Date: Tue, 21 Sep 2010 19:23:18 +0300 From: =?ISO-8859-1?Q?=D6zkan_KIRIK?= <ozkan.kirik@gmail.com> To: freebsd-hackers@freebsd.org Subject: Kernel side buffer overflow issue Message-ID: <AANLkTinQM9E0_nBiy-cpNPzLksTm74n7RZQd0dJJ5gmg@mail.gmail.com>
next in thread | raw e-mail | index | archive | help
Hi, I am using FreeBSD 8.1-STABLE-201008 snapshot. System behaves strangely. Unexpected and meaningless messages seen at consoles. You can download the screen shot from : http://193.255.128.30/~ryland/syslogd.jpg Additionally default router changes unexpectedly. I tried all FreeBSD 7.1, 7.2, 7.3, 8.1-STABLE-201008 releases ( both i386 and amd64 ). All this versions are affected. I inspected logs if someone logged in or changed route (with route -n monitor command). When the default route changed, there isn't any messages at the "route -n monitor" command output. I think there can be a buffer overflow in kernel code. When dummynet enabled, this problem could be seen more frequently. This problem repeats once per 10 minute. I wrote a shell script which monitors the default router. I saw that sometimes netstat -rn shows that default router is changed as 10.0.16.251 or 10.6.10.240 etc. which are client IP addresses but routing still routes to right router 193.X.Y.Z . After a while, routing really fails. You can download the tcpdump capture file from http://193.255.128.30/~ryland/flowdata_10_0_16_251 . This file captured while the default router changes. Tcpdump capture, belongs to the IP Address which shown in default router (10.0.16.251) the tcpdump command: tcpdump -w /home/flowdata_10_0_16_251 -ni bce0.116 host 10.0.16.251 ---------------------------------------------------------------------- dummynet rules are: 30000 pipe 3 tcp from 10.0.0.0/8,192.168.0.0/16,172.16.0.0/12 to any dst-port 8000,80,22,25,88,110,443,1720,1863,1521,3389,4489 via em0 // Upload 30000 pipe 3 udp from 10.0.0.0/8,192.168.0.0/16,172.16.0.0/12 to any dst-port 53 via em0 // Upload 30000 pipe 4 tcp from 10.0.0.0/8,192.168.0.0/16,172.16.0.0/12 to any via em0 // Upload 30000 pipe 4 udp from 10.0.0.0/8,192.168.0.0/16,172.16.0.0/12 to any via em0 // Upload .... LOTS OF NAT RULES HERE (in kernel nat) 60000 pipe 1 tcp from any 8000,80,22,25,88,110,443,1720,1863,1521,3389,4489 to 10.0.0.0/8,192.168.0.0/16,172.16.0.0/12 via bce0* // Download 60000 pipe 1 udp from any 53 to 10.0.0.0/8,192.168.0.0/16,172.16.0.0/12 via bce0* // Download 60000 pipe 2 tcp from any to 10.0.0.0/8,192.168.0.0/16,172.16.0.0/12 via bce0* // Download 60000 pipe 2 udp from any to 10.0.0.0/8,192.168.0.0/16,172.16.0.0/12 via bce0* // Download /sbin/ipfw pipe 1 config bw 8192Kbit/s mask dst-ip 0xffffffff /sbin/ipfw pipe 3 config bw 1024Kbit/s mask src-ip 0xffffffff /sbin/ipfw pipe 2 config bw 4096Kbit/s mask dst-ip 0xffffffff /sbin/ipfw pipe 4 config bw 1024Kbit/s mask src-ip 0xffffffff ---------------------------------------------------------------------- sysctl vars: net.inet.ip.fw.dyn_max=65535 net.inet.ip.fw.dyn_ack_lifetime=100 net.inet.ip.fw.dyn_short_lifetime=10 net.inet.ip.fw.one_pass=0 kern.maxfiles=65000 kern.ipc.somaxconn=1024 net.inet.ip.process_options=0 net.inet.ip.fastforwarding=1 net.link.ether.ipfw=1 net.inet.ip.fw.dyn_buckets=65536 kern.maxvnodes=400000 net.inet.ip.dummynet.hash_size=256 ( also tried with 8192 ) net.inet.ip.dummynet.pipe_slot_limit=500 net.inet.ip.dummynet.io_fast=1 ---------------------------------------------------------------------- /boot/loader.conf: autoboot_delay="1" beastie_disable="YES" kern.ipc.nmbclusters=98304 vm.kmem_size="2048M" vm.kmem_size_max="2048M" splash_bmp_load="YES" vesa_load="YES" bitmap_load="YES" bitmap_name="/boot/splash.bmp" hw.ata.ata_dma=0 kern.hz="10000" ---------------------------------------------------------------------- kernel config ( additionally to GENERIC ): device tap device if_bridge device vlan device carp options GEOM_BDE options IPFIREWALL options IPFIREWALL_VERBOSE options HZ=4000 options IPFIREWALL_VERBOSE_LIMIT=4000 options IPFIREWALL_FORWARD options IPFIREWALL_DEFAULT_TO_ACCEPT options IPFIREWALL_NAT options DUMMYNET options IPDIVERT options IPSTEALTH options NETGRAPH options NETGRAPH_IPFW options LIBALIAS options NETGRAPH_NAT options NETGRAPH_PPPOE options NETGRAPH_SOCKET options NETGRAPH_ETHER options DEVICE_POLLING device crypto options IPSEC ---------------------------------------------------------------------- Some Information about network: System has 3 NICS as WAN, LAN, DMZ. There are VLANs on WAN and LAN interfaces Throuput between 20Mbps and 100Mbps. Any ideas? Regards, Ozkan KIRIK Mersin University @ Turkey
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?AANLkTinQM9E0_nBiy-cpNPzLksTm74n7RZQd0dJJ5gmg>