Date: Tue, 27 Jun 2000 18:06:15 -0400 (EDT) From: Mikhail Teterin <mi@privatelabs.com> To: FreeBSD-gnats-submit@freebsd.org Cc: luigi@iet.unipi.it Subject: kern/19551: panic when enabling bridge_ipfw Message-ID: <200006272206.SAA88013@misha.privatelabs.com>
next in thread | raw e-mail | index | archive | help
>Number: 19551
>Category: kern
>Synopsis: panic when enabling bridge_ipfw
>Confidential: no
>Severity: critical
>Priority: high
>Responsible: freebsd-bugs
>State: open
>Quarter:
>Keywords:
>Date-Required:
>Class: sw-bug
>Submitter-Id: current-users
>Arrival-Date: Tue Jun 27 15:10:04 PDT 2000
>Closed-Date:
>Last-Modified:
>Originator: Mikhail Teterin
>Release: FreeBSD 4.0-STABLE i386
>Organization:
Virtual Estates, Inc.
>Environment:
The machine has 3 network cards (82c169 PNIC
10/100BaseTX -- dc driver). Two of them are parts of the
bridge. One of the two (dc0) has no IP address of its
own -- it plugs directly into the router. The other
(dc2) connects to our office LAN. dc1 is currently
unused.
>Description:
The bridging is enabled as follows:
sysctl -w net.link.ether.bridge_cfg=dc0:1,dc2:1
sysctl -w net.link.ether.bridge=1
sysctl -w net.link.ether.bridge_ipfw=1
With the kernel built from April 27 sources, the setup
works fine.
With todays kernel (and a week old kernel) the system
panics when bridge_ipfw is enabled (commenting the line
out stops the panic, but disables the firewall).
The crash happens in sys/netinet/ip_icmp.c, where on
line 633, where the NULL pointer is referenced:
(kgdb) l
627 /*
628 * The following happens if the packet was not addressed to us,
629 * and was received on an interface with no IP address.
630 */
631 f (ia == (struct in_ifaddr *)0)
632 ia = in_ifaddrhead.tqh_first;
633 t = IA_SIN(ia)->sin_addr;
634 ip->ip_src = t;
635 ip->ip_ttl = MAXTTL;
636
(kgdb) p ia
$2 = (struct in_ifaddr *) 0x0
The full stack is
#0 boot (howto=256) at /opt/src/sys/kern/kern_shutdown.c:302
#1 0xc0138358 in poweroff_wait (junk=0xc025842f, howto=0)
at /opt/src/sys/kern/kern_shutdown.c:552
#2 0xc0226ed2 in trap_fatal (frame=0xc025e4fc, eva=76)
at /opt/src/sys/i386/i386/trap.c:927
#3 0xc0226b91 in trap_pfault (frame=0xc025e4fc, usermode=0, eva=76)
at /opt/src/sys/i386/i386/trap.c:820
#4 0xc022677b in trap (frame={tf_fs = -1071579120, tf_es = 16, tf_ds = 16,
tf_edi = 20, tf_esi = -1067166976, tf_ebp = -1071258284,
tf_isp = -1071258328, tf_ebx = -1067166756, tf_edx = 0,
tf_ecx = -1067166976, tf_eax = 0, tf_trapno = 12, tf_err = 0,
tf_eip = -1072156088, tf_cs = 8, tf_eflags = 66118,
tf_esp = -1067166756, tf_ss = -1067166976})
at /opt/src/sys/i386/i386/trap.c:426
#5 0xc0183248 in icmp_reflect (m=0xc0645300)
at /opt/src/sys/netinet/ip_icmp.c:632
#6 0xc0182ca8 in icmp_error (n=0xc0645200, type=3, code=3, dest=0,
destifp=0x0) at /opt/src/sys/netinet/ip_icmp.c:220
#7 0xc018f1ee in udp_input (m=0xc0645200, off=20, proto=17)
at /opt/src/sys/netinet/udp_usrreq.c:358
#8 0xc0183e93 in ip_input (m=0xc0645200)
at /opt/src/sys/netinet/ip_input.c:743
#9 0xc0183f0b in ipintr () at /opt/src/sys/netinet/ip_input.c:771
#10 0xc021c875 in swi_net_next ()
>How-To-Repeat:
See environment. This can be reproduced at will even in
single user mode by simply enabling bridging:
sysctl -w net.link.ether.bridge=1
and requesting the bridged packet be routed through the
firewall rules:
sysctl -w net.link.ether.bridge_ipfw=1
The interfaces don't need to be configured for this to
happen...
>Fix:
I wish I knew :(
>Release-Note:
>Audit-Trail:
>Unformatted:
To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-bugs" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?200006272206.SAA88013>