> Ian FREISLICH wrote: > > Hi > > > > I got this panic yesterday on a fairly busy firewall. I have some > > private patches to ip_fw2.c and to the em driver (see the earlier > > "em0 hijacking traffic to port 623" thread). I don't think this > > panic is a result of those changes. > > > > It occurred round about the time an address was added to an interface. > > > > I'll keep the crashdump around for a while in case anyone wants more data. > > > > FreeBSD firewall2 7.0-CURRENT FreeBSD 7.0-CURRENT #4: Thu May 24 10:43:20 SAST 2007 ianf_at_firewall2:/usr/obj/usr/src/sys/FIREWALL i386 > > > > There is no locking to say between the firewall and the interface addresses. > it probably followed a bad pointer when the addresses were changed.. > > your bug report should say > > "ipfw doesn't take part in interface address locking, > leading to occasional crashes" This is the second crash I've seen as a result of this locking omission in about 1.5 years of production: http://lists.freebsd.org/pipermail/freebsd-current/2006-August/065488.html I'm not sure how to fix this without a large performance penalty. To acquire the lock each time for the "me" check might result in many many acquisitions when checking a packet against the ruleset. However to acquire it once for every packet may be unnecessary. Also, I'm not really sure which lock to use of the plethora that exist. Ian -- Ian FreislichReceived on Fri Jun 08 2007 - 12:36:10 UTC
This archive was generated by hypermail 2.4.0 : Wed May 19 2021 - 11:39:12 UTC