Re: natd core dumping with bus error
On Thu, Jul 04, 2002 at 09:20:38AM -0500, Richard Seaman, Jr. wrote: On Tue, Jul 02, 2002 at 06:04:36PM -0700, Joel M. Baldwin wrote: Something has messed up natd. If I don't have the punch_fw option in the /etc/natd.conf file it eventuially core dumps with a bus error. I think this started JUST BEFORE the KSE commit. Yes, I've seen the same thing on a pre-KSE kernel. The error occurs in PunchFWHole in alias_db.c in libalias. Reverting the following commit seems to fix it (I haven't had a chance to investigate further): luigi 2002/06/27 16:02:18 PDT Modified files: sbin/ipfwMakefile sys/netinet ip_dummynet.c ip_fw.h sys/conf files lib/libalias alias_db.c Added files: sbin/ipfwipfw2.c sys/netinet ip_fw2.c Log: The new ipfw code. I upgraded my pre-KSE kernel and system to the latest versions of these files, and recompiled natd, ipfw, libalias, and the kernel. natd is now stable. The firewall rules appear to be working correctly as well (I started temporarily logging most packets, and the log files show that the packets are accepted/denied as indicated by the rules I gave it). -- Richard Seaman, Jr.email:[EMAIL PROTECTED] 5182 N. Maple Lane phone:262-367-5450 Nashotah WI 53058fax:262-367-5852 To Unsubscribe: send mail to [EMAIL PROTECTED] with unsubscribe freebsd-current in the body of the message
Re: natd core dumping with bus error
Could you clarify the problem ? I believe the problem appears when you _do_ use punch_fw, otherwise the modified code is never called. cheers luigi On Thu, Jul 04, 2002 at 09:20:38AM -0500, Richard Seaman, Jr. wrote: On Tue, Jul 02, 2002 at 06:04:36PM -0700, Joel M. Baldwin wrote: Something has messed up natd. If I don't have the punch_fw option in the /etc/natd.conf file it eventuially core dumps with a bus error. I think this started JUST BEFORE the KSE commit. Yes, I've seen the same thing on a pre-KSE kernel. The error occurs in PunchFWHole in alias_db.c in libalias. Reverting the following commit seems to fix it (I haven't had a chance to investigate further): luigi 2002/06/27 16:02:18 PDT Modified files: sbin/ipfwMakefile sys/netinet ip_dummynet.c ip_fw.h sys/conf files lib/libalias alias_db.c Added files: sbin/ipfwipfw2.c sys/netinet ip_fw2.c Log: The new ipfw code. -- Richard Seaman, Jr.email:[EMAIL PROTECTED] 5182 N. Maple Lane phone:262-367-5450 Nashotah WI 53058fax:262-367-5852 To Unsubscribe: send mail to [EMAIL PROTECTED] with unsubscribe freebsd-current in the body of the message
Re: natd core dumping with bus error
I started out without punch_fw. natd was core dumping on me. I eventually figured out that if I added punch_fw in, natd no longer core dumped. I've left it in, things seem to work better anyway with it in. I've put a core dump file at http://outel.org/natd.core Here is my original message: Something has messed up natd. If I don't have the punch_fw option in the /etc/natd.conf file it eventuially core dumps with a bus error. I think this started JUST BEFORE the KSE commit. /etc/natd.conf: ( note that this works. comment out the punch_fw option and it core dumps) use_sockets yes same_ports yes unregistered_only yes interface rl0 punch_fw5000:50 natd stuff in /etc/rc.conf: natd_enable=YES natd_flags=-f /etc/natd.conf natd_interface=rl0 # rl0-external ifc : fxp0-internal ifc ipfw list: ( this is the SIMPLE firewall type rules with the addition of rules 400 and 500 ) 00100 allow ip from any to any via lo0 00200 deny ip from any to 127.0.0.0/8 00300 deny ip from 127.0.0.0/8 to any 00400 allow tcp from any to any via fxp0 00500 allow udp from any to any via fxp0 00600 deny ip from 192.168.1.0/24 to any in via rl0 00700 deny ip from 168.150.177.152 to