Damon Hopkins
2005-Jun-12 21:02 UTC
ipf Kernel Panic log.. w/ Vonage linksys RT31P2, 5.4 Stable, IPF + IPNAT
I can reproduce this very easily.. I pick up my phone and make a call
Current Setup
<Cable Modem>---<FreeBSD 5.4 Stable>---<HUB>--<Machines>
\------<Vonage Linksys RT31P2>
I've tried various nap rules and ipf filter settings.. here are the
current mappings and setup.. the kernel is GENERIC w/ the debuggong
stuff put in it.
---------------- IPNAT RULES --------------------
map vr0 10.69.0.0/24 -> 0/32 proxy port ftp ftp/tcp
map vr0 10.69.0.0/24 -> 0/32
----------------- IPF RULES ---------------------
pass in quick on lo0 proto tcp from any to any flags S keep state
pass in quick on lo0 proto udp from any to any keep state
pass in quick on lo0 proto icmp from any to any keep state
pass in quick on lo0 all keep state
pass out quick on lo0 proto tcp from any to any flags S keep state
pass out quick on lo0 proto udp from any to any keep state
pass out quick on lo0 proto icmp from any to any keep state
pass out quick on lo0 all keep state
pass in quick on rl0 proto tcp from any to any flags S keep state
pass in log first quick on rl0 proto udp from any to any keep state
pass in log first quick on rl0 proto icmp from any to any keep state
keep frags
pass in quick on rl0 all keep state
pass out quick on rl0 proto tcp from any to any flags S keep state
pass out log first quick on rl0 proto udp from any to any keep state
pass out log first quick on rl0 proto icmp from any to any keep state
keep frags
pass out quick on rl0 all keep state
pass in quick on vr0 proto tcp from any to any flags S keep state keep frags
pass in quick on vr0 proto udp from any to any keep state keep frags
pass in log first quick on vr0 proto icmp from any to any keep state
keep frags
pass in quick on vr0 all keep state keep frags
pass out quick on vr0 proto tcp from any to any flags S keep state keep
frags
pass out quick on vr0 proto udp from any to any keep state keep frags
pass out log first quick on vr0 proto icmp from any to any keep state
keep frags
pass out quick on vr0 all keep state keep frags
pass in quick on ng0 proto tcp from any to any flags S keep state
pass in quick on ng0 proto udp from any to any keep state
pass in log first quick on ng0 proto icmp from any to any keep state
pass in quick on ng0 all keep state
pass out quick on ng0 proto tcp from any to any flags S keep state
pass out quick on ng0 proto udp from any to any keep state
pass out log first quick on ng0 proto icmp from any to any keep state
pass out quick on ng0 all keep state
<SNIP> MORE ng rules form my other VPNS </SNIP>
I've also just tried to pass everything
pass in quick on vr0 all
pass out quick on vr0 all
but that didn't help any
I've notices a lot of UDP traffic from the linksys adapter durring a
phone call..
Thanks Guys.. I hope this gets fixes real fast cause my old number goes
away in a few days and this is not going to be fun.. I can't put the
linksys adapter in front of the firewall because it doesn't route my
VPN's.. we use MPD and bgpd (zebra)
Later,
Damon Hopkins
------------- DEBUG OUTPUT ----------------------
Fatal trap 12: page fault while in kernel mode
fault virtual address = 0xc
fault code = supervisor read, page not present
instruction pointer = 0x8:0xc0651550
stack pointer = 0x10:0xd3d46aec
frame pointer = 0x10:0xd3d46af8
code segment = base 0x0, limit 0xfffffm type 0x1b
= DPL 0, pres 1, def32 1, gran 1
processor eflags = interrupt enabled, resume, IOPL = 0
current process = 27 (swi1:net)
[thread pid 27 tid 100021 ]
