ipf 3.4.35 woes

From: Damian Gerow <dgerow_at_afflictions.org> Date: Tue, 22 Jun 2004 22:08:01 -0400 · This archive was generated by hypermail 2.4.0 : Wed May 19 2021 - 11:37:58 UTC

The upgrade to ipf 3.4.35 is causing me grief.  And yes, my kernel and
userland are in sync:

    ipf: IP Filter: v3.4.35 (336)
    Kernel: IP Filter: v3.4.35              
    Running: yes
    Log Flags: 0 = none set
    Default: block all, Logging: available
    Active list: 1

I get a panic right after bringing up lo0 on regular boot.  If I boot into
single user mode, bring up lo0, bring up my main interface, and then load
the rules, I don't panic.  My rules are simple -- a pass in quick/pass out
quick pair for every interface on the machine, and a general pass in
quick/pass out quick for all IPv6.

There are four interfaces on this machine: lo0, rl0, fxp0, and a
freshly-added ath0.  The only ones that come up during boot are lo0 and
fxp0.

Since the panic passed through pen and paper, whitespace may be off.  But
here's the boot log/panic:

Enabling ipfilter.
lo0: <standard lo0 information>

kernel trap 12 with interrupts disabled

Fatal trap 12: page fault while in kernel mode
cpuid = 0, apic id = 0
fault virtual address   = 0x10
fault code              = supervisor read, page not present
instruction pointer     = 0x8:0xc055dbe0
stack pointer           = 0x10:0xe554b95c
frame pointer           = 0x10:0xe554b95c
code segment            = base 0x0, limit 0xfffff, type 0x1b
                        = DPL 0, pres 1, def32 1, gran 1
processor eflags        = resume, IOPL = 0
current process         = 3346 (ipf)
kernel: type 12 trap, code 0
Stopped at      turnstile_head+0x6:       movl    0(%eax),%eax
db> trace
turnstile_head(0,1000000,e554b998,c052b2d2,0) at turnstile_head+0x6
_mtx_unlock_sleep(c07c2d00,0,0,0,0) at _mtx_unlock_sleep+0x4d
frsync(c1b86600,c1d8fa28,c1a7abe0,e554b9bc,0) at frsync+0xfb
iplioctl(c1b86600,80047249,e554bc58,3,c1a7abe0) at iplioctl+0x563
spec_ioctl(e554bb80,e554bc2c,c05a41ec,e554bb80,c1eb7a18) at spec_ioctl+0x168
spec_vnoperate(e554bb80,c1cb7a18,3,c0706c52,c07a9960) at spec_vnoperate+0x18
vn_ioctl(e1cb7a18,80047249,e554bc58,c197e600,c1a7abe0)at vn_ioctl+0x18c
ioctl(c1a7abe0,e554bd14,c,280ce000,3) at ioctl+0x5a4
syscall(2f,2f,2f,bfbfeec8,2) at syscall+0x2f0
Xint0x80_syscall() at Xint0x80_syscall+0x1f
--- syscall (54, FreeBSD ELF32, ioctl), eip = 0x280ce657, esp = 0xbfbfee5c, ebp = 0xbfbfee78 ---
db>

  - Damian