I'm still trying to isolate exactly which PF reassembly configuration(s)
can't handle the test igmp DoS I'm sending at it in the "lab". I've
currently got frags and state limited to 65k each. I've tried both crop
and drop-ovl, both (much less full reassemble) experience kernel panics
after various amounts of effort. Generally between 2000 and 10000 igmp
packets. Packets were sent via igmpofdeath, which fragments and spoofs
packets to the destination. Note that the trace below is different than
the one I get from full reassembly tests.
Should I forward this over to tech@ or just leave it here?
-J.
OpenBSD/i386 (panic: kernel diagnostic assertion
"LIST_EMPTY(&frag->fr_cache) || LIST_FIRST(&frag->fr_cache)->fr_off >
frcache-7Stopped at _Debugger+0x4: leave
RUN AT LEAST 'trace' AND 'ps' AND INCLUDE OUTPUT WHEN REPORTING THIS
PANIC!
DO NOT EVEN BOTHER REPORTING THIS WITHOUT INCLUDING THAT INFORMATION!
ddb> trace
_Debugger(d0ba6bd4,d0ba6bd4,d0185d30,d02ffb1c,d0ba6ba4) at _Debugger+0x4
_panic(d01ce9a4,d018dcd1,d018e010,d018dc90,10b) at _panic+0x81
___assert(d018dcd1,d018dc90,10b,d018e010,d0ba6bd4) at ___assert+0x1f
_pf_free_fragment(d0ba6bd4,a0780d00,e440ec7c,d027a357) at
_pf_free_fragment+0x9
d
_pf_purge_expired_fragments(2,d05179f8,d0a7d960,e440f004,e440f004) at
_pf_purge
_expired_fragments+0xca
_pf_purge_timeout(d05179f8,d044a0c9,e440ecb0,e440ecd4) at
_pf_purge_timeout+0x2
a
_softclock(d0b30010,e4400010,e440f004,e440f004,e440ed38) at
_softclock+0x1fe
Bad frame pointer: 0xe440ecac
ddb> ps
PID PPID PGRP UID S FLAGS WAIT COMMAND
19328 7520 19328 0 3 0x44186 ttyin systat
7520 7186 7520 0 3 0x4086 wait bash
7186 3116 7186 0 3 0x184 select sshd
4609 21906 21906 67 3 0x184 netcon httpd
20561 21906 21906 67 3 0x184 netcon httpd
17252 21906 21906 67 3 0x184 netcon httpd
31325 21906 21906 67 3 0x184 netcon httpd
22814 21906 21906 67 3 0x184 netcon httpd
11672 22403 3885 1000 3 0x4185 poll mysqld
7389 1 1 0 3 0x4084 ttyopn getty
2044 1 2044 0 3 0x4086 ttyin getty
16712 1 16712 0 3 0x4086 ttyin getty
11486 1 11486 0 3 0x4086 ttyin getty
27914 1 27914 0 3 0x4086 ttyin getty
31760 1 31760 0 3 0x4086 ttyin getty
11450 1 11450 0 3 0x4086 ttyin getty
29694 1 29694 0 3 0x4084 ttyin getty
23640 1 23640 0 3 0x84 select cron
22403 1 3885 0 3 0x4086 pause sh
3116 1 3116 0 3 0x84 select sshd
3249 1 3249 0 3 0x184 pause inetd
--db_more--
1040 1 1040 66 3 0x184 nanosleep smtpfwdd
21906 1 21906 67 3 0x184 select httpd
23912 1 23912 0 3 0x40184 select sendmail
26860 1 26860 0 3 0x84 poll dhcpd
21916 1 21916 0 3 0x84 bpf pflogd
26954 1 26954 0 2 0x84 syslogd
32553 1 32553 0 3 0x84 poll dhclient
8 0 0 0 3 0x100204 apmev apm0
7 0 0 0 3 0x100204 crypto_wa crypto
6 0 0 0 3 0x100204 aiodoned aiodoned
5 0 0 0 3 0x100204 syncer update
4 0 0 0 3 0x100204 cleaner cleaner
3 0 0 0 3 0x100204 reaper reaper
2 0 0 0 3 0x100204 pgdaemon pagedaemon
1 0 1 0 3 0x4084 wait init
0 -1 0 0 3 0x80204 scheduler swapper