any in via fxp0 00800 deny ip from any to 10.0.0.0/8 via rl0 00900 deny ip from any to 172.16.0.0/12 via rl0 01000 deny ip from any to 192.168.0.0/16 via rl0 01100 deny ip from any to 0.0.0.0/8 via rl0 01200 deny ip from any to 169.254.0.0/16 via rl0 01300 deny ip from any to 192.0.2.0/24 via rl0 01400 deny ip from any to 224.0.0.0/4 via rl0 01500 deny ip from any to 240.0.0.0/4 via rl0 01600 divert 8668 ip from any to any via rl0 01700 deny ip from 10.0.0.0/8 to any via rl0 01800 deny ip from 172.16.0.0/12 to any via rl0 01900 deny ip from 192.168.0.0/16 to any via rl0 02000 deny ip from 0.0.0.0/8 to any via rl0 02100 deny ip from 169.254.0.0/16 to any via rl0 02200 deny ip from 192.0.2.0/24 to any via rl0 02300 deny ip from 224.0.0.0/4 to any via rl0 02400 deny ip from 240.0.0.0/4 to any via rl0 02500 allow tcp from any to any established 02600 allow ip from any to any frag 02700 allow tcp from any to 168.150.177.152 25 setup 02800 allow tcp from any to 168.150.177.152 53 setup 02900 allow udp from any to 168.150.177.152 53 03000 allow udp from 168.150.177.152 53 to any 03100 allow tcp from any to 168.150.177.152 80 setup 03200 deny log tcp from any to any in via rl0 setup 03300 allow tcp from any to any setup 03400 allow udp from 168.150.177.152 to any 53 keep-state 65535 deny ip from any to any gdb traceback: su-2.05# gdb -c natd.core /sbin/natd GNU gdb 5.2.0 (FreeBSD) 20020627 Copyright 2002 Free Software Foundation, Inc. GDB is free software, covered by the GNU General Public License, and you are welcome to change it and/or distribute copies of it under certain conditions. Type show copying to see the conditions. There is absolutely no warranty for GDB. Type show warranty for details. This GDB was configured as i386-undermydesk-freebsd...(no debugging symbols found)... Core was generated by `natd'. Program terminated with signal 10, Bus error. # 0 0x08050c27 in ?? () (gdb) bt # 0 0x08050c27 in ?? () # 1 0x0804f0f0 in ?? () # 2 0x0804f0a6 in ?? () # 3 0x080503b5 in ?? () # 4 0x0804b489 in ?? () # 5 0x08048b38 in ?? () # 6 0x080487ee in ?? () # 7 0x08048131 in ?? () (gdb) If you need something else to diagnose this let me know and I'll do whatever I can to help. --On Monday, July 08, 2002 2:26 AM -0700 Luigi Rizzo [EMAIL PROTECTED] wrote: Could you clarify the problem ? I believe the problem appears when you _do_ use punch_fw, otherwise the modified code is never called. cheers luigi On Thu, Jul 04, 2002 at 09:20:38AM -0500, Richard Seaman, Jr. wrote: On Tue, Jul 02, 2002 at 06:04:36PM -0700, Joel M. Baldwin wrote: Something has messed up natd. If I don't have the punch_fw option in the /etc/natd.conf file it eventuially core dumps with a bus error. I think this started JUST BEFORE the KSE commit. Yes, I've seen the same thing on a pre-KSE kernel. The error occurs in PunchFWHole in alias_db.c in libalias. Reverting the following commit seems to fix it (I haven't had a chance to investigate further): luigi 2002/06/27 16:02:18 PDT Modified files: sbin/ipfwMakefile sys/netinet ip_dummynet.c ip_fw.h sys/conf files lib/libalias alias_db.c Added files: sbin/ipfwipfw2.c sys/netinet ip_fw2.c Log: The new ipfw code. -- Richard Seaman, Jr.email:[EMAIL PROTECTED] 5182 N. Maple Lane phone:262-367-5450 Nashotah WI 53058fax:262-367-5852 To Unsubscribe: send mail to [EMAIL PROTECTED] with unsubscribe freebsd-current in the body of the message
Re: natd core dumping with bus error
