Date: Fri, 4 Dec 1998 06:38:06 -0500 (EST) From: gpalmer@FreeBSD.ORG To: FreeBSD-gnats-submit@FreeBSD.ORG Subject: bin/8962: natd core dump Message-ID: <199812041138.GAA61194@gjp.erols.com>
next in thread | raw e-mail | index | archive | help
>Number: 8962 >Category: bin >Synopsis: natd code dump >Confidential: no >Severity: serious >Priority: high >Responsible: freebsd-bugs >State: open >Quarter: >Keywords: >Date-Required: >Class: sw-bug >Submitter-Id: current-users >Arrival-Date: Fri Dec 4 03:40:00 PST 1998 >Last-Modified: >Originator: Gary Palmer >Organization: FreeBSD >Release: FreeBSD 3.0-CURRENT i386 >Environment: FreeBSD 3.0, Nov 21 vintage, 2 ethernets (one internal for private LAN, one to cablemodem provider). Running natd on the external interface for NAT functions. >Description: It seems natd coredumps occasionally on my machine. Backtrace: root@gjp:/usr/bin> gdb /usr/sbin/natd /natd.core GDB is free software and you are welcome to distribute copies of it under certain conditions; type "show copying" to see the conditions. There is absolutely no warranty for GDB; type "show warranty" for details. GDB 4.16 (i386-unknown-freebsd), Copyright 1996 Free Software Foundation, Inc... Core was generated by `natd'. Program terminated with signal 11, Segmentation fault. Reading symbols from /usr/lib/libalias.so.2...done. Reading symbols from /usr/lib/libc.so.3...done. Reading symbols from /usr/libexec/ld-elf.so.1...done. #0 0x280aca64 in bcmp () (gdb) bt #0 0x280aca64 in bcmp () #1 0x8089000 in ?? () #2 0x280570dd in AliasHandleResource (count=1, q=0x804c58d, nbtarg=0xefbfd680) at alias_nbt.c:487 #3 0x2805721a in AliasHandleUdpNbtNS (pip=0x804c564, link=0x8083e00, alias_address=0xefbfd6c4, alias_port=0xefbfd6c2, original_address=0xefbfd6c8, original_port=0x804c57a) at alias_nbt.c:564 #4 0x2805627e in UdpAliasIn (pip=0x804c564) at alias.c:620 #5 0x280569da in PacketAliasIn (ptr=0x804c564 "E", maxpacketsize=65535) at alias.c:1042 #6 0x804972e in DoAliasing (fd=3) at natd.c:485 #7 0x80492ed in main (argc=4, argv=0xefbfd87c) at natd.c:278 #8 0x8048e72 in _start () (gdb) up #1 0x8089000 in ?? () (gdb) up #2 0x280570dd in AliasHandleResource (count=1, q=0x804c58d, nbtarg=0xefbfd680) at alias_nbt.c:487 487 q = (NBTNsResource *)AliasHandleResourceNB( q, nbtarg ); (gdb) list 482 #endif 483 484 /* Type and Class filed */ 485 switch ( ntohs(q->type) ) { 486 case RR_TYPE_NB: 487 q = (NBTNsResource *)AliasHandleResourceNB( q, nbtarg ); 488 break; 489 case RR_TYPE_A: 490 q = (NBTNsResource *)AliasHandleResourceA( q, nbtarg ); 491 break; (gdb) print q $1 = (NBTNsResource *) 0x8089000 (gdb) print *q Cannot access memory at address 0x8089000. (gdb) up #3 0x2805721a in AliasHandleUdpNbtNS (pip=0x804c564, link=0x8083e00, alias_address=0xefbfd6c4, alias_port=0xefbfd6c2, original_address=0xefbfd6c8, original_port=0x804c57a) at alias_nbt.c:564 564 p = AliasHandleResource(ntohs(nsh->nscount), (NBTNsResource *)p, &nbtarg ); (gdb) list 559 p = AliasHandleResource(ntohs(nsh->ancount), (NBTNsResource *)p, &nbtarg ); 560 } 561 562 /* Authority Resource Recodrs */ 563 if (ntohs(nsh->nscount) !=0 ) { 564 p = AliasHandleResource(ntohs(nsh->nscount), (NBTNsResource *)p, &nbtarg ); 565 } 566 567 /* Additional Resource Recodrs */ 568 if (ntohs(nsh->arcount) !