From owner-freebsd-bugs@FreeBSD.ORG Sun Oct 16 16:10:18 2005 Return-Path: X-Original-To: freebsd-bugs@hub.freebsd.org Delivered-To: freebsd-bugs@hub.freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id E4DD916A41F for ; Sun, 16 Oct 2005 16:10:18 +0000 (GMT) (envelope-from gnats@FreeBSD.org) Received: from freefall.freebsd.org (freefall.freebsd.org [216.136.204.21]) by mx1.FreeBSD.org (Postfix) with ESMTP id EF2FD43D4C for ; Sun, 16 Oct 2005 16:10:17 +0000 (GMT) (envelope-from gnats@FreeBSD.org) Received: from freefall.freebsd.org (gnats@localhost [127.0.0.1]) by freefall.freebsd.org (8.13.3/8.13.3) with ESMTP id j9GGAHPP062012 for ; Sun, 16 Oct 2005 16:10:17 GMT (envelope-from gnats@freefall.freebsd.org) Received: (from gnats@localhost) by freefall.freebsd.org (8.13.3/8.13.1/Submit) id j9GGAHie062011; Sun, 16 Oct 2005 16:10:17 GMT (envelope-from gnats) Resent-Date: Sun, 16 Oct 2005 16:10:17 GMT Resent-Message-Id: <200510161610.j9GGAHie062011@freefall.freebsd.org> Resent-From: FreeBSD-gnats-submit@FreeBSD.org (GNATS Filer) Resent-To: freebsd-bugs@FreeBSD.org Resent-Reply-To: FreeBSD-gnats-submit@FreeBSD.org, Bruce Walker Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 2776516A41F for ; Sun, 16 Oct 2005 16:06:37 +0000 (GMT) (envelope-from root@wezel.com) Received: from tomts20-srv.bellnexxia.net (tomts20-srv.bellnexxia.net [209.226.175.74]) by mx1.FreeBSD.org (Postfix) with ESMTP id B08FF43D46 for ; Sun, 16 Oct 2005 16:06:36 +0000 (GMT) (envelope-from root@wezel.com) Received: from mx-i1200.home.wezel.com ([64.229.170.57]) by tomts20-srv.bellnexxia.net (InterMail vM.5.01.06.10 201-253-122-130-110-20040306) with ESMTP id <20051016160635.HZJN26550.tomts20-srv.bellnexxia.net@mx-i1200.home.wezel.com> for ; Sun, 16 Oct 2005 12:06:35 -0400 Message-Id: <20051016160633.EDB2A1703F@mxedge.home.wezel.com> Date: Sun, 16 Oct 2005 12:06:33 -0400 (EDT) From: Bruce Walker To: FreeBSD-gnats-submit@FreeBSD.org X-Send-Pr-Version: 3.113 Cc: Subject: kern/87521: using ipfilter "auth" keyword leads to kernel fault X-BeenThere: freebsd-bugs@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list Reply-To: Bruce Walker List-Id: Bug reports List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sun, 16 Oct 2005 16:10:19 -0000 >Number: 87521 >Category: kern >Synopsis: using ipfilter "auth" keyword leads to kernel fault >Confidential: no >Severity: serious >Priority: low >Responsible: freebsd-bugs >State: open >Quarter: >Keywords: >Date-Required: >Class: sw-bug >Submitter-Id: current-users >Arrival-Date: Sun Oct 16 16:10:17 GMT 2005 >Closed-Date: >Last-Modified: >Originator: Bruce Walker >Release: FreeBSD 6.0-BETA5 i386 >Organization: Borderware Technologies Inc. >Environment: System: FreeBSD mxedge.home.wezel.com 6.0-BETA5 FreeBSD 6.0-BETA5 #0: Mon Sep 19 00:12:45 UTC 2005 root@x64.samsco.home:/usr/obj/usr/src/sys/GENERIC i386 System is a Portwell with three Realtek 10/100 interfaces. Copyright (c) 1992-2005 The FreeBSD Project. Copyright (c) 1979, 1980, 1983, 1986, 1988, 1989, 1991, 1992, 1993, 1994 The Regents of the University of California. All rights reserved. FreeBSD 6.0-BETA5 #0: Mon Sep 19 00:12:45 UTC 2005 root@x64.samsco.home:/usr/obj/usr/src/sys/GENERIC Timecounter "i8254" frequency 1193182 Hz quality 0 CPU: VIA C3 Nehemiah+RNG (997.46-MHz 686-class CPU) Origin = "CentaurHauls" Id = 0x693 Stepping = 3 Features=0x380b13d real memory = 260046848 (248 MB) avail memory = 245014528 (233 MB) npx0: [FAST] npx0: on motherboard npx0: INT 16 interface cpu0 on motherboard pcib0: pcibus 0 on