From nobody@FreeBSD.org  Sat Jun 26 06:00:31 2010
Return-Path: <nobody@FreeBSD.org>
Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34])
	by hub.freebsd.org (Postfix) with ESMTP id 4A8921065672
	for <freebsd-gnats-submit@FreeBSD.org>; Sat, 26 Jun 2010 06:00:31 +0000 (UTC)
	(envelope-from nobody@FreeBSD.org)
Received: from www.freebsd.org (www.freebsd.org [IPv6:2001:4f8:fff6::21])
	by mx1.freebsd.org (Postfix) with ESMTP id 1FCA88FC1D
	for <freebsd-gnats-submit@FreeBSD.org>; Sat, 26 Jun 2010 06:00:31 +0000 (UTC)
Received: from www.freebsd.org (localhost [127.0.0.1])
	by www.freebsd.org (8.14.3/8.14.3) with ESMTP id o5Q60UmH067838
	for <freebsd-gnats-submit@FreeBSD.org>; Sat, 26 Jun 2010 06:00:30 GMT
	(envelope-from nobody@www.freebsd.org)
Received: (from nobody@localhost)
	by www.freebsd.org (8.14.3/8.14.3/Submit) id o5Q60Unw067837;
	Sat, 26 Jun 2010 06:00:30 GMT
	(envelope-from nobody)
Message-Id: <201006260600.o5Q60Unw067837@www.freebsd.org>
Date: Sat, 26 Jun 2010 06:00:30 GMT
From: Shant Kassardjian <pookme@hotmail.com>
To: freebsd-gnats-submit@FreeBSD.org
Subject: IPFW in kernel nat BUG found in FreeBSD 8.1-PRERELEASE
X-Send-Pr-Version: www-3.1
X-GNATS-Notify:

>Number:         148157
>Category:       kern
>Synopsis:       [ipfw] IPFW in kernel nat BUG found in FreeBSD 8.1-PRERELEASE
>Confidential:   no
>Severity:       serious
>Priority:       medium
>Responsible:    freebsd-ipfw
>State:          closed
>Quarter:        
>Keywords:       
>Date-Required:  
>Class:          sw-bug
>Submitter-Id:   current-users
>Arrival-Date:   Sat Jun 26 06:10:08 UTC 2010
>Closed-Date:    Wed Jun 22 04:57:10 UTC 2011
>Last-Modified:  Wed Jun 22 04:57:10 UTC 2011
>Originator:     Shant Kassardjian
>Release:        8.1-PRERELEASE
>Organization:
>Environment:
FreeBSD core.skylab.ca 8.1-PRERELEASE FreeBSD 8.1-PRERELEASE #0: Tue Jun 22 21:38:07 EDT 2010
>Description:
Discovered a bug while running IPFW in kernel nat and TCP redirect_port. The system does a core dump and restarts immediately. Here is what I see:

Fatal trap 12: page fault while in kernel mode
cpuid = 0; apic id = 00
fault virtual address   = 0xc
fault code              = supervisor write data, page not present
instruction pointer     = 0x20:0xffffffff801d5cd6
stack pointer           = 0x28:0xffffff8074fdf370
frame pointer           = 0x28:0xffffff8074fdf620
code segment            = base 0x0, limit 0xfffff, type 0x1b
                        = DPL 0, pres 1, long 1, def32 0, gran 1
processor eflags        = interrupt enabled, resume, IOPL = 0
current process         = 1804 (sshd)
trap number             = 12
panic: page fault
cpuid = 0
Uptime: 3m9s
Cannot dump. Device not defined or unavailable.
Automatic reboot in 15 seconds - press a key on the console to abort
>How-To-Repeat:
Problem can be replicated by creating a test ipfw policy:

ipfw add 001 nat 100 ip from any to any via em0
ipfw nat 100 config ip 192.168.1.104 redirect_port tcp 172.25.1.1:22 22

kernel options:

options         HZ=1000
options         DUMMYNET
options         IPDIVERT
options         IPFIREWALL
options         LIBALIAS
options         IPFIREWALL_NAT
options         IPFIREWALL_FORWARD
options         IPFIREWALL_VERBOSE
options         IPFIREWALL_VERBOSE_LIMIT=5
options         IPFIREWALL_DEFAULT_TO_ACCEPT

sysctl settings:
kern.ipc.maxsockbuf=16777216
kern.ipc.nmbclusters=32768
kern.ipc.somaxconn=32768
kern.maxfiles=65536
kern.maxfilesperproc=32768
kern.maxvnodes=800000
net.inet.tcp.delayed_ack=0
net.inet.tcp.inflight.enable=0
net.inet.tcp.path_mtu_discovery=0
net.inet.tcp.recvbuf_auto=1
net.inet.tcp.recvbuf_inc=524288
net.inet.tcp.recvbuf_max=16777216
net.inet.tcp.recvspace=65536
net.inet.tcp.rfc1323=1
net.inet.tcp.sendbuf_auto=1
net.inet.tcp.sendbuf_inc=524288
net.inet.tcp.sendspace=65536
net.inet.udp.maxdgram=57344
net.inet.udp.recvspace=65536
net.local.stream.recvspace=65536
net.inet.tcp.sendbuf_max=16777216
net.inet.tcp.mssdflt=1460
net.link.bridge.ipfw=1
net.inet.ip.fw.one_pass=0
net.inet.ip.dummynet.io_fast=1
net.inet.ip.dummynet.hash_size=64
>Fix:
Using /etc/rc.d/natd 

with config /etc/natd.conf

port 8668
interface em0
redirect_port tcp 172.25.1.1:22     22
redirect_port tcp 172.25.1.10:3389  3389

>Release-Note:
>Audit-Trail:

From: Garrett Cooper <yanefbsd@gmail.com>
To: Shant Kassardjian <pookme@hotmail.com>
Cc: freebsd-gnats-submit@freebsd.org
Subject: Re: amd64/148157: IPFW in kernel nat BUG found in FreeBSD 
	8.1-PRERELEASE
Date: Sat, 26 Jun 2010 11:52:01 -0700

 Hi,
     Do you have a backtrace for the issue (bt from ddb, or the
 equivalent bt from kgdb)? I'm asking because I saw various issues
 running with in kernel nat as well in various bits of the kernel --
 one was the ip routing code, one was the ipfw_nat code, and the other
 was the network driver that I was using, bce(4). All items suggested
 that there's a locking issue. The reference to the mail thread I
 started is here:
 http://lists.freebsd.org/pipermail/freebsd-net/2010-June/025594.html
 (note that it's an issue with 8.1-* and 9-CURRENT).
 Thanks,
 -Garrett
Responsible-Changed-From-To: freebsd-amd64->freebsd-ipfw 
Responsible-Changed-By: linimon 
Responsible-Changed-When: Sun Jun 27 04:21:37 UTC 2010 
Responsible-Changed-Why:  
Over to maintainer(s). 

http://www.freebsd.org/cgi/query-pr.cgi?pr=148157 

From: Shant Kassardjian <pookme@hotmail.com>
To: <yanefbsd@gmail.com>
Cc: <freebsd-gnats-submit@freebsd.org>
Subject: RE: amd64/148157: IPFW in kernel nat BUG found in FreeBSD
 	8.1-PRERELEASE
Date: Sun, 27 Jun 2010 06:47:13 +0000

 --_2b7ea459-4f83-4d6d-bb13-f83fbb741e5c_
 Content-Type: text/plain; charset="iso-8859-1"
 Content-Transfer-Encoding: quoted-printable
 
 
 Hi Garrett=2C
 
 
 I just tried to perform a kernel dump with dumpdev=3D"YES" and had no luck=
 =2C I keep getting:
 
 
 Cannot dump. Device not defined or unavailable.
 
 
 my custom kernel is set to disable:
 
 
 #options        KTRACE                  # ktrace(1) support
 
 #options        KDTRACE_FRAME           # Ensure frames are compiled in
 #options        KDTRACE_HOOKS           # Kernel DTrace hooks
 
 
 must recompile kernel to enable tracing?=20
 
 
 I'm currently using the intel pro 1000 chipset / em0 driver=2C I've been ex=
 periencing all sorts of network stability problems for a while now(ever sin=
 ce I upgrade to stable a month ago). It looks like the em0 driver for amd64=
  needs alot of work however a couple of days ago when I recompiled my box t=
 o the latest stable 8.1-prerelease I saw alot of improvments and my ipfw/du=
 mmynet firewall seems to be running stable with no crashes/lockups so far..=
 .=20
 
 
 It is very easy for me to replicate the in nat kernel problem=2C i just can=
 t get a dump to provide you the additional info.
 
 
 Let me know how I can help.
 
