Re: Kernel panic on dup-to, to localhost
On 20/12/2006, at 7:03 PM, Daniel Hartmeier wrote: On Wed, Dec 20, 2006 at 01:35:37PM +1100, Johan Allard wrote: any idea why this caused this panic? Can you try the patch below? If it still panics, please include the panic message in the screenshot (the first couple of lines got cut off). Daniel Index: pf.c === RCS file: /cvs/src/sys/net/pf.c,v retrieving revision 1.521 diff -u -r1.521 pf.c --- pf.c14 Dec 2006 20:40:54 - 1.521 +++ pf.c20 Dec 2006 07:55:15 - @@ -5475,7 +5475,7 @@ { struct mbuf *m0, *m1; struct route iproute; - struct route*ro; + struct route*ro = NULL; struct sockaddr_in *dst; struct ip *ip; struct ifnet*ifp = NULL; Yes, this fixed the kernel dump. Thank you very much for the quick fix. Cheers //johan
Re: Kernel panic on dup-to, to localhost
Johan Allard wrote: Hi there, I just managed to get a kernel dump on a basic clean installed OpenBSD 4.0 with the following settings: ifconfig lo1 create ifconfig lo1 inet 1.1.12.1 netmask 255.255.255.0 echo pass in on ne3 dup-to (lo1 1.1.12.1) inet all keep state /etc/pf.conf pfctl -e pfctl -f /etc/pf.conf and the first packet coming in on ne3 will cause a kernel dump, see attached screenshot. I was trying to create a firewall with snort listening on lo1 and copying the packets I want it to inspect to lo1, no external promiscuos listeners or anything. any idea why this caused this panic? Cheers //johan If the panic message is 'multiply freed items' or something of the sort then you hit the same bug than me. What version are you running (uname -a). It is fixed in -current.
Re: Kernel panic on dup-to, to localhost
On Wed, Dec 20, 2006 at 01:35:37PM +1100, Johan Allard wrote: echo pass in on ne3 dup-to (lo1 1.1.12.1) inet all keep state / etc/pf.conf pfctl -e pfctl -f /etc/pf.conf and the first packet coming in on ne3 will cause a kernel dump, see attached screenshot. I didn't view the screenshot (were you running it as a virtual machine or something?), but I'll make some wild guesses.. It could be that the kernel doesn't like packets not addressed to it arriving on loopback interfaces. Or it could be some kind of infinite loop like the old land attack (srcip=dstip=us). Is forwarding enabled on this kernel? -- A: No. Q: Should I include quotations after my reply? URL:http://www.subspacefield.org/~travis/ -- pgpkB70MzYJh7.pgp Description: PGP signature