From owner-freebsd-bugs Tue Jun 27 15:10:15 2000 Delivered-To: freebsd-bugs@freebsd.org Received: from freefall.freebsd.org (freefall.FreeBSD.ORG [204.216.27.21]) by hub.freebsd.org (Postfix) with ESMTP id EF6D437B7B2 for ; Tue, 27 Jun 2000 15:10:04 -0700 (PDT) (envelope-from gnats@FreeBSD.org) Received: (from gnats@localhost) by freefall.freebsd.org (8.9.3/8.9.2) id PAA74022; Tue, 27 Jun 2000 15:10:05 -0700 (PDT) (envelope-from gnats@FreeBSD.org) Received: from privatecube.privatelabs.com (privatecube.privatelabs.com [198.143.31.30]) by hub.freebsd.org (Postfix) with ESMTP id 63ADB37B7B2 for ; Tue, 27 Jun 2000 15:09:11 -0700 (PDT) (envelope-from mi@privatelabs.com) Received: from misha.privatelabs.com (root@misha.privatelabs.com [198.143.31.6]) by privatecube.privatelabs.com (8.9.3/8.9.2) with ESMTP id SAA12932; Tue, 27 Jun 2000 18:07:21 -0400 Received: (from mi@localhost) by misha.privatelabs.com (8.9.3/8.9.3) id SAA88013; Tue, 27 Jun 2000 18:06:15 -0400 (EDT) (envelope-from mi) Message-Id: <200006272206.SAA88013@misha.privatelabs.com> Date: Tue, 27 Jun 2000 18:06:15 -0400 (EDT) From: Mikhail Teterin Reply-To: mi@aldan.algebra.com To: FreeBSD-gnats-submit@freebsd.org Cc: luigi@iet.unipi.it X-Send-Pr-Version: 3.2 Subject: kern/19551: panic when enabling bridge_ipfw Sender: owner-freebsd-bugs@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org >Number: 19551 >Category: kern >Synopsis: panic when enabling bridge_ipfw >Confidential: no >Severity: critical >Priority: high >Responsible: freebsd-bugs >State: open >Quarter: >Keywords: >Date-Required: >Class: sw-bug >Submitter-Id: current-users >Arrival-Date: Tue Jun 27 15:10:04 PDT 2000 >Closed-Date: >Last-Modified: >Originator: Mikhail Teterin >Release: FreeBSD 4.0-STABLE i386 >Organization: Virtual Estates, Inc. >Environment: The machine has 3 network cards (82c169 PNIC 10/100BaseTX -- dc driver). Two of them are parts of the bridge. One of the two (dc0) has no IP address of its own -- it plugs directly into the router. The other (dc2) connects to our office LAN. dc1 is currently unused. >Description: The bridging is enabled as follows: sysctl -w net.link.ether.bridge_cfg=dc0:1,dc2:1 sysctl -w net.link.ether.bridge=1 sysctl -w net.link.ether.bridge_ipfw=1 With the kernel built from April 27 sources, the setup works fine. With todays kernel (and a week old kernel) the system panics when bridge_ipfw is enabled (commenting the line out stops the panic, but disables the firewall). The crash happens in sys/netinet/ip_icmp.c, where on line 633, where the NULL pointer is referenced: (kgdb) l 627 /* 628 * The following happens if the packet was not addressed to us, 629 * and was received on an interface with no IP address. 630 */ 631 f (ia == (struct in_ifaddr *)0) 632 ia = in_ifaddrhead.tqh_first; 633 t = IA_SIN(ia)->sin_addr; 634 ip->ip_src = t; 635 ip->ip_ttl = MAXTTL; 636 (kgdb) p ia $2 = (struct in_ifaddr *) 0x0 The full stack is #0 boot (howto=256) at /opt/src/sys/kern/kern_shutdown.c:302 #1 0xc0138358 in poweroff_wait (junk=0xc025842f, howto=0) at /opt/src/sys/kern/kern_shutdown.c:552 #2 0xc0226ed2 in trap_fatal (frame=0xc025e4fc, eva=76) at /opt/src/sys/i386/i386/trap.c:927 #3 0xc0226b91 in trap_pfault (frame=0xc025e4fc, usermode=0, eva=76) at /opt/src/sys/i386/i386/trap.c:820 #4 0xc022677b in trap (frame={tf_fs = -1071579120, tf_es = 16, tf_ds = 16, tf_edi = 20, tf_esi = -1067166976, tf_ebp = -1071258284, tf_isp = -1071258328, tf_ebx = -1067166756, tf_edx = 0, tf_ecx = -1067166976, tf_eax = 0, tf_trapno = 12, tf_err = 0, tf_eip = -1072156088, tf_cs = 8, tf_eflags = 66118, tf_esp = -1067166756, tf_ss = -1067166976}) at /opt/src/sys/i386/i386/trap.c:426 #5 0xc0183248 in icmp_reflect (m=0xc0645300) at /opt/src/sys/netinet/ip_icmp.c:632 #6 0xc0182ca8 in icmp_error (n=0xc0645200, type=3, code=3, dest=0, destifp=0x0) at /opt/src/sys/netinet/ip_icmp.c:220 #7 0xc018f1ee in udp_input (m=0xc0645200, off=20, proto=17) at /opt/src/sys/netinet/udp_usrreq.c:358 #8 0xc0183e93 in ip_input (m=0xc0645200) at /opt/src/sys/netinet/ip_input.c:743 #9 0xc0183f0b in ipintr () at /opt/src/sys/netinet/ip_input.c:771 #10 0xc021c875 in swi_net_next () >How-To-Repeat: See environment. This can be reproduced at will even in single user mode by simply enabling bridging: sysctl -w net.link.ether.bridge=1 and requesting the bridged packet be routed through the firewall rules: sysctl -w net.link.ether.bridge_ipfw=1 The interfaces don't need to be configured for this to happen... >Fix: I wish I knew :( >Release-Note: >Audit-Trail: >Unformatted: To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-bugs" in the body of the message