" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 05 Feb 2014 09:16:58 -0000 Ok, I have found the cause. The patches I use fix the host pf, but pf inside jails is broken. This means if we expose the pf device to the jails, calling pfctl on it causes a panic. To make sure your jails get just the limited ruleset, I suggest you put the following line to your /etc/rc.conf: devfs_load_rulesets="YES" -- View this message in context: http://freebsd.1045724.n5.nabble.com/VIMAGE-PF-crash-in-mbuf-destructor-tp5830537p5883192.html Sent from the freebsd-pf mailing list archive at Nabble.com. From owner-freebsd-pf@FreeBSD.ORG Wed Feb 5 09:27:41 2014 Return-Path: Delivered-To: freebsd-pf@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [8.8.178.115]) (using TLSv1 with cipher ADH-AES256-SHA (256/256 bits)) (No client certificate requested) by hub.freebsd.org (Postfix) with ESMTPS id 53AE9AD8 for ; Wed, 5 Feb 2014 09:27:41 +0000 (UTC) Received: from sam.nabble.com (sam.nabble.com [216.139.236.26]) (using TLSv1 with cipher AES256-SHA (256/256 bits)) (No client certificate requested) by mx1.freebsd.org (Postfix) with ESMTPS id 110151343 for ; Wed, 5 Feb 2014 09:27:40 +0000 (UTC) Received: from [192.168.236.26] (helo=sam.nabble.com) by sam.nabble.com with esmtp (Exim 4.72) (envelope-from ) id 1WAylf-00042a-Jv for freebsd-pf@freebsd.org; Wed, 05 Feb 2014 01:27:39 -0800 Date: Wed, 5 Feb 2014 01:27:39 -0800 (PST) From: girgen To: freebsd-pf@freebsd.org Message-ID: <3A244BF6-F9E0-4578-8193-1437B0D2BB83@FreeBSD.org> In-Reply-To: <1391591816960-5883192.post@n5.nabble.com> References: <51ED5308.3020008@gmx.com> <201307222338.09833.zec@fer.hr> <1389886004148-5876949.post@n5.nabble.com> <1391591816960-5883192.post@n5.nabble.com> Subject: Re: VIMAGE + PF crash in mbuf destructor MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit X-Content-Filtered-By: Mailman/MimeDel 2.1.17 X-BeenThere: freebsd-pf@freebsd.org X-Mailman-Version: 2.1.17 Precedence: list List-Id: "Technical discussion and general questions about packet filter \(pf\)" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 05 Feb 2014 09:27:41 -0000 Cool, thanks for the feedback. I'll try the patch in the host environment. I never really used pf inside the jails, so I don't have a test case for that failing. 5 feb 2014 kl. 10:16 skrev mm [via FreeBSD] : > Ok, I have found the cause. The patches I use fix the host pf, but pf inside jails is broken. This means if we expose the pf device to the jails, calling pfctl on it causes a panic. > > To make sure your jails get just the limited ruleset, I suggest you put the following line to your /etc/rc.conf: > devfs_load_rulesets="YES" > > If you reply to this email, your message will be added to the discussion below: > http://freebsd.1045724.n5.nabble.com/VIMAGE-PF-crash-in-mbuf-destructor-tp5830537p5883192.html > To unsubscribe from VIMAGE + PF crash in mbuf destructor, click here. > NAML signature.asc (506 bytes) -- View this message in context: http://freebsd.1045724.n5.nabble.com/VIMAGE-PF-crash-in-mbuf-destructor-tp5830537p5883198.html Sent from the freebsd-pf mailing list archive at Nabble.com. From owner-freebsd-pf@FreeBSD.ORG Fri Feb 7 00:54:46 2014 Return-Path: Delivered-To: freebsd-pf@FreeBSD.org Received: from mx1.freebsd.org (mx1.freebsd.org [8.8.178.115]) (using TLSv1 with cipher ADH-AES256-SHA (256/256 bits)) (No client certificate requested) by hub.freebsd.org (Postfix) with ESMTPS id 3EA2C71A; Fri, 7 Feb 2014 00:54:46 +0000 (UTC) Received: from mail.vx.sk (mail.vx.sk [176.9.45.25]) by mx1.freebsd.org (Postfix) with ESMTP id B549618D3; Fri, 7 Feb 2014 00:54:45 +0000 (UTC) Received: from core.vx.sk (localhost [127.0.0.2]) by mail.vx.sk (Postfix) with ESMTP id 8978A411DA; Fri, 7 Feb 2014 01:54:38 +0100 (CET) X-Virus-Scanned: amavisd-new at mail.vx.sk Received: from mail.vx.sk by core.vx.sk (amavisd-new, unix socket) with