abe wrote: > This started out as a sudden panic on a machine that was in a > datacenter for more than 8 months without issue. Then I installed > on fresh machines, compiled in ipfw support, and also tried this as > a module. The result is the same regardless.
You have a traceback; do you have a system dump? [ ... ] > > > Stopped at add_dyn_rule+0172: movl 0(%edx,%ebx,4)x%eax Knowing the line of C code involved would be much more useful. Are you suddenly running an application that you did not formerly run? The creation of a dynamic rule as a result of a ip_output() call to ip_fw_chk() to install_state() to add_dyn_rule() implies that the flow ID passed down to add_dyn_rule() with the value of dyn_type == DYN_KEEP_STATE is valid. One possibility that occurs to me is that you end up with a parent count going over 65535 (it's a u_int16_t). When it is counted yet again, it goes to 0, then again, to 1. Then the next reference deletion causes it to go 1->0, at which point, the parent is deleted, even though it's still referenced. If this is the case, you can work around it by ensuring that a dynamic limit of 65534 or less is set. Another workaround would be to change the "count" member of the "struct ipfw_dyn_rule" to b a u_int32_t, and recompile everything. Without knowing the source code involved, you are unlikely to get an answer that's more than a guess. 8-(. -- Terry To Unsubscribe: send mail to [EMAIL PROTECTED] with "unsubscribe freebsd-hackers" in the body of the message
