Date: Sat, 16 Mar 2002 15:08:00 +0700 (KRAT) From: Eugene Grosbein <eugen@grosbein.pp.ru> To: FreeBSD-gnats-submit@FreeBSD.org Subject: kern/35969: kernel option PPP_DEFLATE often procudes kernel panics; PPP_BSDCOMP sometimes procudes stalled connections Message-ID: <200203160808.g2G880k17109@D00015.dialonly.kemerovo.su>
next in thread | raw e-mail | index | archive | help
>Number: 35969
>Category: kern
>Synopsis: kernel option PPP_DEFLATE often procudes kernel panics; PPP_BSDCOMP sometimes procudes stalled connections
>Confidential: no
>Severity: serious
>Priority: high
>Responsible: freebsd-bugs
>State: open
>Quarter:
>Keywords:
>Date-Required:
>Class: sw-bug
>Submitter-Id: current-users
>Arrival-Date: Sat Mar 16 00:20:01 PST 2002
>Closed-Date:
>Last-Modified:
>Originator: Eugene Grosbein
>Release: FreeBSD 4.5-STABLE i386
>Organization:
Svyaz Service
>Environment:
System: FreeBSD D00015.dialonly.kemerovo.su 4.5-STABLE FreeBSD 4.5-STABLE #4: Sat Mar 9 13:41:04 KRAT 2002 eu@D00015.dialonly.kemerovo.su:/usr/local/obj/usr/local/src/sys/DADV i386
pseudo-device ppp 2
options PPP_DEFLATE
options PPP_BSDCOMP
options PPP_FILTER
>Description:
Using pppd with compression 'deflate' produces kernel panics
with 4.5-STABLE at least after 1 March 2002.
Some investigation performed by Kirk McKusick shows
corription of kernel structures.
4.5-RELEASE doesn't have this problem.
Really the problem appeared much later but I can't say exact date.
>How-To-Repeat:
1. Build kernel with
pseudo-device ppp 2
options PPP_DEFLATE
options PPP_BSDCOMP
options PPP_FILTER
For debugging purposes, add
makeoptions DEBUG=-g
options DDB
and enable creating of crashdumps via /etc/rc.conf (dumpdev parameter)
2. Create user 'pppuser' with shell '/usr/sbin/pppd', group dialer,
create empty ~pppuser/.hushlogin, empty /etc/ppp/options and say:
# cat >~pppuser/.ppprc <<EOF
local
-crtscts
172.20.0.1:172.20.0.2
EOF
3. The problem was first discovered with dialin service,
so you can attach an analog modem with phone line and dial
to the system. Use client supporting 'deflate' compression method.
Make some traffic and you'll get some kind of kernel panic shortly.
I've found that there is no need to use hardware modem to trigger
this bug. It's can be shown even with tunnelling
PPP over TCP connection via loopback.
I personally used this small helper to make connection
pppd <-> pppd over rlogin TCP stream:
#include <unistd.h>
#include <errno.h>
#include <string.h>
#include <limits.h>
#include <stdio.h>
#include <libutil.h>
int main(int argc, char* argv[])
{
char *me=argv[0];
char ptyname[PATH_MAX];
int master;
++argv; --argc;
if(argc<1) {
fprintf(stderr,"usage: %s command [params]\n",me);
exit(1);
}
switch(forkpty(&master,ptyname,NULL,NULL)) {
case -1: /* failure */
fprintf(stderr,"%s: cannot forkpty: %s\n",me,strerror(errno));
exit(1);
case 0: /* slave, new pty - running process*/
execlp("/usr/sbin/pppd","/usr/sbin/pppd",NULL);
_exit(1);
/* NOT REACHED */
default: /* master */
dup2(master, 0);
dup2(master, 1);
dup2(master, 2);
if (master > 2) close(master);
execvp(*argv,argv);
}
return 1;
}
/* END OF FILE */
Compile this: cc runatpty.c -o runatpty -lutil
Then enable 'rlogin' in /etc/inetd.conf and say:
# echo 'localhost +' > ~pppuser/.rhosts
# chown pppuser ~pppuser/.rhosts
# chmod 600 ~pppuser/.rhosts
Test your settings using 'rlogin -8E -l pppuser localhost'.
You should be able to login without password and see pppd
trying to talk PPP with you. It will timeout and fail.
Now say:
# ./runatpty rlogin -8E -l pppuser localhost
It will not go background, leave it run. You should have two
up and running ppp interfaces - both sides of PPP connection
over rlogin TCP stream. Try using it, make some traffic
and you'll get kernel panic.
>Fix:
Unknown for me.
>Release-Note:
>Audit-Trail:
>Unformatted:
To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-bugs" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?200203160808.g2G880k17109>