Date: Thu, 02 Feb 2017 07:52:03 +0000 From: bugzilla-noreply@freebsd.org To: freebsd-bugs@FreeBSD.org Subject: [Bug 216719] panic: ipfw_check_frame: unknown retval - while trying to ipfw nat incoming packet without translation state (can be L2 firewall related) Message-ID: <bug-216719-8@https.bugs.freebsd.org/bugzilla/>
next in thread | raw e-mail | index | archive | help
https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=3D216719 Bug ID: 216719 Summary: panic: ipfw_check_frame: unknown retval - while trying to ipfw nat incoming packet without translation state (can be L2 firewall related) Product: Base System Version: CURRENT Hardware: Any OS: Any Status: New Severity: Affects Only Me Priority: --- Component: kern Assignee: freebsd-bugs@FreeBSD.org Reporter: bsd@kobyla.org Panic on processing ingress ipfw nat for any spurious packet (without match= ing NAT state) ipfw tunables: net.link.bridge.ipfw_arp: 0 net.link.bridge.ipfw: 0 net.link.ether.ipfw: 1 -- can be the problem source (not tested yet) net.inet.ip.fw.one_pass: 0 own prefix: # ifconfig lo194 lo194: flags=3D8049<UP,LOOPBACK,RUNNING,MULTICAST> metric 0 mtu 16384 options=3D600003<RXCSUM,TXCSUM,RXCSUM_IPV6,TXCSUM_IPV6> inet 194.246.74.1 netmask 0xffffffff=20 inet 194.246.74.77 netmask 0xffffffff=20 inet 194.246.74.201 netmask 0xffffffff=20 nd6 options=3D29<PERFORMNUD,IFDISABLED,AUTO_LINKLOCAL> groups: lo=20 uplink-1: rl0.3498: flags=3D8843<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST> metric 0 mt= u 1500 uplink-2: rl0.2386: flags=3D8843<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST> metric 0 mt= u 1500 uplink-3: mpd5 pppoe (not used in testing) ng0: flags=3D88d1<UP,POINTOPOINT,RUNNING,NOARP,SIMPLEX,MULTICAST> metric 0 = mtu 1478 # ipfw show 06101 0 0 nat 101 log ip from table(5) to any out xmit rl0.* 06109 931 48145 deny log ip from any to 194.246.74.201 in 09900 206 12360 deny log ip from 10.0.0.0/8,192.168.0.0/16,172.16.0.0/19 to any xmit rl0.* 09910 843 172719 deny log ip from 10.0.0.0/8,192.168.0.0/16,172.16.0.0/19 to any xmit ng0 09920 0 0 deny log ip from any to 194.246.74.0/24 xmit ng0 11784 16 708 deny tcp from any to any dst-port 3306,3128,135,139,445 recv ng0 16675 3107 150704 deny log ip from any to any dst-port 111,135,139,445,958,3306,4443,3306,3128 recv rl0* 65530 10032698 2985048430 allow ip from any to any 65535 907 52740 allow ip from any to any No panic until 6108 rule added (ingress nat): # ipfw add 6108 nat 101 log logamount 0 all from any to 194.246.74.201 in r= ecv rl0.* Panic after receiving any incoming packet to the nat address: 80.252.249.247> ping 194.246.74.201 <110>ipfw: 6109 Nat ICMP:8.0 80.252.249.247 194.246.74.201 in via rl0.3498 cel.home dumped core - see /var/crash/vmcore.343 Wed Feb 1 21:01:56 EET 2017 FreeBSD cel.home 12.0-CURRENT FreeBSD 12.0-CURRENT #29 r312942: Sun Jan 29 22:29:43 EET 2017 root@cel.home:/usr/obj/usr/src/sys/PDC10 amd64 panic: ipfw_check_frame: unknown retval GNU gdb 6.1.1 [FreeBSD] Copyright 2004 Free Software Foundation, Inc. GDB is free software, covered by the GNU General Public License, and you a= re welcome to change it and/or distribute copies of it under certain conditio= ns. Type "show copying" to see the conditions. There is absolutely no warranty for GDB. Type "show warranty" for details. This GDB was configured as "amd64-marcel-freebsd"... Unread portion of the kernel message buffer: <110>ipfw: 6109 Nat ICMP:8.0 80.252.249.247 194.246.74.201 in via rl0.3498 panic: ipfw_check_frame: unknown retval cpuid =3D 1 KDB: stack backtrace: db_trace_self_wrapper() at 0xffffffff8032264b =3D db_trace_self_wrapper+0x2b/frame 0xfffffe00003f9530 vpanic() at 0xffffffff80547196 =3D vpanic+0x186/frame 0xfffffe00003f95b0 kassert_panic() at 0xffffffff80547006 =3D kassert_panic+0x126/frame 0xfffffe00003f9620 ipfw_check_frame() at 0xffffffff80782446 =3D ipfw_check_frame+0x286/frame 0xfffffe00003f9770 pfil_run_hooks() at 0xffffffff8064c7ac =3D pfil_run_hooks+0x9c/frame 0xfffffe00003f9800 ether_demux() at 0xffffffff806367c8 =3D ether_demux+0x48/frame 0xfffffe00003f9830 ether_nh_input() at 0xffffffff806376d9 =3D ether_nh_input+0x319/frame 0xfffffe00003f9870 netisr_dispatch_src() at 0xffffffff8064b6a0 =3D netisr_dispatch_src+0x80/f= rame 0xfffffe00003f98d0 ether_input() at 0xffffffff80636c32 =3D ether_input+0x62/frame 0xfffffe00003f9900 vlan_input() at 0xffffffff8063da1c =3D vlan_input+0x1dc/frame 0xfffffe0000= 3f9980 ether_demux() at 0xffffffff80636828 =3D ether_demux+0xa8/frame 0xfffffe00003f99b0 ether_nh_input() at 0xffffffff806376d9 =3D ether_nh_input+0x319/frame 0xfffffe00003f99f0 netisr_dispatch_src() at 0xffffffff8064b6a0 =3D netisr_dispatch_src+0x80/f= rame 0xfffffe00003f9a50 ether_input() at 0xffffffff80636c32 =3D ether_input+0x62/frame 0xfffffe00003f9a80 rl_rxeof() at 0xffffffff8040086f =3D rl_rxeof+0x25f/frame 0xfffffe00003f9a= e0 rl_intr() at 0xffffffff803ff68e =3D rl_intr+0xee/frame 0xfffffe00003f9b20 intr_event_execute_handlers() at 0xffffffff8050e5f6 =3D intr_event_execute_handlers+0x96/frame 0xfffffe00003f9b60 ithread_loop() at 0xffffffff8050ec66 =3D ithread_loop+0xa6/frame 0xfffffe00003f9bb0 fork_exit() at 0xffffffff8050bf24 =3D fork_exit+0x84/frame 0xfffffe00003f9= bf0 fork_trampoline() at 0xffffffff8084f94e =3D fork_trampoline+0xe/frame 0xfffffe00003f9bf0 --- trap 0, rip =3D 0, rsp =3D 0, rbp =3D 0 --- KDB: enter: panic --=20 You are receiving this mail because: You are the assignee for the bug.=
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?bug-216719-8>