From owner-freebsd-pf@freebsd.org  Thu Jun 15 20:14:21 2017
Return-Path: <owner-freebsd-pf@freebsd.org>
Delivered-To: freebsd-pf@mailman.ysv.freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org
 [IPv6:2001:1900:2254:206a::19:1])
 by mailman.ysv.freebsd.org (Postfix) with ESMTP id 9CBA1B95C29
 for <freebsd-pf@mailman.ysv.freebsd.org>; Thu, 15 Jun 2017 20:14:21 +0000 (UTC)
 (envelope-from bugzilla-noreply@freebsd.org)
Received: from kenobi.freebsd.org (kenobi.freebsd.org
 [IPv6:2001:1900:2254:206a::16:76])
 (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits))
 (Client did not present a certificate)
 by mx1.freebsd.org (Postfix) with ESMTPS id 823C982A86
 for <freebsd-pf@FreeBSD.org>; Thu, 15 Jun 2017 20:14:21 +0000 (UTC)
 (envelope-from bugzilla-noreply@freebsd.org)
Received: from bugs.freebsd.org ([127.0.1.118])
 by kenobi.freebsd.org (8.15.2/8.15.2) with ESMTP id v5FKELhi065923
 for <freebsd-pf@FreeBSD.org>; Thu, 15 Jun 2017 20:14:21 GMT
 (envelope-from bugzilla-noreply@freebsd.org)
From: bugzilla-noreply@freebsd.org
To: freebsd-pf@FreeBSD.org
Subject: [Bug 219803] [patch] PF: implement RFC 4787 REQ 1 and 3 (full cone
 NAT)
Date: Thu, 15 Jun 2017 20:14:21 +0000
X-Bugzilla-Reason: AssignedTo
X-Bugzilla-Type: changed
X-Bugzilla-Watch-Reason: None
X-Bugzilla-Product: Base System
X-Bugzilla-Component: kern
X-Bugzilla-Version: CURRENT
X-Bugzilla-Keywords: patch
X-Bugzilla-Severity: Affects Many People
X-Bugzilla-Who: kp@freebsd.org
X-Bugzilla-Status: New
X-Bugzilla-Resolution: 
X-Bugzilla-Priority: ---
X-Bugzilla-Assigned-To: freebsd-pf@FreeBSD.org
X-Bugzilla-Flags: 
X-Bugzilla-Changed-Fields: 
Message-ID: <bug-219803-17777-ztAOoBZila@https.bugs.freebsd.org/bugzilla/>
In-Reply-To: <bug-219803-17777@https.bugs.freebsd.org/bugzilla/>
References: <bug-219803-17777@https.bugs.freebsd.org/bugzilla/>
Content-Type: text/plain; charset="UTF-8"
Content-Transfer-Encoding: quoted-printable
X-Bugzilla-URL: https://bugs.freebsd.org/bugzilla/
Auto-Submitted: auto-generated
MIME-Version: 1.0
X-BeenThere: freebsd-pf@freebsd.org
X-Mailman-Version: 2.1.23
Precedence: list
List-Id: "Technical discussion and general questions about packet filter
 \(pf\)" <freebsd-pf.freebsd.org>
List-Unsubscribe: <https://lists.freebsd.org/mailman/options/freebsd-pf>,
 <mailto:freebsd-pf-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-pf/>
List-Post: <mailto:freebsd-pf@freebsd.org>
List-Help: <mailto:freebsd-pf-request@freebsd.org?subject=help>
List-Subscribe: <https://lists.freebsd.org/mailman/listinfo/freebsd-pf>,
 <mailto:freebsd-pf-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Thu, 15 Jun 2017 20:14:21 -0000

https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=3D219803

--- Comment #6 from Kristof Provost <kp@freebsd.org> ---
With this patch my gateway box (pf and vimage jails) panics pretty quickly
during boot.

#0  doadump (textdump=3D0) at pcpu.h:232
#1  0xffffffff803a4c2b in db_dump (dummy=3D<value optimized out>, dummy2=3D=
<value
optimized out>, dummy3=3D<value optimized out>, dummy4=3D<value optimized o=
ut>)
    at /usr/src/sys/ddb/db_command.c:546
#2  0xffffffff803a4a1f in db_command (cmd_table=3D<value optimized out>) at
/usr/src/sys/ddb/db_command.c:453
#3  0xffffffff803a4754 in db_command_loop () at
/usr/src/sys/ddb/db_command.c:506
#4  0xffffffff803a781f in db_trap (type=3D<value optimized out>, code=3D<va=
lue
optimized out>) at /usr/src/sys/ddb/db_main.c:248
#5  0xffffffff80a9bd33 in kdb_trap (type=3D12, code=3D0, tf=3D<value optimi=
zed out>)
at /usr/src/sys/kern/subr_kdb.c:654
#6  0xffffffff80efb4f2 in trap_fatal (frame=3D0xfffffe022fefaf50, eva=3D48)=
 at
/usr/src/sys/amd64/amd64/trap.c:796
#7  0xffffffff80efb5a2 in trap_pfault (frame=3D0xfffffe022fefaf50, usermode=
=3D0) at
pcpu.h:232
#8  0xffffffff80efad3d in trap (frame=3D0xfffffe022fefaf50) at
/usr/src/sys/amd64/amd64/trap.c:421
#9  0xffffffff80edcf31 in calltrap () at
/usr/src/sys/amd64/amd64/exception.S:236
#10 0xffffffff8267409a in pf_addrcpy (dst=3D0x30, src=3D0xfffff8002d09f590,=
 af=3D2
'\002') at pcpu.h:231
#11 0xffffffff82689ead in pf_get_translation (pd=3D0xfffffe022fefc351, m=3D=
<value
optimized out>, off=3D<value optimized out>, direction=3D2, kif=3D<value op=
timized
out>,
    sn=3D0xfffffe022fefb438, skp=3D<value optimized out>, nkp=3D<value opti=
mized
out>, saddr=3D<value optimized out>, daddr=3D<value optimized out>, sport=
=3D<value
optimized out>,
    dport=3D<value optimized out>, anchor_stack=3D<value optimized out>) at
/usr/src/sys/netpfil/pf/pf_lb.c:262
#12 0xffffffff8267dd08 in pf_test_rule (rm=3D0xfffffe022fefb6d0,
sm=3D0xfffffe022fefb6e0, direction=3D2, kif=3D0xfffff80006dddb00,
m=3D0xfffff8002d23f000, off=3D20,
    pd=3D<value optimized out>, am=3D0xfffffe022fefb6a0, inp=3D<value optim=
ized out>)
at /usr/src/sys/netpfil/pf/pf.c:3336
#13 0xffffffff8267af11 in pf_test (dir=3D<value optimized out>, ifp=3D<value
optimized out>, m0=3D<value optimized out>, inp=3D0x0) at
/usr/src/sys/netpfil/pf/pf.c:6088
#14 0xffffffff8268cd9d in pf_check_out (arg=3D<value optimized out>,
m=3D0xfffffe022fefb7c0, ifp=3D<value optimized out>, dir=3D<value optimized=
 out>,
inp=3D<value optimized out>)
    at /usr/src/sys/netpfil/pf/pf_ioctl.c:3582
#15 0xffffffff80b74314 in pfil_run_hooks (ph=3D0xfffffe0000de7a18,
mp=3D0xfffffe022fefb818, ifp=3D0xfffff80006e1d800, dir=3D2, inp=3D0x0) at
/usr/src/sys/net/pfil.c:108
#16 0xffffffff80bdbf80 in ip_tryforward (m=3D0xfffff8002d23f000) at
/usr/src/sys/netinet/ip_fastfwd.c:306
#17 0xffffffff80bde9f1 in ip_input (m=3D0xfffff8002d23f000) at
/usr/src/sys/netinet/ip_input.c:570
#18 0xffffffff80b731bf in netisr_dispatch_src (proto=3D1, source=3D0,
m=3D0xfffff8002d23f000) at /usr/src/sys/net/netisr.c:1120
#19 0xffffffff80b593be in ether_demux (ifp=3D0xfffff80006e1c000, m=3D<value
optimized out>) at /usr/src/sys/net/if_ethersubr.c:848
#20 0xffffffff80b5a3f2 in ether_nh_input (m=3D<value optimized out>) at
/usr/src/sys/net/if_ethersubr.c:637
#21 0xffffffff80b731bf in netisr_dispatch_src (proto=3D5, source=3D0,
m=3D0xfffff8002d23f000) at /usr/src/sys/net/netisr.c:1120
#22 0xffffffff80b5977f in ether_input (ifp=3D0xfffff80006e1c000, m=3D0x0) at
/usr/src/sys/net/if_ethersubr.c:757
#23 0xffffffff80b54d6a in if_input (ifp=3D<value optimized out>, sendmp=3D<=
value
optimized out>) at /usr/src/sys/net/if.c:3993
#24 0xffffffff804ff9cc in bge_rxeof () at /usr/src/sys/dev/bge/if_bge.c:4424
#25 0xffffffff804fd0d2 in bge_intr_task (arg=3D0xfffffe0000fe5000, pending=
=3D<value
optimized out>) at /usr/src/sys/dev/bge/if_bge.c:4654
#26 0xffffffff80aae22d in taskqueue_run_locked (queue=3D0xfffff80005637400)=
 at
/usr/src/sys/kern/subr_taskqueue.c:454
#27 0xffffffff80aaefe8 in taskqueue_thread_loop (arg=3D<value optimized out=
>) at
/usr/src/sys/kern/subr_taskqueue.c:746
#28 0xffffffff80a1ab44 in fork_exit (callout=3D0xffffffff80aaef60
<taskqueue_thread_loop>, arg=3D0xfffffe0000fec568, frame=3D0xfffffe022fefbc=
00) at
/usr/src/sys/kern/kern_fork.c:1038
#29 0xffffffff80edd46e in fork_trampoline () at
/usr/src/sys/amd64/amd64/exception.S:611
#30 0x0000000000000000 in ?? ()

...

#11 0xffffffff82689ead in pf_get_translation (pd=3D0xfffffe022fefc351, m=3D=
<value
optimized out>, off=3D<value optimized out>, direction=3D2, kif=3D<value op=
timized
out>,
    sn=3D0xfffffe022fefb438, skp=3D<value optimized out>, nkp=3D<value opti=
mized
out>, saddr=3D<value optimized out>, daddr=3D<value optimized out>, sport=
=3D<value
optimized out>,
    dport=3D<value optimized out>, anchor_stack=3D<value optimized out>) at
/usr/src/sys/netpfil/pf/pf_lb.c:262
262                     PF_ACPY(&(*udp_mapping)->endpoints[1].addr, naddr, =
af);
(kgdb) p udp_mapping
Cannot access memory at address 0x0
(kgdb)

I'm not quite sure how that happens, but it's easy to reproduce.

My pf.conf is a pretty typical gateway config. A nat rule and a couple of r=
dr
rules (including for UDP).

--=20
You are receiving this mail because:
You are the assignee for the bug.=