From owner-freebsd-net@FreeBSD.ORG  Tue Jun  5 18:34:53 2012
Return-Path: <owner-freebsd-net@FreeBSD.ORG>
Delivered-To: freebsd-net@freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org [69.147.83.52])
	by hub.freebsd.org (Postfix) with ESMTP id 8851B106564A;
	Tue,  5 Jun 2012 18:34:53 +0000 (UTC)
	(envelope-from darrenr@freebsd.org)
Received: from out1-smtp.messagingengine.com (out1-smtp.messagingengine.com
	[66.111.4.25]) by mx1.freebsd.org (Postfix) with ESMTP id 349F28FC15;
	Tue,  5 Jun 2012 18:34:30 +0000 (UTC)
Received: from compute5.internal (compute5.nyi.mail.srv.osa [10.202.2.45])
	by gateway1.nyi.mail.srv.osa (Postfix) with ESMTP id C00AD21019;
	Tue,  5 Jun 2012 14:34:29 -0400 (EDT)
Received: from frontend1.nyi.mail.srv.osa ([10.202.2.160])
	by compute5.internal (MEProxy); Tue, 05 Jun 2012 14:34:29 -0400
DKIM-Signature: v=1; a=rsa-sha1; c=relaxed/relaxed; d=
	messagingengine.com; h=message-id:date:from:reply-to
	:mime-version:to:cc:subject:content-type
	:content-transfer-encoding; s=smtpout; bh=/Aq6gEVxTx405pH35s8peJ
	9UFxs=; b=cqdF7w12qZJzWQEKacxxOutI5sarQ18RzDuAQXv1UHuoVbB2VKi1dA
	wwh3WYS7LZvbzoLQDP8ITV6b6jAPtXx7WHBChDftIrRroEZ5zqBN6mg40fia95lw
	bhVSW4ncHWr3az/8P+Zx7xlgxXO22iSoO3U4hA6ga3GlZmYUwCzbY=
X-Sasl-enc: tzae7MuRV5H7GKoz9HRTGiZ0bMdAp1fQ+H6ByTH6p0qv 1338921269
Received: from [192.168.1.124] (unknown [202.45.110.141])
	by mail.messagingengine.com (Postfix) with ESMTPA id 97D528E00E9;
	Tue,  5 Jun 2012 14:34:28 -0400 (EDT)
Message-ID: <4FCE51A8.1040703@freebsd.org>
Date: Wed, 06 Jun 2012 04:36:24 +1000
From: Darren Reed <darrenr@freebsd.org>
Organization: FreeBSD
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64;
	rv:12.0) Gecko/20120428 Thunderbird/12.0.1
MIME-Version: 1.0
To: bsdbug@bospaling.nl
Content-Type: text/plain; charset=ISO-8859-1
Content-Transfer-Encoding: 7bit
Cc: freebsd-net@freebsd.org, freebsd-bugs@FreeBSD.org
Subject: kern/167768: [ipfilter] Fatal trap in ipfilter/ipnat
X-BeenThere: freebsd-net@freebsd.org
X-Mailman-Version: 2.1.5
Precedence: list
Reply-To: darrenr@freebsd.org
List-Id: Networking and TCP/IP with FreeBSD <freebsd-net.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-net>,
	<mailto:freebsd-net-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-net>
List-Post: <mailto:freebsd-net@freebsd.org>
List-Help: <mailto:freebsd-net-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-net>,
	<mailto:freebsd-net-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Tue, 05 Jun 2012 18:34:53 -0000

The problem is that you have a port range of 0 in an
ipnat.conf line. Quick solution is to ensure that all
ipnat.conf lines specify a range of ports of greater than 0.

Otherwise patch below applies.

Darren

--- /tmp/ip_nat.c.orig  2012-06-06 04:31:31.000000000 +1000
+++ /tmp/ip_nat.c       2012-06-06 04:31:41.000000000 +1000
@@ -2040,7 +2040,7 @@
                                port = np->in_pnext;
                        } else {
                                port = ipf_random() % (ntohs(np->in_pmax) -
-                                                      ntohs(np->in_pmin));
+                                                      ntohs(np->in_pmin) +1);
                                port += ntohs(np->in_pmin);
                        }
                        port = htons(port);