Date: Thu, 13 Dec 2001 12:40:15 +0100 (CET) From: Dag-Erling Smorgrav <des@des.thinksec.com> To: FreeBSD-gnats-submit@freebsd.org Subject: kern/32806: Reproducible panic in ipfw Message-ID: <20011213114015.C603D57C3@des.thinksec.com>
next in thread | raw e-mail | index | archive | help
>Number: 32806 >Category: kern >Synopsis: Reproducible panic in ipfw >Confidential: no >Severity: serious >Priority: high >Responsible: freebsd-bugs >State: open >Quarter: >Keywords: >Date-Required: >Class: sw-bug >Submitter-Id: current-users >Arrival-Date: Thu Dec 13 09:20:01 PST 2001 >Closed-Date: >Last-Modified: >Originator: Dag-Erling Smorgrav >Release: FreeBSD 5.0-CURRENT i386 >Organization: >Environment: System: FreeBSD des.thinksec.com 5.0-CURRENT FreeBSD 5.0-CURRENT #121: Wed Dec 5 11:40:09 CET 2001 des@des.thinksec.com:/usr/src/sys/i386/compile/DES i386 >Description: If an outgoing packet originating on the local machine hits an "unreach" rule in ipfw, a panic ensues in icmp_reflect() because there is no receiving interface on which to transmit the ICMP unreachable. >How-To-Repeat: # ipfw add 1 unreach host ip from any to 10.0.0.0/8 00001 unreach host up from any to 10.0.0.0/8 # ifconfig dc0 inet 10.0.0.1 netmask 0xff000000 # telnet 10.0.0.2 Trying 10.0.0.2... panic: icmp_reflect: NULL rcvif The panic comes from the KASSERT on line 612 of sys/netinet/ip_icmp.c. >Fix: The code directly above the KASSERT already handles the case where the packet that triggers the rule is destined for a local address. Similar code should be added to handle the case where the source address is a local address. >Release-Note: >Audit-Trail: >Unformatted: To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-bugs" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20011213114015.C603D57C3>