stigating tomorrow.
Regards
Joe Jones
From: Kristof Provost
Sent: 01 March 2018 09:57:18
To: Joe Jones
Cc: freebsd-pf@freebsd.org
Subject: Re: Kernel Panic
On 1 Mar 2018, at 15:37, Joe Jones wrote:
> yes we use pfsync. Yesterday we tried with pfsync switched of
On Thu, Mar 1, 2018 at 9:43 AM, Joe Jones
wrote:
> Hi Kristo,
>
> It's just the master that crashed, the backup can take over.
>
> We think the panic we got by compiling with witness and invariant may be a
> red herring.
>
> We are now looking rules like
>
> nat on $isp_if from to any -> sticky
Hi Kristo,
It's just the master that crashed, the backup can take over.
We think the panic we got by compiling with witness and invariant may be
a red herring.
We are now looking rules like
nat on $isp_if from to any -> sticky-address
if we replace the external_napts table with a single a
Hi Kristof,
yes we use pfsync. Yesterday we tried with pfsync switched off, the box
still locked up but this time without a panic.
We make the DIOCRADDADDRS ioctl on the master and the backup (we use
CARPed pairs).
Regards Joe Jones
On 01/03/18 03:00, Kristof Provost wrote:
On 28 Feb 2018
On 1 Mar 2018, at 15:37, Joe Jones wrote:
yes we use pfsync. Yesterday we tried with pfsync switched off, the
box still locked up but this time without a panic.
We make the DIOCRADDADDRS ioctl on the master and the backup (we use
CARPed pairs).
Interesting. It might be related to pfsync. Is
On 28 Feb 2018, at 9:52, Kristof Provost wrote:
On 27 Feb 2018, at 20:40, Joe Jones wrote:
we have a kernel panic after compiling with witness and invariant
Feb 27 13:49:33 sovapn1 kernel: lock order reversal:
Feb 27 13:49:33 sovapn1 kernel: 1st 0xfe000fed78b8 pf_idhash
(pf_idhash) @ /usr/
On 27 Feb 2018, at 20:40, Joe Jones wrote:
we have a kernel panic after compiling with witness and invariant
Feb 27 13:49:33 sovapn1 kernel: lock order reversal:
Feb 27 13:49:33 sovapn1 kernel: 1st 0xfe000fed78b8 pf_idhash
(pf_idhash) @ /usr/src/sys/netpfil/pf/pf.c:1078
Feb 27 13:49:33 sova
Hi,
we have a kernel panic after compiling with witness and invariant
Feb 27 13:49:33 sovapn1 kernel: lock order reversal:
Feb 27 13:49:33 sovapn1 kernel: 1st 0xfe000fed78b8 pf_idhash (pf_idhash) @
/usr/src/sys/netpfil/pf/pf.c:1078
Feb 27 13:49:33 sovapn1 kernel: 2nd 0xf8001e0474a8 pfsy
On 26 Feb 2018, at 17:06, Joe Jones wrote:
Hi Kristof,
we are not updating rules during the test although in production we
will reload the rule set from time to time. We are constantly adding
and removing from tables though, using the DIOCRADDADDRS and
DIOCRDELADDRS ioctl, also DIOCKILLSTATE
Hi Kristof,
we are not updating rules during the test although in production we will
reload the rule set from time to time. We are constantly adding and
removing from tables though, using the DIOCRADDADDRS and DIOCRDELADDRS
ioctl, also DIOCKILLSTATES is being called a lot. These are all in
r
On 14 Feb 2018, at 23:47, Joe Jones wrote:
Hi,
we are running test traffic through our system, after between 1 and 12
hours we get a kernel panic, always in the pfr_pool_get function in
/usr/src/sys/netpfil/pf/pf_table.c line 2140. After a bit of
investigation I confirmed that ke2 is set to n
Daniel Hartmeier wrote:
> On Fri, Jul 21, 2006 at 10:57:28AM +0200, Michal Mertl wrote:
>
> > The proxy in fact runs in parallel (according to "pfctl -s info" it did
> > about 50 inserts and removal in the state table per second - some 10Mbit
> > of traffic, probably mostly HTTP) and it is quite p
On Fri, Jul 21, 2006 at 10:57:28AM +0200, Michal Mertl wrote:
> The proxy in fact runs in parallel (according to "pfctl -s info" it did
> about 50 inserts and removal in the state table per second - some 10Mbit
> of traffic, probably mostly HTTP) and it is quite possible that your
> explanation is
Daniel Hartmeier wrote:
> On Fri, Jul 21, 2006 at 02:05:45AM +0200, Max Laier wrote:
>
> > Which proxies are you using? The "pool_ticket: 1429 != 1430" messages you
> > quote below indicate a synchronization problem within the app talking to pf
> > via ioctl's. Tickets are used to ensure atomi
Max Laier píše v pá 21. 07. 2006 v 02:05 +0200:
> [CC'ing -pf]
>
> On Thursday 20 July 2006 17:53, Michal Mertl wrote:
> > Hello,
> >
> > I am deploying FreeBSD based application proxies' based firewall
> > (www.kernun.com, but not much English there) and am having frequent
> > panics of RELENG_6_
On Fri, Jul 21, 2006 at 02:05:45AM +0200, Max Laier wrote:
> Which proxies are you using? The "pool_ticket: 1429 != 1430" messages you
> quote below indicate a synchronization problem within the app talking to pf
> via ioctl's. Tickets are used to ensure atomic commits for operations that
> r
[CC'ing -pf]
On Thursday 20 July 2006 17:53, Michal Mertl wrote:
> Hello,
>
> I am deploying FreeBSD based application proxies' based firewall
> (www.kernun.com, but not much English there) and am having frequent
> panics of RELENG_6_1 under load. The server has IP forwarding disabled.
>
> I've go
17 matches
Mail list logo
