Hello,
On 26/09/18(Wed) 11:59, [email protected] wrote:
> >Synopsis: Page fault in rt_setgwroute triggered by npppd under specific
> >circumstances
> >Category: kernel (networking)
> >Environment:
> System : OpenBSD 6.3
> Details : OpenBSD 6.3 (GENERIC) #100: Sat Mar 24 14:17:45 MDT 2018
>
> [email protected]:/usr/src/sys/arch/amd64/compile/GENERIC
>
> Architecture: OpenBSD.amd64
> Machine : amd64
> >Description:
> On client connection, npppd cause a panic. It seems the panic occurs
> when the
> selected address for the tun interface is already used on another interface.
> For instance,
> if I use 10.0.0.254/24 on a vlan interface, using 10.0.0.254 on tun0 trigger
> the panic.
> Using 10.0.0.253 for tun0 do not trigger the panic.
>
> >How-To-Repeat:
> - Configure an interface with 10.0.0.254/24 (in my case a vlan
> interface)
> - Configure npppd like this:
>
> ipcp interco {
> pool-address 10.0.0.64-10.0.0.127 for static
> dns-servers 10.0.0.254
> allow-user-selected-address no
> }
> interface tun0 address 10.0.0.254 ipcp interco
>
> - Connect the L2TP client (in my case through IPsec)
Could you include the output of "# route -n show -inet" before
connecting the L2TP client in your next report?
Does the diff below help? Even if it does, please insert the route(8)
output.
Index: net/route.c
===================================================================
RCS file: /cvs/src/sys/net/route.c,v
retrieving revision 1.377
diff -u -p -r1.377 route.c
--- net/route.c 11 Jul 2018 19:52:19 -0000 1.377
+++ net/route.c 26 Sep 2018 10:40:22 -0000
@@ -399,7 +399,8 @@ rt_setgwroute(struct rtentry *rt, u_int
* If we found a non-L2 entry on a different interface
* there's nothing we can do.
*/
- if (!ISSET(nhrt->rt_flags, RTF_LLINFO)) {
+ if (!ISSET(nhrt->rt_flags, RTF_LLINFO) ||
+ nhrt->rt_parent == NULL) {
rtfree(nhrt);
return (EHOSTUNREACH);
}
