Date: Fri, 11 Mar 2005 17:12:31 +0100 From: Emanuel Strobl <emanuel.strobl@gmx.net> To: freebsd-stable@freebsd.org Cc: pf@freebsd.org Subject: pf panic trace [Was: Re: Return-icmp doesn't work] Message-ID: <200503111712.36310@harrymail> In-Reply-To: <200503111619.34188@harrymail> References: <20050212061756.GF4769@kt-is.co.kr> <20050311135212.GA30653@insomnia.benzedrine.cx> <200503111619.34188@harrymail>
next in thread | previous in thread | raw e-mail | index | archive | help
--nextPart2978066.9Jq981rKZl
Content-Type: text/plain;
charset="iso-8859-15"
Content-Transfer-Encoding: quoted-printable
Content-Disposition: inline
Am Freitag, 11. M=E4rz 2005 16:19 schrieb Emanuel Strobl:
> Am Freitag, 11. M=E4rz 2005 14:52 schrieb Daniel Hartmeier:
> > block return-rst in on wi0 reply-to (wi0 10.1.1.1) inet proto tcp all
> >
> > This is valid syntax and pfctl loads the rule, but the functionality is
> > not implemented in kernel yet, i.e. the reply-to option is simply
> > ignored.
>
> Thanks, I tried a very similar rule and after that the box vanished.
> I went on location (the box paniced but didn't reboot) and installed a
> console-server so I can access the box from here and currently I'm baking=
a
> debug kernel.
> I'll notify you if I have a trace!
Here's the original panic message (the non debug kernel) with 5.4-PRE one w=
eek=20
old:
=46atal trap 12: page fault while in kernel mode
fault virtual address =3D 0xc
fault code =3D supervisor read, page not pre
instruction pointer =3D 0x8:0xc05ac722
stack pointer =3D 0x10:0xcc6919ac
frame pointer =3D 0x10:0xcc6919e0
code segment =3D base 0x0, limit 0xfffff, type
=3D DPL 0, pres 1, def32 1, gran
processor eflags =3D interrupt enabled, resume, IO
current process =3D 34 (swi1: net)
trap number =3D 12
panic: page fault
Uptime: 1d1h20m33s
GEOM_MIRROR: Device web: provider mirror/web destroyed.
GEOM_MIRROR: Device web destroyed.
=2E..
The machine didn't reboot!
The following rule panickes the machine:
block return-icmp(13) in on $SDSL route-to ($SDSL $sdsl_gw) from any to=20
$sdsl_net
Here's the trace from 5.4-PRE today:
panic: m_copym, offset > size of mbuf chain
KDB: stack backtrace:
panic(c076ab9a,c174d500,100,cc694a30,0) at panic+0x13c
m_copym(c1621b00,5dc,5c8,1,14) at m_copym+0x1c7
ip_fragment(c1642010,cc694a74,5dc,6,f01) at ip_fragment+0x168
pf_route(cc694bf0,c1a10d20,1,c1585000,0) at pf_route+0x767
pf_test(1,c1585000,cc694bf0,0,c17554e0) at pf_test+0x7b1
pf_check_in(0,cc694bf0,c1585000,1,0) at pf_check_in+0x48
pfil_run_hooks(c07f3e60,cc694c9c,c1585000,1,0) at pfil_run_hooks+0x15b
ip_input(c1621b00,0,c076e621,e6,c07f3f20) at ip_input+0x20f
netisr_processqueue(cc694cd8,246,c07c8ee0,2,c1508d40) at=20
netisr_processqueue+0x15
swi_net(0,0,c0762ddc,269,0) at swi_net+0x8d
ithread_loop(c1526300,cc694d48,c0762bbd,30e,0) at ithread_loop+0x1ff
fork_exit(c0560640,c1526300,cc694d48) at fork_exit+0xa9
fork_trampoline() at fork_trampoline+0x8
=2D-- trap 0x1, eip =3D 0, esp =3D 0xcc694d7c, ebp =3D 0 ---
If you need more info, on http://www.schmalzbauer.de/statics/phobos you can=
=20
find dmesg and the whole pf.conf
Thanks,
=2DHarry
>
> Thnaks,
>
> -Harry
>
> > The problem is that return-icmp uses the stack's icmp_error(), which
> > doesn't take an argument to override a route lookup. And duplicating the
> > function would be ugly due to its size. It's on the to-do list, but it's
> > been sitting there for a while already.
> >
> > Daniel
> > _______________________________________________
> > freebsd-stable@freebsd.org mailing list
> > http://lists.freebsd.org/mailman/listinfo/freebsd-stable
> > To unsubscribe, send any mail to "freebsd-stable-unsubscribe@freebsd.or=
g"
--nextPart2978066.9Jq981rKZl
Content-Type: application/pgp-signature
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.0 (FreeBSD)
iD8DBQBCMcN0Bylq0S4AzzwRAr5YAJ9l0V7Mqau4piVN+QxJJPRj63bOqACcDTKd
YzejycTbQzxPdCJUhZNH8Pk=
=ejaK
-----END PGP SIGNATURE-----
--nextPart2978066.9Jq981rKZl--
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?200503111712.36310>