Skip site navigation (1)Skip section navigation (2) 
Date:      Tue, 5 Apr 2005 05:31:16 +0400 (MSD)
From:      Oleg Bulyzhin <oleg@rinet.ru>
To:        FreeBSD-gnats-submit@FreeBSD.org
Cc:        oleg@rinet.ru
Subject:   kern/79546: dummynet & ipfw tee: kernel may hang (endless loop)
Message-ID:  <200504050131.j351VGw0025916@atex.rinet.ru>
Resent-Message-ID: <200504050140.j351e757077691@freefall.freebsd.org>
next in thread | raw e-mail | index | archive | help 

>Number:         79546
>Category:       kern
>Synopsis:       dummynet & ipfw tee: kernel may hang (endless loop)
>Confidential:   no
>Severity:       serious
>Priority:       high
>Responsible:    freebsd-bugs
>State:          open
>Quarter:        
>Keywords:       
>Date-Required:
>Class:          sw-bug
>Submitter-Id:   current-users
>Arrival-Date:   Tue Apr 05 01:40:07 GMT 2005
>Closed-Date:
>Last-Modified:
>Originator:     Oleg Bulyzhin <oleg@rinet.ru>
>Release:        FreeBSD 5.4-RC1 i386
>Organization:
Cronyx Plus LLC
>Environment:
System: FreeBSD atex.rinet.ru 5.4-RC1 FreeBSD 5.4-RC1 #7: Tue Apr 5 02:58:28 MSD 2005 root@atex.rinet.ru:/lh/obj/lh/src/sys/atex i386

	any branch with working ipfw tee command
>Description:
	Problem does not appear if you have net.inet.ip.fw.one_pass = 1

	If you have net.inet.ip.fw.one_pass=0 packets will be reinjected
	by dummynet back into ipfw. Any reinjected packet will have
	args->rule != NULL (ip_fw2.c:1885) and next ipfw rule will be choosed
	using args->rule. Such behaviour is wrong for packets reinjected
	into ipfw by tee command.
	If you try to tee "dummyneted" (i.e. reinjected by dummynet) packet,
	kernel will hang in endless loop trying to tee same packet again and
	again. This happens cause next ipfw rule choosen upon args->rule
	instead of divert_cookie(mtag) (ip_fw2.c:1907)

>How-To-Repeat:
	sysctl net.inet.ip.fw.one_pass=1
	kldload dummynet
	ipfw pipe 1 config
	ipfw add 1 pipe 1 ip from any to any
	ipfw add 2 tee 1 ip from any to any
	ping localhost &
	sysctl net.inet.ip.fw.one_pass=0

	Right after last command kernel will hang.

>Fix:
	Would be fine to have it fixed in 5.4-RELEASE

--- sys/netinet/ip_fw2.c~	Sun Apr  3 02:12:12 2005
+++ sys/netinet/ip_fw2.c	Sun Apr  3 04:04:25 2005
@@ -1899,6 +1899,7 @@
 		f = args->rule->next_rule;
 		if (f == NULL)
 			f = lookup_next_rule(args->rule);
+		args->rule = NULL;
 	} else {
 		/*
 		 * Find the starting rule. It can be either the first

>Release-Note:
>Audit-Trail:
>Unformatted:

Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?200504050131.j351VGw0025916>