On Sun, Mar 26, 2000 at 04:26:14PM -0500, Mason Loring Bliss wrote:
> On Sun, Mar 26, 2000 at 03:44:14PM -0500, Mason Loring Bliss wrote:
> 
> > I've updated my kernel and userland as of today, and now something ends
> > up being hosed. If I ipf -Fa -f /etc/ipf.conf, nothing gets through at
> > all. The same filter rule applied at boot time works fine.
> 
> I was on the phone when I wrote this, and not thinking clearly.
> 
> Other details:
> 
> i386
> IPv4 only
> running IP-NAT
> userland and kernel match
> 
> When I get a chance, I'll try it without IP-NAT.

I don't know whether this is related, or whether it is just because it is a
bit of a silly thing to do, but:

# ipnat -C
3 entries flushed from NAT list
# ipnat -l
List of active MAP/Redirect filters:

List of active sessions:
# ipfstat -io
empty list for ipfilter(out)
empty list for ipfilter(in)
# ipf -Fa -f -
pass in on ne0 to ne1 all
pass in quick on ne1 to ne0 all
# ipfstat -io
empty list for ipfilter(out)
pass in on ne0 to ne1 from any to any
pass in quick on ne1 to ne0 from any to any
# ifconfig ne0 inet delete

at which point everything hangs in

--- interrupt ---
fr_check(c523b010,14,c044fc34,0,c536dea8) at fr_check+0x30
ip_input(c0428400) at ip_input+0x1d2
ipintr(10,10,c535f3c0,c535f3c0,c536df30) at ipintr+0x64
Bad frame pointer: 0xc536debc

and I have to reboot. That is with 1.4T/i386 of 24 Feb, and INET6, IPSEC.

Cheers,

Patrick