Skip site navigation (1)Skip section navigation (2) 
Date:      Sun, 16 Jan 2005 19:10:28 -0800
From:      Kris Kennaway <kris@obsecurity.org>
To:        "Lin, Tsung Ching" <tclin@iis.sinica.edu.tw>
Cc:        freebsd-questions@freebsd.org
Subject:   Re: System Freeze with freebsd-5.3-Release-p5
Message-ID:  <20050117031028.GA16978@xor.obsecurity.org>
In-Reply-To: <1105930887.22726.18.camel@tclin>
References:  <1105930887.22726.18.camel@tclin>
next in thread | previous in thread | raw e-mail | index | archive | help 

--mYCpIKhGyMATD0i+
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
Content-Transfer-Encoding: quoted-printable

On Mon, Jan 17, 2005 at 11:01:27AM +0800, Lin, Tsung Ching wrote:

> #########################################################################=
########
> # KERNCONF
> include         SMP
>=20
> ident           IBM-XSERIES-335
>=20
> options         IPFIREWALL              #firewall
> options         IPFIREWALL_VERBOSE      #enable logging to syslogd(8)
> #options         IPFIREWALL_VERBOSE_LIMIT=3D100    #limit verbosity
> #options         IPFIREWALL_DEFAULT_TO_ACCEPT    #allow everything by
> default
> options         IPFIREWALL_FORWARD      #packet destination changes
> options         IPV6FIREWALL            #firewall for IPv6
> options         IPV6FIREWALL_VERBOSE
> #options         IPV6FIREWALL_VERBOSE_LIMIT=3D100
> #options         IPV6FIREWALL_DEFAULT_TO_ACCEPT
> options         IPDIVERT                #divert sockets
> options         IPSTEALTH               #support for stealth forwarding
> options         TCP_DROP_SYNFIN         #drop TCP packets with SYN+FIN
> #options        TCP_SIGNATURE           #include support for RFC 2385
> options         DUMMYNET
> options         BRIDGE
> options         ZERO_COPY_SOCKETS

Some of these are suspicious:

> options         MBUF_STRESS_TEST

This is designed to induce failures in buggy code.  You might be
provoking a problem you wouldn't otherwise see in normal operation.

> options         TCPDEBUG

"This is undocumented"

i.e. you probably don't want it.

> options         MROUTING                # Multicast routing
> options         PIM                     # Protocol Independent Multicast

These two are not widely used, so it's conceivable that they may be
buggy.

Take them all out (if you need the last 2, still try without them to
see if the problem is there).

Kris

--mYCpIKhGyMATD0i+
Content-Type: application/pgp-signature
Content-Disposition: inline

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.0 (FreeBSD)

iD8DBQFB6yykWry0BWjoQKURAgtQAJoCCeKRLOH3WIFHYerljViz1ZOjOwCgoEb8
SrKd+RCxCg2Vzl7QJhOFkMk=
=X8QD
-----END PGP SIGNATURE-----

--mYCpIKhGyMATD0i+--

Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20050117031028.GA16978>