From owner-freebsd-alpha  Wed May 15 14:24:37 2002
Delivered-To: freebsd-alpha@freebsd.org
Received: from nemesis.fortean.com (nemesis.fortean.com [209.42.194.41])
	by hub.freebsd.org (Postfix) with ESMTP id 3880E37B403
	for <freebsd-alpha@freebsd.org>; Wed, 15 May 2002 14:24:31 -0700 (PDT)
Received: from nemesis.fortean.com. (nemesis.fortean.com. [209.42.194.41])
	by nemesis.fortean.com (8.12.3/8.12.2) with ESMTP id g4FLOPvR028710
	for <freebsd-alpha@freebsd.org>; Wed, 15 May 2002 17:24:25 -0400 (EDT)
	(envelope-from rbud@fortean.com)
Date: Wed, 15 May 2002 17:24:25 -0400 (EDT)
From: Rich Bud <rbud@fortean.com>
Reply-To: Rich Bud <rbud@fortean.com>
To: freebsd-alpha@freebsd.org
Subject: natd sig 10 under stable
Message-ID: <20020515160407.T28044-100000@nemesis.fortean.com>
MIME-Version: 1.0
Content-Type: TEXT/PLAIN; charset=ISO-8859-1
Content-Transfer-Encoding: 8BIT
Sender: owner-freebsd-alpha@FreeBSD.ORG
Precedence: bulk
List-ID: <freebsd-alpha.FreeBSD.ORG>
List-Archive: <http://docs.freebsd.org/mail/> (Web Archive)
List-Help: <mailto:majordomo@FreeBSD.ORG?subject=help> (List Instructions)
List-Subscribe: <mailto:majordomo@FreeBSD.ORG?subject=subscribe%20freebsd-alpha>
List-Unsubscribe: <mailto:majordomo@FreeBSD.ORG?subject=unsubscribe%20freebsd-alpha>
X-Loop: FreeBSD.org

I'm running stable on a 500au, using natd to redirect to a local network.
Recently i've run into a problem where booting a windoze 98 box on the
local net crashes natd at the point someone logs into the desktop. This
happens up through a buildworld on 5/13. I can restart natd after it
crashes and all is well until the 98 box is rebooted. The message is:

chorizo /kernel: pid 403 (natd), uid 0: exited on signal 10 (core dumped)

I logged the traffic from that box through my firewall, and i know what
packet is causing this: it's a udp packet from netbios (137) to my isp's
dns server.

chorizo /kernel: ipfw: 53 Accept UDP 10.0.0.33:137 NN.NN.NN.NN:53 in via dc0

If i put the accept rule before natd's divert rule, i get the expected
'out via xl0' line right after as the packet goes out the external card.
If i put it after, natd crashes.

I ran natd under gdb, and i've appended a small chunk of output below
in case it suggests something obvious, but i don't know what to look for.
Has anyone else run into this, or can anyone give me a hint where to look
next in debugging the problem?

BTW, Craig Burgess posted about a sig 10 in natd back in february under
different conditions. I didn't see any replies, so i'm guessing this is
the same problem...

		Many thanks for any ideas,
		Rich Bud <rbud@fortean.com>

GDB Output
==========
Program received signal SIGBUS, Bus error.
0x120008614 in AliasHandleQuestion (count=1, q=0x11feb911, pmax=0x11feb926 "", nbtarg=0x11feb838) at /usr/src/lib/libalias/alias_nbt.c:290
290                     switch ( ntohs(q->type) ) {
(gdb) ptype q
type = struct {
    u_short type;
    u_short class;
} *
q = (NBTNsQuestion *) 0x11feb911, q->class = 1, q->type = 0

(gdb) bt
#0  0x120008994 in AliasHandleQuestion (count=1, q=0x11feb911, pmax=0x11feb926 "9qÍK\234BÀ\2159qÍUEú", nbtarg=0x11feb838) at /usr/src/lib/libalias/alias_nbt.c:290
#1  0x120009408 in AliasHandleUdpNbtNS (pip=0x11feb910, link=0x11feb926, alias_address=0x11feb926, alias_port=0x11feb838, original_address=0x12007a088,
    original_port=0x0) at /usr/src/lib/libalias/alias_nbt.c:661
#2  0x1200046a8 in UdpAliasOut (pip=0x11feb8e8) at /usr/src/lib/libalias/alias.c:839
#3  0x120005858 in PacketAliasOut (ptr=0x11feb8e8 "E", maxpacketsize=65535) at /usr/src/lib/libalias/alias.c:1429
#4  0x12000102c in DoAliasing (fd=6, direction=2) at /usr/src/sbin/natd/natd.c:519
#5  0x120000b3c in main (argc=301971880, argv=0x6) at /usr/src/sbin/natd/natd.c:372

Here are the parameters going into AliasHandleQuestion():

p = (u_char *) 0x11feb910 ""
nsh->qdcount = 256
pmax = 0x11feb926 "9qÍK\234BÀ\2159qÍUEú"
nbtarg = {oldaddr = {s_addr = 553648138}, oldport = 35072, newaddr = {s_addr = 1699289666}, newport = 35072, uh_sum = 0x11feb902}

Moving out, here's the buffer being processed:

(gdb) frame 4
#4  0x12000102c in DoAliasing (fd=6, direction=2) at /usr/src/sbin/natd/natd.c:519
519                     PacketAliasOut (buf, IP_MAXPACKET);
(gdb) print buf
$6 = "E\000\000>5\000\000\000\177\021\237ñ\n\000\000!\030]C@\000\211\0005\000*\227ÿ\000\034\001\000\000\001\000\000\000\000\000\000\000\000\000\001\000\001", '\000' <repeats 16 times>, "9qÍK\234BÀ\2159qÍUEú", '\000' <repeats 60 times>, "isrrdisabled.bin", '\000' <repeats 112 times>, "c\202Sc5\001\0056\004\n\002\001à3\004\000'\215\000\001\004ÿÿà\000\002\004ÿÿ¹°\003\004\n(`\001\004\004\030]CO\a\004\030]COC\020isrrdisabled.binB\01324.93.67.79", '\000' <repeats 16 times>, "ÿ", '\000' <repeats 51015 times>...

Now what?


To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-alpha" in the body of the message