Re: PF + BRIDGE still causes system freezing

Fri, 28 May 2010 03:29:41 -0700 

On 28.05.2010 07:46, Giulio Ferro wrote:


I've also tried to disable all filtering:

net.link.bridge.pfil_onlyip=0
net.link.bridge.pfil_member=0
net.link.bridge.pfil_bridge=0
net.link.bridge.pfil_local_phys=0
net.link.bridge.ipfw=0
net.link.bridge.ipfw_arp=0

But to no avail. It always freezes...



Months ago I reported a system freezing whenever bridge was used
with pf. This still happens now in 8.1 prerelease: after several minutes to hours 
that the bridge is active the system becomes unresponsive.

# uname -a
FreeBSD firewall1 8.1-PRERELEASE FreeBSD 8.1-PRERELEASE #0: Thu May 27 18:03:48 CEST 2010 r...@data1:/usr/obj/usr/src/sys/FIREWALL amd64 


cat /etc/sysctl.conf

net.inet.ip.forwarding=1
net.inet.ip.fastforwarding=1
net.inet.carp.preempt=1
Services running : sshd, named, inetd, ntpd, openvpn (tap), racoon, pptp, asterisk 

2 physical interfaces : bce0, bce1
11 vlan interfaces : vlan1, ..., vlan11 (vlandev bce1)
11 carp interfaces ; carp1, ..., carp11  (carp1 has 23 alias addresses)
1 bridge interfaces : bridge0 addm vlan35 (used by openvpn)
2 gif interfaces : gif0, gif1 (racoon / IPSEC)

8 static routes
pf packet filter : 12 rdr rules, 3 nat rules, set skip{lo0, bridge0, vlan35}, 4 pass quick, block log all, about 30 pass keep state 



When the system freezes, I get this from the debugger
---------------------------------------------------------------------
db> show allchains
db> show alllocks
Process 12 (intr) thread 0xffffff00024293e0 (100028)
exclusive sleep mutex if_bridge (if_bridge) r = 0 (0xffffff000270ea18) locked @ /usr/src/sys/net/if_bridge.c:2184 
Process 12 (intr) thread 0xffffff00022693e0 (100016)
exclusive sleep mutex Giant (Giant) r = 1 (0xffffffff80c93dc0) locked @ /usr/src/sys/dev/usb/usb_transfer.c:3023 
Process 12 (intr) thread 0xffffff00022607c0 (1000006)
exclusive sleep mutex carp_if (carp_if) r = 0 (0xffffff00027329e0) locked @ /usr/src/sys/netinet/ip_carp.c:881 
db>
---------------------------------------------------------------------
Even if there is no solution yet, is there any quick and dirty workaround I can try? 
I need this rather badly...

Thanks.

_______________________________________________
freebsd-stable@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-stable
To unsubscribe, send any mail to "freebsd-stable-unsubscr...@freebsd.org"


_______________________________________________
freebsd-stable@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-stable
To unsubscribe, send any mail to "freebsd-stable-unsubscr...@freebsd.org"

Reply via email to