I have had serious lockups on Solaris-9 Generic_112234-06 pfil-2.1.4 ipfilter 4.1.3 when ipfilter 3.3.22 has run fine.
I've just built a new box of Solaris-9 Generic_117172-12 on which I can stress test the latest versions without worry.
Lund
Scott Palmer wrote:
I had the same issues with IPFIlter v4.. I ended up downgrading to 3.4.35 and so far have no issues.. I have compiled them using Sun Studio 9 if you would like the packages..
Scott
is 9 kernal ver 12 with no problems at all.
Does any one know why pfil is causing the panic and dump on teh sol9 kernal ver 13? Please see the server data per the FAQ's below. The patch cluster is current as of 12/04 and patch 112233-02 included.
Thanks
Dallas
# uname - a usage: uname [-snrvmapiX] uname [-S system_name] # uname -a SunOS nsfone 5.9 Generic_117171-13 sun4u sparc SUNW,Sun-Blade-1000 # isainfo -vk 64-bit sparcv9 kernel modules # ifconfig -a lo0: flags=1000849<UP,LOOPBACK,RUNNING,MULTICAST,IPv4> mtu 8232 index 2 inet 127.0.0.1 netmask ff000000 eri0: flags=1000843<UP,BROADCAST,RUNNING,MULTICAST,IPv4> mtu 1500 index 3 inet 206.168.68.96 netmask ffffff00 broadcast 206.168.68.255 ether 0:3:ba:16:f6:cf # netstat -m streams allocation: cumulative allocation current maximum total failures streams 288 357 19996 0 queues 752 912 50105 0 mblk 7584 9271 44657 0 dblk 7582 9479 1284704 0 linkblk 6 169 11 0 strevent 8 169 4909 0 syncq 15 48 53 0 qband 2 127 2 0
5650 Kbytes allocated for streams data # netstat -i Name Mtu Net/Dest Address Ipkts Ierrs Opkts Oerrs Collis Queue lo0 8232 loopback localhost 49839 0 49839 0 0 0 eri0 1500 nsfone.fone.net nsfone.fone.net 95900 0 87238 6 0 0
# netstat -s -P ip
IPv4 ipForwarding = 2 ipDefaultTTL = 255 ipInReceives = 88072 ipInHdrErrors = 0 ipInAddrErrors = 0 ipInCksumErrs = 0 ipForwDatagrams = 0 ipForwProhibits = 0 ipInUnknownProtos = 0 ipInDiscards = 0 ipInDelivers =137489 ipOutRequests = 87821 ipOutDiscards = 0 ipOutNoRoutes = 24 ipReasmTimeout = 60 ipReasmReqds = 0 ipReasmOKs = 0 ipReasmFails = 0 ipReasmDuplicates = 0 ipReasmPartDups = 0 ipFragOKs = 0 ipFragFails = 0 ipFragCreates = 0 ipRoutingDiscards = 0 tcpInErrs = 0 udpNoPorts = 679 udpInCksumErrs = 0 udpInOverflows = 0 rawipInOverflows = 0 ipsecInSucceeded = 0 ipsecInFailed = 0 ipInIPv6 = 0 # ipf -V ipf: IP Filter: v4.1.3 (592) Kernel: IP Filter: v4.1.3 Running: yes Log Flags: 0 = none set Default: pass all, Logging: available Active list: 1 Feature mask: 0x187 # ipfstat bad packets: in 0 out 0 IPv6 packets: in 0 out 0 input packets: blocked 1340 passed 88838 nomatch 1 counted 0 short 0 output packets: blocked 118 passed 88515 nomatch 0 counted 0 short 0 input packets logged: blocked 0 passed 0 output packets logged: blocked 0 passed 0 packets logged: input 0 output 0 log failures: input 0 output 0 fragment state(in): kept 0 lost 0 not fragmented 0 fragment state(out): kept 0 lost 0 not fragmented 0 packet state(in): kept 1112 lost 0 packet state(out): kept 26785 lost 118 ICMP replies: 0 TCP RSTs sent: 0 Invalid source(in): 0 Result cache hits(in): 6400 (out): 0 IN Pullups succeeded: 0 failed: 0 OUT Pullups succeeded: 928 failed: 0 Fastroute successes: 0 failures: 0 TCP cksum fails(in): 0 (out): 0 IPF Ticks: 4821 Packet log flags set: (0) none # ipfstat -io pass out quick on lo0 all pass out quick on eri0 proto udp from any to any keep state pass out quick on eri0 proto tcp from any to any keep state pass out quick on eri0 proto icmp from any to any keep state pass out quick on eri0 proto tcp from any to any port = imap keep state pass out quick on eri0 proto tcp from any to any port = smtp keep state pass out quick on eri0 proto tcp from any to any port = pop3 keep state pass in quick on lo0 all pass in quick on eri0 proto tcp from any to any port = ftp pass in quick on eri0 proto tcp from any to any port = ftp-data pass in quick on eri0 proto tcp from any port = ftp-data to any port > 1023 pass in quick on eri0 proto tcp from any to any port = domain pass in quick on eri0 proto udp from any to any port = domain pass in quick on eri0 proto tcp from any to any port = imap keep state pass in quick on eri0 proto tcp from any to any port = smtp keep state pass in quick on eri0 proto tcp from any to any port = www keep state pass in quick on eri0 proto tcp from any to any port = 28080 keep state pass in quick on eri0 proto tcp from any to any port = https pass in quick on eri0 proto tcp from any to any port = 28080 pass in quick on eri0 proto tcp from any to any port = pop3 keep state pass in quick on eri0 proto tcp from 192.9.9.1/32 to any port = imap pass in quick on eri0 proto tcp from 192.9.9.1/32 to any port = telnet pass in quick on eri0 proto tcp from 192.9.9.1/32 to any port = ftp pass in quick on eri0 proto tcp from 192.9.25.10/32 to any port = imap pass in quick on eri0 proto tcp from 192.9.25.10/32 to any port = telnet pass in quick on eri0 proto tcp from 192.9.25.10/32 to any port = ftp pass in quick on eri0 proto tcp from 192.18.98.20/32 to any port = imap pass in quick on eri0 proto tcp from 192.18.98.20/32 to any port = telnet pass in quick on eri0 proto tcp from 192.18.98.20/32 to any port = ftp pass in quick on eri0 proto tcp/udp from 206.168.68.0/24 to any port = ssh keep sta pass in quick on eri0 proto tcp/udp from 206.168.78.0/24 to any port = ssh keep sta pass in quick on eri0 proto tcp/udp from 206.168.248.0/24 to any port = ssh keep st pass in quick on eri0 proto tcp/udp from 206.168.249.0/24 to any port = ssh keep st pass in quick on eri0 proto tcp/udp from 206.168.250.0/24 to any port = ssh keep st pass in quick on eri0 proto tcp/udp from 206.168.251.0/24 to any port = ssh keep st pass in quick on eri0 proto tcp/udp from 206.168.252.0/24 to any port = ssh keep st pass in quick on eri0 proto tcp/udp from 206.168.253.0/24 to any port = ssh keep st pass in quick on eri0 proto tcp/udp from 207.174.182.0/24 to any port = ssh keep st pass in quick on eri0 proto tcp/udp from 207.174.192.0/24 to any port = ssh keep st pass in quick on eri0 proto tcp/udp from 199.3.18.0/24 to any port = ssh keep state pass in quick on eri0 proto tcp/udp from 199.3.123.0/24 to any port = ssh keep stat pass in quick on eri0 proto tcp/udp from 204.251.223.0/24 to any port = ssh keep st pass in quick on eri0 proto tcp/udp from 208.213.220.0/24 to any port = ssh keep st pass in quick on eri0 proto tcp/udp from 208.213.221.0/24 to any port = ssh keep st pass in quick on eri0 proto tcp/udp from 208.213.222.0/24 to any port = ssh keep st pass in quick on eri0 proto tcp/udp from 207.13.165.0/24 to any port = ssh keep sta pass in quick on eri0 proto tcp/udp from 63.170.195.0/24 to any port = ssh keep sta pass in quick on eri0 proto tcp/udp from 192.9.25.10/32 to any port = ssh keep stat pass in quick on eri0 proto tcp/udp from 192.18.98.20/32 to any port = ssh keep sta pass in quick on eri0 proto tcp/udp from 199.45.150.0/24 to any port = ssh keep sta pass in quick on eri0 proto tcp/udp from 148.65.1.154/32 to any port = ssh keep sta pass in quick on eri0 proto tcp/udp from 66.17.170.34/32 to any port = ssh keep sta pass in quick on eri0 proto tcp/udp from 66.17.168.249/32 to any port = ssh keep st pass in quick on eri0 proto tcp from 206.168.68.0/24 to any port = telnet pass in quick on eri0 proto tcp from 206.168.78.0/24 to any port = telnet pass in quick on eri0 proto tcp from 206.168.248.0/24 to any port = telnet pass in quick on eri0 proto tcp from 206.168.249.0/24 to any port = telnet pass in quick on eri0 proto tcp from 206.168.250.0/24 to any port = telnet pass in quick on eri0 proto tcp from 206.168.251.0/24 to any port = telnet pass in quick on eri0 proto tcp from 206.168.252.0/24 to any port = telnet pass in quick on eri0 proto tcp from 206.168.253.0/24 to any port = telnet pass in quick on eri0 proto tcp from 207.174.182.0/24 to any port = telnet pass in quick on eri0 proto tcp from 207.174.192.0/24 to any port = telnet pass in quick on eri0 proto tcp from 199.3.18.0/24 to any port = telnet pass in quick on eri0 proto tcp from 199.3.123.0/24 to any port = telnet pass in quick on eri0 proto tcp from 204.251.223.0/24 to any port = telnet pass in quick on eri0 proto tcp from 208.213.220.0/24 to any port = telnet pass in quick on eri0 proto tcp from 208.213.221.0/24 to any port = telnet pass in quick on eri0 proto tcp from 208.213.222.0/24 to any port = telnet pass in quick on eri0 proto tcp from 207.13.165.0/24 to any port = telnet pass in quick on eri0 proto tcp from 63.170.195.0/24 to any port = telnet pass in quick on eri0 proto tcp from 63.173.128.0/24 to any port = telnet pass in quick on eri0 proto tcp from 65.172.252.0/24 to any port = telnet pass in quick on eri0 proto tcp from 65.172.253.0/24 to any port = telnet pass in quick on eri0 proto tcp from 209.17.183.0/24 to any port = telnet pass in quick on eri0 proto tcp from 148.65.1.154/32 to any port = telnet pass in quick on eri0 proto tcp from 206.168.68.0/24 to any port = prism keep state pass in quick on eri0 proto tcp/udp from 206.168.68.36/32 to any keep state pass in quick on eri0 proto tcp/udp from 206.168.68.100/32 to any keep state pass in quick on eri0 proto tcp from 206.168.78.0/24 to any port = prism pass in quick on eri0 proto tcp from 206.168.248.0/24 to any port = prism pass in quick on eri0 proto tcp from 206.168.249.0/24 to any port = prism pass in quick on eri0 proto tcp from 206.168.250.0/24 to any port = prism pass in quick on eri0 proto tcp from 206.168.251.0/24 to any port = prism pass in quick on eri0 proto tcp from 206.168.252.0/24 to any port = prism pass in quick on eri0 proto tcp from 206.168.253.0/24 to any port = prism pass in quick on eri0 proto tcp from 207.174.182.0/24 to any port = prism pass in quick on eri0 proto tcp from 207.174.192.0/24 to any port = prism pass in quick on eri0 proto tcp from 199.3.18.0/24 to any port = prism pass in quick on eri0 proto tcp from 199.3.123.0/24 to any port = prism pass in quick on eri0 proto tcp from 204.251.223.0/24 to any port = prism pass in quick on eri0 proto tcp from 208.213.220.0/24 to any port = prism pass in quick on eri0 proto tcp from 208.213.221.0/24 to any port = prism pass in quick on eri0 proto tcp from 208.213.222.0/24 to any port = prism pass in quick on eri0 proto tcp from 207.13.165.0/24 to any port = prism pass in quick on eri0 proto tcp from 63.170.195.0/24 to any port = prism pass in quick on eri0 proto tcp from 63.173.128.0/24 to any port = prism pass in quick on eri0 proto udp from 206.168.68.0/24 to any port = radius pass in quick on eri0 proto udp from 206.168.78.0/24 to any port = radius pass in quick on eri0 proto udp from 206.168.248.0/24 to any port = radius pass in quick on eri0 proto udp from 206.168.249.0/24 to any port = radius pass in quick on eri0 proto udp from 206.168.250.0/24 to any port = radius pass in quick on eri0 proto udp from 206.168.251.0/24 to any port = radius pass in quick on eri0 proto udp from 206.168.252.0/24 to any port = radius pass in quick on eri0 proto udp from 206.168.253.0/24 to any port = radius pass in quick on eri0 proto udp from 207.174.182.0/24 to