 
 
 
 Thanks=2C
 Shant K
 
 
 
 > Date: Sat=2C 26 Jun 2010 11:52:01 -0700
 > Subject: Re: amd64/148157: IPFW in kernel nat BUG found in FreeBSD 	8.1-P=
 RERELEASE
 > From: yanefbsd@gmail.com
 > To: pookme@hotmail.com
 > CC: freebsd-gnats-submit@freebsd.org
 >=20
 > Hi=2C
 >     Do you have a backtrace for the issue (bt from ddb=2C or the
 > equivalent bt from kgdb)? I'm asking because I saw various issues
 > running with in kernel nat as well in various bits of the kernel --
 > one was the ip routing code=2C one was the ipfw_nat code=2C and the other
 > was the network driver that I was using=2C bce(4). All items suggested
 > that there's a locking issue. The reference to the mail thread I
 > started is here:
 > http://lists.freebsd.org/pipermail/freebsd-net/2010-June/025594.html
 > (note that it's an issue with 8.1-* and 9-CURRENT).
 > Thanks=2C
 > -Garrett
  		 	   		 =20
 _________________________________________________________________
 Turn down-time into play-time with Messenger games
 http://go.microsoft.com/?linkid=3D9734385=
 
 --_2b7ea459-4f83-4d6d-bb13-f83fbb741e5c_
 Content-Type: text/html; charset="iso-8859-1"
 Content-Transfer-Encoding: quoted-printable
 
 <html>
 <head>
 <style><!--
 .hmmessage P
 {
 margin:0px=3B
 padding:0px
 }
 body.hmmessage
 {
 font-size: 10pt=3B
 font-family:Verdana
 }
 --></style>
 </head>
 <body class=3D'hmmessage'>
 Hi Garrett=2C<BR><BR><BR>I just tried to perform a kernel dump with dumpdev=
 =3D"YES" and had no luck=2C I keep getting:<BR><BR><BR>Cannot dump. Device =
 not defined or unavailable.<BR><BR><BR>my custom kernel is set to disable:<=
 BR><BR><BR>#options        KTRACE                  # ktrace(1) support<BR><=
 BR>#options        KDTRACE_FRAME           # Ensure frames are compiled in<=
 BR>#options        KDTRACE_HOOKS           # Kernel DTrace hooks<BR><BR><BR=
 >must recompile kernel to enable tracing?=A0<BR><BR><BR>I'm currently using=
  the intel pro 1000 chipset / em0 driver=2C I've been experiencing all sort=
 s of network stability problems for a while now(ever since I upgrade to sta=
 ble a month ago). It looks like the em0 driver for amd64 needs alot of work=
  however a couple of days ago when I recompiled my box to the latest stable=
  8.1-prerelease I saw alot of improvments and my ipfw/dummynet firewall see=
 ms to be running stable with no crashes/lockups so far...=A0<BR><BR><BR>It =
 is very easy for me to replicate the in nat kernel problem=2C i just cant g=
 et a dump to provide you the additional info.<BR><BR><BR>Let me know how I =
 can help.<BR><BR><BR><BR><BR>Thanks=2C<BR>Shant K<BR><BR><BR><BR>&gt=3B Dat=
 e: Sat=2C 26 Jun 2010 11:52:01 -0700<BR>&gt=3B Subject: Re: amd64/148157: I=
 PFW in kernel nat BUG found in FreeBSD 	8.1-PRERELEASE<BR>&gt=3B From: yane=
 fbsd@gmail.com<BR>&gt=3B To: pookme@hotmail.com<BR>&gt=3B CC: freebsd-gnats=
 -submit@freebsd.org<BR>&gt=3B <BR>&gt=3B Hi=2C<BR>&gt=3B     Do you have a =
 backtrace for the issue (bt from ddb=2C or the<BR>&gt=3B equivalent bt from=
  kgdb)? I'm asking because I saw various issues<BR>&gt=3B running with in k=
 ernel nat as well in various bits of the kernel --<BR>&gt=3B one was the ip=
  routing code=2C one was the ipfw_nat code=2C and the other<BR>&gt=3B was t=
 he network driver that I was using=2C bce(4). All items suggested<BR>&gt=3B=
  that there's a locking issue. The reference to the mail thread I<BR>&gt=3B=
  started is here:<BR>&gt=3B http://lists.freebsd.org/pipermail/freebsd-net/=
 2010-June/025594.html<BR>&gt=3B (note that it's an issue with 8.1-* and 9-C=
 URRENT).<BR>&gt=3B Thanks=2C<BR>&gt=3B -Garrett<BR> 		 	   		  <br /><hr />=
 Your Photo on Bing.ca: You Could WIN on Canada Day! <a href=3D'http://go.mi=
 crosoft.com/?linkid=3D9734380' target=3D'_new'>Submit a Photo Now! </a></bo=
 dy>
 </html>=
 
 --_2b7ea459-4f83-4d6d-bb13-f83fbb741e5c_--

From: Garrett Cooper <yanefbsd@gmail.com>
To: Shant Kassardjian <pookme@hotmail.com>
Cc: freebsd-gnats-submit@freebsd.org
Subject: Re: amd64/148157: IPFW in kernel nat BUG found in FreeBSD 
	8.1-PRERELEASE
Date: Sun, 27 Jun 2010 00:04:16 -0700

 Hi Shant,
     Please bottom post from here on out.
 
 On Sat, Jun 26, 2010 at 11:47 PM, Shant Kassardjian <pookme@hotmail.com> wrote:
 > Hi Garrett,
 >
 >
 > I just tried to perform a kernel dump with dumpdev="YES" and had no luck, I
 > keep getting:
 
 dumpdev="<blah>" always appears to fail to me as well (contrary to
 what others have claimed). Try doing the following after booting up:
 
 dumpon `awk '$3 == swap { print $1 }'`
 
 Then you'll be able to reproduce the problem and grab the resulting
 kernel core dump.
 
 > Cannot dump. Device not defined or unavailable.
 >
 > my custom kernel is set to disable:
 >
 >
 > #options KTRACE # ktrace(1) support
 >
 > #options KDTRACE_FRAME # Ensure frames are compiled in
 > #options KDTRACE_HOOKS # Kernel DTrace hooks
 >
 > must recompile kernel to enable tracing?
 
 No.
 
 > I'm currently using the intel pro 1000 chipset / em0 driver, I've been
 > experiencing all sorts of network stability problems for a while now(ever
 > since I upgrade to stable a month ago). It looks like the em0 driver for
 > amd64 needs alot of work however a couple of days ago when I recompiled my
 > box to the latest stable 8.1-prerelease I saw alot of improvments and my
 > ipfw/dummynet firewall seems to be running stable with no crashes/lockups so
 > far...
 >
 >
 > It is very easy for me to replicate the in nat kernel problem, i just cant
 > get a dump to provide you the additional info.

From: Shant Kassardjian <pookme@hotmail.com>
To: <yanefbsd@gmail.com>
Cc: <freebsd-gnats-submit@freebsd.org>
Subject: RE: amd64/148157: IPFW in kernel nat BUG found in FreeBSD
 	8.1-PRERELEASE
Date: Sun, 27 Jun 2010 18:25:25 +0000

 --_43033f25-eecb-4513-8fa9-20d8fad19493_
 Content-Type: text/plain; charset="iso-8859-1"
 Content-Transfer-Encoding: quoted-printable
 
 
 
 
 > Date: Sun=2C 27 Jun 2010 00:04:16 -0700
 > Subject: Re: amd64/148157: IPFW in kernel nat BUG found in FreeBSD 	8.1-P=
 RERELEASE
 > From: yanefbsd@gmail.com
 > To: pookme@hotmail.com
 > CC: freebsd-gnats-submit@freebsd.org
 >=20
 > Hi Shant=2C
 >     Please bottom post from here on out.
 >=20
 > On Sat=2C Jun 26=2C 2010 at 11:47 PM=2C Shant Kassardjian <pookme@hotmail=
 .com> wrote:
 > > Hi Garrett=2C
 > >
 > >
 > > I just tried to perform a kernel dump with dumpdev=3D"YES" and had no l=
 uck=2C I
 > > keep getting:
 >=20
 > dumpdev=3D"<blah>" always appears to fail to me as well (contrary to
 > what others have claimed). Try doing the following after booting up:
 >=20
 > dumpon `awk '$3 =3D=3D swap { print $1 }'`
 >=20
 > Then you'll be able to reproduce the problem and grab the resulting
 > kernel core dump.
 
 
 Hi Garrett=2C
 
 
 I still can't get it to dump. Perhaps it's because my system does not have =
 any swap space allocated?
 
