Sorry, failed to mention this is a 3.2 -stable x86 box. -J.
On Wed, 2002-11-20 at 17:42, Jason Dixon wrote: > I'm still trying to isolate exactly which PF reassembly configuration(s) > can't handle the test igmp DoS I'm sending at it in the "lab". I've > currently got frags and state limited to 65k each. I've tried both crop > and drop-ovl, both (much less full reassemble) experience kernel panics > after various amounts of effort. Generally between 2000 and 10000 igmp > packets. Packets were sent via igmpofdeath, which fragments and spoofs > packets to the destination. Note that the trace below is different than > the one I get from full reassembly tests. > > Should I forward this over to tech@ or just leave it here? > > -J. > > OpenBSD/i386 (panic: kernel diagnostic assertion > "LIST_EMPTY(&frag->fr_cache) || LIST_FIRST(&frag->fr_cache)->fr_off > > frcache-7Stopped at _Debugger+0x4: leave > RUN AT LEAST 'trace' AND 'ps' AND INCLUDE OUTPUT WHEN REPORTING THIS > PANIC! > DO NOT EVEN BOTHER REPORTING THIS WITHOUT INCLUDING THAT INFORMATION! > ddb> trace > _Debugger(d0ba6bd4,d0ba6bd4,d0185d30,d02ffb1c,d0ba6ba4) at _Debugger+0x4 > _panic(d01ce9a4,d018dcd1,d018e010,d018dc90,10b) at _panic+0x81 > ___assert(d018dcd1,d018dc90,10b,d018e010,d0ba6bd4) at ___assert+0x1f > _pf_free_fragment(d0ba6bd4,a0780d00,e440ec7c,d027a357) at > _pf_free_fragment+0x9 > d > _pf_purge_expired_fragments(2,d05179f8,d0a7d960,e440f004,e440f004) at > _pf_purge > _expired_fragments+0xca > _pf_purge_timeout(d05179f8,d044a0c9,e440ecb0,e440ecd4) at > _pf_purge_timeout+0x2 > a > _softclock(d0b30010,e4400010,e440f004,e440f004,e440ed38) at > _softclock+0x1fe > Bad frame pointer: 0xe440ecac > ddb> ps > PID PPID PGRP UID S FLAGS WAIT COMMAND > 19328 7520 19328 0 3 0x44186 ttyin systat > 7520 7186 7520 0 3 0x4086 wait bash > 7186 3116 7186 0 3 0x184 select sshd > 4609 21906 21906 67 3 0x184 netcon httpd > 20561 21906 21906 67 3 0x184 netcon httpd > 17252 21906 21906 67 3 0x184 netcon httpd > 31325 21906 21906 67 3 0x184 netcon httpd > 22814 21906 21906 67 3 0x184 netcon httpd > 11672 22403 3885 1000 3 0x4185 poll mysqld > 7389 1 1 0 3 0x4084 ttyopn getty > 2044 1 2044 0 3 0x4086 ttyin getty > 16712 1 16712 0 3 0x4086 ttyin getty > 11486 1 11486 0 3 0x4086 ttyin getty > 27914 1 27914 0 3 0x4086 ttyin getty > 31760 1 31760 0 3 0x4086 ttyin getty > 11450 1 11450 0 3 0x4086 ttyin getty > 29694 1 29694 0 3 0x4084 ttyin getty > 23640 1 23640 0 3 0x84 select cron > 22403 1 3885 0 3 0x4086 pause sh > 3116 1 3116 0 3 0x84 select sshd > 3249 1 3249 0 3 0x184 pause inetd > --db_more-- > 1040 1 1040 66 3 0x184 nanosleep smtpfwdd > 21906 1 21906 67 3 0x184 select httpd > 23912 1 23912 0 3 0x40184 select sendmail > 26860 1 26860 0 3 0x84 poll dhcpd > 21916 1 21916 0 3 0x84 bpf pflogd > 26954 1 26954 0 2 0x84 syslogd > 32553 1 32553 0 3 0x84 poll dhclient > 8 0 0 0 3 0x100204 apmev apm0 > 7 0 0 0 3 0x100204 crypto_wa crypto > 6 0 0 0 3 0x100204 aiodoned aiodoned > 5 0 0 0 3 0x100204 syncer update > 4 0 0 0 3 0x100204 cleaner cleaner > 3 0 0 0 3 0x100204 reaper reaper > 2 0 0 0 3 0x100204 pgdaemon pagedaemon > 1 0 1 0 3 0x4084 wait init > 0 -1 0 0 3 0x80204 scheduler swapper > >
