Skip site navigation (1)Skip section navigation (2) 
Date:      Fri, 4 Dec 1998 06:38:06 -0500 (EST)
From:      gpalmer@FreeBSD.ORG
To:        FreeBSD-gnats-submit@FreeBSD.ORG
Subject:   bin/8962: natd core dump
Message-ID:  <199812041138.GAA61194@gjp.erols.com>
next in thread | raw e-mail | index | archive | help 


>Number:         8962
>Category:       bin
>Synopsis:       natd code dump
>Confidential:   no
>Severity:       serious
>Priority:       high
>Responsible:    freebsd-bugs
>State:          open
>Quarter:
>Keywords:
>Date-Required:
>Class:          sw-bug
>Submitter-Id:   current-users
>Arrival-Date:   Fri Dec  4 03:40:00 PST 1998
>Last-Modified:
>Originator:     Gary Palmer
>Organization:
FreeBSD
>Release:        FreeBSD 3.0-CURRENT i386
>Environment:

FreeBSD 3.0, Nov 21 vintage, 2 ethernets (one internal for private LAN, one
to cablemodem provider). Running natd on the external interface for NAT
functions.

>Description:

It seems natd coredumps occasionally on my machine. Backtrace:

root@gjp:/usr/bin> gdb /usr/sbin/natd /natd.core 
GDB is free software and you are welcome to distribute copies of it
 under certain conditions; type "show copying" to see the conditions.
There is absolutely no warranty for GDB; type "show warranty" for details.
GDB 4.16 (i386-unknown-freebsd), 
Copyright 1996 Free Software Foundation, Inc...
Core was generated by `natd'.
Program terminated with signal 11, Segmentation fault.
Reading symbols from /usr/lib/libalias.so.2...done.
Reading symbols from /usr/lib/libc.so.3...done.
Reading symbols from /usr/libexec/ld-elf.so.1...done.
#0  0x280aca64 in bcmp ()
(gdb) bt
#0  0x280aca64 in bcmp ()
#1  0x8089000 in ?? ()
#2  0x280570dd in AliasHandleResource (count=1, q=0x804c58d, nbtarg=0xefbfd680)
    at alias_nbt.c:487
#3  0x2805721a in AliasHandleUdpNbtNS (pip=0x804c564, link=0x8083e00, 
    alias_address=0xefbfd6c4, alias_port=0xefbfd6c2, 
    original_address=0xefbfd6c8, original_port=0x804c57a) at alias_nbt.c:564
#4  0x2805627e in UdpAliasIn (pip=0x804c564) at alias.c:620
#5  0x280569da in PacketAliasIn (ptr=0x804c564 "E", maxpacketsize=65535)
    at alias.c:1042
#6  0x804972e in DoAliasing (fd=3) at natd.c:485
#7  0x80492ed in main (argc=4, argv=0xefbfd87c) at natd.c:278
#8  0x8048e72 in _start ()
(gdb) up
#1  0x8089000 in ?? ()
(gdb) up
#2  0x280570dd in AliasHandleResource (count=1, q=0x804c58d, nbtarg=0xefbfd680)
    at alias_nbt.c:487
487                                     q = (NBTNsResource *)AliasHandleResourceNB( q, nbtarg );
(gdb) list
482     #endif
483
484                     /* Type and Class filed */
485                     switch ( ntohs(q->type) ) {
486                             case RR_TYPE_NB:
487                                     q = (NBTNsResource *)AliasHandleResourceNB( q, nbtarg );
488                                     break;
489                             case RR_TYPE_A: 
490                                     q = (NBTNsResource *)AliasHandleResourceA( q, nbtarg );
491                                     break;
(gdb) print q
$1 = (NBTNsResource *) 0x8089000
(gdb) print *q
Cannot access memory at address 0x8089000.
(gdb) up
#3  0x2805721a in AliasHandleUdpNbtNS (pip=0x804c564, link=0x8083e00, 
    alias_address=0xefbfd6c4, alias_port=0xefbfd6c2, 
    original_address=0xefbfd6c8, original_port=0x804c57a) at alias_nbt.c:564
564             p = AliasHandleResource(ntohs(nsh->nscount), (NBTNsResource *)p, &nbtarg );
(gdb) list
559             p = AliasHandleResource(ntohs(nsh->ancount), (NBTNsResource *)p, &nbtarg );
560             }
561
562             /* Authority Resource Recodrs */
563             if (ntohs(nsh->nscount) !=0 ) {
564             p = AliasHandleResource(ntohs(nsh->nscount), (NBTNsResource *)p, &nbtarg );
565             }
566
567             /* Additional Resource Recodrs */
568             if (ntohs(nsh->arcount) !=0 ) {
(gdb) print p
$2 = (unsigned char *) 0xc07d <Address 0xc07d out of bounds>
(gdb) print nbtarg
$3 = {oldaddr = {s_addr = 4279409870}, oldport = 35072, newaddr = {
