Solaris 9 kernel panic

Fri, 15 Jun 2007 08:48:18 -0700 

Hello,

I have a number of Solaris 9 boxes running ipfilter 4.1.20 with pfil
2.1.13. They are experiencing kernel panics on a near daily basis. Sun
only says "we don't support ipf below Solaris 10, upgrade to Solaris
10", which is of course unhelpful. Based on some discusson I found on
this list from March or so, I removed return-rst from my block in
quick line, but I'm still seeing the panics. I'd like to put that back
in.  I do not use ipnat at all.

#uname -a
SunOS avenger 5.9 Generic_122300-02 sun4u sparc SUNW,Sun-Fire-V440 Solaris

#isainfo -vk
64-bit sparcv9 kernel modules

#ifconfig -a
lo0: flags=1000849<UP,LOOPBACK,RUNNING,MULTICAST,IPv4> mtu 8232 index 2
        inet 127.0.0.1 netmask ff000000 
ce0: flags=1000843<UP,BROADCAST,RUNNING,MULTICAST,IPv4> mtu 1500 index 3
        inet 134.84.34.136 netmask ffffff80 broadcast 134.84.34.255
        ether 0:14:4f:54:6c:c5 
ce0:1: flags=1000843<UP,BROADCAST,RUNNING,MULTICAST,IPv4> mtu 1500 index 3
        inet 134.84.34.247 netmask ffffff80 broadcast 134.84.34.255

#netstat -rn

Routing Table: IPv4
  Destination           Gateway           Flags  Ref   Use   Interface
-------------------- -------------------- ----- ----- ------ ---------
134.84.34.128       134.84.34.136       U         1    487  ce0
134.84.34.128       134.84.34.247       U         1      0  ce0:1
224.0.0.0            134.84.34.136       U         1      0  ce0
default              134.84.34.254       UG        1   2328  
127.0.0.1            127.0.0.1            UH      174  10253  lo0

#netstat -i
Name  Mtu  Net/Dest      Address        Ipkts  Ierrs Opkts  Oerrs Collis Queue 
lo0   8232 loopback      localhost      12220  0     12220  0     0 0     
ce0   1500 avenger.software.umn.edu avenger.software.umn.edu 115680 0 28353  0  
   0      0     

#netstat -s -P ip
IPv4    ipForwarding        =     2     ipDefaultTTL        =   255
        ipInReceives        = 38327     ipInHdrErrors       =     0
        ipInAddrErrors      =     0     ipInCksumErrs       =     1
        ipForwDatagrams     =     0     ipForwProhibits     =     0
        ipInUnknownProtos   =     0     ipInDiscards        =     0
        ipInDelivers        = 38427     ipOutRequests       = 28653
        ipOutDiscards       =     0     ipOutNoRoutes       =    24
        ipReasmTimeout      =    60     ipReasmReqds        =     0
        ipReasmOKs          =     0     ipReasmFails        =     0
        ipReasmDuplicates   =     0     ipReasmPartDups     =     0
        ipFragOKs           =     0     ipFragFails         =     0
        ipFragCreates       =     0     ipRoutingDiscards   =     0
        tcpInErrs           =     0     udpNoPorts          = 11557
        udpInCksumErrs      =     0     udpInOverflows      =     0
        rawipInOverflows    =     0     ipsecInSucceeded    =     0
        ipsecInFailed       =     0     ipInIPv6            =     0
        ipOutIPv6           =     0     ipOutSwitchIPv6     =     1

#ipf -V
ipf: IP Filter: v4.1.20 (600)
Kernel: IP Filter: v4.1.20              
Running: yes
Log Flags: 0 = none set
Default: pass all, Logging: available
Active list: 1
Feature mask: 0x187

#ipfstat
bad packets:            in 0    out 0
 IPv6 packets:          in 0 out 0
 input packets:         blocked 4576 passed 38762 nomatch 1 counted 0 short 0
output packets:         blocked 5 passed 29443 nomatch 5413 counted 0 short 0
 input packets logged:  blocked 4576 passed 0
output packets logged:  blocked 0 passed 0
 packets logged:        input 0 output 0
 log failures:          input 0 output 0
fragment state(in):     kept 0  lost 0  not fragmented 0
fragment state(out):    kept 0  lost 0  not fragmented 0
packet state(in):       kept 514        lost 0
packet state(out):      kept 1305       lost 17
ICMP replies:   4537    TCP RSTs sent:  0
Invalid source(in):     0
Result cache hits(in):  10350   (out):  4778
IN Pullups succeeded:   4537    failed: 0
OUT Pullups succeeded:  32      failed: 0
Fastroute successes:    11      failures:       4526
TCP cksum fails(in):    0       (out):  0
IPF Ticks:      115973
Packet log flags set: (0)
        none

#ipfstat -io
pass out quick on ce0 proto tcp from any to any keep state
pass in quick proto icmp from any to any keep state
pass in quick from any to any port = 80
pass in quick from any to any port = 443
pass in quick from 128.101.103.0/24 to any
pass in quick from 128.101.65.0/24 to any
pass in quick from 128.101.51.0/24 to any
pass in quick from 128.101.186.0/24 to any
pass in quick from 134.84.134.0/24 to any
pass in quick from 134.84.132.0/24 to any
pass in quick from 134.84.210.0/24 to any
pass in quick from 160.94.25.0/24 to any
pass in quick from 192.168.27.148/32 to any
pass in quick from 71.57.94.42/32 to any keep state
pass in quick from 128.101.101.101/32 to any keep state
pass in quick from 134.84.84.84/32 to any keep state
block in log quick on ce0 proto tcp from any to any
block return-icmp-as-dest(port-unr) in log quick on ce0 proto udp from any to 
any

#ipnat -slv
mapped  in      0       out     0
added   0       expired 0
no memory       0       bad nat 0
inuse   0
rules   0
wilds   0
table ffffffff7fffee30 list 0
List of active MAP/Redirect filters:

List of active sessions:

List of active host mappings:
 
Please let me know if I can provide any other information that would
help track down this problem.

thanks,

Lynette Bellini
Systems Administrator
University of Minnesota

"The greatness of a nation and its moral progress can be measured by
the way in which its animals are treated." --Mahatma Gandhi, 1869-1948

Reply via email to