 
 Here's what I added in my /etc/rc.conf to simulate an swap device:
 
 
 dumpdev=3D"YES"
 dumpdir=3D"/home/crash/"
 swapfile=3D"/home/crash/swap0"
 
 Then I ran:
 
 core# sh /tmp/ipfw_test                                                    =
    ~
 00001 nat 100 ip from any to any via em0
 ipfw nat 100 config ip 192.168.1.104 redirect_port tcp 172.25.1.1:22 22
 core# dumpon `awk '$3 =3D=3D swap { print $1 }'`                           =
        ~
 
 
 Fatal trap 12: page fault while in kernel mode
 cpuid =3D 0=3B apic id =3D 00
 fault virtual address   =3D 0xc
 fault code              =3D supervisor write data=2C page not present
 instruction pointer     =3D 0x20:0xffffffff801d5cd6
 stack pointer           =3D 0x28:0xffffff8074fbc370
 frame pointer           =3D 0x28:0xffffff8074fbc620
 code segment            =3D base 0x0=2C limit 0xfffff=2C type 0x1b
                         =3D DPL 0=2C pres 1=2C long 1=2C def32 0=2C gran 1
 processor eflags        =3D interrupt enabled=2C resume=2C IOPL =3D 0
 current process         =3D 1818 (sshd)
 trap number             =3D 12
 panic: page fault
 cpuid =3D 0
 Uptime: 2m36s
 Cannot dump. Device not defined or unavailable.
 Automatic reboot in 15 seconds - press a key on the console to abort
 
 
 I'm still getting the "Cannot dump" error message=2C any idea what I can do=
  next?
 
 
 Many thanks.
 Shant K
 
 >=20
 > > Cannot dump. Device not defined or unavailable.
 > >
 > > my custom kernel is set to disable:
 > >
 > >
 > > #options KTRACE # ktrace(1) support
 > >
 > > #options KDTRACE_FRAME # Ensure frames are compiled in
 > > #options KDTRACE_HOOKS # Kernel DTrace hooks
 > >
 > > must recompile kernel to enable tracing?
 >=20
 > No.
 >=20
 > > I'm currently using the intel pro 1000 chipset / em0 driver=2C I've bee=
 n
 > > experiencing all sorts of network stability problems for a while now(ev=
 er
 > > since I upgrade to stable a month ago). It looks like the em0 driver fo=
 r
 > > amd64 needs alot of work however a couple of days ago when I recompiled=
  my
 > > box to the latest stable 8.1-prerelease I saw alot of improvments and m=
 y
 > > ipfw/dummynet firewall seems to be running stable with no crashes/locku=
 ps so
 > > far...
 > >
 > >
 > > It is very easy for me to replicate the in nat kernel problem=2C i just=
  cant
 > > get a dump to provide you the additional info.
  		 	   		 =20
 _________________________________________________________________
 Learn more ways to connect with your buddies now
 http://go.microsoft.com/?linkid=3D9734388=
 
 --_43033f25-eecb-4513-8fa9-20d8fad19493_
 Content-Type: text/html; charset="iso-8859-1"
 Content-Transfer-Encoding: quoted-printable
 
 <html>
 <head>
 <style><!--
 .hmmessage P
 {
 margin:0px=3B
 padding:0px
 }
 body.hmmessage
 {
 font-size: 10pt=3B
 font-family:Verdana
 }
 --></style>
 </head>
 <body class=3D'hmmessage'>
 <BR><BR>&gt=3B Date: Sun=2C 27 Jun 2010 00:04:16 -0700<BR>&gt=3B Subject: R=
 e: amd64/148157: IPFW in kernel nat BUG found in FreeBSD 	8.1-PRERELEASE<BR=
 >&gt=3B From: yanefbsd@gmail.com<BR>&gt=3B To: pookme@hotmail.com<BR>&gt=3B=
  CC: freebsd-gnats-submit@freebsd.org<BR>&gt=3B <BR>&gt=3B Hi Shant=2C<BR>&=
 gt=3B     Please bottom post from here on out.<BR>&gt=3B <BR>&gt=3B On Sat=
 =2C Jun 26=2C 2010 at 11:47 PM=2C Shant Kassardjian &lt=3Bpookme@hotmail.co=
 m&gt=3B wrote:<BR>&gt=3B &gt=3B Hi Garrett=2C<BR>&gt=3B &gt=3B<BR>&gt=3B &g=
 t=3B<BR>&gt=3B &gt=3B I just tried to perform a kernel dump with dumpdev=3D=
 "YES" and had no luck=2C I<BR>&gt=3B &gt=3B keep getting:<BR>&gt=3B <BR>&gt=
 =3B dumpdev=3D"&lt=3Bblah&gt=3B" always appears to fail to me as well (cont=
 rary to<BR>&gt=3B what others have claimed). Try doing the following after =
 booting up:<BR>&gt=3B <BR>&gt=3B dumpon `awk '$3 =3D=3D swap { print $1 }'`=
 <BR>&gt=3B <BR>&gt=3B Then you'll be able to reproduce the problem and grab=
  the resulting<BR>&gt=3B kernel core dump.<BR><BR><BR>Hi Garrett=2C<BR><BR>=
 <BR>I still can't get it to dump. Perhaps it's because my system does not h=
 ave any swap space allocated?<BR><BR><BR>Here's what I added in my /etc/rc.=
 conf to simulate an swap device:<BR><BR><BR>dumpdev=3D"YES"<BR>dumpdir=3D"/=
 home/crash/"<BR>swapfile=3D"/home/crash/swap0"<BR><BR>Then I ran:<BR><BR>co=
 re# sh /tmp/ipfw_test                                                      =
  ~<BR>00001 nat 100 ip from any to any via em0<BR>ipfw nat 100 config ip 19=
 2.168.1.104 redirect_port tcp 172.25.1.1:22 22<BR>core# dumpon `awk '$3 =3D=
 =3D swap { print $1 }'`                                  ~<BR><BR><BR>Fatal=
  trap 12: page fault while in kernel mode<BR>cpuid =3D 0=3B apic id =3D 00<=
 BR>fault virtual address   =3D 0xc<BR>fault code              =3D superviso=
 r write data=2C page not present<BR>instruction pointer     =3D 0x20:0xffff=
 ffff801d5cd6<BR>stack pointer           =3D 0x28:0xffffff8074fbc370<BR>fram=
 e pointer           =3D 0x28:0xffffff8074fbc620<BR>code segment            =
 =3D base 0x0=2C limit 0xfffff=2C type 0x1b<BR>                        =3D D=
 PL 0=2C pres 1=2C long 1=2C def32 0=2C gran 1<BR>processor eflags        =
 =3D interrupt enabled=2C resume=2C IOPL =3D 0<BR>current process         =
 =3D 1818 (sshd)<BR>trap number             =3D 12<BR>panic: page fault<BR>c=
 puid =3D 0<BR>Uptime: 2m36s<BR>Cannot dump. Device not defined or unavailab=
 le.<BR>Automatic reboot in 15 seconds - press a key on the console to abort=
 <BR><BR><BR>I'm still getting the "Cannot dump" error message=2C any idea w=
 hat I can do next?<BR><BR><BR>Many thanks.<BR>Shant K<BR><BR>&gt=3B <BR>&gt=
 =3B &gt=3B Cannot dump. Device not defined or unavailable.<BR>&gt=3B &gt=3B=
 <BR>&gt=3B &gt=3B my custom kernel is set to disable:<BR>&gt=3B &gt=3B<BR>&=
 gt=3B &gt=3B<BR>&gt=3B &gt=3B #options KTRACE # ktrace(1) support<BR>&gt=3B=
  &gt=3B<BR>&gt=3B &gt=3B #options KDTRACE_FRAME # Ensure frames are compile=
 d in<BR>&gt=3B &gt=3B #options KDTRACE_HOOKS # Kernel DTrace hooks<BR>&gt=
 =3B &gt=3B<BR>&gt=3B &gt=3B must recompile kernel to enable tracing?<BR>&gt=
 =3B <BR>&gt=3B No.<BR>&gt=3B <BR>&gt=3B &gt=3B I'm currently using the inte=
 l pro 1000 chipset / em0 driver=2C I've been<BR>&gt=3B &gt=3B experiencing =
 all sorts of network stability problems for a while now(ever<BR>&gt=3B &gt=
 =3B since I upgrade to stable a month ago). It looks like the em0 driver fo=
 r<BR>&gt=3B &gt=3B amd64 needs alot of work however a couple of days ago wh=
 en I recompiled my<BR>&gt=3B &gt=3B box to the latest stable 8.1-prerelease=
  I saw alot of improvments and my<BR>&gt=3B &gt=3B ipfw/dummynet firewall s=
 eems to be running stable with no crashes/lockups so<BR>&gt=3B &gt=3B far..=
 .<BR>&gt=3B &gt=3B<BR>&gt=3B &gt=3B<BR>&gt=3B &gt=3B It is very easy for me=
  to replicate the in nat kernel problem=2C i just cant<BR>&gt=3B &gt=3B get=
  a dump to provide you the additional info.<BR> 		 	   		  <br /><hr />Ente=
 r for a chance to get your town photo on Bing.ca! <a href=3D'http://go.micr=
 osoft.com/?linkid=3D9734383' target=3D'_new'>Submit a Photo Now! </a></body=
 >
 </html>=
 
