From owner-freebsd-current@FreeBSD.ORG Tue Dec 23 11:26:05 2003 Return-Path: Delivered-To: freebsd-current@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 72CB216A4CE for ; Tue, 23 Dec 2003 11:26:05 -0800 (PST) Received: from alpha.siliconlandmark.com (alpha.siliconlandmark.com [209.69.98.4]) by mx1.FreeBSD.org (Postfix) with ESMTP id E684F43D39 for ; Tue, 23 Dec 2003 11:26:03 -0800 (PST) (envelope-from andy@siliconlandmark.com) Received: from alpha.siliconlandmark.com (localhost [127.0.0.1]) hBNJQ0ZV048627 for ; Tue, 23 Dec 2003 14:26:00 -0500 (EST) (envelope-from andy@siliconlandmark.com) Received: from localhost (andy@localhost)hBNJPxOS048624 for ; Tue, 23 Dec 2003 14:26:00 -0500 (EST) (envelope-from andy@siliconlandmark.com) X-Authentication-Warning: alpha.siliconlandmark.com: andy owned process doing -bs Date: Tue, 23 Dec 2003 14:25:59 -0500 (EST) From: Andre Guibert de Bruet To: current@freebsd.org Message-ID: <20031223141825.A48511@alpha.siliconlandmark.com> MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII X-MailScanner-Information: Please contact the ISP for more information X-MailScanner: Found to be clean X-Mailman-Approved-At: Tue, 23 Dec 2003 11:50:13 -0800 Subject: [LOR]: IPFW static rules against udp X-BeenThere: freebsd-current@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Discussions about the use of FreeBSD-current List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 23 Dec 2003 19:26:05 -0000 lock order reversal 1st 0xc081af48 IPFW static rules (IPFW static rules) @ netinet/ip_fw2.c:1547 2nd 0xc081bd8c udp (udp) @ netinet/ip_fw2.c:1319 Stack backtrace: backtrace(c0770519,c081bd8c,c077681a,c077681a,c0776da2) at backtrace+0x17 witness_lock(c081bd8c,8,c0776da2,527,8ff3) at witness_lock+0x671 _mtx_lock_flags(c081bd8c,0,c0776d99,527,c0584532) at _mtx_lock_flags+0xb2 check_uidgid(caa86564,11,ca862000,9804fa0,829b) at check_uidgid+0x6c ipfw_chk(e91acaf8,2,22,e91acac0,0) at ipfw_chk+0x468 ip_output(c6907d00,0,0,22,0,cb11d438) at ip_output+0xa40 rip_output(c6907d00,cb1f1d20,9804fa0,2cf,c6907d00) at rip_output+0x1b5 rip_send(cb1f1d20,0,c6907d00,cef10e00,0) at rip_send+0xf7 sosend(cb1f1d20,cef10e00,e91acc4c,c6907d00,0) at sosend+0x48d kern_sendit(caa7fc80,7,e91accc4,0,0) at kern_sendit+0x170 sendit(caa7fc80,7,e91accc4,0,8053028) at sendit+0x16e sendto(caa7fc80,e91acd14,c078c176,3ee,6) at sendto+0x5b syscall(2f,2f,2f,1,8051030) at syscall+0x292 Xint0x80_syscall() at Xint0x80_syscall+0x1d --- syscall (133), eip = 0x280c7d4f, esp = 0xbfbfeb9c, ebp = 0xbfbfebc8 --- I have previously not seen this LOR on this system. Mind you, this is the first time that I've tried using uid/gid matching in ipfw. The rule that i was trying to add was: ipfw add 65000 allow ip from any to any uid root This system is (world and kernel in sync): FreeBSD bling.home 5.2-CURRENT FreeBSD 5.2-CURRENT #0: Fri Dec 12 18:30:26 EST 2003 root@bling.home:/usr/src/sys/i386/compile/BLING i386 Kernel options that differ from a slimmed down GENERIC: options ADAPTIVE_MUTEXES options CPU_ENABLE_SSE options IPFIREWALL options IPFIREWALL_VERBOSE options IPFIREWALL_VERBOSE_LIMIT=0 options IPSEC Sptions IPV6FIREWALL options IPV6FIREWALL_VERBOSE options IPV6FIREWALL_VERBOSE_LIMIT=0 options QUOTA options RANDOM_IP_ID options SC_ALT_MOUSE_IMAGE options SC_HISTORY_SIZE=4096 options SC_PIXEL_MODE options VESA options VGA_WIDTH90 options ZERO_COPY_SOCKETS Any ideas? > Andre Guibert de Bruet | Enterprise Software Consultant > > Silicon Landmark, LLC. | http://siliconlandmark.com/ >