-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
On Thu, 24 May 2012, Daniel Hartmeier wrote:
On Thu, May 24, 2012 at 09:10:04AM +0000, Joerg Pulz wrote:
panic: ipfw_check_hook:281 ASSERT_HOST_BYTE_ORDER 45056 176
ipfw_check_hook() at ipfw_check_hook+0x511
pfil_run_hooks() at pfil_run_hooks+0xf1
ip_output() at ip_output+0x6de
ip_forward() at ip_forward+0x19e
ip_input() at ip_input+0x680
swi_net() at swi_net+0x15a
OK, this convinces me that the problem is in ipfw.
You enabled it with
options IPFIREWALL
options IPFIREWALL_VERBOSE
options IPFIREWALL_VERBOSE_LIMIT=100
options IPFIREWALL_DEFAULT_TO_ACCEPT
but say you're not using it?
The above will actually enable ipfw's packet inspection with a default
pass rule. And a non-trivial amount of code runs, unlike pf (and
ipfilter), which must first be enabled (like with pfctl -e) first.
Could you rebuild a kernel without the above options, just to confirm
the theory that the problem is related to ipfw?
We can try to find the problem within ipfw, maybe asking the ipfw
developers for help.
Daniel,
exactly, ipfw was enabled with the above kernel options but not configured
to filter or do anything but the DEFAULT_TO_ACCEPT.
I've rebuilt the kernel without IPFIREWALL options. The system is running
now for about three and a half hours.
Time will show if this solved our problem.
I'm still wondering why these panics showed up in irregular unreproducable
intervals.
Thanks for writing to the ipfw list. I'm really interested in tracking
this further down to fix it forever, so nobody will stumble over it again.
Thanks for all your help. Feel free to contact me if you have new ideas or
things i should try.
Kind regards
Joerg
- --
The beginning is the most important part of the work.
-Plato
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2.0.18 (FreeBSD)
iD8DBQFPvjyPSPOsGF+KA+MRAqgqAJ0Z8uuoOLHpbEcUTSrg1oXgNu7sowCfem2Z
r8rPTyO39GMo9qJa10z+zzM=
=pq7s
-----END PGP SIGNATURE-----
_______________________________________________
[email protected] mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-pf
To unsubscribe, send any mail to "[email protected]"
