[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

RE: PF related crash? (fwd)



---------- Forwarded message ----------
Date: Sat, 22 Feb 2003 16:29:06 -0500
From: Glen MacAfee <gamacafee@cyberonic.com>
To: 'Wouter Clarie' <rimshot@pandora.be>
Subject: RE: PF related crash?
Here are the results of dmesg and the ruleset; being a newbie, though, I'm
not sure exactly what you mean by "crash trace" and ps.  What specifically
should I do?
BTW, I have tried this with the scrub and states/fragments uncommented but
to no avail.
Thanks,
Glen
OpenBSD 3.2 (GENERIC) #25: Thu Oct  3 19:51:53 MDT 2002
    deraadt@i386.openbsd.org:/usr/src/sys/arch/i386/compile/GENERIC
cpu0: F00F bug workaround installed
cpu0: Intel Pentium (P54C) ("GenuineIntel" 586-class) 166 MHz
cpu0: FPU,V86,DE,PSE,TSC,MSR,MCE,CX8
real mem  = 49917952 (48748K)
avail mem = 40730624 (39776K)
using 634 buffers containing 2596864 bytes (2536K) of memory
mainbus0 (root)
bios0 at mainbus0: AT/286+(9b) BIOS, date 12/12/96, BIOS32 rev. 0 @ 0xf7722
apm0 at bios0: Power Management spec V1.1
apm0: AC on, battery charge unknown
pcibios0 at bios0: rev. 2.1 @ 0xf76e0/0x910
pcibios0: PCI BIOS has 4 Interrupt Routing table entries
pcibios0: PCI Exclusive IRQs: 10 11
pcibios0: PCI Interrupt Router at 000:01:0 ("SIS 85C503 ISA" rev 0x00)
pcibios0: PCI bus #0 is the last bus
bios0: ROM list: 0xc0000/0x8000 0xca000/0x1800
pci0 at mainbus0 bus 0: configuration mode 1 (bios)
pchb0 at pci0 dev 0 function 0 "SIS 5511" rev 0x00
pcib0 at pci0 dev 1 function 0 "SIS 85C503 ISA" rev 0x01
pciide0 at pci0 dev 1 function 1 "SIS 5513 EIDE" rev 0x08: DMA, channel 0
configured to compatibility, channel 1 configured to compatibility
wd0 at pciide0 channel 0 drive 0: <ST31720A>
wd0: 16-sector PIO, LBA, 1626MB, 3305 cyl, 16 head, 63 sec, 3331852 sectors
wd0(pciide0:0:0): using PIO mode 4, DMA mode 2
pciide0: channel 1 ignored (disabled)
vga1 at pci0 dev 11 function 0 "SIS 86C205" rev 0x44: aperture at
0xfdc00000, size 0x400000
wsdisplay0 at vga1: console (80x25, vt100 emulation)
wsdisplay0: screen 1-5 added (80x25, vt100 emulation)
fxp0 at pci0 dev 17 function 0 "Intel 82557" rev 0x08: irq 11, address
00:d0:b7:27:db:69
inphy0 at fxp0 phy 1: i82555 10/100 media interface, rev. 4
fxp1 at pci0 dev 19 function 0 "Intel 82557" rev 0x0c: irq 10, address
00:02:b3:32:1b:11
inphy1 at fxp1 phy 1: i82555 10/100 media interface, rev. 4
isa0 at pcib0
isadma0 at isa0
pckbc0 at isa0 port 0x60/5
pckbd0 at pckbc0 (kbd slot)
pckbc0: using irq 1 for kbd slot
wskbd0 at pckbd0: console keyboard, using wsdisplay0
pmsi0 at pckbc0 (aux slot)
pckbc0: using irq 12 for aux slot
wsmouse0 at pmsi0 mux 0
pcppi0 at isa0 port 0x61
midi0 at pcppi0: <PC speaker>
sysbeep0 at pcppi0
lpt0 at isa0 port 0x378/4 irq 7
npx0 at isa0 port 0xf0/16: using exception 16
pccom0 at isa0 port 0x3f8/8 irq 4: ns16550a, 16 byte fifo
pccom1 at isa0 port 0x2f8/8 irq 3: ns16550a, 16 byte fifo
fdc0 at isa0 port 0x3f0/6 irq 6 drq 2
