From owner-freebsd-questions Sat Oct 9 0: 1:52 1999 Delivered-To: freebsd-questions@freebsd.org Received: from mail.easystreet.com (easystreet.com [206.26.36.40]) by hub.freebsd.org (Postfix) with ESMTP id 7797614DFA for ; Sat, 9 Oct 1999 00:01:49 -0700 (PDT) (envelope-from tashchuk@easystreet.com) Received: from easystreet.com (dsl-209-162-218-66.easystreet.com [209.162.218.66]) by mail.easystreet.com (8.9.1/8.9.1) with ESMTP id AAA12963; Sat, 9 Oct 1999 00:01:06 -0700 (PDT) Message-ID: <37FEE832.EECB0B8C@easystreet.com> Date: Sat, 09 Oct 1999 00:01:06 -0700 From: Bohdan Tashchuk X-Mailer: Mozilla 4.61 [en] (X11; I; BSD/OS 4.0.1 i386) X-Accept-Language: en MIME-Version: 1.0 To: Bill Cc: Ruslan Ermilov , Edirol , freebsd-questions@FreeBSD.ORG Subject: Re: natd - ping crash References: Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit Sender: owner-freebsd-questions@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.ORG I have just confirmed this panic from a non-FreeBSD unix machine with a target of my FreeBSD machine running 3.3 release with natd (same Ethernet segment). From a non-FreeBSD Unix machine, as root, I did ping -f -R Instant causes panic (takes less than 1 second elapsed time) on FreeBSD machine: Fatal trap 12: page fault while in kernel mode I looked, and has already been reported as bug kern/11199. It really is a "panic", rather than a "simply reboot". The difference is that the kernel says it's syncing disks, etc. Then the kernel says automatic reboot in 15 seconds So, unless you're right at the console and watching, the FreeBSD machine doesn't have any "sign of panic". But it really did panic. It just rebooted almost immediately and the panic message scrolled off the screen. Needless to say, I immediately tried the suggested fix and added the following IPFW rule: $fwcmd add deny log ip from any to any ipoptions rr This fixed the problem. I let ping -f run for a few minutes and there was no panic even after 26,000 pings. Bill wrote: > > This is a very serious bug/security issue with natd, ping -r will simply > reboot freebsd if your running natd , ive seen no sign of pannic. > A friend of mine discovered this in 2.6 release & it has since carried > over. Since I have been aware of it ive used IPFW deny ipopt rr since this > can be done over any networks to any fbsd machine using natd. > > On Fri, 8 Oct 1999, Ruslan Ermilov wrote: > > > On Fri, Oct 08, 1999 at 12:14:27AM -0400, Edirol wrote: > > > Hi, > > > > > > I'm running natd on a 3.3R system with the following command line > > > options -s -m -u > > > > > > When I ping -R my box from another computer, after a while the system > > > reboots itself. > > > > > Reboots or panics? > > > > -- > > Ruslan Ermilov Sysadmin and DBA of the > > ru@ucb.crimea.ua United Commercial Bank, > > ru@FreeBSD.org FreeBSD committer, > > +380.652.247.647 Simferopol, Ukraine To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-questions" in the body of the message