Stopped at m_copydata+0x28: movl 0xc(%esi),%eax
db> examine
m_copydata+0x28: 290c468b
db> trace
Tracing pid 27 tid 100021 td 0xc15a4180
mcopydata(c17fa400,0,38,c193abc0,0) at m_copydata+0x28
ipllog(0,d3d46bc8,d3d46b50,d3d46b48,d3d46b40) at ipllog+0x1f1
ipflog(105819,c17fa450,d3d46bc8,c17fa400,0) at ipflog+0x18f
fr_check(c17fa450,14,c16c6000,0,d3d46c70) at fr_check+0xc6c
fr_check_wrapper(0,d3d46c70,c16c6000,1,0) at fr_check_wrapper+0x2a
pfil_run_hooks(c08fa5c0,d3d46cbc,c16c600,1,0) at pfil_run_hooks+0xeb
ip_input(c17fa400) at ip_input+0x211
netisr_processqueue(c08f9858) at netisr_processqueue+0x9f
swi_net(0) at swi_net+0xee
ithread_loop(c159a500,d3d46d38) at ithread_loop+0x151
fork_exit(c0609f4c,c159a500,d3d46d38) at fork_exit+0x74
fork_trampoline() at fork_trampoline+0x8
--- trap 0x1, eip = 0, esp = 0xd3d46d6c, ebp = 0 ---
Tilman Linneweh
2005-Jun-12 21:47 UTC
ipf Kernel Panic log.. w/ Vonage linksys RT31P2, 5.4 Stable, IPF + IPNAT
Hi Damon, Am 12.06.2005 um 23:02 schrieb Damon Hopkins:> Tracing pid 27 tid 100021 td 0xc15a4180 > mcopydata(c17fa400,0,38,c193abc0,0) at m_copydata+0x28 > ipllog(0,d3d46bc8,d3d46b50,d3d46b48,d3d46b40) at ipllog+0x1f1 > ipflog(105819,c17fa450,d3d46bc8,c17fa400,0) at ipflog+0x18f > fr_check(c17fa450,14,c16c6000,0,d3d46c70) at fr_check+0xc6c > fr_check_wrapper(0,d3d46c70,c16c6000,1,0) at fr_check_wrapper+0x2a > pfil_run_hooks(c08fa5c0,d3d46cbc,c16c600,1,0) at pfil_run_hooks+0xeb > ip_input(c17fa400) at ip_input+0x211 > netisr_processqueue(c08f9858) at netisr_processqueue+0x9f > swi_net(0) at swi_net+0xee > ithread_loop(c159a500,d3d46d38) at ithread_loop+0x151 > fork_exit(c0609f4c,c159a500,d3d46d38) at fork_exit+0x74 > fork_trampoline() at fork_trampoline+0x8Yes, I have the same problem, see PR: 81324. ipfilter on 5.x seems to be quite unstable, I have switched to PF :-( regards tilman -------------- next part -------------- A non-text attachment was scrubbed... Name: PGP.sig Type: application/pgp-signature Size: 186 bytes Desc: Signierter Teil der Nachricht Url : http://lists.freebsd.org/pipermail/freebsd-stable/attachments/20050612/788cb3f6/PGP.bin
Vladimir Botka
2005-Jun-13 06:44 UTC
ipf Kernel Panic log.. w/ Vonage linksys RT31P2, 5.4 Stable, IPF + IPNAT
Hello, if your "Vonage linksys RT31P2" talks H323 try /usr/ports/net/gatekeeper in proxy mode. Cheers, Vladimir Botka On Sun, 12 Jun 2005, Damon Hopkins wrote:> I can reproduce this very easily.. I pick up my phone and make a call > Current Setup > <Cable Modem>---<FreeBSD 5.4 Stable>---<HUB>--<Machines> > \------<Vonage Linksys RT31P2> > > I've tried various nap rules and ipf filter settings.. here are the > current mappings and setup.. the kernel is GENERIC w/ the debuggong > stuff put in it. > ---------------- IPNAT RULES -------------------- > map vr0 10.69.0.0/24 -> 0/32 proxy port ftp ftp/tcp > map vr0 10.69.0.0/24 -> 0/32 > > ----------------- IPF RULES --------------------- > pass in quick on lo0 proto tcp from any to any flags S keep state > pass in quick on lo0 proto udp from any to any keep state > pass in quick on lo0 proto icmp from any to any keep state > pass in quick on lo0 all keep state > pass out quick on lo0 proto tcp from any to any flags S keep state > pass out quick on lo0 proto udp from any to any keep state > pass out quick on lo0 proto icmp from any to any keep state > pass out quick on lo0 all keep state > > pass in quick on rl0 proto tcp from any to any flags S keep state > pass in log first quick on rl0 proto udp from any to any keep state > pass in log first quick on rl0 proto