LMTP id s44sVgfkHtfX; Fri, 7 Feb 2014 01:54:36 +0100 (CET) Received: from [192.168.2.103] (dslb-094-223-160-133.pools.arcor-ip.net [94.223.160.133]) by mail.vx.sk (Postfix) with ESMTPSA id 6A662411D2; Fri, 7 Feb 2014 01:54:36 +0100 (CET) Message-ID: <52F42ECB.4050700@FreeBSD.org> Date: Fri, 07 Feb 2014 01:54:35 +0100 From: Martin Matuska User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:24.0) Gecko/20100101 Thunderbird/24.2.0 MIME-Version: 1.0 To: Craig Rodrigues , girgen@FreeBSD.org Subject: Re: VIMAGE + PF crash in mbuf destructor References: <51ED5308.3020008@gmx.com> <201307222338.09833.zec@fer.hr> <1389886004148-5876949.post@n5.nabble.com> <1391536059015-5882971.post@n5.nabble.com> In-Reply-To: X-Enigmail-Version: 1.5.2 Content-Type: text/plain; charset=ISO-8859-1 Content-Transfer-Encoding: 7bit X-Content-Filtered-By: Mailman/MimeDel 2.1.17 Cc: freebsd-pf@FreeBSD.org X-BeenThere: freebsd-pf@freebsd.org X-Mailman-Version: 2.1.17 Precedence: list List-Id: "Technical discussion and general questions about packet filter \(pf\)" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 07 Feb 2014 00:54:46 -0000 I don't have objections - the patch was done with avg's help and does its job, but we may consult someone first. http://people.freebsd.org/~mm/patches/pf_mtag_taskq.patch On 2014-02-07 00:37, Craig Rodrigues wrote: > > On Tue, Feb 4, 2014 at 9:47 AM, mm > wrote: > > Looks like I experience this panic, too. > > To fix the mbuf and taskq problems, I use the following pach atm.: > http://people.freebsd.org/~mm/patches/pf_mtag_taskq.patch > > > > Thanks for showing that patch. It looks good to me. Is it good > enough for commit? > This problem has been around for a while. > From owner-freebsd-pf@FreeBSD.ORG Fri Feb 7 13:16:47 2014 Return-Path: Delivered-To: freebsd-pf@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [8.8.178.115]) (using TLSv1 with cipher ADH-AES256-SHA (256/256 bits)) (No client certificate requested) by hub.freebsd.org (Postfix) with ESMTPS id C240A259 for ; Fri, 7 Feb 2014 13:16:47 +0000 (UTC) Received: from mailstore06.sysedata.no (b.mail.tornado.no [195.159.29.130]) (using TLSv1 with cipher AES256-SHA (256/256 bits)) (No client certificate requested) by mx1.freebsd.org (Postfix) with ESMTPS id 5672E1AE7 for ; Fri, 7 Feb 2014 13:16:46 +0000 (UTC) Received: from [195.159.29.130] (helo=www.eposttjener.no) by mailstore06.sysedata.no with esmtpa (Exim 4.71) (envelope-from ) id 1WBlIR-0003U9-Ic for freebsd-pf@freebsd.org; Fri, 07 Feb 2014 14:16:43 +0100 MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8; format=flowed Content-Transfer-Encoding: 7bit Date: Fri, 07 Feb 2014 14:16:43 +0100 From: Daniel Engberg To: freebsd-pf@freebsd.org Subject: pf + NAT + ICMP =?UTF-8?Q?issues=3F?= Message-ID: X-Sender: daniel.engberg.lists@pyret.net User-Agent: Roundcube Webmail/0.9.4 X-BeenThere: freebsd-pf@freebsd.org X-Mailman-Version: 2.1.17 Precedence: list List-Id: "Technical discussion and general questions about packet filter \(pf\)" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 07 Feb 2014 13:16:47 -0000 Hi, I've been tearing my hair on this one, this ruleset worked fine on 9.1 and 9-STABLE around the same time but doesn't on HEAD (most recent box I have is running r261486 (AMD64). I might be missing something obvious so I guess I need a another pair of eyes. Anyhow, the issue is pretty simple, for some reason on clients behind ping and tracert doesn't work as they did before. Using ping (Windows 7) the first packet always gets a timeout and tracert doesn't work except at the end hop. Here's a sample: ping ping.sunet.se Pinging ping.sunet.se [192.36.125.18] with 32 bytes of data: Request timed out. Reply from 192.36.125.18: bytes=32 time=5ms TTL=244 Reply from 192.36.125.18: bytes=32 time=5ms TTL=244 Reply from 192.36.125.18: bytes=32 time=5ms TTL=244 Ping statistics for 192.36.125.18: