From owner-freebsd-bugs@FreeBSD.ORG  Mon Dec 13 09:18:04 2004
Return-Path: <owner-freebsd-bugs@FreeBSD.ORG>
Delivered-To: freebsd-bugs@hub.freebsd.org
Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125])
	by hub.freebsd.org (Postfix) with ESMTP
	id D69B916A4CE; Mon, 13 Dec 2004 09:18:04 +0000 (GMT)
Received: from freefall.freebsd.org (freefall.freebsd.org [216.136.204.21])
	by mx1.FreeBSD.org (Postfix) with ESMTP
	id C6DB043D46; Mon, 13 Dec 2004 09:18:04 +0000 (GMT)
	(envelope-from dhartmei@FreeBSD.org)
Received: from freefall.freebsd.org (dhartmei@localhost [127.0.0.1])
	by freefall.freebsd.org (8.13.1/8.13.1) with ESMTP id iBD9I4fs064011;
	Mon, 13 Dec 2004 09:18:04 GMT
	(envelope-from dhartmei@freefall.freebsd.org)
Received: (from dhartmei@localhost)
	by freefall.freebsd.org (8.13.1/8.13.1/Submit) id iBD9I4uo064007;
	Mon, 13 Dec 2004 09:18:04 GMT
	(envelope-from dhartmei)
Date: Mon, 13 Dec 2004 09:18:04 GMT
From: Daniel Hartmeier <dhartmei@FreeBSD.org>
Message-Id: <200412130918.iBD9I4uo064007@freefall.freebsd.org>
To: dhartmei@FreeBSD.org, freebsd-bugs@FreeBSD.org,
	dhartmei@freebsd.org
Subject: Re: kern/74930: pf crashes the system (unknown reasons)
X-BeenThere: freebsd-bugs@freebsd.org
X-Mailman-Version: 2.1.1
Precedence: list
List-Id: Bug reports <freebsd-bugs.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-bugs>,
	<mailto:freebsd-bugs-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-bugs>
List-Post: <mailto:freebsd-bugs@freebsd.org>
List-Help: <mailto:freebsd-bugs-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-bugs>,
	<mailto:freebsd-bugs-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Mon, 13 Dec 2004 09:18:05 -0000

Synopsis: pf crashes the system (unknown reasons)

Responsible-Changed-From-To: freebsd-bugs->dhartmei@freebsd.org
Responsible-Changed-By: dhartmei
Responsible-Changed-When: Mon Dec 13 09:10:35 GMT 2004
Responsible-Changed-Why: 
There can be only one connection using the same source/destination
address/port quadruple at the same time. When using static-port,
this rule is easily violated (when opening multiple connections
from the same source port to the same destination address/port),
i.e. if you have only one NAT address, you can have only one
concurrent connection like that. To support N concurrent connections
(to the same server and port), you need N addresses in the NAT pool.
Maybe the protocol does not require static source addresses, and
you can just remove the 'static-port' option.

However, locking up the kernel (in an endless loop trying to find
an available NAT address) is a bug in pf. You should get an error
like ""pf: NAT proxy port allocation (0-0) failed" instead. A fix
is being worked on.

http://www.freebsd.org/cgi/query-pr.cgi?pr=74930