From owner-freebsd-net@freebsd.org  Wed Nov  1 11:18:43 2017
Return-Path: <owner-freebsd-net@freebsd.org>
Delivered-To: freebsd-net@mailman.ysv.freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org
 [IPv6:2001:1900:2254:206a::19:1])
 by mailman.ysv.freebsd.org (Postfix) with ESMTP id 0DFADE5800E
 for <freebsd-net@mailman.ysv.freebsd.org>;
 Wed,  1 Nov 2017 11:18:43 +0000 (UTC)
 (envelope-from bu7cher@yandex.ru)
Received: from forward104o.mail.yandex.net (forward104o.mail.yandex.net
 [IPv6:2a02:6b8:0:1a2d::607])
 (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits))
 (Client CN "forwards.mail.yandex.net", Issuer "Yandex CA" (verified OK))
 by mx1.freebsd.org (Postfix) with ESMTPS id A321B697F5
 for <freebsd-net@freebsd.org>; Wed,  1 Nov 2017 11:18:42 +0000 (UTC)
 (envelope-from bu7cher@yandex.ru)
Received: from mxback17j.mail.yandex.net (mxback17j.mail.yandex.net
 [IPv6:2a02:6b8:0:1619::93])
 by forward104o.mail.yandex.net (Yandex) with ESMTP id 7EC9F70205D;
 Wed,  1 Nov 2017 14:18:29 +0300 (MSK)
Received: from smtp1j.mail.yandex.net (smtp1j.mail.yandex.net
 [2a02:6b8:0:801::ab])
 by mxback17j.mail.yandex.net (nwsmtp/Yandex) with ESMTP id VKrdn3NKks-IS1GlxND;
 Wed, 01 Nov 2017 14:18:29 +0300
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=yandex.ru; s=mail;
 t=1509535109; bh=7iE2CA8/seI1cQwCtwxERxg7qmPNUXN4ZvFCCLkbQ88=;
 h=Subject:To:References:From:Message-ID:Date:In-Reply-To;
 b=W2CHpfGmxSBIlNP6Dc8Z3nITTW2Y5ptb8xg/loCEWrUW2ctCONGjq9+OmOs6XSeqZ
 7z9rIwEGSWkcZYNnp2UTn6UzAkA6Ngg4iDYYym5X+X5H5D/wdMgox4glyVW2Z3DX2w
 /ZJAXWkOYduvhNNAbaDtyc63PHFNe4GaHfrR6NuU=
Received: by smtp1j.mail.yandex.net (nwsmtp/Yandex) with ESMTPSA id
 FpKqziWuZH-IRXSJoMA; Wed, 01 Nov 2017 14:18:28 +0300
 (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits))
 (Client certificate not present)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=yandex.ru; s=mail;
 t=1509535108; bh=7iE2CA8/seI1cQwCtwxERxg7qmPNUXN4ZvFCCLkbQ88=;
 h=Subject:To:References:From:Message-ID:Date:In-Reply-To;
 b=DPGdtXGN0TlkA2/IHp6ckdbVtxGczpr4A8vKfdpGpCSPk6y5IRnXBIjeime0gV3qE
 wlua3DKVwZ+OIaTa1PcfGmcUTgeGx+foPFm6LUhfBIYQwXAMpQ6KwHBoGN+j+v6wij
 KYg2Sba2teLOmNQxI6e7kuphZvOB3J/8O+1O8ysc=
Authentication-Results: smtp1j.mail.yandex.net; dkim=pass header.i=@yandex.ru
Subject: Re: FreeBSD 11.1-RELEASE: Kernel panic in ipv6_output() via
 tcp6_usr_connect()
To: freebsd-net@freebsd.org, Viktor Dukhovni <freebsd@dukhovni.org>
References: <FCC0833F-AA88-4F27-9DA3-4FA1218C49DB@dukhovni.org>
 <86dcc06d-b98c-cc1f-8726-8afb011871e3@yandex.ru>
 <DAB7BA87-49E8-483D-8837-FA3D32711AF1@dukhovni.org>
From: "Andrey V. Elsukov" <bu7cher@yandex.ru>
Openpgp: id=E6591E1B41DA1516F0C9BC0001C5EA0410C8A17A
Message-ID: <94e12e46-f54a-ae22-3f4c-0bd9ac7e1fc9@yandex.ru>
Date: Wed, 1 Nov 2017 14:17:33 +0300
User-Agent: Mozilla/5.0 (X11; FreeBSD amd64; rv:52.0) Gecko/20100101
 Thunderbird/52.2.1
MIME-Version: 1.0
In-Reply-To: <DAB7BA87-49E8-483D-8837-FA3D32711AF1@dukhovni.org>
Content-Type: multipart/signed; micalg=pgp-sha256;
 protocol="application/pgp-signature";
 boundary="fMnIglqx5UMP0Tn0mCbbXUTingGCsBNec"
X-BeenThere: freebsd-net@freebsd.org
X-Mailman-Version: 2.1.23
Precedence: list
List-Id: Networking and TCP/IP with FreeBSD <freebsd-net.freebsd.org>
List-Unsubscribe: <https://lists.freebsd.org/mailman/options/freebsd-net>,
 <mailto:freebsd-net-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-net/>
List-Post: <mailto:freebsd-net@freebsd.org>
List-Help: <mailto:freebsd-net-request@freebsd.org?subject=help>
List-Subscribe: <https://lists.freebsd.org/mailman/listinfo/freebsd-net>,
 <mailto:freebsd-net-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Wed, 01 Nov 2017 11:18:43 -0000

This is an OpenPGP/MIME signed message (RFC 4880 and 3156)
--fMnIglqx5UMP0Tn0mCbbXUTingGCsBNec
Content-Type: multipart/mixed; boundary="Bvbi2wePqo6FfHat84UI3D6I3uwCxUMbB";
 protected-headers="v1"
From: "Andrey V. Elsukov" <bu7cher@yandex.ru>
To: freebsd-net@freebsd.org, Viktor Dukhovni <freebsd@dukhovni.org>
Message-ID: <94e12e46-f54a-ae22-3f4c-0bd9ac7e1fc9@yandex.ru>
Subject: Re: FreeBSD 11.1-RELEASE: Kernel panic in ipv6_output() via
 tcp6_usr_connect()
References: <FCC0833F-AA88-4F27-9DA3-4FA1218C49DB@dukhovni.org>
 <86dcc06d-b98c-cc1f-8726-8afb011871e3@yandex.ru>
 <DAB7BA87-49E8-483D-8837-FA3D32711AF1@dukhovni.org>
In-Reply-To: <DAB7BA87-49E8-483D-8837-FA3D32711AF1@dukhovni.org>

--Bvbi2wePqo6FfHat84UI3D6I3uwCxUMbB
Content-Type: text/plain; charset=utf-8
Content-Language: en-US
Content-Transfer-Encoding: quoted-printable

On 31.10.2017 19:40, Viktor Dukhovni wrote:
>> can you show your nat rules?
>=20
> Sure, igb0 is outside, igb1 is inside, the external IP
> address is 100.2.39.101/24, the internal is 192.168.1.1/24.
> The machine is the DNS server for the inside network and
> does not NAT DNS traffic (makes thousands of DNS queries
> per second when doing DANE scans, and would quickly exhaust
> the state tables).  I also don't NAT NTP, or TCP 22/88 to
> the server.  There's no IPv6 on the internal network, so
> at present the IPv6 rules are rudimentary, just anti-spoof
> the loopback interface and boilerplate ICMP6 rules.
> # NAT the rest
> ipfw nat 1 config if "$oif" unreg_only reset same_ports
> ipfw add nat 1 ip from any to any via "$oif"

Just an theory, can you try change this rule to be like this:

 ipfw add nat 1 ip4 from any to any via "$oif"

=46rom first glance I don't see any restrictions in libalias/nat44 to not=

try to translate IPv6 packet assuming it as IPv4.

--=20
WBR, Andrey V. Elsukov


--Bvbi2wePqo6FfHat84UI3D6I3uwCxUMbB--

--fMnIglqx5UMP0Tn0mCbbXUTingGCsBNec
Content-Type: application/pgp-signature; name="signature.asc"
Content-Description: OpenPGP digital signature
Content-Disposition: attachment; filename="signature.asc"

-----BEGIN PGP SIGNATURE-----
Comment: Using GnuPG with Thunderbird - http://www.enigmail.net/

iQEzBAEBCAAdFiEE5lkeG0HaFRbwybwAAcXqBBDIoXoFAln5rU0ACgkQAcXqBBDI
oXqLEwgAsRfE6+inhCGmQ2s1Dxt9LuOLp/GRLZU0lICk1EnwyA1d8fXmP89T4cH2
PqcyxUzhLIGPwubXqhYMPOes/nliGhal661pvEZO1aDMkZjFqhPWvbNyA+72IL5T
qwTJWzajXykrVJFF3nUdtp0cPUDs6ijqauQ+GGOqi5EbBTQvp8SAmphpJo5/E/GW
NdtCm9UqAWruF+itX6L+EKEgF1sfRL/nOh2Qm9ectjVINzS39ug6s0s/mtgM345L
xA5OlbFKDcrPbJcEYP27bjremcsKL8lFptgo7Nov/e43ZTVVr2D0I11lBqpq+50F
ohcljOHKEtilDRLVTM6cxKwUqK896g==
=MBMy
-----END PGP SIGNATURE-----

--fMnIglqx5UMP0Tn0mCbbXUTingGCsBNec--