From owner-freebsd-pf@freebsd.org Sun Sep 6 03:18:08 2015 Return-Path: Delivered-To: freebsd-pf@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id 500279CB6CA for ; Sun, 6 Sep 2015 03:18:08 +0000 (UTC) (envelope-from niels@netbox.org) Received: from mx.netbox.org (unknown [IPv6:2001:980:3385::1]) by mx1.freebsd.org (Postfix) with ESMTP id 0DC646A7; Sun, 6 Sep 2015 03:18:07 +0000 (UTC) (envelope-from niels@netbox.org) Received: from [IPv6:2001:980:3385:1:70a1:bba7:d156:5ce1] (unknown [IPv6:2001:980:3385:1:70a1:bba7:d156:5ce1]) (using TLSv1 with cipher ECDHE-RSA-AES256-SHA (256/256 bits)) (No client certificate requested) by nlsp.homeip.net (Postfix) with ESMTPSA id 2B34911FE; Sun, 6 Sep 2015 05:17:57 +0200 (CEST) Content-Type: text/plain; charset=utf-8 Mime-Version: 1.0 (Mac OS X Mail 8.2 \(2102\)) Subject: Re: Near-term pf plans From: Niels In-Reply-To: <1DDBFAD5-9AFB-4A21-8D16-BD85AB30F448@FreeBSD.org> Date: Sun, 6 Sep 2015 05:17:55 +0200 Cc: Markus Gebert , freebsd-pf@freebsd.org Content-Transfer-Encoding: quoted-printable Message-Id: References: <20150823150957.GK48727@vega.codepro.be> <3121D8E4-A27E-475B-9771-C09347D1D793@hostpoint.ch> <1DDBFAD5-9AFB-4A21-8D16-BD85AB30F448@FreeBSD.org> To: Kristof Provost X-Mailer: Apple Mail (2.2102) X-BeenThere: freebsd-pf@freebsd.org X-Mailman-Version: 2.1.20 Precedence: list List-Id: "Technical discussion and general questions about packet filter \(pf\)" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sun, 06 Sep 2015 03:18:08 -0000 > On 24 Aug 2015, at 18:16, Kristof Provost wrote: >=20 >>> - PR 202351 >>> This is a panic after ip6 reassembly in pf. We set the rcvif to NULL >>> when refragmenting. That seems to go OK execpt when we're = refragmenting >>> broadcast/multicast packets in the forwarding path. It's not at all >>> clear to me how that could happen. >>=20 >> if_bridge wants to forward ipv6 multicasts. pf refragmentation code = tries to send out the resulting packets using ip6_forward() which does = not handle multicasts, drops the packet and tries to log that fact, = which causes the panic. >>=20 >> I=E2=80=99ve updated the PR with some more thoughts about this. >>=20 > Yes, I saw that pass by earlier. Thanks for that, I think you did a = great analysis. >=20 > Unfortunately there are other issues with pf on bridges. (See PR = 185633 for example) > I wouldn=E2=80=99t expect the fragmentation and reassembly to work at = all in that scenario. >=20 > I=E2=80=99ll see what I can do about at least fixing the panic in the = short term. > Even if the reassembly/refragmentation doesn=E2=80=99t work (on = bridges) we should at least no panic. >=20 > Regards, > Kristof Is this just the very same issue I see after upgrading to i386 = releng/10.2 on my pf/bridge/ip6 router? It has a bunch of interfaces bridged on the lan, and an mpd/ng interface = with IP6 default route over it. Right after booting it crashes with Fatal trap 12: page fault while in kernel mode cpuid =3D 0; apic id =3D 00 fault virtual address =3D 0x14 fault code =3D supervisor read, page not present instruction pointer =3D 0x20:0xc0c0175d stack pointer =3D 0x28:0xf279346c frame pointer =3D 0x28:0xf2793474 code segment =3D base 0x0, limit 0xfffff, type 0x1b =3D DPL 0, pres 1, def32 1, gran 1 processor eflags =3D interrupt enabled, resume, IOPL =3D 0 current process =3D 12 (irq268: em3:rx0) trap number =3D 12 panic: page fault cpuid =3D 0 KDB: stack backtrace: #0 0xc0b805e2 at kdb_backtrace+0x52 #1 0xc0b417bb at vpanic+0x11b #2 0xc0b4169b at panic+0x1b #3 0xc1097ceb at trap_fatal+0x30b #4 0xc1098055 at trap_pfault+0x355 #5 0xc1097724 at trap+0x674 #6 0xc1082a6c at calltrap+0x6 #7 0xc0b8524e at kvprintf+0x81e #8 0xc0b85fab at _vprintf+0x7b #9 0xc0b846d8 at log+0x38 #10 0xc0d37626 at ip6_forward+0x236 #11 0xc1aab8ee at pf_refragment6+0x18e #12 0xc1a9bba9 at pf_test6+0x1609 #13 0xc1aa4e8f at pf_check6_out+0x5f #14 0xc0c1b942 at pfil_run_hooks+0x82 #15 0xc1ac8219 at bridge_pfil+0x279 #16 0xc1ac92f6 at bridge_broadcast+0xc6 #17 0xc1ac912d at bridge_forward+0x21d Uptime: 2m56s Regards, Niels