Re: "Operation not permitted" on 9.0-BETA1 firewall (PF) about 1
On Aug 26, 6:23=A0am, "Matthew X. Economou" <xenophon+use...@irtnog.org>
wrote:
> It appears that PF isn't removing any entries from the state table. =A0No=
te that the state table size is at its default of 10000 (which correlates t=
o the amount of memory installed on the firewall - 256 MB).
>
> State Table =A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0Total =A0 =
=A0 =A0 =A0 =A0 =A0 Rate
> =A0 current entries =A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0 =A010013
> =A0 searches =A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0554801 =
=A0 =A0 =A0 =A0 =A0 13.4/s
> =A0 inserts =A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0 =A010013 =
=A0 =A0 =A0 =A0 =A0 =A00.2/s
> =A0 removals =A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0 =
0 =A0 =A0 =A0 =A0 =A0 =A00.0/s
>
> When I booted the debug kernel last night, it panicked in pfsync_send_plu=
s as soon as init enabled PF (backtrace included below).
>
> Starting pflog.
> pflog0: promiscuous mode enabled
> Aug 25 20:54:21 pflogd[1611]: [priv]: msg PRIV_OPEN_LOG received
> Enabling pfpanic: mutex pf task mtx owned at /usr/src/sys/contrib/pf/net/=
if_pfsync.c:3163
> cpuid =3D 0
> KDB: enter: panic
> [ thread pid 1619 tid 100053 ]
> Stopped at =A0 =A0 =A0kdb_enter+0x3a: movl =A0 =A0$0,kdb_why
> db> bt
> Tracing pid 1619 tid 100053 td 0xc23da2e0
> kdb_enter(c09777c9,c09777c9,c0975d7b,c6fd79e0,0,...) at kdb_enter+0x3a
> panic(c0975d7b,c0946080,c0944e87,c5b,c6fd7a0c,...) at panic+0x134
> _mtx_assert(c0a1b388,0,c0944e87,c5b,c6fd7a24,...) at _mtx_assert+0x127
> pfsync_send_plus(c6fd7a24,18,10,ad6,1000000,...) at pfsync_send_plus+0xf2
> pfsync_clear_states(a218d664,c236fb78,c0945f1c,635,c09ae167,...) at pfsyn=
c_clear_states+0x8d
> pfioctl(c22a0800,c0cc4412,c236fb00,3,c23da2e0,...) at pfioctl+0x1b90
> devfs_ioctl_f(c23ce578,c0cc4412,c236fb00,c216ce80,c23da2e0,...) at devfs_=
ioctl_f+0x10b
> kern_ioctl(c23da2e0,3,c0cc4412,c236fb00,1fd7cec,...) at kern_ioctl+0x21d
> ioctl(c23da2e0,c6fd7cec,c6fd7d28,c097d93a,0,...) at ioctl+0x134
> syscallenter(c23da2e0,c6fd7ce4,c6fd7ce4,0,0,...) at syscallenter+0x263
> syscall(c6fd7d28) at syscall+0x34
> Xint0x80_syscall() at Xint0x80_syscall+0x21
> --- syscall (54, FreeBSD ELF32, ioctl), eip =3D 0x281e6263, esp =3D 0xbfb=
fe8ac, ebp =3D 0xbfbfe998 ---
> db>
>
> I just re-ran csup (sorry, not sure how to find the specific revision ID)=
and noticed that pf.c was updated, so I'm going to make world and see if t=
hat fixes anything.
>
> Best wishes,
> Matthew
Did you find any resolution to this issue? I just upgraded from 8-
STABLE to 9-BETA3 and my home server/firewall is doing the same thing.
Thanks,
Brad
討論串 (同標題文章)
完整討論串 (本文為第 2 之 2 篇):