More pf work

Jan Lentfer Jan.Lentfer at web.de
Thu Dec 16 11:49:19 PST 2010


I updated my branch again. This is something that actually does work to 
a certain degree, pfctl is updated also, I tested nat, rdr, filtering 
and altq with fairq.

http://gitweb.dragonflybsd.org/~lentferj/dragonfly.git/shortlog/refs/heads/pf44 

I do still get an reproducable panic after running it on my router for 
about 5 Minutes:



GNU gdb (GDB) 7.0
Copyright (C) 2009 Free Software Foundation, Inc.
License GPLv3+: GNU GPL version 3 or later 
<http://gnu.org/licenses/gpl.html>
This is free software: you are free to change and redistribute it.
There is NO WARRANTY, to the extent permitted by law.  Type "show copying"
and "show warranty" for details.
This GDB was configured as "i386-dragonfly".
For bug reporting instructions, please see:
<http://bugs.dragonflybsd.org/>...
Reading symbols from /var/crash/kern.55...done.

Unread portion of the kernel message buffer:

Fatal trap 12: page fault while in kernel mode
fault virtual address	= 0x31415f9f
fault code		= supervisor read, page not present
instruction pointer	= 0x8:0xc039ae86
stack pointer	        = 0x10:0xce7c7a74
frame pointer	        = 0x10:0xce7c7a80
code segment		= base 0x0, limit 0xfffff, type 0x1b
			= DPL 0, pres 1, def32 1, gran 1
processor eflags	= interrupt enabled, resume, IOPL = 0
current process		= Idle
current thread          = pri 12
trap number		= 12
panic: page fault
Trace beginning at frame 0xce7c7984
panic(ffffffff) at panic+0xe8
panic(c05cba69,c05fa311,0,0,fffff) at panic+0xe8
trap_fatal(31415f9f,0,d14fb01a,c071dec0,0) at trap_fatal+0x2d7
trap_pfault(0,84ba,0,0,c071dfe4) at trap_pfault+0x122
trap(ce7c7a2c) at trap+0x416
calltrap() at calltrap+0xd
--- trap 0, eip = 0, esp = 0xce7c7a70, ebp = 0xce7c7b4c ---
(null)(0,0,4b,0,ce7c7b38) at 0
Uptime: 3m9s
Physical memory: 998 MB
Dumping 186 MB: 171 155 139 123 107 91 75 59 43 27 11
Reading symbols from /boot/kernel/acpi.ko...done.
Loaded symbols for /boot/kernel/acpi.ko
Reading symbols from /boot/kernel/ahci.ko...done.
Loaded symbols for /boot/kernel/ahci.ko
Reading symbols from /boot/kernel/ehci.ko...done.
Loaded symbols for /boot/kernel/ehci.ko
Reading symbols from /boot/kernel/netgraph.ko...done.
Loaded symbols for /boot/kernel/netgraph.ko
Reading symbols from /boot/kernel/ng_ksocket.ko...done.
Loaded symbols for /boot/kernel/ng_ksocket.ko
Reading symbols from /boot/kernel/ng_ether.ko...done.
Loaded symbols for /boot/kernel/ng_ether.ko
Reading symbols from /boot/kernel/ng_pppoe.ko...done.
Loaded symbols for /boot/kernel/ng_pppoe.ko
Reading symbols from /boot/kernel/ng_socket.ko...done.
Loaded symbols for /boot/kernel/ng_socket.ko
_get_mycpu (di=0xc06ff7e0) at ./machine/thread.h:83
83	./machine/thread.h: No such file or directory.
	in ./machine/thread.h
(kgdb) bt
#0  _get_mycpu (di=0xc06ff7e0) at ./machine/thread.h:83
#1  md_dumpsys (di=0xc06ff7e0) at 
/home/lentferj/repo/src/sys/platform/pc32/i386/dump_machdep.c:263
#2  0xc0314081 in dumpsys () at 
/home/lentferj/repo/src/sys/kern/kern_shutdown.c:881
#3  0xc03145f0 in boot (howto=260) at 
/home/lentferj/repo/src/sys/kern/kern_shutdown.c:388
#4  0xc0314770 in panic (fmt=0xc05cba69 "%s") at 
/home/lentferj/repo/src/sys/kern/kern_shutdown.c:787
#5  0xc057eb54 in trap_fatal (frame=0xce7c7a2c, eva=<value optimized 
out>) at /home/lentferj/repo/src/sys/platform/pc32/i386/trap.c:1125
#6  0xc057ec88 in trap_pfault (frame=0xce7c7a2c, usermode=0, 
eva=826367903) at /home/lentferj/repo/src/sys/platform/pc32/i386/trap.c:1026
#7  0xc057f118 in trap (frame=0xce7c7a2c) at 
/home/lentferj/repo/src/sys/platform/pc32/i386/trap.c:707
#8  0xc056e5d7 in calltrap () at 
/home/lentferj/repo/src/sys/platform/pc32/i386/exception.s:785
#9  0xc039ae86 in pf_find_state (kif=0xc2bce770, key=0xce7c7aa4, dir=2, 
m=0xd157dc00) at /home/lentferj/repo/src/sys/net/pf/pf.c:888
#10 0xc039c8e8 in pf_test_state_udp (state=0xce7c7b98, direction=2, 
kif=0xc2bce770, m=0xd157dc00, off=20, h=0xd155480e, pd=0xce7c7b4c)
    at /home/lentferj/repo/src/sys/net/pf/pf.c:4466
#11 0xc03a1b20 in pf_test (dir=2, ifp=0xc2c751f0, m0=0xce7c7bf0, eh=0x0, 
inp=0x0) at /home/lentferj/repo/src/sys/net/pf/pf.c:5963
#12 0xc03a4442 in pf_check_out (arg=0x0, m=0xce7c7bf0, ifp=0xc2c751f0, 
dir=2) at /home/lentferj/repo/src/sys/net/pf/pf_ioctl.c:3144
#13 0xc039064a in pfil_run_hooks (ph=0xc0743404, mp=0xce7c7c50, 
ifp=0xc2c751f0, dir=2) at /home/lentferj/repo/src/sys/net/pfil.c:116
#14 0xc03fb271 in ip_output (m0=0xd157dc00, opt=0x0, ro=0xce7c7c94, 
flags=1, imo=0x0, inp=0x0) at 
/home/lentferj/repo/src/sys/netinet/ip_output.c:821
#15 0xc03f85c2 in ip_forward (m=0xd157dc00, using_srcrt=0, next_hop=0x0) 
at /home/lentferj/repo/src/sys/netinet/ip_input.c:1942
#16 0xc03f92a9 in ip_input (m=0xd157dc00) at 
/home/lentferj/repo/src/sys/netinet/ip_input.c:821
#17 0xc03f9421 in ip_input_handler (msg=0xd157dc18) at 
/home/lentferj/repo/src/sys/netinet/ip_input.c:415
#18 0xc03bb8aa in netmsg_service_loop (arg=0x0) at 
/home/lentferj/repo/src/sys/net/netisr.c:294
#19 0xc031c57c in lwkt_deschedule_self (td=Cannot access memory at 
address 0x8
) at /home/lentferj/repo/src/sys/kern/lwkt_thread.c:258
Backtrace stopped: previous frame inner to this frame (corrupt stack?)

My guess that at frame 9 pfik_ah_head, _cookie, _parent and _group 
propably should not be 0x0. But I unfortunatley lack the capabilities 
(and time atm) to really dive into it. So any hints, help, patch :) 
would be highly appreciated.

The core is in my ~/crash/ on leaf, named pf_panic.tar.bz2.

(kgdb) p *kif
$2 = {pfik_if = {pfif_name = 
"tun0\000\300\255\336\336\300\255\336\336\300\255\336", pfif_packets = 
{{{16045693110842147082, 16045693110842147038}, {
          16045693110842147147, 16045693110842147038}}, 
{{16045693110842147038, 16045693110842147038}, {0, 0}}}, pfif_bytes = 
{{{5437, 0}, {6595, 0}}, {{0,
          0}, {0, 0}}}, pfif_addcnt = 0, pfif_delcnt = 0, pfif_tzero = 
1292515699, pfif_states = 0, pfif_rules = 26, pfif_flags = 0}, pfik_tree = {
    rbe_left = 0x0, rbe_right = 0x0, rbe_parent = 0xc2bcd9f0, rbe_color 
= 1}, pfik_packets = {{{0, 0}, {0, 0}}, {{0, 0}, {0, 0}}}, pfik_bytes = 
{{{0, 0}, {
        0, 0}}, {{0, 0}, {0, 0}}}, pfik_tzero = 0, pfik_flags = 0, 
pfik_ah_head = 0x0, pfik_ah_cookie = 0x0, pfik_parent = 0x0, pfik_ifp = 
0xc2c751f0,
  pfik_group = 0x0, pfik_states = 0, pfik_rules = 0, pfik_dynaddrs = 
{tqh_first = 0xd15d9f80, tqh_last = 0xd15ddf80}}

Jan





More information about the Kernel mailing list