Re: HEADSUP: Sleep queues added to kernel, so be careful.

From: Robert Watson <rwatson_at_freebsd.org>
Date: Sat, 28 Feb 2004 17:26:46 -0500 (EST)
On Sat, 28 Feb 2004, Vincent Poy wrote:

> > > What seems to happen for me is that I was originally on a September 23,
> > > 2003 -CURRENT and then applied all /etc updates and then according to
> > > src/UPDATING - I did a make buildworld, followed by a make buildkernel,
> > > make installkernel and rebooted and things were still working.  Then I
> > > did a make installworld and then recvsupped with the latest tree which
> > > had src/sbin/savecore/savecore.c 1.68 as the latest thing, then repeated
> > > the make buildworld, make buildkernel, make installkernel, make
> > > installworld but this time as soon as I rebooted, the network seems to
> > > not work at all.  I can't get past the machine.  Is this something
> > > broken with ipfw since I can't ping the public IP but I can ping the
> > > local 192.168.0.1 address but not anything beyond that and is connected
> > > at 100Mbps Full Duplex.  Tried switching both NIC cards and cables just
> > > in case they decided to fail but no go either.
> >
> > Could you confirm that your userspace and userland are really 100% in
> > sync?  If you run without IPFW, do things work properly?
> 
> 	Yep, they are in sync.  I guess I stayed up all night trying to
> figure it out and right before your message, that's what I decided to do
> by changing my /etc/rc.conf for firewall_enable="NO" from "YES" even
> though I left the firewall_type="open".  My /etc/rc.firewall script does
> use pipe and queues from dummynet so I don't know if that has an effect
> or not.  But anyways, with the firewall disabled, this time ping and
> traceroute doesn't seem to get anywhere and "ipfw show" shows:  65535
> 299 19878 deny ip from any to any so I did a "ipfw add 65000 allow all
> from any to any" and then the box can reach the outside fine so it seems
> like either the ipfw or dummynet is broken. 

I'm not sure I quite understand the various configurations from your
description, it seems like there's a number of variables floating around. 
Could you send a copy of your firewall rules and pertinent rc.conf entries
so I can take a look?  Also, could you lay out the various cases a little
more clearly -- something like the following:

ipfw loaded	ipfw enabled	local traffic	non-local traffic
no		no		?		?
yes		no		?		?
yes		yes		?		?

Note that if ipfw is loaded but you haven't configured rules, the default
rule is to deny all IP traffic, implementing a fail closed/conservative
model.  This means that if ipfw is loaded, you need to have at least one
accept rule in place.  "open" is supposed to get things somewhat open at
least.

Robert N M Watson             FreeBSD Core Team, TrustedBSD Projects
robert_at_fledge.watson.org      Senior Research Scientist, McAfee Research
Received on Sat Feb 28 2004 - 13:27:53 UTC

This archive was generated by hypermail 2.4.0 : Wed May 19 2021 - 11:37:45 UTC