 --_43033f25-eecb-4513-8fa9-20d8fad19493_--

From: Garrett Cooper <yanefbsd@gmail.com>
To: Shant Kassardjian <pookme@hotmail.com>
Cc: bug-followup@freebsd.org
Subject: Re: amd64/148157: IPFW in kernel nat BUG found in FreeBSD 
	8.1-PRERELEASE
Date: Sun, 27 Jun 2010 11:27:42 -0700

 On Sun, Jun 27, 2010 at 11:25 AM, Shant Kassardjian <pookme@hotmail.com> wrote:
 >
 >
 >> Date: Sun, 27 Jun 2010 00:04:16 -0700
 >> Subject: Re: amd64/148157: IPFW in kernel nat BUG found in FreeBSD
 >> 8.1-PRERELEASE
 >> From: yanefbsd@gmail.com
 >> To: pookme@hotmail.com
 >> CC: freebsd-gnats-submit@freebsd.org
 >>
 >> Hi Shant,
 >> Please bottom post from here on out.
 >>
 >> On Sat, Jun 26, 2010 at 11:47 PM, Shant Kassardjian <pookme@hotmail.com>
 >> wrote:
 >> > Hi Garrett,
 >> >
 >> >
 >> > I just tried to perform a kernel dump with dumpdev="YES" and had no
 >> > luck, I
 >> > keep getting:
 >>
 >> dumpdev="<blah>" always appears to fail to me as well (contrary to
 >> what others have claimed). Try doing the following after booting up:
 >>
 >> dumpon `awk '$3 == swap { print $1 }'`
 >>
 >> Then you'll be able to reproduce the problem and grab the resulting
 >> kernel core dump.
 >
 >
 > Hi Garrett,
 >
 >
 > I still can't get it to dump. Perhaps it's because my system does not have
 > any swap space allocated?
 >
 >
 > Here's what I added in my /etc/rc.conf to simulate an swap device:
 >
 >
 > dumpdev="YES"
 > dumpdir="/home/crash/"
 > swapfile="/home/crash/swap0"
 >
 > Then I ran:
 >
 > core# sh /tmp/ipfw_test ~
 > 00001 nat 100 ip from any to any via em0
 > ipfw nat 100 config ip 192.168.1.104 redirect_port tcp 172.25.1.1:22 22
 > core# dumpon `awk '$3 == swap { print $1 }'` ~
 >
 >
 > Fatal trap 12: page fault while in kernel mode
 > cpuid = 0; apic id = 00
 > fault virtual address = 0xc
 > fault code = supervisor write data, page not present
 > instruction pointer = 0x20:0xffffffff801d5cd6
 > stack pointer = 0x28:0xffffff8074fbc370
 > frame pointer = 0x28:0xffffff8074fbc620
 > code segment = base 0x0, limit 0xfffff, type 0x1b
 > = DPL 0, pres 1, long 1, def32 0, gran 1
 > processor eflags = interrupt enabled, resume, IOPL = 0
 > current process = 1818 (sshd)
 > trap number = 12
 > panic: page fault
 > cpuid = 0
 > Uptime: 2m36s
 > Cannot dump. Device not defined or unavailable.
 > Automatic reboot in 15 seconds - press a key on the console to abort
 >
 >
 > I'm still getting the "Cannot dump" error message, any idea what I can do
 > next?
 
 Yeah.. you need a swap device otherwise you're not going to be able to
 get a coredump...
 
 >> > Cannot dump. Device not defined or unavailable.
 >> >
 >> > my custom kernel is set to disable:
 >> >
 >> >
 >> > #options KTRACE # ktrace(1) support
 >> >
 >> > #options KDTRACE_FRAME # Ensure frames are compiled in
 >> > #options KDTRACE_HOOKS # Kernel DTrace hooks
 >> >
 >> > must recompile kernel to enable tracing?
 >>
 >> No.
 >>
 >> > I'm currently using the intel pro 1000 chipset / em0 driver, I've been
 >> > experiencing all sorts of network stability problems for a while
 >> > now(ever
 >> > since I upgrade to stable a month ago). It looks like the em0 driver for
 >> > amd64 needs alot of work however a couple of days ago when I recompiled
 >> > my
 >> > box to the latest stable 8.1-prerelease I saw alot of improvments and my
 >> > ipfw/dummynet firewall seems to be running stable with no
 >> > crashes/lockups so
 >> > far...
 >> >
 >> >
 >> > It is very easy for me to replicate the in nat kernel problem, i just
 >> > cant
 >> > get a dump to provide you the additional info.

From: Shant Kassardjian <pookme@hotmail.com>
To: <yanefbsd@gmail.com>
Cc: <bug-followup@freebsd.org>
Subject: RE: amd64/148157: IPFW in kernel nat BUG found in FreeBSD
 	8.1-PRERELEASE
Date: Wed, 30 Jun 2010 03:41:44 +0000

 --_6eb28895-d6d3-44cd-8867-bfa249256909_
 Content-Type: text/plain; charset="iso-8859-1"
 Content-Transfer-Encoding: quoted-printable
 
 
 Hi Garette=2C
 
 
 Just to let you know=2C I will follow these steps from the FreeBSD handbook=
  for adding swap space to my system http://www.freebsd.org/doc/en/books/han=
 dbook/adding-swap-space.html If all goes well=2C I should have an update wi=
 th some debug logs.
 
 
 I've been very busy lately...
 
 
 best regards=2C
 Shant K
 
 > Date: Sun=2C 27 Jun 2010 11:27:42 -0700
 > Subject: Re: amd64/148157: IPFW in kernel nat BUG found in FreeBSD 	8.1-P=
 RERELEASE
 > From: yanefbsd@gmail.com
 > To: pookme@hotmail.com
 > CC: bug-followup@freebsd.org
 >=20
 > On Sun=2C Jun 27=2C 2010 at 11:25 AM=2C Shant Kassardjian <pookme@hotmail=
 .com> wrote:
 > >
 > >
 > >> Date: Sun=2C 27 Jun 2010 00:04:16 -0700
 > >> Subject: Re: amd64/148157: IPFW in kernel nat BUG found in FreeBSD
 > >> 8.1-PRERELEASE
 > >> From: yanefbsd@gmail.com
 > >> To: pookme@hotmail.com
 > >> CC: freebsd-gnats-submit@freebsd.org
 > >>
 > >> Hi Shant=2C
 > >> Please bottom post from here on out.
 > >>
 > >> On Sat=2C Jun 26=2C 2010 at 11:47 PM=2C Shant Kassardjian <pookme@hotm=
 ail.com>
 > >> wrote:
 > >> > Hi Garrett=2C
 > >> >
 > >> >
 > >> > I just tried to perform a kernel dump with dumpdev=3D"YES" and had n=
 o
 > >> > luck=2C I
 > >> > keep getting:
 > >>
 > >> dumpdev=3D"<blah>" always appears to fail to me as well (contrary to
 > >> what others have claimed). Try doing the following after booting up:
 > >>
 > >> dumpon `awk '$3 =3D=3D swap { print $1 }'`
 > >>
 > >> Then you'll be able to reproduce the problem and grab the resulting
 > >> kernel core dump.
 > >
 > >
 > > Hi Garrett=2C
 > >
 > >
 > > I still can't get it to dump. Perhaps it's because my system does not h=
 ave
 > > any swap space allocated?
 > >
 > >
 > > Here's what I added in my /etc/rc.conf to simulate an swap device:
 > >
 > >
 > > dumpdev=3D"YES"
 > > dumpdir=3D"/home/crash/"
 > > swapfile=3D"/home/crash/swap0"
 > >
 > > Then I ran:
 > >
 > > core# sh /tmp/ipfw_test ~
 > > 00001 nat 100 ip from any to any via em0
 > > ipfw nat 100 config ip 192.168.1.104 redirect_port tcp 172.25.1.1:22 22
 > > core# dumpon `awk '$3 =3D=3D swap { print $1 }'` ~
 > >
 > >
 > > Fatal trap 12: page fault while in kernel mode
 > > cpuid =3D 0=3B apic id =3D 00
 > > fault virtual address =3D 0xc
 > > fault code =3D supervisor write data=2C page not present
 > > instruction pointer =3D 0x20:0xffffffff801d5cd6
 > > stack pointer =3D 0x28:0xffffff8074fbc370
 > > frame pointer =3D 0x28:0xffffff8074fbc620
 > > code segment =3D base 0x0=2C limit 0xfffff=2C type 0x1b
 > > =3D DPL 0=2C pres 1=2C long 1=2C def32 0=2C gran 1
 > > processor eflags =3D interrupt enabled=2C resume=2C IOPL =3D 0
 > > current process =3D 1818 (sshd)
 > > trap number =3D 12
 > > panic: page fault
 > > cpuid =3D 0
 > > Uptime: 2m36s
 > > Cannot dump. Device not defined or unavailable.
 > > Automatic reboot in 15 seconds - press a key on the console to abort
 > >
 > >
 > > I'm still getting the "Cannot dump" error message=2C any idea what I ca=
 n do
 > > next?
 >=20
 > Yeah.. you need a swap device otherwise you're not going to be able to
 > get a coredump...
 >=20
 > >> > Cannot dump. Device not defined or unavailable.
 > >> >
 > >> > my custom kernel is set to disable:
 > >> >
 > >> >
 > >> > #options KTRACE # ktrace(1) support
 > >> >
 > >> > #options KDTRACE_FRAME # Ensure frames are compiled in
 > >> > #options KDTRACE_HOOKS # Kernel DTrace hooks
 > >> >
 > >> > must recompile kernel to enable tracing?
 > >>
 > >> No.
 > >>
 > >> > I'm currently using the intel pro 1000 chipset / em0 driver=2C I've =
 been
 > >> > experiencing all sorts of network stability problems for a while
 > >> > now(ever
 > >> > since I upgrade to stable a month ago). It looks like the em0 driver=
  for
 > >> > amd64 needs alot of work however a couple of days ago when I recompi=
 led
 > >> > my
 > >> > box to the latest stable 8.1-prerelease I saw alot of improvments an=
 d my
 > >> > ipfw/dummynet firewall seems to be running stable with no
 > >> > crashes/lockups so
 > >> > far...
 > >> >
 > >> >
 > >> > It is very easy for me to replicate the in nat kernel problem=2C i j=
 ust
 > >> > cant
 > >> > get a dump to provide you the additional info.
  		 	   		 =20
 _________________________________________________________________
 Turn down-time into play-time with Messenger games
 http://go.microsoft.com/?linkid=3D9734385=
 
 --_6eb28895-d6d3-44cd-8867-bfa249256909_
 Content-Type: text/html; charset="iso-8859-1"
 Content-Transfer-Encoding: quoted-printable
 
 <html>
 <head>
 <style><!--
 .hmmessage P
 {
 margin:0px=3B
 padding:0px
 }
 body.hmmessage
 {
 font-size: 10pt=3B
 font-family:Verdana
 }
 --></style>
 </head>
 <body class=3D'hmmessage'>
 Hi Garette=2C<BR><BR><BR>Just to let you know=2C I will follow these steps =
 from the FreeBSD handbook for adding swap space to my system http://www.fre=
 ebsd.org/doc/en/books/handbook/adding-swap-space.html If all goes well=2C I=
  should have an update with some debug logs.<BR><BR><BR>I've been very busy=
  lately...<BR><BR><BR>best regards=2C<BR>Shant K<BR><BR>&gt=3B Date: Sun=2C=
  27 Jun 2010 11:27:42 -0700<BR>&gt=3B Subject: Re: amd64/148157: IPFW in ke=
 rnel nat BUG found in FreeBSD 	8.1-PRERELEASE<BR>&gt=3B From: yanefbsd@gmai=
 l.com<BR>&gt=3B To: pookme@hotmail.com<BR>&gt=3B CC: bug-followup@freebsd.o=
 rg<BR>&gt=3B <BR>&gt=3B On Sun=2C Jun 27=2C 2010 at 11:25 AM=2C Shant Kassa=
 rdjian &lt=3Bpookme@hotmail.com&gt=3B wrote:<BR>&gt=3B &gt=3B<BR>&gt=3B &gt=
 =3B<BR>&gt=3B &gt=3B&gt=3B Date: Sun=2C 27 Jun 2010 00:04:16 -0700<BR>&gt=
 =3B &gt=3B&gt=3B Subject: Re: amd64/148157: IPFW in kernel nat BUG found in=
  FreeBSD<BR>&gt=3B &gt=3B&gt=3B 8.1-PRERELEASE<BR>&gt=3B &gt=3B&gt=3B From:=
  yanefbsd@gmail.com<BR>&gt=3B &gt=3B&gt=3B To: pookme@hotmail.com<BR>&gt=3B=
  &gt=3B&gt=3B CC: freebsd-gnats-submit@freebsd.org<BR>&gt=3B &gt=3B&gt=3B<B=
 R>&gt=3B &gt=3B&gt=3B Hi Shant=2C<BR>&gt=3B &gt=3B&gt=3B Please bottom post=
  from here on out.<BR>&gt=3B &gt=3B&gt=3B<BR>&gt=3B &gt=3B&gt=3B On Sat=2C =
 Jun 26=2C 2010 at 11:47 PM=2C Shant Kassardjian &lt=3Bpookme@hotmail.com&gt=
 =3B<BR>&gt=3B &gt=3B&gt=3B wrote:<BR>&gt=3B &gt=3B&gt=3B &gt=3B Hi Garrett=
 =2C<BR>&gt=3B &gt=3B&gt=3B &gt=3B<BR>&gt=3B &gt=3B&gt=3B &gt=3B<BR>&gt=3B &=
 gt=3B&gt=3B &gt=3B I just tried to perform a kernel dump with dumpdev=3D"YE=
 S" and had no<BR>&gt=3B &gt=3B&gt=3B &gt=3B luck=2C I<BR>&gt=3B &gt=3B&gt=
 =3B &gt=3B keep getting:<BR>&gt=3B &gt=3B&gt=3B<BR>&gt=3B &gt=3B&gt=3B dump=
 dev=3D"&lt=3Bblah&gt=3B" always appears to fail to me as well (contrary to<=
 BR>&gt=3B &gt=3B&gt=3B what others have claimed). Try doing the following a=
 fter booting up:<BR>&gt=3B &gt=3B&gt=3B<BR>&gt=3B &gt=3B&gt=3B dumpon `awk =
 '$3 =3D=3D swap { print $1 }'`<BR>&gt=3B &gt=3B&gt=3B<BR>&gt=3B &gt=3B&gt=
 =3B Then you'll be able to reproduce the problem and grab the resulting<BR>=
 &gt=3B &gt=3B&gt=3B kernel core dump.<BR>&gt=3B &gt=3B<BR>&gt=3B &gt=3B<BR>=
 &gt=3B &gt=3B Hi Garrett=2C<BR>&gt=3B &gt=3B<BR>&gt=3B &gt=3B<BR>&gt=3B &gt=
 =3B I still can't get it to dump. Perhaps it's because my system does not h=
 ave<BR>&gt=3B &gt=3B any swap space allocated?<BR>&gt=3B &gt=3B<BR>&gt=3B &=
 gt=3B<BR>&gt=3B &gt=3B Here's what I added in my /etc/rc.conf to simulate a=
 n swap device:<BR>&gt=3B &gt=3B<BR>&gt=3B &gt=3B<BR>&gt=3B &gt=3B dumpdev=
 =3D"YES"<BR>&gt=3B &gt=3B dumpdir=3D"/home/crash/"<BR>&gt=3B &gt=3B swapfil=
 e=3D"/home/crash/swap0"<BR>&gt=3B &gt=3B<BR>&gt=3B &gt=3B Then I ran:<BR>&g=
 t=3B &gt=3B<BR>&gt=3B &gt=3B core# sh /tmp/ipfw_test ~<BR>&gt=3B &gt=3B 000=
 01 nat 100 ip from any to any via em0<BR>&gt=3B &gt=3B ipfw nat 100 config =
 ip 192.168.1.104 redirect_port tcp 172.25.1.1:22 22<BR>&gt=3B &gt=3B core# =
 dumpon `awk '$3 =3D=3D swap { print $1 }'` ~<BR>&gt=3B &gt=3B<BR>&gt=3B &gt=
 =3B<BR>&gt=3B &gt=3B Fatal trap 12: page fault while in kernel mode<BR>&gt=
 =3B &gt=3B cpuid =3D 0=3B apic id =3D 00<BR>&gt=3B &gt=3B fault virtual add=
 ress =3D 0xc<BR>&gt=3B &gt=3B fault code =3D supervisor write data=2C page =
 not present<BR>&gt=3B &gt=3B instruction pointer =3D 0x20:0xffffffff801d5cd=
 6<BR>&gt=3B &gt=3B stack pointer =3D 0x28:0xffffff8074fbc370<BR>&gt=3B &gt=
 =3B frame pointer =3D 0x28:0xffffff8074fbc620<BR>&gt=3B &gt=3B code segment=
  =3D base 0x0=2C limit 0xfffff=2C type 0x1b<BR>&gt=3B &gt=3B =3D DPL 0=2C p=
 res 1=2C long 1=2C def32 0=2C gran 1<BR>&gt=3B &gt=3B processor eflags =3D =
 interrupt enabled=2C resume=2C IOPL =3D 0<BR>&gt=3B &gt=3B current process =
 =3D 1818 (sshd)<BR>&gt=3B &gt=3B trap number =3D 12<BR>&gt=3B &gt=3B panic:=
  page fault<BR>&gt=3B &gt=3B cpuid =3D 0<BR>&gt=3B &gt=3B Uptime: 2m36s<BR>=
 &gt=3B &gt=3B Cannot dump. Device not defined or unavailable.<BR>&gt=3B &gt=
 =3B Automatic reboot in 15 seconds - press a key on the console to abort<BR=
 >&gt=3B &gt=3B<BR>&gt=3B &gt=3B<BR>&gt=3B &gt=3B I'm still getting the "Can=
 not dump" error message=2C any idea what I can do<BR>&gt=3B &gt=3B next?<BR=
 >&gt=3B <BR>&gt=3B Yeah.. you need a swap device otherwise you're not going=
  to be able to<BR>&gt=3B get a coredump...<BR>&gt=3B <BR>&gt=3B &gt=3B&gt=
 =3B &gt=3B Cannot dump. Device not defined or unavailable.<BR>&gt=3B &gt=3B=
 &gt=3B &gt=3B<BR>&gt=3B &gt=3B&gt=3B &gt=3B my custom kernel is set to disa=
 ble:<BR>&gt=3B &gt=3B&gt=3B &gt=3B<BR>&gt=3B &gt=3B&gt=3B &gt=3B<BR>&gt=3B =
 &gt=3B&gt=3B &gt=3B #options KTRACE # ktrace(1) support<BR>&gt=3B &gt=3B&gt=
 =3B &gt=3B<BR>&gt=3B &gt=3B&gt=3B &gt=3B #options KDTRACE_FRAME # Ensure fr=
 ames are compiled in<BR>&gt=3B &gt=3B&gt=3B &gt=3B #options KDTRACE_HOOKS #=
  Kernel DTrace hooks<BR>&gt=3B &gt=3B&gt=3B &gt=3B<BR>&gt=3B &gt=3B&gt=3B &=
 gt=3B must recompile kernel to enable tracing?<BR>&gt=3B &gt=3B&gt=3B<BR>&g=
 t=3B &gt=3B&gt=3B No.<BR>&gt=3B &gt=3B&gt=3B<BR>&gt=3B &gt=3B&gt=3B &gt=3B =
 I'm currently using the intel pro 1000 chipset / em0 driver=2C I've been<BR=
 >&gt=3B &gt=3B&gt=3B &gt=3B experiencing all sorts of network stability pro=
 blems for a while<BR>&gt=3B &gt=3B&gt=3B &gt=3B now(ever<BR>&gt=3B &gt=3B&g=
 t=3B &gt=3B since I upgrade to stable a month ago). It looks like the em0 d=
 river for<BR>&gt=3B &gt=3B&gt=3B &gt=3B amd64 needs alot of work however a =
 couple of days ago when I recompiled<BR>&gt=3B &gt=3B&gt=3B &gt=3B my<BR>&g=
 t=3B &gt=3B&gt=3B &gt=3B box to the latest stable 8.1-prerelease I saw alot=
  of improvments and my<BR>&gt=3B &gt=3B&gt=3B &gt=3B ipfw/dummynet firewall=
  seems to be running stable with no<BR>&gt=3B &gt=3B&gt=3B &gt=3B crashes/l=
 ockups so<BR>&gt=3B &gt=3B&gt=3B &gt=3B far...<BR>&gt=3B &gt=3B&gt=3B &gt=
 =3B<BR>&gt=3B &gt=3B&gt=3B &gt=3B<BR>&gt=3B &gt=3B&gt=3B &gt=3B It is very =
 easy for me to replicate the in nat kernel problem=2C i just<BR>&gt=3B &gt=
 =3B&gt=3B &gt=3B cant<BR>&gt=3B &gt=3B&gt=3B &gt=3B get a dump to provide y=
 ou the additional info.<BR> 		 	   		  <br /><hr />Your Photo on Bing.ca: Y=
 ou Could WIN on Canada Day! <a href=3D'http://go.microsoft.com/?linkid=3D97=
 34380' target=3D'_new'>Submit a Photo Now! </a></body>
 </html>=
 
 --_6eb28895-d6d3-44cd-8867-bfa249256909_--

From: Shant Kassardjian <pookme@hotmail.com>
To: <yanefbsd@gmail.com>
Cc: <bug-followup@freebsd.org>
Subject: RE: amd64/148157: IPFW in kernel nat BUG found in FreeBSD
 	8.1-PRERELEASE
Date: Thu, 1 Jul 2010 05:00:02 +0000

 --_71145bc2-6c1a-4340-8c7b-20122d8b8d35_
 Content-Type: text/plain; charset="iso-8859-1"
 Content-Transfer-Encoding: quoted-printable
 
 
 Hi Garette=2C
 
 
 I've tried everything=2C even added a swap file and used the command you pr=
 ovided and still no dump file...
 
 
 
 I hope you can replicate this problem on your own with an intel em0 driver =
 loaded=2C I can provide you all the information you need in case your requi=
 re.
 
 
 let me know if you need anything else.
 
 
 Thanks=2C
 Regards=2C
 Shant K
 
 > Date: Sun=2C 27 Jun 2010 11:27:42 -0700
 > Subject: Re: amd64/148157: IPFW in kernel nat BUG found in FreeBSD 	8.1-P=
 RERELEASE
 > From: yanefbsd@gmail.com
 > To: pookme@hotmail.com
 > CC: bug-followup@freebsd.org
 >=20
 > On Sun=2C Jun 27=2C 2010 at 11:25 AM=2C Shant Kassardjian <pookme@hotmail=
 .com> wrote:
 > >
 > >
 > >> Date: Sun=2C 27 Jun 2010 00:04:16 -0700
 > >> Subject: Re: amd64/148157: IPFW in kernel nat BUG found in FreeBSD
 > >> 8.1-PRERELEASE
 > >> From: yanefbsd@gmail.com
 > >> To: pookme@hotmail.com
 > >> CC: freebsd-gnats-submit@freebsd.org
 > >>
 > >> Hi Shant=2C
 > >> Please bottom post from here on out.
 > >>
 > >> On Sat=2C Jun 26=2C 2010 at 11:47 PM=2C Shant Kassardjian <pookme@hotm=
 ail.com>
 > >> wrote:
 > >> > Hi Garrett=2C
 > >> >
 > >> >
 > >> > I just tried to perform a kernel dump with dumpdev=3D"YES" and had n=
 o
 > >> > luck=2C I
 > >> > keep getting:
 > >>
 > >> dumpdev=3D"<blah>" always appears to fail to me as well (contrary to
 > >> what others have claimed). Try doing the following after booting up:
 > >>
 > >> dumpon `awk '$3 =3D=3D swap { print $1 }'`
 > >>
 > >> Then you'll be able to reproduce the problem and grab the resulting
 > >> kernel core dump.
 > >
 > >
 > > Hi Garrett=2C
 > >
 > >
 > > I still can't get it to dump. Perhaps it's because my system does not h=
 ave
 > > any swap space allocated?
 > >
 > >
 > > Here's what I added in my /etc/rc.conf to simulate an swap device:
 > >
 > >
 > > dumpdev=3D"YES"
 > > dumpdir=3D"/home/crash/"
 > > swapfile=3D"/home/crash/swap0"
 > >
 > > Then I ran:
 > >
 > > core# sh /tmp/ipfw_test ~
 > > 00001 nat 100 ip from any to any via em0
 > > ipfw nat 100 config ip 192.168.1.104 redirect_port tcp 172.25.1.1:22 22
 > > core# dumpon `awk '$3 =3D=3D swap { print $1 }'` ~
 > >
 > >
 > > Fatal trap 12: page fault while in kernel mode
 > > cpuid =3D 0=3B apic id =3D 00
 > > fault virtual address =3D 0xc
 > > fault code =3D supervisor write data=2C page not present
 > > instruction pointer =3D 0x20:0xffffffff801d5cd6
 > > stack pointer =3D 0x28:0xffffff8074fbc370
 > > frame pointer =3D 0x28:0xffffff8074fbc620
 > > code segment =3D base 0x0=2C limit 0xfffff=2C type 0x1b
 > > =3D DPL 0=2C pres 1=2C long 1=2C def32 0=2C gran 1
 > > processor eflags =3D interrupt enabled=2C resume=2C IOPL =3D 0
 > > current process =3D 1818 (sshd)
 > > trap number =3D 12
 > > panic: page fault
 > > cpuid =3D 0
 > > Uptime: 2m36s
 > > Cannot dump. Device not defined or unavailable.
 > > Automatic reboot in 15 seconds - press a key on the console to abort
 > >
 > >
 > > I'm still getting the "Cannot dump" error message=2C any idea what I ca=
 n do
 > > next?
 >=20
 > Yeah.. you need a swap device otherwise you're not going to be able to
 > get a coredump...
 >=20
 > >> > Cannot dump. Device not defined or unavailable.
 > >> >
 > >> > my custom kernel is set to disable:
 > >> >
 > >> >
 > >> > #options KTRACE # ktrace(1) support
 > >> >
 > >> > #options KDTRACE_FRAME # Ensure frames are compiled in
 > >> > #options KDTRACE_HOOKS # Kernel DTrace hooks
 > >> >
 > >> > must recompile kernel to enable tracing?
 > >>
 > >> No.
 > >>
 > >> > I'm currently using the intel pro 1000 chipset / em0 driver=2C I've =
 been
 > >> > experiencing all sorts of network stability problems for a while
 > >> > now(ever
 > >> > since I upgrade to stable a month ago). It looks like the em0 driver=
  for
 > >> > amd64 needs alot of work however a couple of days ago when I recompi=
 led
 > >> > my
 > >> > box to the latest stable 8.1-prerelease I saw alot of improvments an=
 d my
 > >> > ipfw/dummynet firewall seems to be running stable with no
 > >> > crashes/lockups so
 > >> > far...
 > >> >
 > >> >
 > >> > It is very easy for me to replicate the in nat kernel problem=2C i j=
 ust
 > >> > cant
 > >> > get a dump to provide you the additional info.
  		 	   		 =20
 _________________________________________________________________
 Game on: Challenge friends to great games on Messenger
 http://go.microsoft.com/?linkid=3D9734387=
 
 --_71145bc2-6c1a-4340-8c7b-20122d8b8d35_
 Content-Type: text/html; charset="iso-8859-1"
 Content-Transfer-Encoding: quoted-printable
 
 <html>
 <head>
 <style><!--
 .hmmessage P
 {
 margin:0px=3B
 padding:0px
 }
 body.hmmessage
 {
 font-size: 10pt=3B
 font-family:Verdana
 }
 --></style>
 </head>
 <body class=3D'hmmessage'>
 Hi Garette=2C<BR><BR><BR>I've tried everything=2C even added a swap file an=
 d used the command you provided and still no dump file...<BR><BR><BR><BR>I =
 hope you can replicate this problem on your own with an intel em0 driver lo=
 aded=2C I can provide you all the information you need in case your require=
 .<BR><BR><BR>let me know if you need anything else.<BR><BR><BR>Thanks=2C<BR=
 >Regards=2C<BR>Shant K<BR><BR>&gt=3B Date: Sun=2C 27 Jun 2010 11:27:42 -070=
 0<BR>&gt=3B Subject: Re: amd64/148157: IPFW in kernel nat BUG found in Free=
 BSD 	8.1-PRERELEASE<BR>&gt=3B From: yanefbsd@gmail.com<BR>&gt=3B To: pookme=
 @hotmail.com<BR>&gt=3B CC: bug-followup@freebsd.org<BR>&gt=3B <BR>&gt=3B On=
  Sun=2C Jun 27=2C 2010 at 11:25 AM=2C Shant Kassardjian &lt=3Bpookme@hotmai=
 l.com&gt=3B wrote:<BR>&gt=3B &gt=3B<BR>&gt=3B &gt=3B<BR>&gt=3B &gt=3B&gt=3B=
  Date: Sun=2C 27 Jun 2010 00:04:16 -0700<BR>&gt=3B &gt=3B&gt=3B Subject: Re=
 : amd64/148157: IPFW in kernel nat BUG found in FreeBSD<BR>&gt=3B &gt=3B&gt=
 =3B 8.1-PRERELEASE<BR>&gt=3B &gt=3B&gt=3B From: yanefbsd@gmail.com<BR>&gt=
 =3B &gt=3B&gt=3B To: pookme@hotmail.com<BR>&gt=3B &gt=3B&gt=3B CC: freebsd-=
 gnats-submit@freebsd.org<BR>&gt=3B &gt=3B&gt=3B<BR>&gt=3B &gt=3B&gt=3B Hi S=
 hant=2C<BR>&gt=3B &gt=3B&gt=3B Please bottom post from here on out.<BR>&gt=
 =3B &gt=3B&gt=3B<BR>&gt=3B &gt=3B&gt=3B On Sat=2C Jun 26=2C 2010 at 11:47 P=
 M=2C Shant Kassardjian &lt=3Bpookme@hotmail.com&gt=3B<BR>&gt=3B &gt=3B&gt=
 =3B wrote:<BR>&gt=3B &gt=3B&gt=3B &gt=3B Hi Garrett=2C<BR>&gt=3B &gt=3B&gt=
 =3B &gt=3B<BR>&gt=3B &gt=3B&gt=3B &gt=3B<BR>&gt=3B &gt=3B&gt=3B &gt=3B I ju=
 st tried to perform a kernel dump with dumpdev=3D"YES" and had no<BR>&gt=3B=
  &gt=3B&gt=3B &gt=3B luck=2C I<BR>&gt=3B &gt=3B&gt=3B &gt=3B keep getting:<=
 BR>&gt=3B &gt=3B&gt=3B<BR>&gt=3B &gt=3B&gt=3B dumpdev=3D"&lt=3Bblah&gt=3B" =
 always appears to fail to me as well (contrary to<BR>&gt=3B &gt=3B&gt=3B wh=
 at others have claimed). Try doing the following after booting up:<BR>&gt=
 =3B &gt=3B&gt=3B<BR>&gt=3B &gt=3B&gt=3B dumpon `awk '$3 =3D=3D swap { print=
  $1 }'`<BR>&gt=3B &gt=3B&gt=3B<BR>&gt=3B &gt=3B&gt=3B Then you'll be able t=
 o reproduce the problem and grab the resulting<BR>&gt=3B &gt=3B&gt=3B kerne=
 l core dump.<BR>&gt=3B &gt=3B<BR>&gt=3B &gt=3B<BR>&gt=3B &gt=3B Hi Garrett=
 =2C<BR>&gt=3B &gt=3B<BR>&gt=3B &gt=3B<BR>&gt=3B &gt=3B I still can't get it=
  to dump. Perhaps it's because my system does not have<BR>&gt=3B &gt=3B any=
  swap space allocated?<BR>&gt=3B &gt=3B<BR>&gt=3B &gt=3B<BR>&gt=3B &gt=3B H=
 ere's what I added in my /etc/rc.conf to simulate an swap device:<BR>&gt=3B=
  &gt=3B<BR>&gt=3B &gt=3B<BR>&gt=3B &gt=3B dumpdev=3D"YES"<BR>&gt=3B &gt=3B =
 dumpdir=3D"/home/crash/"<BR>&gt=3B &gt=3B swapfile=3D"/home/crash/swap0"<BR=
 >&gt=3B &gt=3B<BR>&gt=3B &gt=3B Then I ran:<BR>&gt=3B &gt=3B<BR>&gt=3B &gt=
 =3B core# sh /tmp/ipfw_test ~<BR>&gt=3B &gt=3B 00001 nat 100 ip from any to=
  any via em0<BR>&gt=3B &gt=3B ipfw nat 100 config ip 192.168.1.104 redirect=
 _port tcp 172.25.1.1:22 22<BR>&gt=3B &gt=3B core# dumpon `awk '$3 =3D=3D sw=
 ap { print $1 }'` ~<BR>&gt=3B &gt=3B<BR>&gt=3B &gt=3B<BR>&gt=3B &gt=3B Fata=
 l trap 12: page fault while in kernel mode<BR>&gt=3B &gt=3B cpuid =3D 0=3B =
 apic id =3D 00<BR>&gt=3B &gt=3B fault virtual address =3D 0xc<BR>&gt=3B &gt=
 =3B fault code =3D supervisor write data=2C page not present<BR>&gt=3B &gt=
 =3B instruction pointer =3D 0x20:0xffffffff801d5cd6<BR>&gt=3B &gt=3B stack =
 pointer =3D 0x28:0xffffff8074fbc370<BR>&gt=3B &gt=3B frame pointer =3D 0x28=
 :0xffffff8074fbc620<BR>&gt=3B &gt=3B code segment =3D base 0x0=2C limit 0xf=
 ffff=2C type 0x1b<BR>&gt=3B &gt=3B =3D DPL 0=2C pres 1=2C long 1=2C def32 0=
 =2C gran 1<BR>&gt=3B &gt=3B processor eflags =3D interrupt enabled=2C resum=
 e=2C IOPL =3D 0<BR>&gt=3B &gt=3B current process =3D 1818 (sshd)<BR>&gt=3B =
 &gt=3B trap number =3D 12<BR>&gt=3B &gt=3B panic: page fault<BR>&gt=3B &gt=
 =3B cpuid =3D 0<BR>&gt=3B &gt=3B Uptime: 2m36s<BR>&gt=3B &gt=3B Cannot dump=
 . Device not defined or unavailable.<BR>&gt=3B &gt=3B Automatic reboot in 1=
 5 seconds - press a key on the console to abort<BR>&gt=3B &gt=3B<BR>&gt=3B =
 &gt=3B<BR>&gt=3B &gt=3B I'm still getting the "Cannot dump" error message=
 =2C any idea what I can do<BR>&gt=3B &gt=3B next?<BR>&gt=3B <BR>&gt=3B Yeah=
 .. you need a swap device otherwise you're not going to be able to<BR>&gt=
 =3B get a coredump...<BR>&gt=3B <BR>&gt=3B &gt=3B&gt=3B &gt=3B Cannot dump.=
  Device not defined or unavailable.<BR>&gt=3B &gt=3B&gt=3B &gt=3B<BR>&gt=3B=
  &gt=3B&gt=3B &gt=3B my custom kernel is set to disable:<BR>&gt=3B &gt=3B&g=
 t=3B &gt=3B<BR>&gt=3B &gt=3B&gt=3B &gt=3B<BR>&gt=3B &gt=3B&gt=3B &gt=3B #op=
 tions KTRACE # ktrace(1) support<BR>&gt=3B &gt=3B&gt=3B &gt=3B<BR>&gt=3B &g=
 t=3B&gt=3B &gt=3B #options KDTRACE_FRAME # Ensure frames are compiled in<BR=
 >&gt=3B &gt=3B&gt=3B &gt=3B #options KDTRACE_HOOKS # Kernel DTrace hooks<BR=
 >&gt=3B &gt=3B&gt=3B &gt=3B<BR>&gt=3B &gt=3B&gt=3B &gt=3B must recompile ke=
 rnel to enable tracing?<BR>&gt=3B &gt=3B&gt=3B<BR>&gt=3B &gt=3B&gt=3B No.<B=
 R>&gt=3B &gt=3B&gt=3B<BR>&gt=3B &gt=3B&gt=3B &gt=3B I'm currently using the=
  intel pro 1000 chipset / em0 driver=2C I've been<BR>&gt=3B &gt=3B&gt=3B &g=
 t=3B experiencing all sorts of network stability problems for a while<BR>&g=
 t=3B &gt=3B&gt=3B &gt=3B now(ever<BR>&gt=3B &gt=3B&gt=3B &gt=3B since I upg=
 rade to stable a month ago). It looks like the em0 driver for<BR>&gt=3B &gt=
 =3B&gt=3B &gt=3B amd64 needs alot of work however a couple of days ago when=
  I recompiled<BR>&gt=3B &gt=3B&gt=3B &gt=3B my<BR>&gt=3B &gt=3B&gt=3B &gt=
 =3B box to the latest stable 8.1-prerelease I saw alot of improvments and m=
 y<BR>&gt=3B &gt=3B&gt=3B &gt=3B ipfw/dummynet firewall seems to be running =
 stable with no<BR>&gt=3B &gt=3B&gt=3B &gt=3B crashes/lockups so<BR>&gt=3B &=
 gt=3B&gt=3B &gt=3B far...<BR>&gt=3B &gt=3B&gt=3B &gt=3B<BR>&gt=3B &gt=3B&gt=
 =3B &gt=3B<BR>&gt=3B &gt=3B&gt=3B &gt=3B It is very easy for me to replicat=
 e the in nat kernel problem=2C i just<BR>&gt=3B &gt=3B&gt=3B &gt=3B cant<BR=
 >&gt=3B &gt=3B&gt=3B &gt=3B get a dump to provide you the additional info.<=
 BR> 		 	   		  <br /><hr />Look 'em in the eye: FREE Messenger video chat <=
 a href=3D'http://go.microsoft.com/?linkid=3D9734382' target=3D'_new'>Chat N=
 ow!</a></body>
 </html>=
 
