On Thu, Dec 03, 2015 at 11:46 +0000, Sevan / Venture37 wrote:
> Hi,
> I ran into this issue last night when I was testing out a trivial VPN
> config & assumed it may have been related to virtualbox but I've just
> replicated it on a ThinkPad X60s.
>
> panic: ipintr no HDR
> Stopped at Debugger+0x7: leave
> Tid PID UID PRFLAGS PFLAGS CPU COMMAND
> 21363 21363 82 0x10 0 1 npppd
> Debugger ( ) at Debugger+0x7
> panic( ) at panic+0x71
> ipintr( ) at ipintr+0x34
> netintr( ) at netintr+0x78
> softintr_dispatch(1) at softintr_dispatch+0x5f
> Xsoftnet() at Xsoftnet+0x12
>
> screenshots from a -current #1575 running an a guest
> http://sevan.sdf.org/trace-58current.png
> http://sevan.sdf.org/ps1.png
> http://sevan.sdf.org/ps2.png
> http://sevan.sdf.org/ps3.png
>
> Confirmed issue on 5.8-RELEASE amd64, the -current snapshot from
> yesterday #1575 (2/12/2015) (SP kernel) on virtualbox 5 and the i386
> snapshot from 14/11/2015 #1378 (SMP kernel) on a ThinkPad X60s.
>
> In each case no changes were made to the default OpenBSD install other
> than assigning a IP address to network interface, adding a user to
> /etc/npppd/nppd-users & adding a ipsec.conf.
>
> ipsec.conf:
> ike passive esp transport proto udp from 1.2.3.4 to any port 1701 \
> main auth "hmac-sha1" enc "3des" group modp1024 psk "password".
>
> (have to use these crypto settings because it's not possible to
> connect from a manually configured VPN on OS X otherwise, it's just
> for my testing purposes to "succeed", not what's used in production).
>
> Run:
> isakmpd -K
> ipsecctl -f /etc/ipsec.conf
> npppd
>
> On OS X (tested with 10.11.1)
> System Preferences > Network, add a L2TP over IPsec VPN, fill in the
> username, password & psk. hit connect.
>
> Upon establishing a connecting succesfully, OS X will start the timer
> & display the I/O indicator at which point OpenBSD will have panicked.
>
>
>
> Sevan / Venture37
>
Hi Sevan!
Please try this diff below. Hopefully it will tell us where does this
packet come from.
diff --git sys/net/if.c sys/net/if.c
index 2d8aedc..ba02a9f 100644
--- sys/net/if.c
+++ sys/net/if.c
@@ -670,10 +670,12 @@ if_input_local(struct ifnet *ifp, struct mbuf *m,
sa_family_t af)
printf("%s: can't handle af%d\n", ifp->if_xname, af);
m_freem(m);
return (EAFNOSUPPORT);
}
+ if ((m->m_flags & M_PKTHDR) == 0)
+ panic("no HDR: %s", __func__);
if (niq_enqueue(ifq, m) != 0)
return (ENOBUFS);
ifp->if_ipackets++;
ifp->if_ibytes += m->m_pkthdr.len;
diff --git sys/net/if_ethersubr.c sys/net/if_ethersubr.c
index 9b4e7ad..bdeb81a 100644
--- sys/net/if_ethersubr.c
+++ sys/net/if_ethersubr.c
@@ -455,10 +455,12 @@ decapsulate:
default:
goto dropanyway;
}
}
+ if ((m->m_flags & M_PKTHDR) == 0)
+ panic("no HDR: %s", __func__);
niq_enqueue(inq, m);
return (1);
dropanyway:
m_freem(m);
return (1);
diff --git sys/net/if_pppx.c sys/net/if_pppx.c
index fd87512..7523901 100644
--- sys/net/if_pppx.c
+++ sys/net/if_pppx.c
@@ -381,10 +381,12 @@ pppxwrite(dev_t dev, struct uio *uio, int ioflag)
default:
m_freem(top);
return (EAFNOSUPPORT);
}
+ if ((m->m_flags & M_PKTHDR) == 0)
+ panic("no HDR: %s", __func__);
if (niq_enqueue(ifq, m) != 0)
return (ENOBUFS);
return (error);
}
diff --git sys/net/pipex.c sys/net/pipex.c
index ae36c52..f42adae 100644
--- sys/net/pipex.c
+++ sys/net/pipex.c
@@ -1144,10 +1144,12 @@ pipex_ip_input(struct mbuf *m0, struct pipex_session
*session)
#if NBPFILTER > 0
if (ifp->if_bpf)
bpf_mtap_af(ifp->if_bpf, AF_INET, m0, BPF_DIRECTION_IN);
#endif
+ if ((m0->m_flags & M_PKTHDR) == 0)
+ panic("no HDR: %s", __func__);
if (niq_enqueue(&ipintrq, m0) != 0) {
ifp->if_collisions++;
goto dropped;
}
diff --git sys/netinet/ipsec_input.c sys/netinet/ipsec_input.c
index fe0ee48..11a7e22 100644
--- sys/netinet/ipsec_input.c
+++ sys/netinet/ipsec_input.c
@@ -759,10 +759,12 @@ esp4_input_cb(struct mbuf *m, ...)
{
/*
* Interface pointer is already in first mbuf; chop off the
* `outer' header and reschedule.
*/
+ if ((m->m_flags & M_PKTHDR) == 0)
+ panic("no HDR: %s", __func__);
if (niq_enqueue(&ipintrq, m) != 0) {
espstat.esps_qfull++;
DPRINTF(("esp4_input_cb(): dropped packet because of full "
"IP queue\n"));
return ENOBUFS;
