Hi,
My firewall cluster is two simple Dell PowerEdge 750 with Pentium4/256
MB RAM and 4 Intel giginterfaces (em driver). I have been using the
same hardware since OpenBSD 3.6, upgraded to 3.7 and 3.8 at "release
time". Same procedure when 3.9 was relased and now also with 4.0 and
4.0-current.
Boom ! Crash !
kernel: page fault trap, code=0
Stopped at pfsync_insert_net_state+0x65: movl 0x2c0(%edx),%eax
Ddb> trace
pfsync_insert_net_state (d603c036,1,f0,d08b2d48) at
pfsync_insert_net_state+0x65
pfsync_input (d604bf00,14,0,0,d0dec030) at pfsync_input+0x3d3
ipv4_input (d604bf00,d0de8b00,0,d08b1000,30) at ipv4_input+0x4f1
ipintr(d0200058,d08b0010,10,d08b0010,d08b1000) at ipintr+0x70
Bad frame pointer: 0xd0b2e24
I don't have serial console, so my trace is written down by hand, one
small typo could exist.
I get the trap when the carp "backup" machine comes up. Eg. 10-120
seconder after "login:".
I did the "crash" procedure on 3.9 and found that this is the line
causing the problem
if (!r->max_states || r->states < r->max_states)
pf.conf
<snip>
set limit { states 30000, src-nodes 10000, frags 10000 }
I don't have more then 10.000 states, at that time. Proberly more like
7-9' states.
I think I did something wrong, maybe not ....
I looks very much like this report on tech
http://www.nabble.com/reproducible-crash-on--current-tf2567273.html#a716
2635
One big deffrence I don't use a trunk, I have 6 carp interfaces. 3 bound
to em1, 2 on em0 and one on em4.
I have upgraded my boxes to 4.0-current, no change.
Where to start? I normally love my OpenBSD firewalls, but not today ....
My friend Google says nothing that helps me.
Regards
Thomas Althoff
