From owner-freebsd-bugs@FreeBSD.ORG Fri Apr 11 21:10:03 2014 Return-Path: Delivered-To: freebsd-bugs@smarthost.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) (using TLSv1 with cipher ADH-AES256-SHA (256/256 bits)) (No client certificate requested) by hub.freebsd.org (Postfix) with ESMTPS id 445A5BAF for ; Fri, 11 Apr 2014 21:10:03 +0000 (UTC) Received: from freefall.freebsd.org (freefall.freebsd.org [IPv6:2001:1900:2254:206c::16:87]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client did not present a certificate) by mx1.freebsd.org (Postfix) with ESMTPS id 1F5EF1D08 for ; Fri, 11 Apr 2014 21:10:03 +0000 (UTC) Received: from freefall.freebsd.org (localhost [127.0.0.1]) by freefall.freebsd.org (8.14.8/8.14.8) with ESMTP id s3BLA2LR020794 for ; Fri, 11 Apr 2014 21:10:02 GMT (envelope-from gnats@freefall.freebsd.org) Received: (from gnats@localhost) by freefall.freebsd.org (8.14.8/8.14.8/Submit) id s3BLA2PA020793; Fri, 11 Apr 2014 21:10:02 GMT (envelope-from gnats) Resent-Date: Fri, 11 Apr 2014 21:10:02 GMT Resent-Message-Id: <201404112110.s3BLA2PA020793@freefall.freebsd.org> Resent-From: FreeBSD-gnats-submit@FreeBSD.org (GNATS Filer) Resent-To: freebsd-bugs@FreeBSD.org Resent-Reply-To: FreeBSD-gnats-submit@FreeBSD.org, Jim Sanders Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) (using TLSv1 with cipher ADH-AES256-SHA (256/256 bits)) (No client certificate requested) by hub.freebsd.org (Postfix) with ESMTPS id EA34EB62 for ; Fri, 11 Apr 2014 21:06:19 +0000 (UTC) Received: from cgiserv.freebsd.org (cgiserv.freebsd.org [IPv6:2001:1900:2254:206a::50:4]) (using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits)) (Client did not present a certificate) by mx1.freebsd.org (Postfix) with ESMTPS id CA7441CD8 for ; Fri, 11 Apr 2014 21:06:19 +0000 (UTC) Received: from cgiserv.freebsd.org ([127.0.1.6]) by cgiserv.freebsd.org (8.14.8/8.14.8) with ESMTP id s3BL6JtE037845 for ; Fri, 11 Apr 2014 21:06:19 GMT (envelope-from nobody@cgiserv.freebsd.org) Received: (from nobody@localhost) by cgiserv.freebsd.org (8.14.8/8.14.8/Submit) id s3BL6JuT037841; Fri, 11 Apr 2014 21:06:19 GMT (envelope-from nobody) Message-Id: <201404112106.s3BL6JuT037841@cgiserv.freebsd.org> Date: Fri, 11 Apr 2014 21:06:19 GMT From: Jim Sanders To: freebsd-gnats-submit@FreeBSD.org X-Send-Pr-Version: www-3.1 Subject: conf/188481: ipfilter fails to initialize on simple install with default kernel and rc.conf set to ipf defaults on multiple Intel x86 64 bit CPU architecture X-BeenThere: freebsd-bugs@freebsd.org X-Mailman-Version: 2.1.17 Precedence: list List-Id: Bug reports List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 11 Apr 2014 21:10:03 -0000 >Number: 188481 >Category: conf >Synopsis: ipfilter fails to initialize on simple install with default kernel and rc.conf set to ipf defaults on multiple Intel x86 64 bit CPU architecture >Confidential: no >Severity: non-critical >Priority: low >Responsible: freebsd-bugs >State: open >Quarter: >Keywords: >Date-Required: >Class: sw-bug >Submitter-Id: current-users >Arrival-Date: Fri Apr 11 21:10:01 UTC 2014 >Closed-Date: >Last-Modified: >Originator: Jim Sanders >Release: 10 production dated Jan 16 2014 >Organization: None >Environment: root@zues:~ # uname -a FreeBSD zues.netdataltd.com 10.0-RELEASE FreeBSD 10.0-RELEASE #0 r260789: Thu Jan 16 22:34:59 UTC 2014 root@snap.freebsd.org:/usr/obj/usr/src/sys/GENERIC amd64 >Description: Previously to just nows output below from simple ipf commands showed that an error was occuring perhaps with the kernel module but it mentioned a missing file so that is a wierd error for IPF to be exhibiting any way right? So mainly I have a bug report to just show that running IPFTEST fails. It gives a segmentation fault on iptest wtih a fully ttested ipfilter file root@zues:~ # ipf -E root@zues:~ # root@zues:~ # ipf -f /etc/ipf/ipf.conf root@zues:~ # ipftest -vr /etc/ipf/ipf.conf pass in quick on lo0(!) inet proto icmp from 127.0.0.0/8 to 127.0.0.0/8 with short block in log quick from any to any with short block in log quick inet from any to any with opt lsrr block in log quick inet from any to any with opt ssrr pass in quick on lo0(!) all pass out quick on lo0(!) all block in log on age0(!) from any to any block out log on age0(!) from any to any pass in quick on age0(!) inet proto tcp from any to age0/32 port = ssh keep state # count 0 Segmentation fault (core dumped) >How-To-Repeat: install from disk1.iso and just add a ipf.conf file for the rules like this below and you add the lines recommended to rc.conf also below after the rules and you get the error in fbsd 10 but not in fbsd 9: HERE IS RULES FILE /etc/ipf/ifp.conf: pass in quick on lo0 proto icmp from 127.0.0.1/8 to 127.0.0.1/8 with short block in log quick all with short block in log quick all with opt lsrr block in log quick all with opt ssrr pass in quick on lo0 all pass out quick on lo0 all block in log on age0 from any to any block out log on age0 from any to any pass in quick on age0 proto tcp from any to age0/32 port = 22 keep state pass in quick on age0 proto icmp from any to age0/32 keep state pass out quick on age0 proto icmp from age0/32 to any keep state pass out quick on age0 proto tcp/udp from any to any keep state HERE IS RC.CONF FILE: hostname="xxxx.xxxxxx.com" ifconfig_age0="inet 123.456.789.10 netmask 255.255.255.0" defaultrouter="123.456.789.1" ################################ sshd_enable="YES" ################################ # Set dumpdev to "AUTO" to enable crash dumps, "NO" to disable dumpdev="NO" inetd_enable="NO" ################################ ipfilter_enable="NO" ipfilter_rules="/etc/ipf/ipf.conf" ipmon_enable="YES" # Start IP monitor log ipmon_flags="-Ds" # D = start as daemon ################################ >Fix: uh uh >Release-Note: >Audit-Trail: >Unformatted: