31
19.1 Legacy Series / Re: Internet outage, all hell breaks loose
« on: March 01, 2019, 07:24:23 am »
No panics since turning off netflow and the IDS.
Any devs have interest in this or no?
Any devs have interest in this or no?
This section allows you to view all posts made by this member. Note that you can only see posts made in areas you currently have access to.
Fatal trap 12: page fault while in kernel mode
cpuid = 0; apic id = 00
fault virtual address = 0x0
fault code = supervisor write data, page not present
instruction pointer = 0x20:0xffffffff8248a028
stack pointer = 0x28:0xfffffe00efb90f10
frame pointer = 0x28:0xfffffe00efb91390
code segment = base 0x0, limit 0xfffff, type 0x1b
= DPL 0, pres 1, long 1, def32 0, gran 1
processor eflags = interrupt enabled, resume, IOPL = 0
current process = 0 (bge0 taskq) <<--
Fatal trap 9: general protection fault while in kernel mode
cpuid = 0; apic id = 00
instruction pointer = 0x20:0xffffffff80f51d8c
stack pointer = 0x0:0xfffffe011a4758d0
frame pointer = 0x0:0xfffffe011a4758d0
code segment = base 0x0, limit 0xfffff, type 0x1b
= DPL 0, pres 1, long 1, def32 0, gran 1
processor eflags = interrupt enabled, resume, IOPL = 0
current process = 80737 (python2.7)
version.txt0600006713430061227 7534 ustarrootwheelFreeBSD 11.2-RELEASE-p8-HBSD 31af16db12b(stable/19.1)
pid 64855 (python2.7), uid 0: exited on signal 10 (core dumped)
pid 78374 (python2.7), uid 0: exited on signal 10 (core dumped)
[HBSD SEGVGUARD] [python2.7 (78374)] Suspension expired.
-> pid: 78374 ppid: 78269 p_pax: 0xa50<SEGVGUARD,ASLR,NOSHLIBRANDOM,NODISALLOWMAP32BIT>
[HBSD SEGVGUARD] [/usr/local/bin/python2.7 (35385)] Suspension expired.
-> pid: 35385 ppid: 34118 p_pax: 0xa50<SEGVGUARD,ASLR,NOSHLIBRANDOM,NODISALLOWMAP32BIT>
pid 43398 (sleep), uid 0: exited on signal 10
[HBSD SEGVGUARD] [/bin/sleep (81756)] Suspension expired.
-> pid: 81756 ppid: 81407 p_pax: 0xa50<SEGVGUARD,ASLR,NOSHLIBRANDOM,NODISALLOWMAP32BIT>
[HBSD SEGVGUARD] [/usr/local/bin/php (46831)] Suspension expired.
-> pid: 46831 ppid: 38217 p_pax: 0xa50<SEGVGUARD,ASLR,NOSHLIBRANDOM,NODISALLOWMAP32BIT>
pid 8347 (python2.7), uid 0: exited on signal 10 (core dumped)
ovpns1: link state changed to DOWN
pid 8749 (python2.7), uid 0: exited on signal 11 (core dumped)
[HBSD SEGVGUARD] [python2.7 (8749)] Suspension expired.
-> pid: 8749 ppid: 38443 p_pax: 0xa50<SEGVGUARD,ASLR,NOSHLIBRANDOM,NODISALLOWMAP32BIT>
ovpns1: link state changed to UP
[HBSD SEGVGUARD] [/usr/local/bin/python2.7 (48064)] Suspension expired.
-> pid: 48064 ppid: 47524 p_pax: 0xa50<SEGVGUARD,ASLR,NOSHLIBRANDOM,NODISALLOWMAP32BIT>
pid 23052 (awk), uid 0: exited on signal 10 (core dumped)
[HBSD SEGVGUARD] [/usr/bin/awk (74876)] Suspension expired.
Yes, but to be fair we rewrote the shaper to resemble what the limiter used to be. Traffic shaping happens in another packet filter (ipfw) and there is no link between the main firewall (pf) anymore, because these were custom kernel additions. I can't say for sure you'll find what you expect if you reference the pfSense shaper, not the limiter.
Some pages do a save/apply split, namely firewall rules, interfaces, VPNs and other services. It's not perfect but it's something. The bigger question is if this was to be improved how would that look in practice? And I don't mean how Ubiquiti/Cisco works now, but how we can add something in a limited time frame that works on the code that we have and offers a noticeable improvement?