Packets: Sent = 4, Received = 3, Lost = 1 (25% loss), Approximate round trip times in milli-seconds: Minimum = 5ms, Maximum = 5ms, Average = 5ms However running the same command directly after there's no timeouts, if you wait about 3-4 sec you'll get the same results (ie timeout). Running tracert results in the following: tracert ping.sunet.se Tracing route to ping.sunet.se [192.36.125.18] over a maximum of 30 hops: 1 <1 ms <1 ms <1 ms 192.168.1.1 2 * * * Request timed out. 3 * * * Request timed out. 4 * * * Request timed out. 5 * * * Request timed out. 6 * * * Request timed out. 7 * * * Request timed out. 8 * * * Request timed out. 9 * * * Request timed out. 10 * * * Request timed out. 11 5 ms 5 ms 5 ms ping.sunet.se [192.36.125.18] I've tested this on 3 different connections and they all have the same issues (different boxes although all are running -HEAD). Running ping (ICMP) and traceroute (ICMP) works fine on the firewall itself which makes me a bit puzzled. Here's the ruleset: ################################ ### Packet Firewall Ruleset #### ################################ ################### #### Variables #### ################### # External interface ext_if="em1" # Internal interface int_if="em0" # Follow RFC1918 and don't route to non-routable IPs # http://www.iana.org/assignments/ipv4-address-space # http://rfc.net/rfc1918.html nonroute= "{ 0.0.0.0/8, 20.20.20.0/24, 127.0.0.0/8, 169.254.0.0/16, 172.16.0.0/12, 192.0.2.0/24, 192.168.0.0/16, 224.0.0.0/3, 255.255.255.255 }" # Set allowed ICMP types icmp_types = "{ 0, 3, 4, 8, 11, 12 }" #################################### #### Options and optimizations ##### #################################### # Set interface for logging (statistics) set loginterface $ext_if # Drop states as fast as possible without having excessively low timeouts set optimization aggressive # Block policy, either silently drop packets or tell sender that request is blocked set block-policy return # Don't bother to process (filter) following interfaces such as loopback: set skip on lo0 # Scrub traffic scrub on $ext_if all ####################### #### NAT & Proxies #### ####################### # Enable NAT and tell pf not to change ports nat on $ext_if from $int_if:network to any -> ($ext_if) # Redirect ftp connections to ftp-proxy rdr pass on $int_if inet proto tcp from $int_if:network to any port 21 -> 127.0.0.1 port 8021 # Enable ftp-proxy (active connections) nat-anchor "ftp-proxy/*" rdr-anchor "ftp-proxy/*" # Anchors needs to be set after nat/rdr-anchor anchor "ftp-proxy/*" ################################ #### Rules inbound (int_if) #### ################################ # Pass on everything pass in quick on $int_if inet all keep state ################################# #### Rules outbound (int_if) #### ################################# # Pass on everything pass out quick on $int_if inet all keep state ################################ #### Rules inbound (ext_if) #### ################################ # Drop packets from non-routable addresses directly block drop in quick on $ext_if from $nonroute to any # Allow DHCP pass in quick on $ext_if inet proto udp to ($ext_if) port { 67, 68 } # Allow ICMP pass in quick on $ext_if inet proto icmp all icmp-type $icmp_types # Allow FTPs to connect to our FTP-proxy pass in quick on $ext_if inet proto tcp to ($ext_if) port ftp-data user proxy # Block everything else block in on $ext_if all ################################# #### Rules outbound (ext_if) #### ################################# # Drop packets to non-routable addresses directly block drop out quick on $ext_if from any to $nonroute pass out on $ext_if all Hopefully someone can figure out what's going on... Best regards, Daniel From owner-freebsd-pf@FreeBSD.ORG Fri Feb 7 14:24:13 2014 Return-Path: Delivered-To: freebsd-pf@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) (using TLSv1 with