any port = radius pass in quick on eri0 proto udp from 207.174.192.0/24 to any port = radius pass in quick on eri0 proto udp from 199.3.18.0/24 to any port = radius pass in quick on eri0 proto udp from 199.3.123.0/24 to any port = radius pass in quick on eri0 proto udp from 204.251.223.0/24 to any port = radius pass in quick on eri0 proto udp from 208.213.220.0/24 to any port = radius pass in quick on eri0 proto udp from 208.213.221.0/24 to any port = radius pass in quick on eri0 proto udp from 208.213.222.0/24 to any port = radius pass in quick on eri0 proto udp from 207.13.165.0/24 to any port = radius pass in quick on eri0 proto udp from 63.170.195.0/24 to any port = radius pass in quick on eri0 proto udp from 63.173.128.0/24 to any port = radius pass in quick on eri0 proto udp from 63.173.129.0/24 to any port = radius pass in quick on eri0 proto udp from 206.168.68.0/24 to any port = radacct pass in quick on eri0 proto udp from 206.168.78.0/24 to any port = radacct pass in quick on eri0 proto udp from 206.168.248.0/24 to any port = radacct pass in quick on eri0 proto udp from 206.168.249.0/24 to any port = radacct pass in quick on eri0 proto udp from 206.168.250.0/24 to any port = radacct pass in quick on eri0 proto udp from 206.168.251.0/24 to any port = radacct pass in quick on eri0 proto udp from 206.168.252.0/24 to any port = radacct pass in quick on eri0 proto udp from 206.168.253.0/24 to any port = radacct pass in quick on eri0 proto udp from 207.174.182.0/24 to any port = radacct pass in quick on eri0 proto udp from 207.174.192.0/24 to any port = radacct pass in quick on eri0 proto udp from 199.3.18.0/24 to any port = radacct pass in quick on eri0 proto udp from 199.3.123.0/24 to any port = radacct pass in quick on eri0 proto udp from 204.251.223.0/24 to any port = radacct pass in quick on eri0 proto udp from 208.213.220.0/24 to any port = radacct pass in quick on eri0 proto udp from 208.213.221.0/24 to any port = radacct pass in quick on eri0 proto udp from 208.213.222.0/24 to any port = radacct pass in quick on eri0 proto udp from 207.13.165.0/24 to any port = radacct pass in quick on eri0 proto udp from 63.170.195.0/24 to any port = radacct pass in quick on eri0 proto udp from 63.173.128.0/24 to any port = radacct pass in quick on eri0 proto udp from 63.173.129.0/24 to any port = radacct pass in quick on eri0 proto udp from 206.168.68.0/24 to any port = 1642 pass in quick on eri0 proto udp from 206.168.78.0/24 to any port = 1642 pass in quick on eri0 proto udp from 206.168.248.0/24 to any port = 1642 pass in quick on eri0 proto udp from 206.168.249.0/24 to any port = 1642 pass in quick on eri0 proto udp from 206.168.250.0/24 to any port = 1642 pass in quick on eri0 proto udp from 206.168.251.0/24 to any port = 1642 pass in quick on eri0 proto udp from 206.168.252.0/24 to any port = 1642 pass in quick on eri0 proto udp from 206.168.253.0/24 to any port = 1642 pass in quick on eri0 proto udp from 207.174.182.0/24 to any port = 1642 pass in quick on eri0 proto udp from 207.174.192.0/24 to any port = 1642 pass in quick on eri0 proto udp from 199.3.18.0/24 to any port = 1642 pass in quick on eri0 proto udp from 199.3.123.0/24 to any port = 1642 pass in quick on eri0 proto udp from 204.251.223.0/24 to any port = 1642 pass in quick on eri0 proto udp from 208.213.220.0/24 to any port = 1642 pass in quick on eri0 proto udp from 208.213.221.0/24 to any port = 1642 pass in quick on eri0 proto udp from 208.213.222.0/24 to any port = 1642 pass in quick on eri0 proto udp from 207.13.165.0/24 to any port = 1642 pass in quick on eri0 proto udp from 63.170.195.0/24 to any port = 1642 pass in quick on eri0 proto udp from 