Date: Thu, 02 Feb 2017 07:52:03 +0000 From: bugzilla-noreply@freebsd.org To: freebsd-bugs@FreeBSD.org Subject: [Bug 216719] panic: ipfw_check_frame: unknown retval - while trying to ipfw nat incoming packet without translation state (can be L2 firewall related) Message-ID: <bug-216719-8@https.bugs.freebsd.org/bugzilla/>
next in thread | raw e-mail | index | archive | help
https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=216719 Bug ID: 216719 Summary: panic: ipfw_check_frame: unknown retval - while trying to ipfw nat incoming packet without translation state (can be L2 firewall related) Product: Base System Version: CURRENT Hardware: Any OS: Any Status: New Severity: Affects Only Me Priority: --- Component: kern Assignee: freebsd-bugs@FreeBSD.org Reporter: bsd@kobyla.org Panic on processing ingress ipfw nat for any spurious packet (without matching NAT state) ipfw tunables: net.link.bridge.ipfw_arp: 0 net.link.bridge.ipfw: 0 net.link.ether.ipfw: 1 -- can be the problem source (not tested yet) net.inet.ip.fw.one_pass: 0 own prefix: # ifconfig lo194 lo194: flags=8049<UP,LOOPBACK,RUNNING,MULTICAST> metric 0 mtu 16384 options=600003<RXCSUM,TXCSUM,RXCSUM_IPV6,TXCSUM_IPV6> inet 194.246.74.1 netmask 0xffffffff inet 194.246.74.77 netmask 0xffffffff inet 194.246.74.201 netmask 0xffffffff nd6 options=29<PERFORMNUD,IFDISABLED,AUTO_LINKLOCAL> groups: lo uplink-1: rl0.3498: flags=8843<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST> metric 0 mtu 1500 uplink-2: rl0.2386: flags=8843<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST> metric 0 mtu 1500 uplink-3: mpd5 pppoe (not used in testing) ng0: flags=88d1<UP,POINTOPOINT,RUNNING,NOARP,SIMPLEX,MULTICAST> metric 0 mtu 1478 # ipfw show 06101 0 0 nat 101 log ip from table(5) to any out xmit rl0.* 06109 931 48145 deny log ip from any to 194.246.74.201 in 09900 206 12360 deny log ip from 10.0.0.0/8,192.168.0.0/16,172.16.0.0/19 to any xmit rl0.* 09910 843 172719 deny log ip from 10.0.0.0/8,192.168.0.0/16,172.16.0.0/19 to any xmit ng0 09920 0 0 deny log ip from any to 194.246.74.0/24 xmit ng0 11784 16 708 deny tcp from any to any dst-port 3306,3128,135,139,445 recv ng0 16675 3107 150704 deny log ip from any to any dst-port 111,135,139,445,958,3306,4443,3306,3128 recv rl0* 65530 10032698 2985048430 allow ip from any to any 65535 907 52740 allow ip from any to any No panic until 6108 rule added (ingress nat): # ipfw add 6108 nat 101 log logamount 0 all from any to 194.246.74.201 in recv rl0.* Panic after receiving any incoming packet to the nat address: 80.252.249.247> ping 194.246.74.201 <110>ipfw: 6109 Nat ICMP:8.0 80.252.249.247 194.246.74.201 in via rl0.3498 cel.home dumped core - see /var/crash/vmcore.343 Wed Feb 1 21:01:56 EET 2017 FreeBSD cel.home 12.0-CURRENT FreeBSD 12.0-CURRENT #29 r312942: Sun Jan 29 22:29:43 EET 2017 root@cel.home:/usr/obj/usr/src/sys/PDC10 amd64 panic: ipfw_check_frame: unknown retval GNU gdb 6.1.1 [FreeBSD] Copyright 2004 Free Software Foundation, Inc. GDB is free software, covered by the GNU General Public License, and you are welcome to change it and/or distribute copies of it under certain conditions. Type "show copying" to see the conditions. There is absolutely no warranty for GDB. Type "show warranty" for details. This GDB was configured as "amd64-marcel-freebsd"... Unread portion of the kernel message buffer: <110>ipfw: 6109 Nat ICMP:8.0 80.252.249.247 194.246.74.201 in via rl0.3498 panic: ipfw_check_frame: unknown retval cpuid = 1 KDB: stack backtrace: db_trace_self_wrapper() at 0xffffffff8032264b = db_trace_self_wrapper+0x2b/frame 0xfffffe00003f9530 vpanic() at 0xffffffff80547196 = vpanic+0x186/frame 0xfffffe00003f95b0 kassert_panic() at 0xffffffff80547006 = kassert_panic+0x126/frame 0xfffffe00003f9620 ipfw_check_frame() at 0xffffffff80782446 = ipfw_check_frame+0x286/frame 0xfffffe00003f9770 pfil_run_hooks() at 0xffffffff8064c7ac = pfil_run_hooks+0x9c/frame 0xfffffe00003f9800 ether_demux() at 0xffffffff806367c8 = ether_demux+0x48/frame 0xfffffe00003f9830 ether_nh_input() at 0xffffffff806376d9 = ether_nh_input+0x319/frame 0xfffffe00003f9870 netisr_dispatch_src() at 0xffffffff8064b6a0 = netisr_dispatch_src+0x80/frame 0xfffffe00003f98d0 ether_input() at 0xffffffff80636c32 = ether_input+0x62/frame 0xfffffe00003f9900 vlan_input() at 0xffffffff8063da1c = vlan_input+0x1dc/frame 0xfffffe00003f9980 ether_demux() at 0xffffffff80636828 = ether_demux+0xa8/frame 0xfffffe00003f99b0 ether_nh_input() at 0xffffffff806376d9 = ether_nh_input+0x319/frame 0xfffffe00003f99f0 netisr_dispatch_src() at 0xffffffff8064b6a0 = netisr_dispatch_src+0x80/frame 0xfffffe00003f9a50 ether_input() at 0xffffffff80636c32 = ether_input+0x62/frame 0xfffffe00003f9a80 rl_rxeof() at 0xffffffff8040086f = rl_rxeof+0x25f/frame 0xfffffe00003f9ae0 rl_intr() at 0xffffffff803ff68e = rl_intr+0xee/frame 0xfffffe00003f9b20 intr_event_execute_handlers() at 0xffffffff8050e5f6 = intr_event_execute_handlers+0x96/frame 0xfffffe00003f9b60 ithread_loop() at 0xffffffff8050ec66 = ithread_loop+0xa6/frame 0xfffffe00003f9bb0 fork_exit() at 0xffffffff8050bf24 = fork_exit+0x84/frame 0xfffffe00003f9bf0 fork_trampoline() at 0xffffffff8084f94e = fork_trampoline+0xe/frame 0xfffffe00003f9bf0 --- trap 0, rip = 0, rsp = 0, rbp = 0 --- KDB: enter: panic -- You are receiving this mail because: You are the assignee for the bug.
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?bug-216719-8>