Problem with pf route-to sticky-address on 5.0

Fri, 24 Feb 2012 13:51:01 -0800 

Hi there,

Having a problem using pf's route-to sticky-address feature on 5.0.
Whenever packets hit from the inside networks, it tickles something in
the kernel that causes a fault and full system dump.

First detected on a Dell R210 in production, then replicated in a default
5.0 install on VMware that I can test with.  Full config & ruleset are below.

Here's the rule the causes it, removing the 'sticky-address' from the rule
does not cause the fault, but also doesn't do what I need it to do.

     pass in quick on $if_int from $net_int to ! $net_corp \
             route-to { ($if_ext1 $gw_ext1), ($if_ext2 $gw_ext2) } \
             round-robin sticky-address

OpenBSD 5.0 (GENERIC) #53: Wed Aug 17 10:07:52 MDT 2011
         [email protected]:/usr/src/sys/arch/amd64/compile/GENERIC

FAULT:
        kernel: protection fault trap, code=0
        Stopped at      pf_src_tree_RB_REMOVE+0x25:     movq    0(%rcx),%rax

TRACE:
        pf_src_tree_RB_REMOVE() at pf_src_tree_RB_REMOVE+0x25
        pf_remove_src_node() at pf_remove_src_node+0x5a
        pf_map_addr() at pf_map_addr+0x1e9
        pf_set_rt_ifp() at pf_set_rt_ifp+0x87
        pf_test_rule() at pf_test_rule+0xe85
        pf_test() at pf_test+0xcba
        ipv4_input() at ipv4_input+0x230
        ipintr() at ipintr+0x7f
        netintr() at netintr+0xd5
        softintr_dispatch() at softintr_dispatch+0x5d
        Xsoftnet() at Xsoftnet+0x28
        --- interrupt ---
        end trace frame: 0x0, count: -11

How to repeat:

/etc/hostname.em0:

inet 172.18.1.18 255.255.255.0 NONE description Uplink1
up
!route add -mpath default 172.18.1.1

/etc/hostname.em1:

inet 172.18.20.4 255.255.255.248 NONE description Uplink2
up
!route add -mpath default 172.18.20.1

/etc/hostname.em2:

inet 10.0.0.1 255.255.255.0 NONE description Internal
up

/etc/pf.conf

if_ext1="em0"
gw_ext1="172.18.1.1"
if_ext2="em1"
gw_ext2="172.18.20.1"
if_int="em2"
net_int="10.0.0.0/24"
net_corp="172.18.0.0/16"
set skip on lo
pass            # to establish keep-state
match out on $if_ext1 from $net_int to ! $net_corp nat-to ($if_ext1)
match out on $if_ext2 from $net_int to ! $net_corp nat-to ($if_ext2)
pass in quick on $if_int from $net_int to ! $net_corp \
        route-to { ($if_ext1 $gw_ext1), ($if_ext2 $gw_ext2) } \
        round-robin sticky-address

Any specific testing that would help isolate this?  Unfortunately I haven't
touched kernel sources since the 3.2 days, so I'm a little rusty.

Thanks & Cheers!
--chris

Reply via email to