motherboard pir0: on motherboard pci0: on pcib0 agp0: mem 0xe0000000-0xe3ffffff at device 0.0 on pci0 pcib1: at device 1.0 on pci0 pci1: on pcib1 pci1: at device 0.0 (no driver attached) isab0: at device 7.0 on pci0 isa0: on isab0 atapci0: port 0x1f0-0x1f7,0x3f6,0x170-0x177,0x376,0xd000-0xd00f at device 7.1 on pci0 ata0: on atapci0 ata1: on atapci0 uhci0: port 0xd400-0xd41f irq 10 at device 7.2 on pci0 uhci0: [GIANT-LOCKED] usb0: on uhci0 usb0: USB revision 1.0 uhub0: VIA UHCI root hub, class 9/0, rev 1.00/1.00, addr 1 uhub0: 2 ports with 2 removable, self powered pci0: at device 7.4 (no driver attached) re0: port 0xdc00-0xdcff mem 0xe7000000-0xe70000ff irq 5 at device 9.0 on pci0 miibus0: on re0 rlphy0: on miibus0 rlphy0: 10baseT, 10baseT-FDX, 100baseTX, 100baseTX-FDX, auto re0: Ethernet address: 00:90:fb:04:5a:7e re1: port 0xe000-0xe0ff mem 0xe7001000-0xe70010ff irq 10 at device 10.0 on pci0 miibus1: on re1 rlphy1: on miibus1 rlphy1: 10baseT, 10baseT-FDX, 100baseTX, 100baseTX-FDX, auto re1: Ethernet address: 00:90:fb:04:5a:7d re2: port 0xe400-0xe4ff mem 0xe7002000-0xe70020ff irq 11 at device 11.0 on pci0 miibus2: on re2 rlphy2: on miibus2 rlphy2: 10baseT, 10baseT-FDX, 100baseTX, 100baseTX-FDX, auto re2: Ethernet address: 00:90:fb:04:5a:7c pmtimer0 on isa0 orm0: at iomem 0xc0000-0xcbfff,0xcc000-0xcffff on isa0 atkbdc0: at port 0x60,0x64 on isa0 atkbd0: irq 1 on atkbdc0 kbd0 at atkbd0 atkbd0: [GIANT-LOCKED] ppc0: parallel port not found. sc0: at flags 0x100 on isa0 sc0: VGA <16 virtual consoles, flags=0x300> sio0 at port 0x3f8-0x3ff irq 4 flags 0x10 on isa0 sio0: type 16550A sio1 at port 0x2f8-0x2ff irq 3 on isa0 sio1: type 16550A vga0: at port 0x3c0-0x3df iomem 0xa0000-0xbffff on isa0 unknown: can't assign resources (port) unknown: can't assign resources (memory) unknown: can't assign resources (memory) unknown: can't assign resources (port) unknown: can't assign resources (port) uhub1: Mitsumi Electric Hub in Apple Extended USB Keyboard, class 9/0, rev 1.10/4.10, addr 2 uhub1: 3 ports with 2 removable, bus powered ukbd0: Mitsumi Electric Apple Extended USB Keyboard, rev 1.10/4.10, addr 3, iclass 3/1 kbd1 at ukbd0 uhid0: Mitsumi Electric Apple Extended USB Keyboard, rev 1.10/4.10, addr 3, iclass 3/1 Timecounter "TSC" frequency 997463205 Hz quality 800 Timecounters tick every 1.000 msec acd0: CDROM at ata0-master UDMA33 ad2: 19077MB at ata1-master UDMA66 Trying to mount root from ufs:/dev/ad2s1a IP Filter: v4.1.8 initialized. Default = pass all, Logging = enabled re0: promiscuous mode enabled re1: promiscuous mode enabled >Description: Attempting to use the ipfilter (ipf) "auth" filter match. With that rule installed, if a packet matching that rule is received, a kernel fault occurs. I am using the GENERIC installed kernel, bridging module is installed, ipf is enabled. I verified that general networking and bridging work fine, and other ipf filter rules work fine too. >How-To-Repeat: [rc.conf] ifconfig_re0="inet 192.168.131.3 netmask 255.255.255.0" defaultrouter="192.168.131.5" ipfilter_enable="YES" ipmon_enable="YES" [rc.local] kldload -v bridge sysctl -w net.link.ether.bridge.enable=1 sysctl -w net.link.ether.bridge.ipf=1 sysctl -w net.link.ether.bridge.config=re0,re1 [ipf.rules] pass in from any to any pass out from any to any block return-icmp-as-dest(port-unr) in log on re0 proto tcp from any to any port = 23 auth in on re0 proto tcp from any to any port = 23 flags S keep state Then try to telnet through (or to) the bridge. >Fix: >Release-Note: >Audit-Trail: >Unformatted: