From owner-freebsd-net@freebsd.org  Tue Oct 31 16:40:24 2017
Return-Path: <owner-freebsd-net@freebsd.org>
Delivered-To: freebsd-net@mailman.ysv.freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org
 [IPv6:2001:1900:2254:206a::19:1])
 by mailman.ysv.freebsd.org (Postfix) with ESMTP id D8E3DE5E5EC
 for <freebsd-net@mailman.ysv.freebsd.org>;
 Tue, 31 Oct 2017 16:40:24 +0000 (UTC)
 (envelope-from freebsd@dukhovni.org)
Received: from mournblade.imrryr.org (mournblade.imrryr.org [108.5.242.66])
 (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits))
 (Client did not present a certificate)
 by mx1.freebsd.org (Postfix) with ESMTPS id 84F6980917
 for <freebsd-net@freebsd.org>; Tue, 31 Oct 2017 16:40:23 +0000 (UTC)
 (envelope-from freebsd@dukhovni.org)
Received: from [192.168.1.161] (straasha.imrryr.org [100.2.39.101])
 (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits))
 (No client certificate requested)
 by mournblade.imrryr.org (Postfix) with ESMTPSA id AE7937A3302
 for <freebsd-net@freebsd.org>; Tue, 31 Oct 2017 16:40:21 +0000 (UTC)
 (envelope-from freebsd@dukhovni.org)
Content-Type: text/plain;
	charset=utf-8
Mime-Version: 1.0 (Mac OS X Mail 11.0 \(3445.1.7\))
Subject: Re: FreeBSD 11.1-RELEASE: Kernel panic in ipv6_output() via
 tcp6_usr_connect()
From: Viktor Dukhovni <freebsd@dukhovni.org>
In-Reply-To: <86dcc06d-b98c-cc1f-8726-8afb011871e3@yandex.ru>
Date: Tue, 31 Oct 2017 12:40:20 -0400
Content-Transfer-Encoding: quoted-printable
Reply-To: freebsd-net@freebsd.org
Message-Id: <DAB7BA87-49E8-483D-8837-FA3D32711AF1@dukhovni.org>
References: <FCC0833F-AA88-4F27-9DA3-4FA1218C49DB@dukhovni.org>
 <86dcc06d-b98c-cc1f-8726-8afb011871e3@yandex.ru>
To: freebsd-net@freebsd.org
X-Mailer: Apple Mail (2.3445.1.7)
X-BeenThere: freebsd-net@freebsd.org
X-Mailman-Version: 2.1.23
Precedence: list
List-Id: Networking and TCP/IP with FreeBSD <freebsd-net.freebsd.org>
List-Unsubscribe: <https://lists.freebsd.org/mailman/options/freebsd-net>,
 <mailto:freebsd-net-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-net/>
List-Post: <mailto:freebsd-net@freebsd.org>
List-Help: <mailto:freebsd-net-request@freebsd.org?subject=help>
List-Subscribe: <https://lists.freebsd.org/mailman/listinfo/freebsd-net>,
 <mailto:freebsd-net-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Tue, 31 Oct 2017 16:40:25 -0000



> On Oct 31, 2017, at 7:34 AM, Andrey V. Elsukov <bu7cher@yandex.ru> =
wrote:
>=20
> can you show your nat rules?

Sure, igb0 is outside, igb1 is inside, the external IP
address is 100.2.39.101/24, the internal is 192.168.1.1/24.
The machine is the DNS server for the inside network and
does not NAT DNS traffic (makes thousands of DNS queries
per second when doing DANE scans, and would quickly exhaust
the state tables).  I also don't NAT NTP, or TCP 22/88 to
the server.  There's no IPv6 on the internal network, so
at present the IPv6 rules are rudimentary, just anti-spoof
the loopback interface and boilerplate ICMP6 rules.