icmp from any to any keep state keep > frags > pass in quick on rl0 all keep state > pass out quick on rl0 proto tcp from any to any flags S keep state > pass out log first quick on rl0 proto udp from any to any keep state > pass out log first quick on rl0 proto icmp from any to any keep state > keep frags > pass out quick on rl0 all keep state > > pass in quick on vr0 proto tcp from any to any flags S keep state keep frags > pass in quick on vr0 proto udp from any to any keep state keep frags > pass in log first quick on vr0 proto icmp from any to any keep state > keep frags > pass in quick on vr0 all keep state keep frags > pass out quick on vr0 proto tcp from any to any flags S keep state keep > frags > pass out quick on vr0 proto udp from any to any keep state keep frags > pass out log first quick on vr0 proto icmp from any to any keep state > keep frags > pass out quick on vr0 all keep state keep frags > > pass in quick on ng0 proto tcp from any to any flags S keep state > pass in quick on ng0 proto udp from any to any keep state > pass in log first quick on ng0 proto icmp from any to any keep state > pass in quick on ng0 all keep state > pass out quick on ng0 proto tcp from any to any flags S keep state > pass out quick on ng0 proto udp from any to any keep state > pass out log first quick on ng0 proto icmp from any to any keep state > pass out quick on ng0 all keep state > > <SNIP> MORE ng rules form my other VPNS </SNIP> > I've also just tried to pass everything > pass in quick on vr0 all > pass out quick on vr0 all > > but that didn't help any > > I've notices a lot of UDP traffic from the linksys adapter durring a phone > call.. > > Thanks Guys.. I hope this gets fixes real fast cause my old number goes away > in a few days and this is not going to be fun.. I can't put the linksys > adapter in front of the firewall because it doesn't route my VPN's.. we use > MPD and bgpd (zebra) > > > Later, > Damon Hopkins > > ------------- DEBUG OUTPUT ---------------------- > Fatal trap 12: page fault while in kernel mode > fault virtual address = 0xc > fault code = supervisor read, page not present > instruction pointer = 0x8:0xc0651550 > stack pointer = 0x10:0xd3d46aec > frame pointer = 0x10:0xd3d46af8 > code segment = base 0x0, limit 0xfffffm type 0x1b > = DPL 0, pres 1, def32 1, gran 1 > processor eflags = interrupt enabled, resume, IOPL = 0 > current process = 27 (swi1:net) > [thread pid 27 tid 100021 ] > Stopped at m_copydata+0x28: movl 0xc(%esi),%eax > db> examine > m_copydata+0x28: 290c468b > db> trace > Tracing pid 27 tid 100021 td 0xc15a4180 > mcopydata(c17fa400,0,38,c193abc0,0) at m_copydata+0x28 > ipllog(0,d3d46bc8,d3d46b50,d3d46b48,d3d46b40) at ipllog+0x1f1 > ipflog(105819,c17fa450,d3d46bc8,c17fa400,0) at ipflog+0x18f > fr_check(c17fa450,14,c16c6000,0,d3d46c70) at fr_check+0xc6c > fr_check_wrapper(0,d3d46c70,c16c6000,1,0) at fr_check_wrapper+0x2a > pfil_run_hooks(c08fa5c0,d3d46cbc,c16c600,1,0) at pfil_run_hooks+0xeb > ip_input(c17fa400) at ip_input+0x211 > netisr_processqueue(c08f9858) at netisr_processqueue+0x9f > swi_net(0) at swi_net+0xee > ithread_loop(c159a500,d3d46d38) at ithread_loop+0x151 > fork_exit(c0609f4c,c159a500,d3d46d38) at fork_exit+0x74 > fork_trampoline() at fork_trampoline+0x8 > --- trap 0x1, eip = 0, esp = 0xd3d46d6c, ebp = 0 --- > > _______________________________________________ > freebsd-stable@freebsd.org mailing list > http://lists.freebsd.org/mailman/listinfo/freebsd-stable > To unsubscribe, send any mail to "freebsd-stable-unsubscribe@freebsd.org" > > >