you have turned on nat enable yes in ppp.conf, and but you havn't turned ip_foward on in sysctl, so core dumped. David Xu - Original Message - From: Richard Seaman, Jr. [EMAIL PROTECTED] To: Luigi Rizzo [EMAIL PROTECTED] Cc: Joel M. Baldwin [EMAIL PROTECTED]; [EMAIL PROTECTED] Sent: Monday, July 08, 2002 7:12 PM Subject: Re: natd core dumping with bus error On Mon, Jul 08, 2002 at 02:26:10AM -0700, Luigi Rizzo wrote: Could you clarify the problem ? I believe the problem appears when you _do_ use punch_fw, otherwise the modified code is never called. cheers luigi I did not have punch_fw enabled when I encountered the problem. I created a debug version of natd (but not libalias) and saw that the bus error was in PunchFWHole. Since I didn't have a debug version of libalias, I can't tell you what line. Perhaps PunchFWHole is being called when its not supposed to be, with bad values? -- Richard Seaman, Jr.email:[EMAIL PROTECTED] 5182 N. Maple Lane phone:262-367-5450 Nashotah WI 53058fax:262-367-5852 To Unsubscribe: send mail to [EMAIL PROTECTED] with unsubscribe freebsd-current in the body of the message __ Do You Yahoo!? Sign up for SBC Yahoo! Dial - First Month Free http://sbc.yahoo.com To Unsubscribe: send mail to [EMAIL PROTECTED] with unsubscribe freebsd-current in the body of the message
Re: natd core dumping with bus error
On Mon, Jul 08, 2002 at 07:08:58AM -0700, David Xu wrote: you have turned on nat enable yes in ppp.conf, and but you havn't turned ip_foward on in sysctl, so core dumped. David Xu Well, I'm not running ppp, and never indicated I was. I'm running natd. # sysctl -a | grep forward net.inet.ip.forwarding: 1 net.inet.ip.fastforwarding: 0 net.inet6.ip6.forwarding: 0 Everything works fine with pre new-ipfw, and has for years. Same rules, same configuration, and with new ipfw, core dump. -- Richard Seaman, Jr.email:[EMAIL PROTECTED] 5182 N. Maple Lane phone:262-367-5450 Nashotah WI 53058fax:262-367-5852 To Unsubscribe: send mail to [EMAIL PROTECTED] with unsubscribe freebsd-current in the body of the message
Re: natd core dumping with bus error
--On Monday, July 08, 2002 9:18 AM -0500 Richard Seaman, Jr. [EMAIL PROTECTED] wrote: On Mon, Jul 08, 2002 at 07:08:58AM -0700, David Xu wrote: you have turned on nat enable yes in ppp.conf, and but you havn't turned ip_foward on in sysctl, so core dumped. David Xu Well, I'm not running ppp, and never indicated I was. I'm running natd. # sysctl -a | grep forward net.inet.ip.forwarding: 1 net.inet.ip.fastforwarding: 0 net.inet6.ip6.forwarding: 0 Everything works fine with pre new-ipfw, and has for years. Same rules, same configuration, and with new ipfw, core dump. Same scenario here with a cvsup build from about 16:00 GMT yesterday. Defining #NO_FW_PUNCH (primarily for libalias) and placing a #ifndef NO_FW_PUNCH around the code in natd.c:SetupPunchFWHole fixed the problem for me. I can look into this further near the end of this week. -- Kenn Martin [EMAIL PROTECTED] voice/fax: 877 594 3375 To Unsubscribe: send mail to [EMAIL PROTECTED] with unsubscribe freebsd-current in the body of the message
Re: natd core dumping with bus error
On Mon, Jul 08, 2002 at 09:07:39AM -0700, Joel M. Baldwin wrote: I'll have to ditto that. no ppp, just natd, and sysctl stuff is set as listed below. Without the punch-fw directive in /etc/natd.conf, natd will core dump. I just verified that without the directive it core dumps. The problem still exits. It isn't an instant dump, it runs for a while. Right. Typically 30secs - 5 mins before it dumped. And when I ran natd in verbose mode, it showed quite a few packets in and out before it dumped. -- Richard Seaman, Jr.email:[EMAIL PROTECTED] 5182 N. Maple Lane phone:262-367-5450 Nashotah WI 53058fax:262-367-5852 To Unsubscribe: send mail to [EMAIL PROTECTED] with unsubscribe freebsd-current in the body of the message
Re: natd core dumping with bus error
