The PhoneBoy Blog


Simplifying Telecom, Mobile Phones, Gadgets, and More!

FireWall-1 FAQ: kbuf_free: invalid magic number

Please note: This content was from when I was operating my FireWall-1 FAQ site, which I stopped operating in August 2005. For some reason people still have links to this stuff on the Internet that people are still clicking on.


I am making this information available again AS IS. Given how old this information is, it is likely wildly inaccurate. I have no plans to update this information.


If you're still running versions of Check Point VPN-1/FireWall-1 where this information is still relevant to you, do yourself a favor and upgrade to a more recent release. If you happen to be running a current release and the information is useful, it's by happenstance :)


Q:

I've had a couple of unscheduled reboots on my firewall, and on looking in the /var/adm/messages file I see messages along the lines:

    Sep 15 18:37:31 pandora unix: kbuf_free: invalid magic number (0) in buffer f5ec5268 (44) 
    Sep 15 18:37:36 pandora unix: kbuf_free: invalid magic number (0) in buffer f5ec5148 (44)

I'm running 5.6 Generic_105181-03 sun4m sparc SUNW,SPARCstation-10 and Check Point FireWall-1 Version 3.0b [VPN] (Build Number: 3064)

A:

Upgrading to build 3072 or later will solve this problem. If you can not or do not wish to do that, you can make the following modifications to $FWDIR/lib/base.def:

Replace line 159, which is:

    record <conn;key,type @ UDP_TIMEOUT> in connections)

with the following one:

    record <conn;DUP_KEY(key),type @ UDP_TIMEOUT> in connections)

At line 156, add the following lines:

    #ifndef NO_ENCRYPTION_FEATURES 
    #define DUP_KEY(key) (call KFUNC_KBUF_DUP <key>) 
    #else 
    #define DUP_KEY(key) (0) 
    #endif

C-List #Cybersecurity Celebrity, Podcaster, #noagenda Producer, Frequenter of shiny metal tubes, Expressor of personal opinions, and of course, a coffee achiever.