Re: Kernel panic on dup-to, to localhost

2006-12-21 Thread Johan Allard 


On 20/12/2006, at 7:03 PM, Daniel Hartmeier wrote:


On Wed, Dec 20, 2006 at 01:35:37PM +1100, Johan Allard wrote:


any idea why this caused this panic?


Can you try the patch below?

If it still panics, please include the panic message in the screenshot
(the first couple of lines got cut off).

Daniel

Index: pf.c
===
RCS file: /cvs/src/sys/net/pf.c,v
retrieving revision 1.521
diff -u -r1.521 pf.c
--- pf.c14 Dec 2006 20:40:54 -  1.521
+++ pf.c20 Dec 2006 07:55:15 -
@@ -5475,7 +5475,7 @@
 {
struct mbuf *m0, *m1;
struct route iproute;
-   struct route*ro;
+   struct route*ro = NULL;
struct sockaddr_in  *dst;
struct ip   *ip;
struct ifnet*ifp = NULL;



Yes, this fixed the kernel dump. Thank you very much for the quick fix.

Cheers

//johan

Re: Kernel panic on dup-to, to localhost

2006-12-20 Thread Pierre-Yves Ritschard 

Johan Allard wrote:

Hi there,

I just managed to get a kernel dump on a basic clean installed OpenBSD 
4.0 with the following settings:


ifconfig lo1 create
ifconfig lo1 inet 1.1.12.1 netmask 255.255.255.0

echo pass in on ne3 dup-to (lo1 1.1.12.1) inet all keep state  
/etc/pf.conf


pfctl -e
pfctl -f /etc/pf.conf

and the first packet coming in on ne3 will cause a kernel dump, see 
attached screenshot.






I was trying to create a firewall with snort listening on lo1 and 
copying the packets I want it to inspect to lo1, no external promiscuos 
listeners or anything.


any idea why this caused this panic?

Cheers

//johan

If the panic message is 'multiply freed items' or something of the sort 
then you hit the same bug than me. What version are you running (uname -a).

It is fixed in -current.

Re: Kernel panic on dup-to, to localhost

2006-12-20 Thread Travis H. 
On Wed, Dec 20, 2006 at 01:35:37PM +1100, Johan Allard wrote:
 echo pass in on ne3 dup-to (lo1 1.1.12.1) inet all keep state  / 
 etc/pf.conf
 pfctl -e
 pfctl -f /etc/pf.conf
 and the first packet coming in on ne3 will cause a kernel dump, see  
 attached screenshot.


I didn't view the screenshot (were you running it as a virtual
machine or something?), but I'll make some wild guesses..

It could be that the kernel doesn't like packets not addressed
to it arriving on loopback interfaces.  Or it could be some kind
of infinite loop like the old land attack (srcip=dstip=us).
Is forwarding enabled on this kernel?

-- 
A: No.
Q: Should I include quotations after my reply?
URL:http://www.subspacefield.org/~travis/ --


pgpkB70MzYJh7.pgp
Description: PGP signature