63.173.128.0/24 to any port = 1642 pass in quick on eri0 proto udp from 63.173.129.0/24 to any port = 1642 pass in quick on eri0 proto tcp/udp from 206.168.68.165/32 to any pass in quick on eri0 proto tcp/udp from 206.168.68.4/32 to any pass in quick on eri0 proto tcp/udp from 206.168.68.27/32 to any pass in quick on eri0 proto tcp/udp from 206.168.68.28/32 to any pass in quick on eri0 proto tcp/udp from 206.168.68.2/32 to any pass in quick on eri0 proto tcp/udp from 206.168.68.15/32 to any pass in quick on eri0 proto icmp from any to any icmp-type timex code 0 pass in quick on eri0 proto icmp from any to any block in on eri0 proto udp from any to any block return-rst in on eri0 proto tcp from any to any block in on eri0 from any to any
Panic errors from Core dump: 000002a1003f6821 mutex_enter+4(3000c3afcf0, 0, 780da3e8, 2a1003f7150, 3000a40dca4, cff3) 000002a1003f68e1 fr_updatestate+0x98(2a1003f73c0, 3000c3afbf0, 780da3e8, 2a1003f7424, 3000039976b, 2a1003f7414) 000002a1003f69b1 fr_checkstate+0x3e4(2a1003f73c0, 2a1003f73a8, 2a1003f73c0, ffff95b8, 8, 8) 000002a1003f6ab1 fr_check+0x784(3000a40dc90, 14, 30004c49ed8, 0, 2a1003f7640, 2a1003f78a8) 000002a1003f6ca1 pfil_precheck+0xfcc(30004790cc0, 2a1003f78a8, 1, 30004c49ed8, 8f18e00, 0) 000002a1003f6ef1 pfilmodrput+0x520(30004790cc0, 3001fde65c0, 20, 0, 6f726700, 10001) 000002a1003f7021 putnext+0x21c(0, 3001fde65c0, 300025184a0, 3510, 10, 0) 000002a1003f70d1 eri_read_dma+0x35c(3001fde65c0, ffff, 780bfd04, 60, fc00, 1) 000002a1003f71c1 eri_intr+0x434(300047e6278, 1c000, 10220, 10278, 10290, 10270) 000002a1003f72a1 pci_intr_wrapper+0x7c(300024fbb18, 21d, 30002514000, 2a1003f7d40, 43a0, 11caf40) 000002a1003f7351 intr_thread+0x12c(78035d60, 0, 23, 1, 8, 8) 000002a100669a71 get_unit+0x98(3000c3afbf0, 0, 20, 0, cea84460, 3000a4bcec0) 000002a100669b51 fr_stinsert+0x384(3000c3afbf0, 0, 1c, 4, 0, 0) 000002a100669c31 fr_addstate+0x1154(2a10066aa00, 0, 0, 780dad53, 780d6c88, 2a10066aa00) 000002a10066a011 fr_firewall+0x5e4(2a10066aa00, 2a10066a9e8, 2a10066aa00, 3, 0, 0) 000002a10066a0f1 fr_check+0x7c4(30004cb95d8, 14, 30004c49ed8, 1, 2a10066ac80, 2a10066aed8) 000002a10066a2e1 pfil_precheck+0xfcc(30004790db0, 2a10066aed8, 2, 30004c49ed8, 0, 0) 000002a10066a531 pfilmodwput+0x260(30004790db0, 30010eaafc0, 20, 30004cb95ec, 15cb52f2, 2000100) 000002a10066a651 putnext+0x21c(0, 30010eaafc0, 0, 8000000, 800, ba16f6cf0800) 000002a10066a701 ip_wput_ire+0xacc(10000, 30000070030, 3, ffff, cea84460, 30010eaafc0) 000002a10066a8f1 ip_wput+0x4d4(0, 0, cea8440f, 30004cb95d8, 0, 6c) 000002a10066a9a1 putnext+0x21c(0, 3000247ff80, 20, 0, 60, 10) 000002a10066aa51 udp_wput+0x5b0(111, 14, 111, 30004cb95ec, 30004cb95d8, 10) 000002a10066ab21 putnext+0x21c(0, 30010e77a00, 20, 30010eaafc0, 0, 10) 000002a10066abd1 strput+0x270(3000aacc318, 0, 0, 2a10066b698, 0, 0) 000002a10066adc1 kstrputmsg+0x36c(3000b5c5ad0, 3000af5a1c0, 0, 0, 0, 0) 000002a10066aea1 sosend_dgram+0x25c(0, 30010e1dd38, 10, 2a10066ba00, 8, 67) 000002a10066af91 sosendmsg+0x3f4(0, 30010e1dd38, 7, 20, 4c, 6c) 000002a10066b051 sendit+0x15c(2a10066ba00, 8, 3000b5c5ad0, 8, 6c, 6c) 000002a10066b121 sendto+0x78(17, ffbfea90, 109, 0, ffbfe9b0, 10) 000002a10066b241 sendto32+0x3c(17, ffbfea90, 109, 0, ffbfe9b0, 10) 000002a10066b2f1 syscall_trap32+0xa8(17, ffbfea90, 109, 0, ffbfe9b0, 10)
load averages: 0.21, 0.19, 0.17 nsfone 12:19:55 87 processes: 85 sleeping, 1 stopped, 1 on cpu CPU states: % idle, % user, % kernel, % iowait, % swap Memory: 8.0G real, 6.8G free, 609M swap in use, 15.0G swap free
-- Jorgen Lundman | <[EMAIL PROTECTED]> Unix Administrator | +81 (0)3 -5456-2687 ext 1017 (work) Shibuya-ku, Tokyo | +81 (0)90-5578-8500 (cell) Japan | +81 (0)3 -3375-1767 (home)
