Date: Wed, 31 Jan 2001 15:15:51 -0200 From: Joao Carlos Mendes Luis <jonny@jonny.eng.br> To: freebsd-stable@freebsd.org Subject: URG: IPFW and kernel msgbuf corruption Message-ID: <3A784846.27E560E9@jonny.eng.br>
next in thread | raw e-mail | index | archive | help
Hi,
I've seen some messages in the mail archives about this, but none got to
the real problem! FreeBSD -stable from yesterday (2000.01.30) has a bug in
ipfw logging that corrupts kernel msgbuf (dmesg) area. Maybe some other
modules have this bug also, but I could not reproduce them. This bug is
definitely not present in 4.2-RELEASE, as I have downgraded my system with
cvsup and repeated the tests.
My test procedure is to attack my test system with nmap, and look for the
ipfw log messages. They corrupt the whole msgbuf area, like this:
bash-2.04# dmesg
>ipfw: 20050 Deny TCP 200.255.125.133:39372 200.255.125.137:6007 in via fxp0
bash-2.04#
Only one line of messages? I have 80k of message buffer defined:
options MSGBUF_SIZE=81920
If I try some other form of kernel messages, for example, a SCSI bus reset,
the problem does not happen:
bash-2.04# camcontrol reset 0:6:0
Reset of 0:6:0 returned error 0xb
bash-2.04# dmesg
.255.125.133:39371 200.255.125.137:461 in via fxp0
(pass5:ahc0:0:6:0): Bus Device Reset Message Sent
ahc0: Bus Device Reset on A:6. 0 SCBs aborted
(pass5:ahc0:0:6:0): SCB 0x9 - timed out while idle, SEQADDR == 0x7
STACK == 0x3, 0x10d, 0x163, 0xec
SXFRCTL0 == 0x80
ahc0: Dumping Card State at SEQADDR 0x7
SCB count = 50
Kernel NEXTQSCB = 16
...
LOTS OF KERNEL MESSAGES STRIPPED OUT
And after some more nmap:
bash-2.04# dmesg
25.137:937 in via fxp0
bash-2.04#
This is a real bug!
Jonny
--
João Carlos Mendes Luís jonny@embratel.net.br
Networking Engineer jonny@jonny.eng.br
Internet via Embratel jcml@ieee.org
To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-stable" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?3A784846.27E560E9>