ok, there is a good PR on this one with a reasonable fix: http://www.freebsd.org/cgi/query-pr.cgi?pr=40331 I am going to commit this and a few other fixes tonight. cheers luigi On Mon, Jul 08, 2002 at 11:28:15AM -0500, Richard Seaman, Jr. wrote: On Mon, Jul 08, 2002 at 09:07:39AM -0700, Joel M. Baldwin wrote: I'll have to ditto that. no ppp, just natd, and sysctl stuff is set as listed below. Without the punch-fw directive in /etc/natd.conf, natd will core dump. I just verified that without the directive it core dumps. The problem still exits. It isn't an instant dump, it runs for a while. Right. Typically 30secs - 5 mins before it dumped. And when I ran natd in verbose mode, it showed quite a few packets in and out before it dumped. -- Richard Seaman, Jr.email:[EMAIL PROTECTED] 5182 N. Maple Lane phone:262-367-5450 Nashotah WI 53058fax:262-367-5852 To Unsubscribe: send mail to [EMAIL PROTECTED] with unsubscribe freebsd-current in the body of the message
Re: natd core dumping with bus error
Hello, Yes, I've seen the same thing on a pre-KSE kernel. The error occurs in PunchFWHole in alias_db.c in libalias. Reverting the following commit seems to fix it (I haven't had a chance to investigate further): ... sys/netinet ip_fw.h Reverting only this file and recompiling libalias and natd fixes the natd breakage for me. However, I was seeing some possible side effect of this (see my earlier mail about deny rules not working in ipfw) but I am not sure since I have at least one other report of this. -- Regards: Szilveszter ADAM Szombathely Hungary To Unsubscribe: send mail to [EMAIL PROTECTED] with unsubscribe freebsd-current in the body of the message
Re: natd core dumping with bus error
Here, if I enable nat yes in /etc/ppp/ppp.conf and forget to turn net.inet.ip.forwarding on, ppp will core dump in several minutes. David Xu --- Richard Seaman, Jr. [EMAIL PROTECTED] wrote: On Mon, Jul 08, 2002 at 07:08:58AM -0700, David Xu wrote: you have turned on nat enable yes in ppp.conf, and but you havn't turned ip_foward on in sysctl, so core dumped. David Xu Well, I'm not running ppp, and never indicated I was. I'm running natd. # sysctl -a | grep forward net.inet.ip.forwarding: 1 net.inet.ip.fastforwarding: 0 net.inet6.ip6.forwarding: 0 Everything works fine with pre new-ipfw, and has for years. Same rules, same configuration, and with new ipfw, core dump. -- Richard Seaman, Jr.email:[EMAIL PROTECTED] 5182 N. Maple Lane phone:262-367-5450 Nashotah WI 53058fax:262-367-5852 __ Do You Yahoo!? Sign up for SBC Yahoo! Dial - First Month Free http://sbc.yahoo.com To Unsubscribe: send mail to [EMAIL PROTECTED] with unsubscribe freebsd-current in the body of the message
Re: natd core dumping with bus error
On Tue, Jul 02, 2002 at 06:04:36PM -0700, Joel M. Baldwin wrote: Something has messed up natd. If I don't have the punch_fw option in the /etc/natd.conf file it eventuially core dumps with a bus error. I think this started JUST BEFORE the KSE commit. Yes, I've seen the same thing on a pre-KSE kernel. The error occurs in PunchFWHole in alias_db.c in libalias. Reverting the following commit seems to fix it (I haven't had a chance to investigate further): luigi 2002/06/27 16:02:18 PDT Modified files: sbin/ipfwMakefile sys/netinet ip_dummynet.c ip_fw.h sys/conf files lib/libalias alias_db.c Added files: sbin/ipfwipfw2.c sys/netinet ip_fw2.c Log: The new ipfw code. -- Richard Seaman, Jr.email:[EMAIL PROTECTED] 5182 N. Maple Lane phone:262-367-5450 Nashotah WI 53058fax:262-367-5852 To Unsubscribe: send mail to [EMAIL PROTECTED] with unsubscribe freebsd-current in the body of the message
Re: natd core dumping with bus error
