Subject: Re: patch for using pfil with bridging code
To: NetBSD tech-net mailing list <>
From: Julian Coleman <>
List: tech-net
Date: 01/16/2004 13:03:59
> After Julian mentioned he was having problems with stability using
> ipfilter with NetBSD as a bridge, I took a look at if_bridge.c and
> found two somewhat serious problems.

I tried this patch (and a few others) which make things a lot better but
there is still a problem somewhere.  Every so often, I see things like:

	qe0: invalid packet size -4; dropping
	last message repeated 210 times

with the filtering code enabled.  The machine will eventually crash
somewhere random and fsck will come across file system errors on reboot.
It looks like pool memory is getting corrupted somehow.  It's a pain to
track down, as it happens when I use the machine as my `real' firewall
and I haven't been able to reproduce it otherwise.

I don't really have any time to look at this, so I propose that we either
take the code out or mark it as broken.  Any comments?


  My other computer also runs NetBSD    /        Sailing at Newbiggin        /