    s_addr = 4279409870}, newport = 35072, uh_sum = 0x804c57e}
(gdb) print nsh
No symbol "nsh" in current context.
(gdb) print p
$4 = (unsigned char *) 0xc07d <Address 0xc07d out of bounds>
(gdb) up
#4  0x2805627e in UdpAliasIn (pip=0x804c564) at alias.c:620
620                 AliasHandleUdpNbtNS(pip, link, 
(gdb) list
615                     {
616                 AliasHandleUdpNbt(pip, link, &original_address, ud->uh_dport);
617                     } else if (ntohs(ud->uh_dport) == NETBIOS_NS_PORT_NUMBER
618              || ntohs(ud->uh_sport) == NETBIOS_NS_PORT_NUMBER )
619                     {
620                 AliasHandleUdpNbtNS(pip, link, 
621                                                                     &alias_address,
622                                                                     &alias_port,
623                                                                     &original_address, 
624                                                                     &ud->uh_dport );
(gdb) print pip
$5 = (struct ip *) 0x804c564
(gdb) print *pip
$6 = {ip_hl = 5, ip_v = 4, ip_tos = 0 '\000', ip_len = 24576, ip_id = 10, 
  ip_off = 0, ip_ttl = 128 '\200', ip_p = 17 '\021', ip_sum = 51053, ip_src = {
    s_addr = 2383584462}, ip_dst = {s_addr = 4279409870}}
(gdb) print link
$7 = (struct alias_link *) 0x8083e00
(gdb) print *link
$8 = {src_addr = {s_addr = 4279409870}, dst_addr = {s_addr = 2383584462}, 
  alias_addr = {s_addr = 4279409870}, src_port = 35072, dst_port = 35072, 
  alias_port = 35072, link_type = 2, flags = 0, timestamp = 912770349, 
  expire_time = 60, sockfd = -1, start_point_out = 76, start_point_in = 3351, 
  next_out = 0x8084f00, last_out = 0x0, next_in = 0x0, last_in = 0x0, data = {
    frag_ptr = 0x8085100 "Î\234\022ÿÎ\234\022\013Î\234\022ÿ", frag_addr = {
      s_addr = 134762752}, tcp = 0x8085100}}
(gdb) print alias_address
$9 = {s_addr = 4279409870}
(gdb) print alias_port
$10 = 35072
(gdb) print original_address
$11 = {s_addr = 4279409870}
(gdb) print ud
$12 = (struct udphdr *) 0x804c578
(gdb) print *ud
$13 = {uh_sport = 35072, uh_dport = 35072, uh_ulen = 19456, uh_sum = 49277}
(gdb) up
#5  0x280569da in PacketAliasIn (ptr=0x804c564 "E", maxpacketsize=65535)
    at alias.c:1042
1042                    iresult = UdpAliasIn(pip);
(gdb) list
1037            {
1038                case IPPROTO_ICMP:
1039                    iresult = IcmpAliasIn(pip);
1040                    break;
1041                case IPPROTO_UDP:
1042                    iresult = UdpAliasIn(pip);
1043                    break;
1044                case IPPROTO_TCP:
1045                    iresult = TcpAliasIn(pip);
1046                    break;
(gdb) list
1037            {
1038                case IPPROTO_ICMP:
1039                    iresult = IcmpAliasIn(pip);
1040                    break;
1041                case IPPROTO_UDP:
1042                    iresult = UdpAliasIn(pip);
1043                    break;
1044                case IPPROTO_TCP:
1045                    iresult = TcpAliasIn(pip);
1046                    break;
(gdb) print pip
$14 = (struct ip *) 0x804c564
(gdb) print *pip
$15 = {ip_hl = 5, ip_v = 4, ip_tos = 0 '\000', ip_len = 24576, ip_id = 10, 
  ip_off = 0, ip_ttl = 128 '\200', ip_p = 17 '\021', ip_sum = 51053, ip_src = {
    s_addr = 2383584462}, ip_dst = {s_addr = 4279409870}}

At a guess, this seems to be a netbios broadcast packet coming in from the
cablesystem.

(gdb) printf "0x%x", pip->ip_dst->s_addr
0xff129cce

(aka 206.156.18.255)

(gdb) printf "0x%x", pip->ip_src->s_addr
0x8e129cce

(aka 206.156.18.142)

>How-To-Repeat:

Unknown what specifically triggers the coredump. I can't be the only one
running on a cableplant with lots of NetBIOS broadcasts...

>Fix:
	
Unknown at this time. Filter NetBIOS in the kernel?
>Audit-Trail:
>Unformatted:

To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-bugs" in the body of the message

Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?199812041138.GAA61194>