FireWall-1 FAQ: kbuf_free: invalid magic number
Please note: This content was from when I was operating my FireWall-1 FAQ site, which I stopped operating in August 2005. For some reason people still have links to this stuff on the Internet that people are still clicking on.
I am making this information available again AS IS. Given how old this information is, it is likely wildly inaccurate. I have no plans to update this information.
If you're still running versions of Check Point VPN-1/FireWall-1 where this information is still relevant to you, do yourself a favor and upgrade to a more recent release. If you happen to be running a current release and the information is useful, it's by happenstance :)
Q:
I’ve had a couple of unscheduled reboots on my firewall, and on looking in the /var/adm/messages file I see messages along the lines:
Sep 15 18:37:31 pandora unix: kbuf_free: invalid magic number (0) in buffer f5ec5268 (44)
Sep 15 18:37:36 pandora unix: kbuf_free: invalid magic number (0) in buffer f5ec5148 (44)
I’m running 5.6 Generic_105181-03 sun4m sparc SUNW,SPARCstation-10 and Check Point FireWall-1 Version 3.0b [VPN] (Build Number: 3064)
A:
Upgrading to build 3072 or later will solve this problem. If you can not or do not wish to do that, you can make the following modifications to $FWDIR/lib/base.def:
Replace line 159, which is:
record <conn;key,type @ UDP_TIMEOUT> in connections)
with the following one:
record <conn;DUP_KEY(key),type @ UDP_TIMEOUT> in connections)
At line 156, add the following lines:
#ifndef NO_ENCRYPTION_FEATURES
#define DUP_KEY(key) (call KFUNC_KBUF_DUP <key>)
#else
#define DUP_KEY(key) (0)
#endif
