Skip site navigation (1)Skip section navigation (2) 
Date:      Mon, 6 Nov 2017 09:53:09 -0500
From:      Viktor Dukhovni <freebsd@dukhovni.org>
To:        freebsd-net@freebsd.org
Subject:   Re: FreeBSD 11.1-RELEASE: Kernel panic in ipv6_output() via tcp6_usr_connect()
Message-ID:  <39EFBDF9-B313-4472-85CF-D2D5D508E991@dukhovni.org>
In-Reply-To: <b84d376f-ac8f-cc88-8102-3500814750ef@yandex.ru>
References:  <FCC0833F-AA88-4F27-9DA3-4FA1218C49DB@dukhovni.org> <86dcc06d-b98c-cc1f-8726-8afb011871e3@yandex.ru> <DAB7BA87-49E8-483D-8837-FA3D32711AF1@dukhovni.org> <94e12e46-f54a-ae22-3f4c-0bd9ac7e1fc9@yandex.ru> <20171106044000.GM3322@mournblade.imrryr.org> <b84d376f-ac8f-cc88-8102-3500814750ef@yandex.ru>
next in thread | previous in thread | raw e-mail | index | archive | help 


> On Nov 6, 2017, at 6:28 AM, Andrey V. Elsukov <bu7cher@yandex.ru> wrote:
> 
>> Reverting the rule on a running system back to "ip", still yields
>> no panics, but I am now running a different 11.1 kernel built from
>> SVN with my "stf" patch.  So it is sadly not quite clear where the
>> problem was, my original configuration, the older kernel, something
>> else?
> 
> I think it is the right assumption, that IPv6 packet got corrupted by
> nat44 and then ip6_output() is confused by incorrect packet, especially
> wrong packet length may lead to fragmentation and due to the discrepancy
> between ip6_plen and m_pkthdr.len ip6_fragment() creates wrong fragments
> chain.
> 
> I think the following patch should be enough to fix the problem:
> 
> Index: sys/netpfil/ipfw/ip_fw2.c
> ===================================================================
> --- sys/netpfil/ipfw/ip_fw2.c	(revision 325354)
> +++ sys/netpfil/ipfw/ip_fw2.c	(working copy)
> @@ -2563,7 +2563,7 @@ do {								\
> 			case O_NAT:
> 				l = 0;          /* exit inner loop */
> 				done = 1;       /* exit outer loop */
> - 				if (!IPFW_NAT_LOADED) {
> +				if (!is_ipv4 || !IPFW_NAT_LOADED) {
> 				    retval = IP_FW_DENY;
> 				    break;
> 				}
> 
> 

Would this cause the packet to be denied, or passed through without
nat?  Presumably, I would then have to have "ip4" and not "ip" as
"ip6" would then be denied by the "nat" rule.  Right?

Any comments on my message (and patch) with subject:

   [Patch] The 6to4 stf0 interface flapping in/out of tentative in FreeBSD 11

How do I get this addressed by the maintainer of stf?

-- 
	Viktor.

Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?39EFBDF9-B313-4472-85CF-D2D5D508E991>