On 21 Nov 2002, Jason Dixon wrote: > On Wed, 2002-11-20 at 18:23, [EMAIL PROTECTED] wrote: > > On Wed, Nov 20, 2002 at 05:43:37PM -0500, Jason Dixon wrote: > > > Sorry, failed to mention this is a 3.2 -stable x86 box. > > > > hmm. can you try -current? > > Good news and bad news. The -current kernel (on a still -stable system) > hasn't shown any of the panic problems. I've slammed it with a range of > 2000 to 40000 igmp frag spoofed packets. However, when I tried to make > a small change (remove the set limit on states, keep the limit on > frags), "pfctl -F all && pfctl -f /etc/pf.conf" spit out the following > error: > > pfctl: DIOCADDRULE: Operation not supported by device
Perhaps your rules weren't loaded on boot or PF isn't even enable at all. This could be the reason why -current doesn't crash ;-) You should compile your complete userland. Or you can just compile a -current pfctl in the following way: * cp /usr/src/sys/net/pfvar.h to /usr/include/net (perhaps first backup up the -stable pfvar.h in /usr/include/net) * cd /usr/src/sbin/pfctl; make obj depend; make && make install (perhaps first backup the -stable pfctl in /sbin) As Daniel said, nothing change in pf_norm.c between -stable and -current. So logic dictates that -current should still crash. Cheers, Dries -- Dries Schellekens email: [EMAIL PROTECTED]