$ cat /etc/rc.homenet
#! /bin/sh

oif=3Digb0
oaddr=3D100.2.39.101
iif=3Digb1
inet=3D192.168.1.0/24
iaddr=3D192.168.1.1

ipfw() { command ipfw -q "$@"; }

kldload -n libalias
kldload -n ipfw_nat

ipfw -f flush
ipfw table 1 flush

# RFC 1918 addresses
ipfw table 1 add 10.0.0.0/8
ipfw table 1 add 172.16.0.0/12
ipfw table 1 add 192.168.0.0/16

# reserved addresses
ipfw table 1 add 0.0.0.0/8
ipfw table 1 add 169.254.0.0/16
ipfw table 1 add 192.0.2.0/24
ipfw table 1 add 224.0.0.0/4
ipfw table 1 add 240.0.0.0/4

# Block RFC1918 and reserved addresses on outside interface
ipfw add deny all from any to "table(1)" via ${oif}

# Anti-spoof loopback
ipfw add allow ip from any to any via lo0
ipfw add deny ip from any to 127.0.0.0/8
ipfw add deny ip from 127.0.0.0/8 to any
ipfw add deny ip from any to ::1
ipfw add deny ip from ::1 to any

# V6 icmp
ipfw add allow ipv6-icmp from :: to ff02::/16
ipfw add allow ipv6-icmp from fe80::/10 to fe80::/10
ipfw add allow ipv6-icmp from fe80::/10 to ff02::/16
ipfw add allow ipv6-icmp from any to any ip6 icmp6types 1
ipfw add allow ipv6-icmp from any to any ip6 icmp6types 2,135,136

# Anti-spoof inside and outside
ipfw add deny ip from $inet to any in via "${oif}"
ipfw add deny ip from $oaddr to any in via "${oif}"
ipfw add deny ip from not $inet to any in via "${iif}"
ipfw add deny ip from $iaddr to any in via "${iif}"

# NAT exceptions:

# All DNS traffic
ipfw add allow tcp from any 53 to me
ipfw add allow udp from any 53 to me
ipfw add allow udp from me to any dst-port 53
ipfw add allow tcp from me to any dst-port 53
ipfw add allow tcp from any to me dst-port 53
ipfw add allow udp from any to me dst-port 53
ipfw add allow udp from me 53 to any
ipfw add allow tcp from me 53 to any

# My NTP server
ipfw add allow tcp from any 123 to me dst-port 123
ipfw add allow udp from any 123 to me dst-port 123
ipfw add allow udp from me 123 to any dst-port 123
ipfw add allow tcp from me 123 to any dst-port 123

# My SSH server
ipfw add allow tcp from any to me dst-port 22
ipfw add allow tcp from me 22 to any

# My KDC
ipfw add allow tcp from any to me dst-port 88
ipfw add allow tcp from me 88 to any

# NAT the rest
ipfw nat 1 config if "$oif" unreg_only reset same_ports
ipfw add nat 1 ip from any to any via "$oif"

# Drop reserved addresses that fail to NAT
ipfw add deny ip from "table(1)" to any via "$oif"

# Permit the rest
ipfw add allow ip from any to any


> Also what will show following commands in kgdb:
>=20
> f 9
> i lo

m =3D <value optimized out>
hdrsplit =3D <value optimized out>
unfragpartlen =3D 40
plen =3D <value optimized out>
optlen =3D <value optimized out>
error =3D 0
exthdrs =3D {ip6e_ip6 =3D 0x0, ip6e_hbh =3D 0x0, ip6e_dest1 =3D 0x0, =
ip6e_rthdr =3D 0x0, ip6e_dest2 =3D 0x0}
ip6 =3D <value optimized out>
nexthdrp =3D <value optimized out>
mprev =3D <value optimized out>
ro_pmtu =3D <value optimized out>
hlen =3D 40
dst =3D (struct sockaddr_in6 *) 0xfffff800118bed60
ia =3D <value optimized out>
fwd_tag =3D (struct m_tag *) 0x0
dst0 =3D {__u6_addr =3D {__u6_addr8 =3D 0xfffffe1041cc7398 "*\001[@", =
__u6_addr16 =3D 0xfffffe1041cc7398,=20
    __u6_addr32 =3D 0xfffffe1041cc7398}}
src_sa =3D {sin6_len =3D 28 '\034', sin6_family =3D 28 '\034', sin6_port =
=3D 0, sin6_flowinfo =3D 0, sin6_addr =3D {__u6_addr =3D {
      __u6_addr8 =3D 0xfffffe1041cc7350 " \002d\002'e", __u6_addr16 =3D =
0xfffffe1041cc7350, __u6_addr32 =3D 0xfffffe1041cc7350}},=20
  sin6_scope_id =3D 0}
origifp =3D (struct ifnet *) 0xfffff8001006b000
src0 =3D {__u6_addr =3D {__u6_addr8 =3D 0xfffffe1041cc7388 " =
\002d\002'e", __u6_addr16 =3D 0xfffffe1041cc7388,=20
    __u6_addr32 =3D 0xfffffe1041cc7388}}
dst_sa =3D {sin6_len =3D 28 '\034', sin6_family =3D 28 '\034', sin6_port =
=3D 0, sin6_flowinfo =3D 0, sin6_addr =3D {__u6_addr =3D {
      __u6_addr8 =3D 0xfffffe1041cc7470 "*\001[@", __u6_addr16 =3D =
0xfffffe1041cc7470, __u6_addr32 =3D 0xfffffe1041cc7470}},=20
  sin6_scope_id =3D 0}
fibnum =3D <value optimized out>
rt =3D (struct rtentry *) 0xfffff80022ecfd00
ifp =3D <value optimized out>
zone =3D <value optimized out>
mtu =3D <value optimized out>
needfiblookup =3D <value optimized out>
tso =3D <value optimized out>
sw_csum =3D <value optimized out>
len =3D 1448
id =3D <value optimized out>

> p *ifp

(kgdb) p *ifp
Cannot access memory at address 0x1300000049

> p *ro

(kgdb) p *ro
$1 =3D {ro_rt =3D 0xfffff80022ecfd00, ro_lle =3D 0x0, ro_prepend =3D =
0x0, ro_plen =3D 0, ro_flags =3D 256, ro_mtu =3D 0, spare =3D 0, ro_dst =
=3D {
    sin6_len =3D 28 '\034', sin6_family =3D 28 '\034', sin6_port =3D 0, =
sin6_flowinfo =3D 0, sin6_addr =3D {__u6_addr =3D {
        __u6_addr8 =3D 0xfffff80329e90558 "*\001[@", __u6_addr16 =3D =
0xfffff80329e90558, __u6_addr32 =3D 0xfffff80329e90558}},=20
    sin6_scope_id =3D 0}}

> p *m

(kgdb) p *m
$2 =3D {{m_next =3D 0xfffff80022ecfd00, m_slist =3D {sle_next =3D =
0xfffff80022ecfd00}, m_stailq =3D {stqe_next =3D 0xfffff80022ecfd00}}, {
    m_nextpkt =3D 0x0, m_slistpkt =3D {sle_next =3D 0x0}, m_stailqpkt =3D =
{stqe_next =3D 0x0}}, m_data =3D 0x0, m_len =3D 16777216,=20
  m_type =3D 0, m_flags =3D 0, {{m_pkthdr =3D {rcvif =3D 0x1c1c, tags =3D =
{slh_first =3D 0x1220000405b012a}, len =3D 0, flowid =3D 16777216,=20
        csum_flags =3D 0, fibnum =3D 1856, cosqos =3D 233 '=EF=BF=BD', =
rsstype =3D 41 ')', l2hlen =3D 3 '\003', l3hlen =3D 248 '=EF=BF=BD',=20
        l4hlen =3D 255 '=EF=BF=BD', l5hlen =3D 255 '=EF=BF=BD', PH_per =3D=
 {eight =3D 0xfffff80329e90578 "=EF=BF=BD=EF=BF=BD6\017", sixteen =3D =
0xfffff80329e90578,=20
          thirtytwo =3D 0xfffff80329e90578, sixtyfour =3D =
0xfffff80329e90578, unintptr =3D 0xfffff80329e90578,=20
          ptr =3D 0xfffffe000f36c3e0}, PH_loc =3D {eight =3D =
0xfffff80329e90580 "", sixteen =3D 0xfffff80329e90580,=20
          thirtytwo =3D 0xfffff80329e90580, sixtyfour =3D =
0xfffff80329e90580, unintptr =3D 0xfffff80329e90580, ptr =3D 0x0}}, =
{m_ext =3D {{
            ext_count =3D 0, ext_cnt =3D 0x0}, ext_buf =3D =
0xfffff80329e90740 "", ext_size =3D 2178721104, ext_type =3D 255,=20
          ext_flags =3D 16777215, ext_free =3D 0, ext_arg1 =3D =
0xffffffff81dca558, ext_arg2 =3D 0x0},=20
        m_pktdat =3D 0xfffff80329e90588 ""}}, m_dat =3D =
0xfffff80329e90550 "\034\034"}}

--=20
	Viktor.