From owner-freebsd-pf@FreeBSD.ORG Wed Aug 10 09:22:00 2005 Return-Path: X-Original-To: freebsd-pf@freebsd.org Delivered-To: freebsd-pf@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 905BE16A41F for ; Wed, 10 Aug 2005 09:22:00 +0000 (GMT) (envelope-from slapinid@gmail.com) Received: from zproxy.gmail.com (zproxy.gmail.com [64.233.162.200]) by mx1.FreeBSD.org (Postfix) with ESMTP id 2D31043D49 for ; Wed, 10 Aug 2005 09:21:59 +0000 (GMT) (envelope-from slapinid@gmail.com) Received: by zproxy.gmail.com with SMTP id z6so56967nzd for ; Wed, 10 Aug 2005 02:21:59 -0700 (PDT) DomainKey-Signature: a=rsa-sha1; q=dns; c=nofws; s=beta; d=gmail.com; h=received:message-id:date:from:to:subject:in-reply-to:mime-version:content-type:content-transfer-encoding:content-disposition:references; b=Vh8BWtvLq0WhPNOriQXPakDCaZ7OeLfSKl5Ak10pRGS7bYyc2bApb/QFvI3lgC1CKQHAyvd9iT0XZA00HvmnxxCmM/9QIVJf9R50xDEvsPEHOlTKZCzTtcjJkXcnZcSFTvLyDp1B9/g1+2TWwdBb29blEBFgwo7Z4y2NFTOcwpI= Received: by 10.36.247.75 with SMTP id u75mr536291nzh; Wed, 10 Aug 2005 02:21:59 -0700 (PDT) Received: by 10.36.33.4 with HTTP; Wed, 10 Aug 2005 02:21:59 -0700 (PDT) Message-ID: <48239d390508100221659db9d6@mail.gmail.com> Date: Wed, 10 Aug 2005 13:21:59 +0400 From: Sergey Lapin To: freebsd-pf@freebsd.org In-Reply-To: <200508060411.05482.max@love2party.net> Mime-Version: 1.0 Content-Type: text/plain; charset=ISO-8859-1 Content-Transfer-Encoding: quoted-printable Content-Disposition: inline References: <48239d390508040958265ce62@mail.gmail.com> <48239d3905080504297b3ebc89@mail.gmail.com> <200508060411.05482.max@love2party.net> Subject: Re: Fwd: pf problems X-BeenThere: freebsd-pf@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: "Technical discussion and general questions about packet filter \(pf\)" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 10 Aug 2005 09:22:00 -0000 On 8/6/05, Max Laier wrote: > Sergey, >=20 > On Friday 05 August 2005 13:29, Sergey Lapin wrote: > > Hi, all: > <...> > > Test case: > > (done from Linix machine from 1.1.1.128/25) > > > > tcpreplay -e 1.1.1.133:255.255.255.255 -i eth0 packet > > (where packet is random captured UDP packet using tcpdump -peni) > > > > or > > > > tcpreplay -e 1.1.1.133:10.2.2.2 -i eth0 packet > > (where packet is random captured UDP packet) > > > > kills machine. > > Machine hangs and doesn't react on keyboard, whatever. > > Only reset helps. > > Directly blocking addresses in pf.conf help and normal connections > > with UDP disabled > > work well. > > Any ideas? >=20 > What version of FreeBSD are you running? Do you have a SMP/PREEMPTION ke= rnel? > Does setting debug.mpsafenet=3D0 in loader.conf change the situation? Do= you > have a chance to attach a remote debugger or can you try to break into th= e > debugger from the console? Status update: It's not SMP/PREEMPTION kernel debug.mpsafenet=3D0 doesn't help I couldn't break into debugger - machine is locked and looped somehow. It sends that packet in loop even when we stop sending it. More than that - the situation doesn't replicate in vmware. More on that - when we set everything on VLANs and use only one physical interface (fxp), about 30 seconds passes before machine dies and if we stop sending traffic, it survives. Seems like some buffer filling... When we use several physical interfaces(fxp, xl0, xl1) without vlans system die immediately. Any ideas?