From owner-freebsd-bugs@FreeBSD.ORG Tue Apr 5 01:40:07 2005 Return-Path: Delivered-To: freebsd-bugs@hub.freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id C47F416A4CE for ; Tue, 5 Apr 2005 01:40:07 +0000 (GMT) Received: from freefall.freebsd.org (freefall.freebsd.org [216.136.204.21]) by mx1.FreeBSD.org (Postfix) with ESMTP id 7364543D55 for ; Tue, 5 Apr 2005 01:40:07 +0000 (GMT) (envelope-from gnats@FreeBSD.org) Received: from freefall.freebsd.org (gnats@localhost [127.0.0.1]) by freefall.freebsd.org (8.13.3/8.13.3) with ESMTP id j351e7oE077692 for ; Tue, 5 Apr 2005 01:40:07 GMT (envelope-from gnats@freefall.freebsd.org) Received: (from gnats@localhost) by freefall.freebsd.org (8.13.3/8.13.1/Submit) id j351e757077691; Tue, 5 Apr 2005 01:40:07 GMT (envelope-from gnats) Resent-Date: Tue, 5 Apr 2005 01:40:07 GMT Resent-Message-Id: <200504050140.j351e757077691@freefall.freebsd.org> Resent-From: FreeBSD-gnats-submit@FreeBSD.org (GNATS Filer) Resent-To: freebsd-bugs@FreeBSD.org Resent-Reply-To: FreeBSD-gnats-submit@FreeBSD.org, Oleg Bulyzhin Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 20B9D16A4CE; Tue, 5 Apr 2005 01:31:19 +0000 (GMT) Received: from atex.rinet.ru (atex.rinet.ru [195.91.227.2]) by mx1.FreeBSD.org (Postfix) with ESMTP id 206C143D66; Tue, 5 Apr 2005 01:31:18 +0000 (GMT) (envelope-from oleg@atex.rinet.ru) Received: from atex.rinet.ru (localhost [127.0.0.1]) by atex.rinet.ru (8.13.3/8.13.1) with ESMTP id j351VGVg025917; Tue, 5 Apr 2005 05:31:16 +0400 (MSD) (envelope-from oleg@atex.rinet.ru) Received: (from oleg@localhost) by atex.rinet.ru (8.13.3/8.13.1/Submit) id j351VGw0025916; Tue, 5 Apr 2005 05:31:16 +0400 (MSD) (envelope-from oleg) Message-Id: <200504050131.j351VGw0025916@atex.rinet.ru> Date: Tue, 5 Apr 2005 05:31:16 +0400 (MSD) From: Oleg Bulyzhin To: FreeBSD-gnats-submit@FreeBSD.org X-Send-Pr-Version: 3.113 cc: freebsd-ipfw@FreeBSD.org cc: oleg@rinet.ru Subject: kern/79546: dummynet & ipfw tee: kernel may hang (endless loop) X-BeenThere: freebsd-bugs@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list Reply-To: Oleg Bulyzhin List-Id: Bug reports List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 05 Apr 2005 01:40:08 -0000 >Number: 79546 >Category: kern >Synopsis: dummynet & ipfw tee: kernel may hang (endless loop) >Confidential: no >Severity: serious >Priority: high >Responsible: freebsd-bugs >State: open >Quarter: >Keywords: >Date-Required: >Class: sw-bug >Submitter-Id: current-users >Arrival-Date: Tue Apr 05 01:40:07 GMT 2005 >Closed-Date: >Last-Modified: >Originator: Oleg Bulyzhin >Release: FreeBSD 5.4-RC1 i386 >Organization: Cronyx Plus LLC >Environment: System: FreeBSD atex.rinet.ru 5.4-RC1 FreeBSD 5.4-RC1 #7: Tue Apr 5 02:58:28 MSD 2005 root@atex.rinet.ru:/lh/obj/lh/src/sys/atex i386 any branch with working ipfw tee command >Description: Problem does not appear if you have net.inet.ip.fw.one_pass = 1 If you have net.inet.ip.fw.one_pass=0 packets will be reinjected by dummynet back into ipfw. Any reinjected packet will have args->rule != NULL (ip_fw2.c:1885) and next ipfw rule will be choosed using args->rule. Such behaviour is wrong for packets reinjected into ipfw by tee command. If you try to tee "dummyneted" (i.e. reinjected by dummynet) packet, kernel will hang in endless loop trying to tee same packet again and again. This happens cause next ipfw rule choosen upon args->rule instead of divert_cookie(mtag) (ip_fw2.c:1907) >How-To-Repeat: sysctl net.inet.ip.fw.one_pass=1 kldload dummynet ipfw pipe 1 config ipfw add 1 pipe 1 ip from any to any ipfw add 2 tee 1 ip from any to any ping localhost & sysctl net.inet.ip.fw.one_pass=0 Right after last command kernel will hang. >Fix: Would be fine to have it fixed in 5.4-RELEASE --- sys/netinet/ip_fw2.c~ Sun Apr 3 02:12:12 2005 +++ sys/netinet/ip_fw2.c Sun Apr 3 04:04:25 2005 @@ -1899,6 +1899,7 @@ f = args->rule->next_rule; if (f == NULL) f = lookup_next_rule(args->rule); + args->rule = NULL; } else { /* * Find the starting rule. It can be either the first >Release-Note: >Audit-Trail: >Unformatted: