Skip site navigation (1)Skip section navigation (2) 
Date:      Tue, 23 Dec 2003 14:25:59 -0500 (EST)
From:      Andre Guibert de Bruet <andy@siliconlandmark.com>
To:        current@freebsd.org
Subject:   [LOR]: IPFW static rules against udp
Message-ID:  <20031223141825.A48511@alpha.siliconlandmark.com>
next in thread | raw e-mail | index | archive | help 

lock order reversal
 1st 0xc081af48 IPFW static rules (IPFW static rules) @
netinet/ip_fw2.c:1547
 2nd 0xc081bd8c udp (udp) @ netinet/ip_fw2.c:1319
Stack backtrace:
backtrace(c0770519,c081bd8c,c077681a,c077681a,c0776da2) at backtrace+0x17
witness_lock(c081bd8c,8,c0776da2,527,8ff3) at witness_lock+0x671
_mtx_lock_flags(c081bd8c,0,c0776d99,527,c0584532) at _mtx_lock_flags+0xb2
check_uidgid(caa86564,11,ca862000,9804fa0,829b) at check_uidgid+0x6c
ipfw_chk(e91acaf8,2,22,e91acac0,0) at ipfw_chk+0x468
ip_output(c6907d00,0,0,22,0,cb11d438) at ip_output+0xa40
rip_output(c6907d00,cb1f1d20,9804fa0,2cf,c6907d00) at rip_output+0x1b5
rip_send(cb1f1d20,0,c6907d00,cef10e00,0) at rip_send+0xf7
sosend(cb1f1d20,cef10e00,e91acc4c,c6907d00,0) at sosend+0x48d
kern_sendit(caa7fc80,7,e91accc4,0,0) at kern_sendit+0x170
sendit(caa7fc80,7,e91accc4,0,8053028) at sendit+0x16e
sendto(caa7fc80,e91acd14,c078c176,3ee,6) at sendto+0x5b
syscall(2f,2f,2f,1,8051030) at syscall+0x292
Xint0x80_syscall() at Xint0x80_syscall+0x1d
--- syscall (133), eip = 0x280c7d4f, esp = 0xbfbfeb9c, ebp = 0xbfbfebc8 ---

I have previously not seen this LOR on this system. Mind you, this is the
first time that I've tried using uid/gid matching in ipfw. The rule that i
was trying to add was:
ipfw add 65000 allow ip from any to any uid root

This system is (world and kernel in sync):
FreeBSD bling.home 5.2-CURRENT FreeBSD 5.2-CURRENT #0: Fri Dec 12 18:30:26
EST 2003     root@bling.home:/usr/src/sys/i386/compile/BLING  i386

Kernel options that differ from a slimmed down GENERIC:
options         ADAPTIVE_MUTEXES
options         CPU_ENABLE_SSE
options         IPFIREWALL
options         IPFIREWALL_VERBOSE
options         IPFIREWALL_VERBOSE_LIMIT=0
options         IPSEC
Sptions         IPV6FIREWALL
options         IPV6FIREWALL_VERBOSE
options         IPV6FIREWALL_VERBOSE_LIMIT=0
options         QUOTA
options         RANDOM_IP_ID
options         SC_ALT_MOUSE_IMAGE
options         SC_HISTORY_SIZE=4096
options         SC_PIXEL_MODE
options         VESA
options         VGA_WIDTH90
options         ZERO_COPY_SOCKETS

Any ideas?

> Andre Guibert de Bruet | Enterprise Software Consultant >
> Silicon Landmark, LLC. | http://siliconlandmark.com/    >

Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20031223141825.A48511>