Date: Thu, 10 Jul 2003 09:10:14 +0100 From: Nigel Horne <njh@despammed.com> To: FreeBSD-gnats-submit@FreeBSD.org Subject: kern/54309: TCP Packet of 64K-1 crashes FreeBSD4.8 Message-ID: <200307100910.14218.njh@despammed.com> Resent-Message-ID: <200307100820.h6A8KLtZ027022@freefall.freebsd.org>
next in thread | raw e-mail | index | archive | help
>Number: 54309 >Category: kern >Synopsis: TCP Packet of 64K-1 crashes FreeBSD4.8 >Confidential: no >Severity: serious >Priority: medium >Responsible: freebsd-bugs >State: open >Quarter: >Keywords: >Date-Required: >Class: sw-bug >Submitter-Id: current-users >Arrival-Date: Thu Jul 10 01:20:21 PDT 2003 >Closed-Date: >Last-Modified: >Originator: Nigel Horne >Release: FreeBSD 4.8-RELEASE i386 >Organization: NJH Music >Environment: System: FreeBSD gsec1.itac-uk.com 4.8-RELEASE FreeBSD 4.8-RELEASE #0: Wed Jul 9 13:46:32 BST 2003 njh@dev.itac.local:/usr/obj/usr/src/sys/NJHKERNEL i386 IBM, FreeBSD4.8 >Description: A simple perl program (see attached) causes a kernel page fault >How-To-Repeat: #!/usr/bin/perl -wT # To be run as root under FreeBSD # First do: ipfw add divert 9999 tcp from any to <ip> 3994 # Where <ip> is the IP address of the prodigy, e.g. 192.168.3.40 # You may need to reconfigure BSD first to support ipfw: # options IPFIREWALL # options IPDIVERT # options IPFIREWALL_FORWARD # options IPFIREWALL_VERBOSE # options IPFIREWALL_VERBOSE_LIMIT=100 # options IPFIREWALL_DEFAULT_TO_ACCEPT # options IPFILTER # options IPFILTER_LOG # options TCPDEBUG # options TCP_DROP_SYNFIN # options ICMP_BANDLIM # options DUMMYNET # options IPSTEALTH # # Then try telnet 192.168.3.40 3994, sit back and watch the output use strict; use Net::Divert; use NetPacket::IP; use NetPacket::TCP; my $ipFilter = Net::Divert->new('dev.gsec1.local', 9999); $ipFilter->getPackets(\&handler); sub handler { my($packet, $fwtag) = @_; my $ip = NetPacket::IP->decode($packet); if($ip->{proto} == NetPacket::IP->IP_PROTO_TCP) { my $tcp = NetPacket::TCP->decode($ip->{data}); print "source " . $tcp->{src_port} . " dest " . $tcp->{dest_port} . "\n"; # $tcp->{flags} |= SYN; # $tcp->{flags} &= ~ACK; # $tcp->{seqnum} = 0; $tcp->{data} = 'x' x 65535; $ip->{data} = $tcp->encode($ip); $packet = $ip->encode; } $ipFilter->putPacket($packet, $fwtag); } >Fix: -- Nigel Horne. Arranger, Composer, Conductor, Typesetter. Owner of the brass band group of the Internet. ICQ#20252325 njh@bandsman.co.uk http://www.bandsman.co.uk/music.htm >Release-Note: >Audit-Trail: >Unformatted:
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?200307100910.14218.njh>