I have finally figured out some of the problem. By default RH6.2 will load the 3c59x module for my three 3c905C-TX-M network cards. RH 6.2 does not panic when UDP scanned when using this kernel module. By default RH7.0 will load the 3c90x module for the same 3c905C-TX-M network cards. It does panic when UDP scanned. If I specify "alias eth0 3c59x" in modules.conf, the other module loads and the system no longer crashes. Additionally, I have recompiled a much smaller custom kernel and built the 3c59x drivers directly into the kernel - again, stable. What remains a mystery, to me at least, is what is causing UDP scans to give rise to a kernel panic. Regardless of which driver module I am using, the kernel panics only when firewall-1 is running. Thanks to all for your thoughts & testing. -Yanek. > -----Original Message----- > From: Andy Magoon [mailto:Andy.Magoonat_private] > Sent: Monday, November 19, 2001 10:45 AM > To: 'yanekat_private' > Subject: RE: kernel panic [linux 2.2.19-7] on UDP scan CP4.1-SP5 > > > Yanek, > > I am running ckpt-fw1-v41-sp5 without a problem on a similar > configuration. UDP port scans with nmap do not affect my server, > and it behaves much better than the two before it (NT and W2K) > which always rebooted or stopped passing packets. > > Hardware: Dell PowerEdge 2200 with 64MB of RAM, 3Com > EtherLink III 3c905-TX (x2) and 3Com 3c509B (x1) > > Operating System: Red Hat Linux 6.1, kernel 2.2.12-20 > > I have had much better luck with Firewall-1 on Linux than on > Windows, and will probably never again consider using a Windows > box as a firewalled gateway. > > Have you considered the warnings in the README that say not to run > Firewall-1 on a 2.4 kernel? > > Andy > > > > --------------------- > Original Message: > > ------------------------------ > > Date: Tue, 13 Nov 2001 14:45:02 -0500 > From: Yanek Korff <yanekat_private> > Subject: kernel panic [linux 2.2.19-7] on UDP scan CP4.1-SP5 > > I'm testing out CP4.1 SP5 on Linux RH7.0. I seem to have > gotten everything > configured the way I want it and am starting to run some > scans to see what I > can see. Well, what I see is: nmap -sU -P0 ip_addr causes > the machine to > instantly crash with a kernel panic, or in some cases, > reboot. I'm not > great at troubleshooting kernel/module troubles so any help > would be greatly > appreciated. IF you happen to have a Linux CP FW-1 box you > could run nmap > against, I'd love to know your results (incl OS/kernel info). > Might want to > do this off-hours, though. > > Without CP-FW1 running (/etc/rc.d/init.d/firewall1 stop), I > cannot cause a > kernel panic with a UDP scan. Has anyone else noticed this behavior? > > Hardware: > Dell Dimension XPSB800r > 128MB RAM > 3Com EtherLink III 3c905-TX (three of them) > > Have been able to reproduce this problem with kernels: > 2.2.19-7 (CUSTOM) > 2.2.16-20 (GENERIC RH 7.0) > > Tail end of the error message (after register & stack dump): > Code: 8b 41 08 3d 2b 2f c3 a5 0f 85 c6 00 00 00 8b 41 0c 85 c0 74 > Aiee, killing interrupt handler > Kernel panic: Attempted to kill the idle task! > In swapper task - not syncing > > -Yanek. >
This archive was generated by hypermail 2b30 : Mon Nov 19 2001 - 11:41:03 PST