Hello!
A couple of days ago, I upgraded one of my FreeBSD 4.11 servers from
4.11-RELEASE-p13 to 4.11-RELEASE-p22. This server had IPFilter 4.1.8
installed before the upgrade (IPFilter 4 is used because PPTP proxy
is needed). While upgrading the OS, I tried to build IPFilter 4.1.13
and 4.1.9, but since I couldn't get them to compile I decided to stick
with 4.1.8, which compiles cleanly.
The upgrade seemed to go fine:
# ipf -V
ipf: IP Filter: v4.1.8 (396)
Kernel: IP Filter: v4.1.8
Running: yes
Log Flags: 0 = none set
Default: block all, Logging: available
Active list: 0
Feature mask: 0xa
... but now whenever someone tries to initiate a PPTP connection from
internal network to external, the
kernel panics :( My ipnat rules are still the same they were before the
upgrade:
map dc0 192.168.14.0/24 -> 0/32 proxy port 21 ftp/tcp
map dc0 192.168.14.0/24 -> 0/32 proxy port 1723 pptp/tcp
map dc0 192.168.14.0/24 -> 0/32 proxy port 500 ipsec/udp
map dc0 192.168.14.0/24 -> 0/32
map dc0 192.168.1.0/24 -> 0/32 proxy port 21 ftp/tcp
map dc0 192.168.1.0/24 -> 0/32
Any advice on how to get rid of these panics is welcome (for example,
how to build IPFilter version newer than 4.1.8).
Here's the stack trace from the panic:
-----------------------------------------------------------------------
#0 dumpsys () at /usr/src/sys/kern/kern_shutdown.c:487
#1 0xc017aac8 in boot (howto=256) at /usr/src/sys/kern/kern_shutdown.c:316
#2 0xc017aefc in poweroff_wait (junk=0xc0280e6c, howto=-1071117969)
at /usr/src/sys/kern/kern_shutdown.c:595
#3 0xc0245d1f in trap_fatal (frame=0xc3e73c20, eva=140)
at /usr/src/sys/i386/i386/trap.c:974
#4 0xc02459e1 in trap_pfault (frame=0xc3e73c20, usermode=0, eva=140)
at /usr/src/sys/i386/i386/trap.c:867
#5 0xc0245597 in trap (frame={tf_fs = 16, tf_es = 16, tf_ds = 16,
tf_edi = -1064185856, tf_esi = 0, tf_ebp = -1008255724,
tf_isp = -1008255924, tf_ebx = -1008255876, tf_edx = 0, tf_ecx = 9,
tf_eax = -1061686784, tf_trapno = 12, tf_err = 0, tf_eip =
-1072444224,
tf_cs = 8, tf_eflags = 2163202, tf_esp = -1064184976,
tf_ss = -1064185856}) at /usr/src/sys/i386/i386/trap.c:466
#6 0xc013ccc0 in ippr_pptp_donatstate (fin=0xc3e73e64, nat=0xc0b7f200,
pptp=0xc091d000) at
/usr/src/sys/contrib/ipfilter/netinet/ip_pptp_pxy.c:214
#7 0xc013d07e in ippr_pptp_mctl (fin=0xc3e73e64, nat=0xc0b7f200,
pptp=0xc091d000, pptps=0xc091d354)
at /usr/src/sys/contrib/ipfilter/netinet/ip_pptp_pxy.c:441
#8 0xc013cf74 in ippr_pptp_message (fin=0xc3e73e64, nat=0xc0b7f200,
pptp=0xc091d000, pptps=0xc091d354)
at /usr/src/sys/contrib/ipfilter/netinet/ip_pptp_pxy.c:368
#9 0xc013cf16 in ippr_pptp_nextmessage (fin=0xc3e73e64, nat=0xc0b7f200,
pptp=0xc091d000, rev=1)
at /usr/src/sys/contrib/ipfilter/netinet/ip_pptp_pxy.c:339
#10 0xc013d183 in ippr_pptp_inout (fin=0xc3e73e64, aps=0xc0acc380,
nat=0xc0b7f200) at
/usr/src/sys/contrib/ipfilter/netinet/ip_pptp_pxy.c:493
#11 0xc014066e in appr_check (fin=0xc3e73e64, nat=0xc0b7f200)
at /usr/src/sys/contrib/ipfilter/netinet/ip_proxy.c:540
#12 0xc0139a77 in fr_natin (fin=0xc3e73e64, nat=0xc0b7f200, natadd=1,
nflags=1)
at /usr/src/sys/contrib/ipfilter/netinet/ip_nat.c:4084
#13 0xc01399da in fr_checknatin (fin=0xc3e73e64, passp=0xc3e73e60)
at /usr/src/sys/contrib/ipfilter/netinet/ip_nat.c:4019
#14 0xc012fc34 in fr_check (ip=0xc04f0016, hlen=20, ifp=0xc07f9000, out=0,
mp=0xc3e73f38) at /usr/src/sys/contrib/ipfilter/netinet/fil.c:2341
#15 0xc01de995 in ip_input (m=0xc0508d00)
at /usr/src/sys/netinet/ip_input.c:478
#16 0xc01def3f in ipintr () at /usr/src/sys/netinet/ip_input.c:971
#17 0xc02389e9 in swi_net_next ()
#18 0x0 in ?? ()
-----------------------------------------------------------------------
