Re: iflib/bridge kernel panic

From: Shawn Webb <shawn.webb_at_hardenedbsd.org>
Date: Tue, 29 Sep 2020 17:36:15 -0400
On Tue, Sep 29, 2020 at 11:20:44PM +0200, Kristof Provost wrote:
> 
> 
> On 28 Sep 2020, at 16:44, Alexander Leidinger wrote:
> 
> > Quoting Kristof Provost <kp_at_freebsd.org> (from Mon, 28 Sep 2020 13:53:16
> > +0200):
> > 
> > > On 28 Sep 2020, at 12:45, Alexander Leidinger wrote:
> > > > Quoting Kristof Provost <kp_at_freebsd.org> (from Sun, 27 Sep 2020
> > > > 17:51:32 +0200):
> > > > > Here???s an early version of a task queue based approach: http://people.freebsd.org/~kp/0001-bridge-Cope-with-if_ioctl-s-that-sleep.patch
> > > > > 
> > > > > That still needs to be cleaned up, but this should resolve
> > > > > the sleep issue and the LOR.
> > > > 
> > > > There are some issues... seems like inside a jail I can't ping
> > > > systems outside of the hardware.
> > > > 
> > > > Bridge setup:
> > > >    - member jail A
> > > >    - member jail B
> > > >    - member external_if of host
> > > > 
> > > > If I ping the router from the host, it works. If I ping from one
> > > > jail to another, it works. If I ping from the jail to the IP of
> > > > the external_if, it works. If I ping from a jail to the router,
> > > > I do not get a response.
> > > > 
> > > Can you check for 'failed ifpromisc' error messages in dmesg? And
> > > verify that all bridge member interfaces are in promiscuous mode?
> > 
> > I have a panic for you...:
> >  - startup still in progress = 22 jails in startup, somewhere after a
> > few jails started the panic happened
> >  - tcpdump was running on the external interface
> >  - a ping to a jail IP from another system was running, the first ping
> > went through, then it paniced
> > 
> > First regarding your questions about promisc mode: no error, but the
> > promisc mode is directly disabled again on all interfaces.
> > 
> I think I see why you had issues with the promiscuous setting. I???ve
> updated the patch to be even more horrific than it was before.
> 
> I can???t explain the panic, and the backtrace also doesn???t appear to be
> directly related to this patch. Not sure what???s going on with that.

I should have time to test the new patch this weekend. ${LIFE} is
keeping me busy the past few weeks. I'm gonna add an event in my
calendar to remind me to test the patch. heh.

Thanks,

-- 
Shawn Webb
Cofounder / Security Engineer
HardenedBSD

GPG Key ID:          0xFF2E67A277F8E1FA
GPG Key Fingerprint: D206 BB45 15E0 9C49 0CF9  3633 C85B 0AF8 AB23 0FB2
https://git-01.md.hardenedbsd.org/HardenedBSD/pubkeys/src/branch/master/Shawn_Webb/03A4CBEBB82EA5A67D9F3853FF2E67A277F8E1FA.pub.asc

Received on Tue Sep 29 2020 - 19:36:19 UTC

This archive was generated by hypermail 2.4.0 : Wed May 19 2021 - 11:41:25 UTC