fd0 at fdc0 drive 0: 1.44MB 80 cyl, 2 head, 18 sec
biomask 4040 netmask 4c40 ttymask 5cc2
pctr: 586-class performance counters and user-level cycle counter enabled
dkcsum: wd0 matched BIOS disk 80
root on wd0a
rootdev=0x0 rrootdev=0x300 rawdev=0x302
WARNING: / was not properly unmounted
fd0: timeout (st0 0 cyl 0)
fd0c: soft error reading fsbn 0
#       $OpenBSD: pf.conf,v 1.6 2002/06/27 07:00:43 fgsch Exp $
#
# See pf.conf(5) for syntax and examples
#
# replace ext0 with external interface name, 10.0.0.0/8 with internal
network
# and 192.168.1.1 with external address
# Part 1 -- Macros and definitions
IfExt = "fxp0"
IfInt = "fxp1"
IPsExt = "64.36.88.0/24"
# Part 2 -- Options
#set limit { states 2000, frags 2000 }
#set loginterface $IfExt
# Will changing the line below from aggressive to normal help?
set optimization aggressive
#set timeout { tcp.opening 6, tcp.closing 6 }
#set timeout tcp.closing 300, other.first 100
# Normalize: reassemble fragments and resolve or reduce traffic ambiguities
# Problems with scrub causing kernel panic?  Let's try turning it off...
#scrub in all
# Part 3 -- NAT
# Since this is a bridging FW, there will be no nat or rdr rules
# Part 4 -- Packet Filter Rules
#External bridge interface rules -- allow all in, filter on internal
# In bridge mode, we only filter on one interface.
pass in quick on $IfExt all
pass out quick on $IfExt all
# Internal bridge interface rules (main ruleset)
# Rule order does not matter.
# Most likely all of the packets we want dropped will use a rule of the
form:
# block out log quick on $IfInt ...
pass in quick on $IfInt inet proto { tcp, udp } from 64.36.88.146 to $IPsExt
port < 1024
block out log quick on $IfInt inet proto { tcp, udp } from any to $IPsExt
port < 1024
# This next rule blocks out attempts to connect to the MS UnPnP port; thanx
to grc
block out log quick on $IfInt inet proto tcp from any to $IPsExt port = 5000
# In rules
pass in quick on $IfInt proto { tcp, udp } from any to any keep state
# pass out/in certain ICMP queries and keep state (ping)
pass in quick on $IfInt inet proto icmp all icmp-type 8 code 0 keep state
# Allow certain UDP services in (DNS, NTP)
#pass in quick on $IfInt inet proto icmp from any to any
pass out quick on lo0 from any to any
pass in quick on lo0 from any to any
block in log on $IfInt all
-----Original Message-----
From: owner-pf@benzedrine.cx [mailto:owner-pf@benzedrine.cx]On Behalf Of
Wouter Clarie
Sent: Saturday, February 22, 2003 04:21
To: pf@benzedrine.cx
Subject: Re: PF related crash?
On Fri, 21 Feb 2003, Glen MacAfee wrote:
> I'm getting crashes whenever I put a heavy load on the fw/bridge that I
have
> setup.  I'm not sure if the issue is memory or otherwise--my guess is it's
> PF-related; is there any way to be sure?
> I'm running OBSD 3.2 on an NEC PowerMate V166e (Pentium 166) with 48MB
RAM,
> 2 Intel Pro/100 (S?) NICs.  Any suggestions?
Yes: post dmesg, ruleset, crash trace & ps,... What you gave us now is not
sufficient.