current-users: ipfilter 4.1.3 problems

Subject: ipfilter 4.1.3 problems
To: None <current-users@netbsd.org>
From: Arto Selonen <arto@selonen.org>
List: current-users
Date: 07/29/2004 08:54:28
Hi!

I upgraded -current yesterday (July 28th) with whatever sources I got
from anoncvs-fi mirror around 9am local time (EEST), mainly to get
the latest ipfilter (4.1.3) and see if that would fix any of our
problems. Well, things got worse.

After rebooting the new kernel and userland, things seemed to be running
fine (as in no obvious problems, no specific testing). So, I established
some TCP connections, and ran a 'shutdown -r now' to see if ipfs would
work. It didn't, in fact I lost all network connectivity, and ipmon
logs showed that all traffic on interfaces was being blocked, with
rules numbers seemingly from my ipf.conf rule set. Didn't have time to
look much into it, just went back to console, and did another 'shutdown -r
now', after which things returned to normal. Repeated the procedure:
establish connections, reboot, get stuck, go to console, reboot.

I've disabled ipfs for now ('ipfs=NO' in /etc/rc.conf), since I much
prefer remote rebooting to non-working ipfs. With 4.1.2 ipfs was
pretty much like it has been this summer: did not work properly, but
didn't bother much either (as long as you did not reboot).
See kern/24969 for history of ipfs problems.

So, the box was left running on its own, and about seven hours later
it lost all network connectivity. After getting to the console
(no serial console, though), I found the following waiting:
(quick&brief pen&paper shorthand copy)

kernel: page fault trap, code=0
Stopped at netbsd:fr_send_icmp_err+0x18b: addl 0x8(%edx),%eax

So, I took the following trace and forced a crash dump:

db> tr
fr_send_icmp_err(...) at netbsd:fr_send_icmp_err+0x18b
fr_check
fr_check_wrapper
pfil_run_hooks
ip_input
ipintr
DDB lost frame for netbsd:Xsoftnet
Xsoftnet
-- Interrupt --

db> reboot 0x104

I didn't see any recent changes (fixes?), and noticed Martti Kuparinen
had reported some fragmentation issues. Anybody else experience similar
problems? Sound similar to anybody's previous problems? Do I just send-pr
the latter crash?


Artsi
-- 
#######======------  http://www.selonen.org/arto/  --------========########
Everstinkuja 5 B 35                               Don't mind doing it.
FIN-02600 Espoo        arto@selonen.org         Don't mind not doing it.
Finland              tel +358 50 560 4826     Don't know anything about it.