Date: Wed, 01 Feb 2023 05:35:12 +0000 From: bugzilla-noreply@freebsd.org To: net@FreeBSD.org Subject: [Bug 268246] crash and panic using pfsync on 13.1-RELEASE Message-ID: <bug-268246-7501-gAbfoAOoOC@https.bugs.freebsd.org/bugzilla/> In-Reply-To: <bug-268246-7501@https.bugs.freebsd.org/bugzilla/> References: <bug-268246-7501@https.bugs.freebsd.org/bugzilla/>
next in thread | previous in thread | raw e-mail | index | archive | help
https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=3D268246 --- Comment #44 from Kristof Provost <kp@freebsd.org> --- (In reply to jjasen from comment #43) That .. that doesn't make a whole lot of sense. With that patch the system should have panicked before that point. We don't modify mbufs while they're deferred, so if it's bad coming out it had to have been bad going in. Yet we didn't panic on insertion. So either the bad mbuf took the other path, for which I've extended the test patch now: diff --git a/sys/netpfil/pf/if_pfsync.c b/sys/netpfil/pf/if_pfsync.c index 61308a35a7e1..ae913185ec8a 100644 --- a/sys/netpfil/pf/if_pfsync.c +++ b/sys/netpfil/pf/if_pfsync.c @@ -604,7 +604,11 @@ pfsync_state_import(struct pfsync_state *sp, int flags) if (!(flags & PFSYNC_SI_IOCTL)) { st->state_flags &=3D ~PFSTATE_NOSYNC; if (st->state_flags & PFSTATE_ACK) { + struct pfsync_bucket *b =3D pfsync_get_bucket(sc, st); + PFSYNC_BUCKET_LOCK(b); pfsync_q_ins(st, PFSYNC_S_IACK, true); + PFSYNC_BUCKET_UNLOCK(b); + pfsync_push_all(sc); } } @@ -1690,6 +1694,17 @@ pfsync_sendout(int schedswi, int c) if_inc_counter(sc->sc_ifp, IFCOUNTER_OBYTES, m->m_pkthdr.len); b->b_len =3D PFSYNC_MINPKT; + { + struct ip *ip; + + ip =3D mtod(m, struct ip *); + if (ip->ip_v =3D=3D 4) { + int len =3D ntohs(ip->ip_len); + if (m_length(m, NULL) !=3D len) + panic("Incorrect ip_len %d !=3D m_length %d= ", len, m_length(m, NULL)); + } + } + if (!_IF_QFULL(&b->b_snd)) _IF_ENQUEUE(&b->b_snd, m); else { @@ -1734,6 +1749,7 @@ pfsync_defer(struct pf_kstate *st, struct mbuf *m) struct pfsync_softc *sc =3D V_pfsyncif; struct pfsync_deferral *pd; struct pfsync_bucket *b; + struct ip *ip; if (m->m_flags & (M_BCAST|M_MCAST)) return (0); @@ -1751,6 +1767,13 @@ pfsync_defer(struct pf_kstate *st, struct mbuf *m) return (0); } + ip =3D mtod(m, struct ip *); + if (ip->ip_v =3D=3D 4) { + int len =3D ntohs(ip->ip_len); + if (m_length(m, NULL) !=3D len) + panic("Incorrect ip_len %d !=3D m_length %d", len, m_length(m, NULL)); + } + PFSYNC_BUCKET_LOCK(b); PFSYNC_UNLOCK(sc); Or ... something else is wrong with that particular machine. Have you run a memory test on it? --=20 You are receiving this mail because: You are the assignee for the bug.=
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?bug-268246-7501-gAbfoAOoOC>