=0 ) { (gdb) print p $2 = (unsigned char *) 0xc07d <Address 0xc07d out of bounds> (gdb) print nbtarg $3 = {oldaddr = {s_addr = 4279409870}, oldport = 35072, newaddr = { s_addr = 4279409870}, newport = 35072, uh_sum = 0x804c57e} (gdb) print nsh No symbol "nsh" in current context. (gdb) print p $4 = (unsigned char *) 0xc07d <Address 0xc07d out of bounds> (gdb) up #4 0x2805627e in UdpAliasIn (pip=0x804c564) at alias.c:620 620 AliasHandleUdpNbtNS(pip, link, (gdb) list 615 { 616 AliasHandleUdpNbt(pip, link, &original_address, ud->uh_dport); 617 } else if (ntohs(ud->uh_dport) == NETBIOS_NS_PORT_NUMBER 618 || ntohs(ud->uh_sport) == NETBIOS_NS_PORT_NUMBER ) 619 { 620 AliasHandleUdpNbtNS(pip, link, 621 &alias_address, 622 &alias_port, 623 &original_address, 624 &ud->uh_dport ); (gdb) print pip $5 = (struct ip *) 0x804c564 (gdb) print *pip $6 = {ip_hl = 5, ip_v = 4, ip_tos = 0 '\000', ip_len = 24576, ip_id = 10, ip_off = 0, ip_ttl = 128 '\200', ip_p = 17 '\021', ip_sum = 51053, ip_src = { s_addr = 2383584462}, ip_dst = {s_addr = 4279409870}} (gdb) print link $7 = (struct alias_link *) 0x8083e00 (gdb) print *link $8 = {src_addr = {s_addr = 4279409870}, dst_addr = {s_addr = 2383584462}, alias_addr = {s_addr = 4279409870}, src_port = 35072, dst_port = 35072, alias_port = 35072, link_type = 2, flags = 0, timestamp = 912770349, expire_time = 60, sockfd = -1, start_point_out = 76, start_point_in = 3351, next_out = 0x8084f00, last_out = 0x0, next_in = 0x0, last_in = 0x0, data = { frag_ptr = 0x8085100 "Î\234\022ÿÎ\234\022\013Î\234\022ÿ", frag_addr = { s_addr = 134762752}, tcp = 0x8085100}} (gdb) print alias_address $9 = {s_addr = 4279409870} (gdb) print alias_port $10 = 35072 (gdb) print original_address $11 = {s_addr = 4279409870} (gdb) print ud $12 = (struct udphdr *) 0x804c578 (gdb) print *ud $13 = {uh_sport = 35072, uh_dport = 35072, uh_ulen = 19456, uh_sum = 49277} (gdb) up #5 0x280569da in PacketAliasIn (ptr=0x804c564 "E", maxpacketsize=65535) at alias.c:1042 1042 iresult = UdpAliasIn(pip); (gdb) list 1037 { 1038 case IPPROTO_ICMP: 1039 iresult = IcmpAliasIn(pip); 1040 break; 1041 case IPPROTO_UDP: 1042 iresult = UdpAliasIn(pip); 1043 break; 1044 case IPPROTO_TCP: 1045 iresult = TcpAliasIn(pip); 1046 break; (gdb) list 1037 { 1038 case IPPROTO_ICMP: 1039 iresult = IcmpAliasIn(pip); 1040 break; 1041 case IPPROTO_UDP: 1042 iresult = UdpAliasIn(pip); 1043 break; 1044 case IPPROTO_TCP: 1045 iresult = TcpAliasIn(pip); 1046 break; (gdb) print pip $14 = (struct ip *) 0x804c564 (gdb) print *pip $15 = {ip_hl = 5, ip_v = 4, ip_tos = 0 '\000', ip_len = 24576, ip_id = 10, ip_off = 0, ip_ttl = 128 '\200', ip_p = 17 '\021', ip_sum = 51053, ip_src = { s_addr = 2383584462}, ip_dst = {s_addr = 4279409870}} At a guess, this seems to be a netbios broadcast packet coming in from the cablesystem. (gdb) printf "0x%x", pip->ip_dst->s_addr 0xff129cce (aka 206.156.18.255) (gdb) printf "0x%x", pip->ip_src->s_addr 0x8e129cce (aka 206.156.18.142) >How-To-Repeat: Unknown what specifically triggers the coredump. I can't be the only one running on a cableplant with lots of NetBIOS broadcasts... >Fix: Unknown at this time. Filter NetBIOS in the kernel? >Audit-Trail: >Unformatted: To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-bugs" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?199812041138.GAA61194>