 --_71145bc2-6c1a-4340-8c7b-20122d8b8d35_--

From: Garrett Cooper <yanefbsd@gmail.com>
To: Shant Kassardjian <pookme@hotmail.com>
Cc: bug-followup@freebsd.org
Subject: Re: amd64/148157: IPFW in kernel nat BUG found in FreeBSD 
	8.1-PRERELEASE
Date: Thu, 1 Jul 2010 10:58:11 -0700

 On Wed, Jun 30, 2010 at 10:00 PM, Shant Kassardjian <pookme@hotmail.com> wrote:
 > Hi Garette,
 >
 >
 > I've tried everything, even added a swap file and used the command you
 > provided and still no dump file...
 >
 >
 >
 > I hope you can replicate this problem on your own with an intel em0 driver
 > loaded, I can provide you all the information you need in case your require.
 >
 >
 > let me know if you need anything else.
 
     The weekend's coming, and this is a potential pressing issue
 coming up for business use, so I'll replicate my install on another
 machine and try and replicate it on my own with the bce(4) driver.
 Thanks for the try :),
 -Garrett

From: "Vladislav Yershov" <VYershov@umc.com.ua>
To: <bug-followup@FreeBSD.org>,
	<pookme@hotmail.com>
Cc:  
Subject: Re: kern/148157: [ipfw] IPFW in kernel nat BUG found in FreeBSD 8.1-PRERELEASE
Date: Thu, 14 Oct 2010 12:08:26 +0300

 This is a multi-part message in MIME format.
 
 ------=_NextPart_000_012F_01CB6B98.81E216F0
 Content-Transfer-Encoding: quoted-printable
 Content-Type: text/plain;
 	charset="koi8-r"
 
 I have crashes when use next rule:
 ipfw add nat 100 ip from any to any via em0
 
 I detect  crash happen when any software of my box try to create tcp =
 outgoing connection.
 
 To solve this problem I use next rules:
 
 ipfw add nat 100 ip from {$internal_subnet} to any out via em0
 
 ipfw add nat 100 ip from any to me in via em0
 
 ------=_NextPart_000_012F_01CB6B98.81E216F0
 Content-Transfer-Encoding: quoted-printable
 Content-Type: text/html;
 	charset="koi8-r"
 
 <!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN">
 <HTML><HEAD>
 <META http-equiv=3DContent-Type content=3D"text/html; charset=3Dkoi8-r">
 <META content=3D"MSHTML 6.00.2900.2853" name=3DGENERATOR>
 <STYLE></STYLE>
 </HEAD>
 <BODY bgColor=3D#ffffff>
 <DIV><FONT face=3DArial size=3D2>I&nbsp;have crashes when use next=20
 rule:</FONT></DIV>
 <DIV><FONT face=3DArial size=3D2><FONT face=3D"Times New Roman" =
 size=3D3>ipfw=20
 add&nbsp;nat 100 ip from any to any via em0<BR></FONT></FONT></DIV>
 <DIV><FONT face=3DArial size=3D2><FONT face=3D"Times New Roman" =
 size=3D3><FONT=20
 face=3DArial size=3D2>I detect&nbsp; crash happen when any software of =
 my box try to=20
 create tcp&nbsp;outgoing connection.</FONT></FONT></FONT></DIV>
 <DIV><FONT face=3DArial size=3D2></FONT>&nbsp;</DIV>
 <DIV><FONT face=3DArial size=3D2><FONT face=3D"Times New Roman" =
 size=3D3><FONT=20
 face=3DArial size=3D2>To solve this problem I use next=20
 rules:</FONT></FONT></FONT></DIV>
 <DIV><FONT face=3DArial size=3D2></FONT>&nbsp;</DIV>
 <DIV><FONT face=3DArial size=3D2><FONT face=3D"Times New Roman" =
 size=3D3><FONT=20
 face=3DArial size=3D2>
 <DIV><FONT face=3DArial size=3D2><FONT face=3D"Times New Roman" =
 size=3D3>ipfw=20
 add&nbsp;nat 100 ip from&nbsp;{$internal_subnet} to any out via em0<BR>
 <DIV><FONT face=3DArial size=3D2><FONT face=3D"Times New Roman" =
 size=3D3>ipfw=20
 add&nbsp;nat 100 ip from any to&nbsp;me in&nbsp;via=20
 em0<BR></FONT></FONT></DIV></FONT></FONT></DIV></FONT></DIV></FONT></FONT=
 ></BODY></HTML>
 
 ------=_NextPart_000_012F_01CB6B98.81E216F0--
 
State-Changed-From-To: open->feedback 
State-Changed-By: ae 
State-Changed-When: Wed Jun 1 05:37:24 UTC 2011 
State-Changed-Why:  
Feedback requested. 

http://www.freebsd.org/cgi/query-pr.cgi?pr=148157 

From: "Andrey V. Elsukov" <ae@FreeBSD.org>
To: bug-followup@FreeBSD.org, pookme@hotmail.com, 
 "Vladislav Yershov" <VYershov@umc.com.ua>
Cc:  
Subject: Re: kern/148157: [ipfw] IPFW in kernel nat BUG found in FreeBSD 8.1-PRERELEASE
Date: Wed, 01 Jun 2011 09:36:42 +0400

 Hi,
 
 do you still able reproduce this panic?
 As i remember there were some issues with em(4) driver and they were fixed.
 
 -- 
 WBR, Andrey V. Elsukov
State-Changed-From-To: feedback->closed 
State-Changed-By: ae 
State-Changed-When: Wed Jun 22 04:56:53 UTC 2011 
State-Changed-Why:  
Feedback timeout. 

http://www.freebsd.org/cgi/query-pr.cgi?pr=148157 
>Unformatted:
