[DragonFlyBSD - Bug #2660] Use of IPDIVERT causes kernel crashes

bugtracker-admin at leaf.dragonflybsd.org bugtracker-admin at leaf.dragonflybsd.org
Thu Apr 10 05:43:15 PDT 2014


Issue #2660 has been updated by shamaz.


2014-04-10 16:25 GMT+04:00 Vasily Postnicov <shamaz.mazum at gmail.com>:

> I've just found out in my little investigation, that this is an old bug
> fixed in FreeBSD in 2004. Look at this commit:
>
>
> https://github.com/freebsd/freebsd/commit/66acd3ba6eb9d3017cc3cdf36d1268749512dd82
>
> So it is OK, that m->m_pkthdr.rcvif == NULL, all we need is just to check
> it explicitly. I'll write if this solution works for me (it should)
>

Yes, it works (I can ping machine C form A, no panic)

----------------------------------------
Bug #2660: Use of IPDIVERT causes kernel crashes
http://bugs.dragonflybsd.org/issues/2660#change-11919

* Author: shamaz
* Status: In Progress
* Priority: Normal
* Assignee: tuxillo
* Category: Networking
* Target version: 3.8.0
----------------------------------------
Hello. I was trying to set up NAT on DragonFly machine and got a crash. I
have a following configuration:

1) Machine A with DragonFlyBSD 3.4
2) Machine B (the one which crashes) with DragonFlyBSD
3.6.1.24.gd9a9-RELEASE x86_64 (from git branch DragonFly_RELEASE_3_6)
3) Machine C is a vkernel machine hosted by B

Machine B kernel was compiled with  following lines in config:

IPFIREWALL
IPFIREWALL_VERBOSE
IPFIREWALL_VERBOSE_LIMIT=100
IPFIREWALL_DEFAULT_TO_ACCEPT
IPDIVERT

Machine B has 2 network interfaces: nfe0 (with connection to A) and tap0
(with connection to C) configured as follows:

$ ifconfig nfe0 192.168.10.1 netmask 255.255.255.0 up (A has an address
192.168.10.2 assigned to re0 which is the interface on the other side)
$ ifconfig tap0 192.168.20.1 netmask 255.255.255.0 up (C has an address
192.168.20.2 assigned to vke0)

So I do as follows:

On machine A:
$ route add default 192.168.10.1

On machine B:
$ sysctl net.inet.ip.forwarding=1
$ ipfw -f flush (accept all because of line in config)
$ natd -interface tap0
$ ipfw add 100 divert natd ip from any to any in via tap0
$ ipfw add 110 divert natd ip from any to any out via tap0

Again, on machine A:
$ ping 192.168.20.2

Machine B crashes. 100% repeatable

Here is a part of the backtrace:

#11 0xffffffff8092429f in calltrap ()
    at /usr/src/sys/platform/pc64/x86_64/exception.S:188
#12 0xffffffff80673d22 in ip_input (m=m at entry=0xffffffe0f49ce800)
    at /usr/src/sys/netinet/ip_input.c:684
#13 0xffffffff8066813a in div_output (control=<optimized out>,
    sin=0xffffffe0f605a130, m=0xffffffe0f49ce800, so=0xffffffe0bf0ff7c0)
    at /usr/src/sys/netinet/ip_divert.c:373
#14 div_send (msg=0xffffffe0f54896a0) at
/usr/src/sys/netinet/ip_divert.c:514
#15 0xffffffff8061be6a in netmsg_service_loop (arg=<optimized out>)
    at /usr/src/sys/net/netisr.c:319
#16 0xffffffff80571c57 in lwkt_deschedule_self (td=<optimized out>)
    at /usr/src/sys/kern/lwkt_thread.c:327

Crash dump (129 Mb) is here:
https://drive.google.com/uc?id=0B1NArWn4pLpxazAxYjJOQVRMeGM&export=download

                 Vasily



-- 
You have received this notification because you have either subscribed to it, or are involved in it.
To change your notification preferences, please click here: http://bugs.dragonflybsd.org/my/account



More information about the Bugs mailing list