Date: Sun, 6 Sep 2015 05:17:55 +0200 From: Niels <niels@netbox.org> To: Kristof Provost <kp@FreeBSD.org> Cc: Markus Gebert <markus.gebert@hostpoint.ch>, freebsd-pf@freebsd.org Subject: Re: Near-term pf plans Message-ID: <D5D97B4D-6360-4762-B38B-53BCC0377A5C@netbox.org> In-Reply-To: <1DDBFAD5-9AFB-4A21-8D16-BD85AB30F448@FreeBSD.org> References: <20150823150957.GK48727@vega.codepro.be> <3121D8E4-A27E-475B-9771-C09347D1D793@hostpoint.ch> <1DDBFAD5-9AFB-4A21-8D16-BD85AB30F448@FreeBSD.org>
next in thread | previous in thread | raw e-mail | index | archive | help
> On 24 Aug 2015, at 18:16, Kristof Provost <kp@FreeBSD.org> wrote: >=20 >>> - PR 202351 >>> This is a panic after ip6 reassembly in pf. We set the rcvif to NULL >>> when refragmenting. That seems to go OK execpt when we're = refragmenting >>> broadcast/multicast packets in the forwarding path. It's not at all >>> clear to me how that could happen. >>=20 >> if_bridge wants to forward ipv6 multicasts. pf refragmentation code = tries to send out the resulting packets using ip6_forward() which does = not handle multicasts, drops the packet and tries to log that fact, = which causes the panic. >>=20 >> I=E2=80=99ve updated the PR with some more thoughts about this. >>=20 > Yes, I saw that pass by earlier. Thanks for that, I think you did a = great analysis. >=20 > Unfortunately there are other issues with pf on bridges. (See PR = 185633 for example) > I wouldn=E2=80=99t expect the fragmentation and reassembly to work at = all in that scenario. >=20 > I=E2=80=99ll see what I can do about at least fixing the panic in the = short term. > Even if the reassembly/refragmentation doesn=E2=80=99t work (on = bridges) we should at least no panic. >=20 > Regards, > Kristof Is this just the very same issue I see after upgrading to i386 = releng/10.2 on my pf/bridge/ip6 router? It has a bunch of interfaces bridged on the lan, and an mpd/ng interface = with IP6 default route over it. Right after booting it crashes with Fatal trap 12: page fault while in kernel mode cpuid =3D 0; apic id =3D 00 fault virtual address =3D 0x14 fault code =3D supervisor read, page not present instruction pointer =3D 0x20:0xc0c0175d stack pointer =3D 0x28:0xf279346c frame pointer =3D 0x28:0xf2793474 code segment =3D base 0x0, limit 0xfffff, type 0x1b =3D DPL 0, pres 1, def32 1, gran 1 processor eflags =3D interrupt enabled, resume, IOPL =3D 0 current process =3D 12 (irq268: em3:rx0) trap number =3D 12 panic: page fault cpuid =3D 0 KDB: stack backtrace: #0 0xc0b805e2 at kdb_backtrace+0x52 #1 0xc0b417bb at vpanic+0x11b #2 0xc0b4169b at panic+0x1b #3 0xc1097ceb at trap_fatal+0x30b #4 0xc1098055 at trap_pfault+0x355 #5 0xc1097724 at trap+0x674 #6 0xc1082a6c at calltrap+0x6 #7 0xc0b8524e at kvprintf+0x81e #8 0xc0b85fab at _vprintf+0x7b #9 0xc0b846d8 at log+0x38 #10 0xc0d37626 at ip6_forward+0x236 #11 0xc1aab8ee at pf_refragment6+0x18e #12 0xc1a9bba9 at pf_test6+0x1609 #13 0xc1aa4e8f at pf_check6_out+0x5f #14 0xc0c1b942 at pfil_run_hooks+0x82 #15 0xc1ac8219 at bridge_pfil+0x279 #16 0xc1ac92f6 at bridge_broadcast+0xc6 #17 0xc1ac912d at bridge_forward+0x21d Uptime: 2m56s Regards, Niels
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?D5D97B4D-6360-4762-B38B-53BCC0377A5C>