Aaron Bieber writes:
> Hi, > > Adding a rule similar to the below causes a panic on -current (OpenBSD > 6.5-current (GENERIC) #95: Thu Jul 4 21:22:25 MDT 2019). This also panics 6.3 > and 6.5 (I didn't test 6.4): > > pass in quick on egress proto tcp from any to port 8888 once rdr-to \ > 127.0.0.1 port 3333 > > Once the rule is in place, fire up: > > nc -l 127.0.0.1 3333 > > Connect a few times from a remote machine: > > nc <ip> 8888 > > Eventually it will panic with (sometimes it happens right away, other times I > have to restart nc a few times): > This is because it's meant to be used inside of an anchor (it removes the rule once it's matched). The most sensible way to use it is to put it into the anchor inside a recursive anchor (e.g. 'relayd/*'). It's possible that the check protecting the system from the misuse like you've described here got lost during refactoring or it never existed in the first place :-( Cheers, Mike > ddb> trace > pf_rm_rule(ffffffff81d900a8,ffff8000003bbfe8) at pf_rm_rule+0xa9 > pf_purge_rule(ffff8000003bbfe8) at pf_purge_rule+0x26 > pf_purge(ffffffff81dc1088) at pf_purge+0x55 > taskq_thread(ffff800000022040) at taskq_thread+0x3d > end trace frame: 0x0, count: -4 > ddb> > ddb> ps > PID TID PPID UID S FLAGS WAIT COMMAND > 69502 12189 1 0 3 0x100083 ttyin ksh > 53972 340673 1 0 3 0x100098 poll cron > 81827 279222 1 110 3 0x100090 poll sndiod > 54852 68160 1 99 3 0x100090 poll sndiod > 79474 94554 3215 95 3 0x100092 kqread smtpd > 90212 164878 3215 103 3 0x100092 kqread smtpd > 43199 482512 3215 95 3 0x100092 kqread smtpd > 38765 100663 3215 95 3 0x100092 kqread smtpd > 33241 424770 3215 95 3 0x100092 kqread smtpd > 5338 193750 3215 95 3 0x100092 kqread smtpd > 3215 481909 1 0 3 0x100080 kqread smtpd > 57742 143403 1 0 3 0x80 select sshd > 31904 460143 1 0 3 0x100080 poll ntpd > 65592 182120 47006 83 3 0x100092 poll ntpd > 47006 103509 1 83 3 0x100092 poll ntpd > 60875 292765 99617 74 3 0x100092 bpf pflogd > 99617 524148 1 0 3 0x80 netio pflogd > 4242 324170 49064 73 3 0x100090 kqread syslogd > 49064 413359 1 0 3 0x100082 netio syslogd > 20955 102995 68995 115 3 0x100092 kqread slaacd > 99883 518930 68995 115 3 0x100092 kqread slaacd > 68995 175540 1 0 3 0x100080 kqread slaacd > 5278 238159 0 0 3 0x14200 pgzero zerothread > 2253 479921 0 0 3 0x14200 aiodoned aiodoned > 98149 310276 0 0 3 0x14200 syncer update > 78055 259911 0 0 3 0x14200 cleaner cleaner > 68827 324781 0 0 3 0x14200 reaper reaper > 93269 98863 0 0 3 0x14200 pgdaemon pagedaemon > 75284 447451 0 0 3 0x14200 bored crynlk > 34868 513191 0 0 3 0x14200 bored crypto > *18776 255193 0 0 7 0x14200 softnet > 64918 469356 0 0 3 0x14200 bored systqmp > 902 49537 0 0 3 0x14200 bored systq > 17250 200730 0 0 3 0x40014200 bored softclock > 2990 510299 0 0 3 0x40014200 idle0 > 947 215447 0 0 3 0x14200 bored smr > 1 180680 0 0 3 0x82 wait init > 0 0 -1 0 3 0x10200 scheduler swapper > ddb> > > dmesg (from a VM in vmm - I have also reproduced this on physical hw): > OpenBSD 6.5-current (GENERIC) #95: Thu Jul 4 21:22:25 MDT 2019 > dera...@amd64.openbsd.org:/usr/src/sys/arch/amd64/compile/GENERIC > real mem = 4278181888 (4079MB) > avail mem = 4138524672 (3946MB) > mpath0 at root > scsibus0 at mpath0: 256 targets > mainbus0 at root > bios0 at mainbus0: SMBIOS rev. 2.4 @ 0xf3f10 (12 entries) > bios0: vendor SeaBIOS version "1.11.0p2-OpenBSD-vmm" date 01/01/2011 > bios0: OpenBSD VMM > acpi at bios0 not configured > cpu0 at mainbus0: (uniprocessor) > cpu0: AMD Ryzen 7 PRO 2700U w/ Radeon Vega Mobile Gfx, 37466.79 MHz, 17-11-00 > cpu0: > FPU,VME,DE,PSE,TSC,MSR,PAE,CX8,SEP,PGE,CMOV,PAT,PSE36,CFLUSH,MMX,FXSR,SSE,SSE2,SSE3,PCLMUL,SSSE3,FMA3,CX16,SSE4.1,SSE4.2,MOVBE,POPCNT,AES,XSAVE,AVX,F16C,RDRAND,HV,NXE,MMXX,FFXSR,PAGE1GB,LONG,LAHF,CMPLEG,EAPICSP,AMCR8,ABM,SSE4A,MASSE,3DNOWP,OSVW,SKINIT,TCE,TOPEXT,CPCTR,DBKP,PCTRL3,ITSC,FSGSBASE,BMI1,AVX2,SMEP,BMI2,RDSEED,ADX,SMAP,CLFLUSHOPT,SHA > cpu0: 64KB 64b/line 4-way I-cache, 32KB 64b/line 8-way D-cache, 512KB > 64b/line 8-way L2 cache, 4MB 64b/line 16-way L3 cache > cpu0: ITLB 64 4KB entries fully associative, 64 4MB entries fully associative > cpu0: DTLB 64 4KB entries fully associative, 64 4MB entries fully associative > pvbus0 at mainbus0: OpenBSD > pvclock0 at pvbus0 > pci0 at mainbus0 bus 0 > pchb0 at pci0 dev 0 function 0 "OpenBSD VMM Host" rev 0x00 > virtio0 at pci0 dev 1 function 0 "Qumranet Virtio RNG" rev 0x00 > viornd0 at virtio0 > virtio0: irq 3 > virtio1 at pci0 dev 2 function 0 "Qumranet Virtio Network" rev 0x00 > vio0 at virtio1: address fe:e1:bb:d1:eb:4d > virtio1: irq 5 > virtio2 at pci0 dev 3 function 0 "Qumranet Virtio Storage" rev 0x00 > vioblk0 at virtio2 > scsibus1 at vioblk0: 2 targets > sd0 at scsibus1 targ 0 lun 0: <VirtIO, Block Device, > SCSI3 0/direct fixed > sd0: 40960MB, 512 bytes/sector, 83886080 sectors > virtio2: irq 6 > virtio3 at pci0 dev 4 function 0 "OpenBSD VMM Control" rev 0x00 > vmmci0 at virtio3 > virtio3: irq 7 > isa0 at mainbus0 > isadma0 at isa0 > com0 at isa0 port 0x3f8/8 irq 4: ns8250, no fifo > com0: console > vscsi0 at root > scsibus2 at vscsi0: 256 targets > softraid0 at root > scsibus3 at softraid0: 256 targets > root on sd0a (66c460169c410440.a) swap on sd0b dump on sd0b > WARNING: / was not properly unmounted
