From owner-freebsd-current@FreeBSD.ORG Wed Jan 28 12:35:19 2004 Return-Path: Delivered-To: freebsd-current@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id BF15C16A4CE for ; Wed, 28 Jan 2004 12:35:19 -0800 (PST) Received: from moutng.kundenserver.de (moutng.kundenserver.de [212.227.126.189]) by mx1.FreeBSD.org (Postfix) with ESMTP id BBF9643D1D for ; Wed, 28 Jan 2004 12:35:15 -0800 (PST) (envelope-from max@love2party.net) Received: from [212.227.126.209] (helo=mrelayng.kundenserver.de) by moutng.kundenserver.de with esmtp (Exim 3.35 #1) id 1AlwP5-0000xu-00 for current@freebsd.org; Wed, 28 Jan 2004 21:35:15 +0100 Received: from [217.83.6.69] (helo=vampire.homelinux.org) by mrelayng.kundenserver.de with asmtp (Exim 3.35 #1) id 1AlwP4-0003Ah-00 for current@freebsd.org; Wed, 28 Jan 2004 21:35:14 +0100 Received: (qmail 50365 invoked from network); 28 Jan 2004 20:39:32 -0000 Received: from unknown (HELO fbsd52.laiers.local) (192.168.4.88) by 192.168.4.1 with SMTP; 28 Jan 2004 20:39:32 -0000 From: Max Laier To: Andre Oppermann , sebastian ssmoller Date: Wed, 28 Jan 2004 21:35:09 +0100 User-Agent: KMail/1.5.4 References: <20040125203456.7bfaa67b.sebastian.ssmoller@gmx.net> <40151474.8010406@freebsd.org> In-Reply-To: <40151474.8010406@freebsd.org> MIME-Version: 1.0 Content-Type: Multipart/Mixed; boundary="Boundary-00=_9zBGANaQRQTtRsj" Message-Id: <200401282135.09635.max@love2party.net> X-Provags-ID: kundenserver.de abuse@kundenserver.de auth:e28873fbe4dbe612ce62ab869898ff08 cc: current@freebsd.org Subject: Re: panic: m_copm, length > size of mbuf chain X-BeenThere: freebsd-current@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Discussions about the use of FreeBSD-current List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 28 Jan 2004 20:35:19 -0000 --Boundary-00=_9zBGANaQRQTtRsj Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: 7bit Content-Disposition: inline On Monday 26 January 2004 14:21, Andre Oppermann wrote: > sebastian ssmoller wrote: > > hi, > > my system ran stable for several days now but suddenly this error > > occured. At this moment i did nothing special - just surfing the net > > ... > > > > cause i have no serial line attached i could only get the following > > infos: Debugger(...) at Debugger+0x54 > > panic(...) at panic+0xd5 > > m_copym(...) > > ip_fragment(...) > > ip_output(...) > > ip_forward(...) > > > > i didnt want to write down all these numbers(addresses) by hand, > > should i ? > > > > it seems to have to do something with inet/ip so i possibly should > > mention that i disabled "option inet6" in kernel and that i use "pf" > > as packet filter. > > > > $ uname -a > > FreeBSD tyrael.linnet 5.2-CURRENT FreeBSD 5.2-CURRENT #2: Mon Jan 19 > > 22:26:43 CET 2004 > > root@tyrael.linnet:/usr/obj/usr/src-current/sys/DEBUG i386 > > > > i can provide more info if needed... > > This looks like a host/network byte order problem in relation with the > 'pf' packet filter. ip_output() expects the ip_off field to be in host > byte order. If this is not the case you will get bogus length values > for fragmentation. Anybody else seeing this? Can you please try attached patch against pf_ioctl.c (for convenience just to throw into security/pf/files) and report success/failure. -- Best regards, | max@love2party.net Max Laier | ICQ #67774661 http://pf4freebsd.love2party.net/ | mlaier@EFnet --Boundary-00=_9zBGANaQRQTtRsj Content-Type: text/x-diff; charset="iso-8859-1"; name="patch-ac" Content-Transfer-Encoding: 7bit Content-Disposition: attachment; filename="patch-ac" --- pf/pf_ioctl.c.orig Wed Jan 28 21:10:33 2004 +++ pf/pf_ioctl.c Wed Jan 28 21:12:39 2004 @@ -2963,6 +2963,8 @@ *m = NULL; } if (*m != NULL) { + /* pf_test can change ip header location */ + h = mtod(*m, struct ip *); NTOHS(h->ip_len); NTOHS(h->ip_off); } @@ -3004,6 +3006,8 @@ *m = NULL; } if (*m != NULL) { + /* pf_test can change ip header location */ + h = mtod(*m, struct ip *); NTOHS(h->ip_len); NTOHS(h->ip_off); } --Boundary-00=_9zBGANaQRQTtRsj--