On Mon, 1 Aug 2016, metalliqaz%fastmail.fm@localhost wrote:
I've been very disappointed with the quality of NetBSD 7.0.1 since I
upgraded from 6.1.5 a few weeks ago. I've been running pretty much the
same system config as my home router/NAT/firewall/server since NetBSD
1.5. I believe that's almost 15 years of ipfilter/ipnat. It has always
worked well for me... until I moved to NetBSD 7. I've had several
issues with various parts of the OS, but ipf is the one that causes
random kernel panics.
I've got to agree with you. I've been using NetBSD for commercial products
since 1996 and NetBSD 7 is the first upgrade that's got me nervous.
Kudos to developers who've helped out with USB failing to work, squid
interception, etc. The random lockups and panics with IPfilter are the
most worrying for me though:
http://gnats.netbsd.org/50168
I believe that the bugs are triggered by external packets which is why
they are random (disconnecting from the Internet stops the problems).
Machines which have been solid for months have just started locking. I
count this as a remote DoS vulnerability, but haven't yet tracked down
the triggers.
We need to support an installed base of a mix of netbsd-5 and
netbsd-7 machines. Until we complete the upgrade to netbsd-7, npf will
increase that workload because of duplication of effort. Even so as the
firewall rules are autogenerated and have been developed over a number of
years, it is not a small change to go into production systems.
-------------------------------------------------------------------------------
bash-4.3# crash -M netbsd.0.core -N netbsd.0
Crash version 7.0.1, image version 7.0.1.
System panicked: trap
Backtrace from time of crash is available.
crash> bt
_KERNEL_OPT_NARCNET() at 0
_KERNEL_OPT_ACPI_SCANPCI() at _KERNEL_OPT_ACPI_SCANPCI+0x1
vpanic() at vpanic+0x145
snprintf() at snprintf
startlwp() at startlwp
calltrap() at calltrap+0x11
ipf_frag_expire() at ipf_frag_expire+0x76
ipf_slowtimer() at ipf_slowtimer+0x15
ipf_timer_func() at ipf_timer_func+0x2d
callout_softclock() at callout_softclock+0x248
softint_dispatch() at softint_dispatch+0x7d
DDB lost frame for Xsoftintr+0x4f, trying 0xfffffe80cefcaff0
Xsoftintr() at Xsoftintr+0x4f
--- interrupt ---
0:
crash> q
bash-4.3# crash -M netbsd.1.core -N netbsd.1
Crash version 7.0.1, image version 7.0.1.
System panicked: trap
Backtrace from time of crash is available.
crash> bt
_KERNEL_OPT_NARCNET() at 0
_KERNEL_OPT_ACPI_SCANPCI() at _KERNEL_OPT_ACPI_SCANPCI+0x7
vpanic() at vpanic+0x145
snprintf() at snprintf
startlwp() at startlwp
calltrap() at calltrap+0x11
ipf_frag_delete() at ipf_frag_delete+0x74