Date: Thu, 30 Apr 2015 06:07:55 -0700 From: David Wolfskill <david@catwhisker.org> To: "Alexander V. Chernikov" <melifaro@freebsd.org> Cc: "current@freebsd.org" <current@freebsd.org>, "ipfw@freebsd.org" <ipfw@freebsd.org> Subject: Re: The KASSERT from r282155 fired; have crash dump. will travel Message-ID: <20150430130755.GC1225@albert.catwhisker.org> In-Reply-To: <7250511430398719@web3h.yandex.ru> References: <20150430123131.GB1225@albert.catwhisker.org> <7250511430398719@web3h.yandex.ru>
next in thread | previous in thread | raw e-mail | index | archive | help
--TS2lcZuyPwZjLAUw Content-Type: text/plain; charset=iso-8859-1 Content-Disposition: inline Content-Transfer-Encoding: quoted-printable On Thu, Apr 30, 2015 at 03:58:39PM +0300, Alexander V. Chernikov wrote: > ... > > > > FreeBSD =A011.0-CURRENT FreeBSD 11.0-CURRENT #47 =A0r282269M/282269:110= 0071: Thu Apr 30 05:07:08 PDT 2015 =A0=A0=A0=A0root@g1-254.catwhisker.org:/= common/S3/obj/usr/src/sys/CANARY =A0amd64 > > > > panic: refcount incosistency: found: 0 unr: 0 total: 1 > Could you share your ruleset? Sure: 00100 allow ip from any to any via lo0 00200 deny ip from any to 127.0.0.0/8 00300 deny ip from 127.0.0.0/8 to any 00400 reass ip from any to any in 00500 allow ip from 172.17.1.254 to 172.17.1.254 00600 deny log ip from any to any ipoptions ssrr,lsrr,rr,ts 00700 deny log ip from table(1) to 172.17.1.254 00800 deny log ip from 172.17.1.254 to table(1) 00900 deny log ip from table(2) to 172.17.1.254 dst-port 22 01000 deny log ip from table(3) to 172.17.1.254 dst-port 80,443 01100 deny udp from any 135-139 to any 01200 deny udp from any to any dst-port 135-139 01300 deny tcp from any 135-139 to any 01400 deny tcp from any to any dst-port 135-139 01500 deny udp from any 445 to any 01600 deny udp from any to any dst-port 445 01700 deny tcp from any 445 to any 01800 deny tcp from any to any dst-port 445 01900 deny udp from any to any dst-port 631 02000 deny udp from any to any dst-port 1985 02100 deny udp from any to any dst-port 2222 02200 deny udp from any to any dst-port 5353 02300 deny ip from 224.0.0.0/4 to any 02400 deny ip from any to 224.0.0.0/4 02500 allow icmp from any to any icmptypes 0,3,4,8,11,12 02600 allow udp from 172.17.1.254 68 to 172.17.0.1 dst-port 67 keep-state 02700 allow udp from 172.17.0.1 67 to 172.17.1.254 dst-port 68 keep-state 02800 allow udp from 172.17.1.254 68 to 172.17.0.1 dst-port 67 keep-state 02900 allow udp from 172.17.0.1 67 to 172.17.1.254 dst-port 68 keep-state 03000 allow udp from 172.17.1.254 to 172.17.255.255 dst-port 192 keep-state 03100 allow udp from any 192 to 172.17.1.254 03200 allow udp from 172.17.0.0/16 162 to 172.17.255.255 dst-port 162 keep-= state 03300 deny ip from any to 172.17.255.255 03400 deny ip from 172.17.255.255 to any 03500 allow tcp from any to any established 03600 allow tcp from 172.17.1.254 to any setup 03700 allow log tcp from any to any dst-port 22 setup 03800 allow log tcp from any to any dst-port 3690 setup 03900 allow tcp from any to 172.17.1.254 dst-port 80 setup 04000 allow tcp from any to 172.17.1.254 dst-port 443 setup 04100 deny log tcp from any to any setup 04200 allow udp from 172.17.1.254 to any dst-port 53 keep-state 04300 deny log udp from any to any dst-port 123 iplen 0-75 04400 allow udp from 172.17.1.254 to any dst-port 123 keep-state 04500 allow udp from any 123 to 255.255.255.255 dst-port 123 keep-state 04600 allow udp from 172.17.1.254 to any keep-state 04700 deny log ip from any to any 65535 deny ip from any to any (Note that the IP address assigned to lagg0 in this case is 172.17.1.254/16.) The tables in question have the following numbers of entries, in case that's useful: 1: 11355 2: 5234 3: 290 > (And this panic should happen on one particular rule, could check this?) Hmm.... I'd be happy to, if II knew how. Clue(s)? >... Peace, david --=20 David H. Wolfskill david@catwhisker.org Those who murder in the name of God or prophet are blasphemous cowards. See http://www.catwhisker.org/~david/publickey.gpg for my public key. --TS2lcZuyPwZjLAUw Content-Type: application/pgp-signature -----BEGIN PGP SIGNATURE----- Version: GnuPG v2 iQJ8BAEBCgBmBQJVQikqXxSAAAAAAC4AKGlzc3Vlci1mcHJAbm90YXRpb25zLm9w ZW5wZ3AuZmlmdGhob3JzZW1hbi5uZXQ4RThEMDY4QTIxMjc1MDZFRDIzODYzRTc4 QTY3RjlDOERFRjQxOTNCAAoJEIpn+cje9Bk7AxcP/2oJTa5hdHp31VnvIqzO+tpk PY8O/8wc+fQi8Acuc3fmM5YggzdXFvmGNEkEs6f59Qb+cPC2bax+Av8rNK/Jjenc +9jfoNYlyJCpEe2tV239IKcUhciN2lgHmJ5iCBoWqcQs4oKw7REZwJ0oEYFzWhNQ byC7d7MZ5p8O5NfrCeuBmLiyeFGdcYJ1c+z//X2mdnfhs/WxVvhj6G2XParznXq5 rDf+tWdbgGzd1sb+ai9ONLpxiSmuEckWgyAWL+5HkaHU2BVPIBWzaS4hPoViHGN0 hG5elbAIa8mX70TOShFJNs3VNDl68p1mrhnvIRYCLChfch8PZjT5DYAxHvxzuXUv jhSdUsUIQqOnUPGacRD+PKGGMqHb/5iWJqGt07jnnKIxWvX8Z0REUHPirBe4HzWH GtgjUOo2ib4mR432MkrF86J9nvlzH6jO13FKSmfvJ5S3IcTyOCUbgAZ/Xl27Qs3z hoUydn1/H17dS0Rqx9aqCodQ9Po6vcjuZNW4f+3PFwR0vSBUYlq4kYc/tIQE0c8y XYXA44kCkT2zw/jHLxPE1q5znSER1JoMrKreEUY11K4Hrt2Cc+cdOPqF0xIX9ZrL dBlD5LD4HFNet+XASvilh2W3B0tmVoDounlKInll6kNV1PZIzyY8zA58tY9M3zUD H1w3x4yEMKgvA+aSZkLr =fAfL -----END PGP SIGNATURE----- --TS2lcZuyPwZjLAUw--
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20150430130755.GC1225>