Note it does not lose time if I disable DEVICE_POLLING (kern.polling.enable=0). I've also been unable to cause the box to reboot when not using DEVICE_POLLING, but I believe a large factor of that is the box runs out of CPU (100% pegged in interrupt) and just can't handle the packet stream fast enough.
Greg * Darren Reed ([EMAIL PROTECTED]) [030530 19:27]: > In some email I received from Greg Rumple, sie wrote: > > And sure enough, I found a DoS tool that will crash it (with the error I > > was getting) like clockwork. I can cause it to crash in as little as 10 > > packets (it's an ICMP exploit btw interestingly enough (and rebuilding > > the kernel with no INET6 didn't help btw)). > > > > I also started taking pieces out of the kernel in an attempt to narrow > > it down. What I found was it only happens when I use the BIMAP piece of > > the puzzle (along with the proxy arp of course). I basically stripped > > my system down to the following. > > > > No ipf rules (so allow everything) > > > > ipnat.rules > > ----------- > > bimap fxp0 10.10.2.231/32 -> 1.2.3.231/32 > > If you remove the next two rules, it still panic's ? > > > map fxp0 10.10.2.0/24 -> 1.2.3.70/32 portmap tcp/udp 1025:65000 > > map fxp0 10.10.2.0/24 -> 1.2.3.70/32 > > Darren > -- Greg Rumple [EMAIL PROTECTED]
