Date: Fri, 11 Oct 2002 00:08:28 -0700 From: Terry Lambert <tlambert2@mindspring.com> To: Luigi Rizzo <rizzo@icir.org> Cc: abe <abe@informationwave.net>, hackers@FreeBSD.ORG Subject: Re: fatal trap 12 kernel panic Message-ID: <3DA678EC.9C756D88@mindspring.com> References: <20021011044636.GA84506@dipole.informationwave.net> <20021011000027.A69671@carp.icir.org>
next in thread | previous in thread | raw e-mail | index | archive | help
Luigi Rizzo wrote: > On Fri, Oct 11, 2002 at 12:46:36AM -0400, abe wrote: > ... > > Unfortunately, feedback sent while in good intentions did not > > help. However, in further tinkering with this issue I believe I've > > come to a conclusion. I run a rather high-traffic server so I had > > initially increased net.inet.ip.fw.dyn_buckets to 500, from the > > default 256 > > ah... i think the bucket size has to be a power of two (and I thought > the kernel would check that the value is correct, but i might have missed > something). It does check. There's a bug in the allocation code, though, where if it fails the allocation, it can take something that was working, and make it non-working. It can also fail the initial allocation, and drop into the rest of the code, if the value is changed before the startup. See my last posting for a patch for these. I still think the problem is related to the number of requests on a particular UDP socket from too many sources: the failure is in the UDP send path for dynamic rule insertion, which imlies that it's a UDP response. Probably, you could use this to get a packet in that you shouldn't be able to get in, BTW, by abusing a response from an allowed request to make an illegal request (I'm not that into the ipfw code, though). -- Terry To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-hackers" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?3DA678EC.9C756D88>