cipher ADH-AES256-SHA (256/256 bits)) (No client certificate requested) by hub.freebsd.org (Postfix) with ESMTPS id 283E792A for ; Fri, 7 Feb 2014 14:24:13 +0000 (UTC) Received: from mail.egr.msu.edu (hill.egr.msu.edu [35.9.37.162]) by mx1.freebsd.org (Postfix) with ESMTP id EFE321254 for ; Fri, 7 Feb 2014 14:24:12 +0000 (UTC) Received: from hill (localhost [127.0.0.1]) by mail.egr.msu.edu (Postfix) with ESMTP id 52B1D11E62 for ; Fri, 7 Feb 2014 09:14:15 -0500 (EST) X-Virus-Scanned: amavisd-new at egr.msu.edu Received: from mail.egr.msu.edu ([127.0.0.1]) by hill (hill.egr.msu.edu [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id QfVth67dGo4e for ; Fri, 7 Feb 2014 09:14:15 -0500 (EST) Received: from EGR authenticated sender Message-ID: <52F4EA37.9050805@egr.msu.edu> Date: Fri, 07 Feb 2014 09:14:15 -0500 From: Adam McDougall User-Agent: Mozilla/5.0 (X11; FreeBSD amd64; rv:24.0) Gecko/20100101 Thunderbird/24.3.0 MIME-Version: 1.0 To: freebsd-pf@freebsd.org Subject: Re: pf + NAT + ICMP issues? References: In-Reply-To: Content-Type: text/plain; charset=ISO-8859-1 Content-Transfer-Encoding: 7bit X-BeenThere: freebsd-pf@freebsd.org X-Mailman-Version: 2.1.17 Precedence: list List-Id: "Technical discussion and general questions about packet filter \(pf\)" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 07 Feb 2014 14:24:13 -0000 On 02/07/2014 08:16, Daniel Engberg wrote: > Hi, > > I've been tearing my hair on this one, this ruleset worked fine on 9.1 > and 9-STABLE around the same time but doesn't on HEAD (most recent box I > have is running r261486 (AMD64). I might be missing something obvious so > I guess I need a another pair of eyes. Anyhow, the issue is pretty > simple, for some reason on clients behind ping and tracert doesn't work > as they did before. > > Using ping (Windows 7) the first packet always gets a timeout and > tracert doesn't work except at the end hop. > (snip) > > # Allow ICMP > pass in quick on $ext_if inet proto icmp all icmp-type $icmp_types Can you try duplicating or replacing this rule with "pass out"? I use both pass in and out, I suppose I could just use "pass" with one rule. FYI, I only have icmp_types = "{ echoreq unreach }". > > # Allow FTPs to connect to our FTP-proxy > pass in quick on $ext_if inet proto tcp to ($ext_if) port ftp-data user > proxy > From owner-freebsd-pf@FreeBSD.ORG Fri Feb 7 14:35:47 2014 Return-Path: Delivered-To: freebsd-pf@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) (using TLSv1 with cipher ADH-AES256-SHA (256/256 bits)) (No client certificate requested) by hub.freebsd.org (Postfix) with ESMTPS id 3D60C3DC for ; Fri, 7 Feb 2014 14:35:47 +0000 (UTC) Received: from mailstore06.sysedata.no (b.mail.tornado.no [195.159.29.130]) (using TLSv1 with cipher AES256-SHA (256/256 bits)) (No client certificate requested) by mx1.freebsd.org (Postfix) with ESMTPS id EEB9F1338 for ; Fri, 7 Feb 2014 14:35:46 +0000 (UTC) Received: from [195.159.29.130] (helo=www.eposttjener.no) by mailstore06.sysedata.no with esmtpa (Exim 4.71) (envelope-from ) id 1WBmWu-0005mV-75 for freebsd-pf@freebsd.org; Fri, 07 Feb 2014 15:35:44 +0100 MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8; format=flowed Content-Transfer-Encoding: 7bit Date: Fri, 07 Feb 2014 15:35:44 +0100 From: Daniel Engberg To: freebsd-pf@freebsd.org Subject: Re: pf + NAT + ICMP =?UTF-8?Q?issues=3F?= Message-ID: X-Sender: daniel.engberg.lists@pyret.net User-Agent: Roundcube Webmail/0.9.4 X-BeenThere: freebsd-pf@freebsd.org X-Mailman-Version: 2.1.17 Precedence: list List-Id: "Technical discussion and general questions about packet filter \(pf\)" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 07 Feb 2014 14:35:47 -0000 Hi, Tried that and no go, actually allowing all types of ICMP doesn't seem to help either so I guess it might be something within pf? Does anyone have this working on HEAD? Best regards, Daniel