Hi,
using the "user" keyword in pf rules the system panics. I found
this in the errata page:
(31 Oct 2004) When the user/group rule clauses in pf(4) and ipfw(4)
are used, the loader tunable debug.mpsafenet must be set to 0
(this is 1 by default).
I have mpsafenet disabled so i assume that this should work and this
is an unknown issue.
Here is the panic:
Fatal trap 12: page fault while in kernel mode
fault virtual address = 0x128
fault code = supervisor read, page not present
instruction pointer = 0x8:0xc043f170
stack pointer = 0x10:0xd828caa4
frame pointer = 0x10:0xd828cad0
code segment = base 0x0, limit 0xfffff, type 0x1b
= DPL 0, pres 1, def32 1, gran 1
processor eflags = interrupt enabled, resume, IOPL = 0
current process = 27 (swi1: net)
[thread 100021]
Stopped at 0xc043f170 = pf_socket_lookup+0x2a4: movl 0x128(%eax),%eax
db> where
pf_socket_lookup(d828cb28,d828cb2c,1,d828cbe4,0) at 0xc043f170 = pf_socket_look4
pf_test_tcp(d828cb94,d828cb8c,1,c1932500,c192eb00) at 0xc043fa05 = pf_test_tcp+9
pf_test(1,c185f400,d828cc80,0,c1ac3000) at 0xc0446907 = pf_test+0x437
pf_check_in(0,d828cc80,c185f400,1,0) at 0xc044f9b1 = pf_check_in+0x35
pfil_run_hooks(c069e240,d828cccc,c185f400,1,0) at 0xc053daef = pfil_run_hooks+03
ip_input(c192eb00) at 0xc05517a8 = ip_input+0x240
netisr_processqueue(c069bf18) at 0xc053d7bb = netisr_processqueue+0x9f
swi_net(0) at 0xc053d96a = swi_net+0xa6
ithread_loop(c17a0580,d828cd48) at 0xc04bd1d9 = ithread_loop+0x155
fork_exit(c04bd084,c17a0580,d828cd48) at 0xc04bc359 = fork_exit+0x75
fork_trampoline() at 0xc060c8dc = fork_trampoline+0x8
--- trap 0x1, eip = 0, esp = 0xd828cd7c, ebp = 0 ---
If you need something more feel free to ask.
--
La prueba mas fehaciente de que existe vida inteligente en otros
planetas, es que no han intentado contactar con nosotros.