[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: Scrub causing kernel panics
On 21 Nov 2002, Jason Dixon wrote:
> On Wed, 2002-11-20 at 18:23, [email protected] wrote:
> > On Wed, Nov 20, 2002 at 05:43:37PM -0500, Jason Dixon wrote:
> > > Sorry, failed to mention this is a 3.2 -stable x86 box.
> > hmm. can you try -current?
> Good news and bad news. The -current kernel (on a still -stable system)
> hasn't shown any of the panic problems. I've slammed it with a range of
> 2000 to 40000 igmp frag spoofed packets. However, when I tried to make
> a small change (remove the set limit on states, keep the limit on
> frags), "pfctl -F all && pfctl -f /etc/pf.conf" spit out the following
> pfctl: DIOCADDRULE: Operation not supported by device
Perhaps your rules weren't loaded on boot or PF isn't even enable at all.
This could be the reason why -current doesn't crash ;-)
You should compile your complete userland. Or you can just compile a
-current pfctl in the following way:
* cp /usr/src/sys/net/pfvar.h to /usr/include/net (perhaps first backup up
the -stable pfvar.h in /usr/include/net)
* cd /usr/src/sbin/pfctl; make obj depend; make && make install (perhaps
first backup the -stable pfctl in /sbin)
As Daniel said, nothing change in pf_norm.c between -stable and -current.
So logic dictates that -current should still crash.
email: [email protected]