From owner-freebsd-pf@FreeBSD.ORG  Wed Feb  5 09:16:58 2014
Return-Path: <owner-freebsd-pf@FreeBSD.ORG>
Delivered-To: freebsd-pf@freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org
 [IPv6:2001:1900:2254:206a::19:1])
 (using TLSv1 with cipher ADH-AES256-SHA (256/256 bits))
 (No client certificate requested)
 by hub.freebsd.org (Postfix) with ESMTPS id D5DC745C
 for <freebsd-pf@freebsd.org>; Wed,  5 Feb 2014 09:16:58 +0000 (UTC)
Received: from sam.nabble.com (sam.nabble.com [216.139.236.26])
 (using TLSv1 with cipher AES256-SHA (256/256 bits))
 (No client certificate requested)
 by mx1.freebsd.org (Postfix) with ESMTPS id AAFD81245
 for <freebsd-pf@freebsd.org>; Wed,  5 Feb 2014 09:16:58 +0000 (UTC)
Received: from [192.168.236.26] (helo=sam.nabble.com)
 by sam.nabble.com with esmtp (Exim 4.72)
 (envelope-from <mm@FreeBSD.org>) id 1WAybJ-0001eL-0l
 for freebsd-pf@freebsd.org; Wed, 05 Feb 2014 01:16:57 -0800
Date: Wed, 5 Feb 2014 01:16:56 -0800 (PST)
From: mm <mm@FreeBSD.org>
To: freebsd-pf@freebsd.org
Message-ID: <1391591816960-5883192.post@n5.nabble.com>
In-Reply-To: <1389886004148-5876949.post@n5.nabble.com>
References: <CAG=rPVfxFiOVOeSyDP=wBubNQCHK5dqcgBBaJjeS6XXtSZSZqg@mail.gmail.com>
 <51ED5308.3020008@gmx.com>
 <CAJ-VmomAC573hrQivfT9Gn_tJn5SkMhM_MK8hUCbtr-7D-NGDw@mail.gmail.com>
 <CAG=rPVd3F2sfwizJuEngxexo0Rby2qwzqpAB4_K-fZXXb8-Rmw@mail.gmail.com>
 <CAJ-Vmo=jDPrJHXRz8xY9aA-soBx54DjvqkpzdSUvr+4hZ9ExkQ@mail.gmail.com>
 <201307222338.09833.zec@fer.hr> <1389886004148-5876949.post@n5.nabble.com>
Subject: Re: VIMAGE + PF crash in mbuf destructor
MIME-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Transfer-Encoding: 7bit
X-BeenThere: freebsd-pf@freebsd.org
X-Mailman-Version: 2.1.17
Precedence: list
List-Id: "Technical discussion and general questions about packet filter
 \(pf\)" <freebsd-pf.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/options/freebsd-pf>,
 <mailto:freebsd-pf-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-pf/>
List-Post: <mailto:freebsd-pf@freebsd.org>
List-Help: <mailto:freebsd-pf-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-pf>,
 <mailto:freebsd-pf-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Wed, 05 Feb 2014 09:16:58 -0000

Ok, I have found the cause. The patches I use fix the host pf, but pf inside
jails is broken. This means if we expose the pf device to the jails, calling
pfctl on it causes a panic.

To make sure your jails get just the limited ruleset, I suggest you put the
following line to your /etc/rc.conf:
devfs_load_rulesets="YES"



--
View this message in context: http://freebsd.1045724.n5.nabble.com/VIMAGE-PF-crash-in-mbuf-destructor-tp5830537p5883192.html
Sent from the freebsd-pf mailing list archive at Nabble.com.