Skip site navigation (1)Skip section navigation (2) 
Date:      Fri, 14 Jun 2019 10:21:52 -0700
From:      Freddie Cash <fjwcash@gmail.com>
To:        Peter <pmc@citylink.dinoex.sub.org>
Cc:        "freebsd-ipfw@freebsd.org" <freebsd-ipfw@freebsd.org>
Subject:   Re: ipfw: switching sets does stall the machine
Message-ID:  <CAOjFWZ7nYmP3i77_2UiS1O6ak4M8=B9tyPPMFPxTrpMdE-mhZw@mail.gmail.com>
In-Reply-To: <20190614153302.GA4503@gate.oper.dinoex.org>
References:  <20190614153302.GA4503@gate.oper.dinoex.org>
next in thread | previous in thread | raw e-mail | index | archive | help 
On Fri, Jun 14, 2019 at 10:13 AM Peter <pmc@citylink.dinoex.sub.org> wrote:

> Hi,
> I am trying to use two different configurations (production and test)
> loaded into different sets, and switch between them with
>
>    # ipfw set disable ... enable ...
>
> When testing my script, this did work, except once the machine went
> into "swap_pager indefinite wait" and was lost.
>
> Then, after reboot (and automatically loading the production rules) I
> tried to load and switch to the test rules, and immediately got ATA
> COMMAND TIMEOUT and the machine was lost.
>
> I repeated this a few times, it is nicely reproducible: withing 3-5
> seconds after the new rules are loaded, the machine locks up and is
> lost.
>
> I analyzed more closely by running "top -HPS" in rtprio, and found
> this:
>  * loading the rules is no problem.
>  * when switching sets, the command returns, but then within few
>    seconds the machine gets unresponsive and stays so until watchdog
>    hits.
>  * The last thing seen in "top" (before it freezes) is this thread
>    eating 85% CPU (and running with high priority):
>    [irq12: uhci0 uhci1]
>
>
> It there a known workaround?
>
> Details:
> Machine : i386
> OS      : FreeBSD 11.2-RELEASE-p10
> Command : ipfw set disable 1 2 3 4 5 6 7 8 9 10 11 12 13 14 enable 16
>                 17 18 19 20 21 22 23 24 25 26 27 28 29
>

Can't speak to this specific lockup, but I'm curious to know if it works
when you enable first, then disable (it's how we've used sets here at work).

-- 
Freddie Cash
fjwcash@gmail.com

Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?CAOjFWZ7nYmP3i77_2UiS1O6ak4M8=B9tyPPMFPxTrpMdE-mhZw>