From owner-freebsd-pf@FreeBSD.ORG Wed Feb 5 09:27:41 2014 Return-Path: Delivered-To: freebsd-pf@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [8.8.178.115]) (using TLSv1 with cipher ADH-AES256-SHA (256/256 bits)) (No client certificate requested) by hub.freebsd.org (Postfix) with ESMTPS id 53AE9AD8 for ; Wed, 5 Feb 2014 09:27:41 +0000 (UTC) Received: from sam.nabble.com (sam.nabble.com [216.139.236.26]) (using TLSv1 with cipher AES256-SHA (256/256 bits)) (No client certificate requested) by mx1.freebsd.org (Postfix) with ESMTPS id 110151343 for ; Wed, 5 Feb 2014 09:27:40 +0000 (UTC) Received: from [192.168.236.26] (helo=sam.nabble.com) by sam.nabble.com with esmtp (Exim 4.72) (envelope-from ) id 1WAylf-00042a-Jv for freebsd-pf@freebsd.org; Wed, 05 Feb 2014 01:27:39 -0800 Date: Wed, 5 Feb 2014 01:27:39 -0800 (PST) From: girgen To: freebsd-pf@freebsd.org Message-ID: <3A244BF6-F9E0-4578-8193-1437B0D2BB83@FreeBSD.org> In-Reply-To: <1391591816960-5883192.post@n5.nabble.com> References: <51ED5308.3020008@gmx.com> <201307222338.09833.zec@fer.hr> <1389886004148-5876949.post@n5.nabble.com> <1391591816960-5883192.post@n5.nabble.com> Subject: Re: VIMAGE + PF crash in mbuf destructor MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit X-Content-Filtered-By: Mailman/MimeDel 2.1.17 X-BeenThere: freebsd-pf@freebsd.org X-Mailman-Version: 2.1.17 Precedence: list List-Id: "Technical discussion and general questions about packet filter \(pf\)" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 05 Feb 2014 09:27:41 -0000 Cool, thanks for the feedback. I'll try the patch in the host environment. I never really used pf inside the jails, so I don't have a test case for that failing. 5 feb 2014 kl. 10:16 skrev mm [via FreeBSD] : > Ok, I have found the cause. The patches I use fix the host pf, but pf inside jails is broken. This means if we expose the pf device to the jails, calling pfctl on it causes a panic. > > To make sure your jails get just the limited ruleset, I suggest you put the following line to your /etc/rc.conf: > devfs_load_rulesets="YES" > > If you reply to this email, your message will be added to the discussion below: > http://freebsd.1045724.n5.nabble.com/VIMAGE-PF-crash-in-mbuf-destructor-tp5830537p5883192.html > To unsubscribe from VIMAGE + PF crash in mbuf destructor, click here. > NAML signature.asc (506 bytes) -- View this message in context: http://freebsd.1045724.n5.nabble.com/VIMAGE-PF-crash-in-mbuf-destructor-tp5830537p5883198.html Sent from the freebsd-pf mailing list archive at Nabble.com. From owner-freebsd-pf@FreeBSD.ORG Fri Feb 7 00:54:46 2014 Return-Path: Delivered-To: freebsd-pf@FreeBSD.org Received: from mx1.freebsd.org (mx1.freebsd.org [8.8.178.115]) (using TLSv1 with cipher ADH-AES256-SHA (256/256 bits)) (No client certificate requested) by hub.freebsd.org (Postfix) with ESMTPS id 3EA2C71A; Fri, 7 Feb 2014 00:54:46 +0000 (UTC) Received: from mail.vx.sk (mail.vx.sk [176.9.45.25]) by mx1.freebsd.org (Postfix) with ESMTP id B549618D3; Fri, 7 Feb 2014 00:54:45 +0000 (UTC) Received: from core.vx.sk (localhost [127.0.0.2]) by mail.vx.sk (Postfix) with ESMTP id 8978A411DA; Fri, 7 Feb 2014 01:54:38 +0100 (CET) X-Virus-Scanned: amavisd-new at mail.vx.sk Received: from mail.vx.sk by core.vx.sk (amavisd-new, unix socket) with LMTP id s44sVgfkHtfX; Fri, 7 Feb 2014 01:54:36 +0100 (CET) Received: from [192.168.2.103] (dslb-094-223-160-133.pools.arcor-ip.net [94.223.160.133]) by mail.vx.sk (Postfix) with ESMTPSA id 6A662411D2; Fri, 7 Feb 2014 01:54:36 +0100 (CET) Message-ID: <52F42ECB.4050700@FreeBSD.org> Date: Fri, 07 Feb 2014 01:54:35 +0100 From: Martin Matuska User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:24.0) Gecko/20100101 Thunderbird/24.2.0 MIME-Version: 1.0 To: Craig Rodrigues , girgen@FreeBSD.org Subject: Re: VIMAGE + PF crash in mbuf destructor References: <51ED5308.3020008@gmx.com> <201307222338.09833.zec@fer.hr> <1389886004148-5876949.post@n5.nabble.com> <1391536059015-5882971.post@n5.nabble.com> In-Reply-To: X-Enigmail-Version: 1.5.2 Content-Type: text/plain; charset=ISO-8859-1 Content-Transfer-Encoding: 7bit X-Content-Filtered-By: Mailman/MimeDel 2.1.17 Cc: freebsd-pf@FreeBSD.org X-BeenThere: freebsd-pf@freebsd.org X-Mailman-Version: 2.1.17 Precedence: list List-Id: "Technical discussion and general questions about packet filter \(pf\)" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 07 Feb 2014 00:54:46 -0000 I don't have objections - the patch was done with avg's help and does its job, but we may consult someone first. http://people.freebsd.org/~mm/patches/pf_mtag_taskq.patch On 2014-02-07 00:37, Craig Rodrigues wrote: > > On Tue, Feb 4, 2014 at 9:47 AM, mm > wrote: > > Looks like I experience this panic, too. > > To fix the mbuf and taskq problems, I use the following pach atm.: > http://people.freebsd.org/~mm/patches/pf_mtag_taskq.patch > > > > Thanks for showing that patch. It looks good to me. Is it good > enough for commit? > This problem has been around for a while. >