uvm_fault(0xe37834f8, 0x24f47000, 0, 3) - e
kernel: page fault trap, code=0
Stopped at _pf_test_udp+0x7ff: incl0x198(%eax)
ddb trace
_pf_test_udp(e37eba7c,2,d0ac1040,d0ad3700,0) at _pf_test_udp+0x7ff
_pf_test(2,d0ac1040,e73ebd1c,d023bf5a) at _pf_test+0x322
Im running OpenBSD 3.2-stable, with tircproxy installed from the ports tree. I have
the following in my inetd.conf for tircproxy:
127.0.0.1:7666 stream tcp nowait root /usr/local/sbin/tircproxy -MIRH -i 192.168.0.1
-m 3 -x 30099
The following redirect rule, and pass rule is in my pf.conf:
On Mon, Dec 30, 2002 at 03:04:43AM -0500, jolan wrote:
Please let me know if any other information is needed.
If you still have the same sources that you built that kernel from,
could you produce the objdump output as described on
http://www.benzedrine.cx/crashreport.html
Alternatively, do
If I'm not mistaken, the line is pf.c:2190 's-nat_rule-states++;'.
If you have pf.c prior to 1.278, that would explain the crash, it was
fixed with 1.278 later that day (s-nat-rule could be NULL before).
Daniel
On Mon, Dec 30, 2002 at 12:09:05PM +0100, Daniel Hartmeier wrote:
If I'm not mistaken, the line is pf.c:2190 's-nat_rule-states++;'.
If you have pf.c prior to 1.278, that would explain the crash, it was
fixed with 1.278 later that day (s-nat-rule could be NULL before).
I figured that
Hey,
Phrack 60 describes a new technique of detecting firewalls using broken
CRC. Interesting reading material.
http://www.phrack.org/phrack/60/p60-0x0c.txt
Cheers,
Dries
--
Dries Schellekens
email: [EMAIL PROTECTED]
Phrack 60 describes a new technique of detecting firewalls using broken
CRC. Interesting reading material.
http://www.phrack.org/phrack/60/p60-0x0c.txt
I wrote that phile 8-)
and sent an advise to Daniel, Henning and Theo.
I had no reply, however, I would like to know which solution will be
Isn't 'set limit states unlimited' supposed to work in /etc/pf.conf?
I get this:
root@hellspawn:/root# grep states /etc/pf.conf
set limit { states unlimited, frags 5000 }
root@hellspawn:/root# grep states /usr/src/etc/pf.conf
#set limit { states unlimited, frags 5000 }
On Mon, Dec 30, 2002 at 05:17:12PM +0100, Dries Schellekens wrote:
So I guess the correct syntax would be 'set limit states inf'. Can you try
this?
Doesn't work either. I get,
/etc/pf.conf:15: inf is not a number
pfctl: Syntax error in file: pf rules not loaded
// haver
I see this syntax has been changed on June 25:
http://www.openbsd.org/cgi-bin/cvsweb/src/sbin/pfctl/pfctl.c.diff?r1=1.80r2=1.81
http://www.openbsd.org/cgi-bin/cvsweb/src/sbin/pfctl/parse.y.diff?r1=1.106r2=1.107
when it was moved to parse.y from pfctl.c. At that moment the inf
property vanished.
On Mon, 30 Dec 2002, Wouter Clarie wrote:
I see this syntax has been changed on June 25:
http://www.openbsd.org/cgi-bin/cvsweb/src/sbin/pfctl/pfctl.c.diff?r1=1.80r2=1.81
http://www.openbsd.org/cgi-bin/cvsweb/src/sbin/pfctl/parse.y.diff?r1=1.106r2=1.107
when it was moved to parse.y from
On Mon, 30 Dec 2002, Dries Schellekens wrote:
If you don't specify a limit for states, it will be unlimited. But if you
choice a number, there is no way to change it back to unlimited except by
rebooting. So there is also no way to set to limit for frags to unlimited.
That should be more
On Mon, Dec 30, 2002 at 07:05:40PM +0100, Wouter Clarie wrote:
On Mon, 30 Dec 2002, Dries Schellekens wrote:
If you don't specify a limit for states, it will be unlimited. But if you
choice a number, there is no way to change it back to unlimited except by
rebooting. So there is also no
On Mon, Dec 30, 2002 at 07:05:40PM +0100, Wouter Clarie wrote:
That should be more flexible eh? I'll see if i can cook up a diff for
that tonight.
Yes, it's rather simple to add support for either 'inf' or 'unlimited'
to the parser (it just has to translate to UINT_MAX).
But it really makes
On Mon, Dec 30, 2002 at 07:40:23PM +0100, Daniel Hartmeier wrote:
On Mon, Dec 30, 2002 at 07:05:40PM +0100, Wouter Clarie wrote:
That should be more flexible eh? I'll see if i can cook up a diff for
that tonight.
Yes, it's rather simple to add support for either 'inf' or 'unlimited'
to
I just made a little diff, you can do with it as you please ;) I don't
have any more time to spend on this today. Diff is for parse.y and
pf.conf.5 man page, at the bottom of this mail.
Greetings,
//Wouter
On Mon, 30 Dec 2002, Daniel Hartmeier wrote:
Yes, it's rather simple to add support
On Mon, 30 Dec 2002, Srebrenko Sehic wrote:
How about having a possiblity to define a limit in relative way? Like
80% of free memory or something. That way, kernel would not crash and
the limits could be dynamic, depending on the current memory utilization.
I understand that this could have
On a related note: the default pf.conf in the distribution, does have:
#set limit { states unlimited, frags 5000 }
which is not parseable if uncommented.
//Wouter
On Mon, Dec 30, 2002 at 08:51:41PM +0100, Wouter Clarie wrote:
On Mon, 30 Dec 2002, David Krause wrote:
Henning already has a diff like this. However, we both think that
states should be limited to a reasonable value (5000) by default, and
unlimited should not even be an option.
Fine,
19 matches
Mail list logo