On Thu, Jul 04, 2002 at 09:20:38AM -0500, Richard Seaman, Jr. wrote: On Tue, Jul 02, 2002 at 06:04:36PM -0700, Joel M. Baldwin wrote: Something has messed up natd. If I don't have the punch_fw option in the /etc/natd.conf file it eventuially core dumps with a bus error. I think this started JUST BEFORE the KSE commit. Yes, I've seen the same thing on a pre-KSE kernel. The error occurs in PunchFWHole in alias_db.c in libalias. Reverting the following commit seems to fix it (I haven't had a chance to investigate further): I will look into it later this week if Luigi does not beat me to it. luigi 2002/06/27 16:02:18 PDT Modified files: sbin/ipfwMakefile sys/netinet ip_dummynet.c ip_fw.h sys/conf files lib/libalias alias_db.c Added files: sbin/ipfwipfw2.c sys/netinet ip_fw2.c Log: The new ipfw code. -- Richard Seaman, Jr.email:[EMAIL PROTECTED] 5182 N. Maple Lane phone:262-367-5450 Nashotah WI 53058fax:262-367-5852 To Unsubscribe: send mail to [EMAIL PROTECTED] with unsubscribe freebsd-current in the body of the message -- Ruslan Ermilov Sysadmin and DBA, [EMAIL PROTECTED] Sunbay Software AG, [EMAIL PROTECTED] FreeBSD committer, +380.652.512.251Simferopol, Ukraine http://www.FreeBSD.org The Power To Serve http://www.oracle.com Enabling The Information Age msg40468/pgp0.pgp Description: PGP signature
natd core dumping with bus error
Something has messed up natd. If I don't have the punch_fw option in the /etc/natd.conf file it eventuially core dumps with a bus error. I think this started JUST BEFORE the KSE commit. /etc/natd.conf: ( note that this works. comment out the punch_fw option and it core dumps) use_sockets yes same_ports yes unregistered_only yes interface rl0 punch_fw5000:50 natd stuff in /etc/rc.conf: natd_enable=YES natd_flags=-f /etc/natd.conf natd_interface=rl0# rl0-external ifc : fxp0-internal ifc ipfw list: ( this is the SIMPLE firewall type rules with the addition of rules 400 and 500 ) 00100 allow ip from any to any via lo0 00200 deny ip from any to 127.0.0.0/8 00300 deny ip from 127.0.0.0/8 to any 00400 allow tcp from any to any via fxp0 00500 allow udp from any to any via fxp0 00600 deny ip from 192.168.1.0/24 to any in via rl0 00700 deny ip from 168.150.177.152 to any in via fxp0 00800 deny ip from any to 10.0.0.0/8 via rl0 00900 deny ip from any to 172.16.0.0/12 via rl0 01000 deny ip from any to 192.168.0.0/16 via rl0 01100 deny ip from any to 0.0.0.0/8 via rl0 01200 deny ip from any to 169.254.0.0/16 via rl0 01300 deny ip from any to 192.0.2.0/24 via rl0 01400 deny ip from any to 224.0.0.0/4 via rl0 01500 deny ip from any to 240.0.0.0/4 via rl0 01600 divert 8668 ip from any to any via rl0 01700 deny ip from 10.0.0.0/8 to any via rl0 01800 deny ip from 172.16.0.0/12 to any via rl0 01900 deny ip from 192.168.0.0/16 to any via rl0 02000 deny ip from 0.0.0.0/8 to any via rl0 02100 deny ip from 169.254.0.0/16 to any via rl0 02200 deny ip from 192.0.2.0/24 to any via rl0 02300 deny ip from 224.0.0.0/4 to any via rl0 02400 deny ip from 240.0.0.0/4 to any via rl0 02500 allow tcp from any to any established 02600 allow ip from any to any frag 02700 allow tcp from any to 168.150.177.152 25 setup 02800 allow tcp from any to 168.150.177.152 53 setup 02900 allow udp from any to 168.150.177.152 53 03000 allow udp from 168.150.177.152 53 to any 03100 allow tcp from any to 168.150.177.152 80 setup 03200 deny log tcp from any to any in via rl0 setup 03300 allow tcp from any to any setup 03400 allow udp from 168.150.177.152 to any 53 keep-state 65535 deny ip from any to any gdb traceback: su-2.05# gdb -c natd.core /sbin/natd GNU gdb 5.2.0 (FreeBSD) 20020627 Copyright 2002 Free Software Foundation, Inc. GDB is free software, covered by the GNU General Public License, and you are welcome to change it and/or distribute copies of it under certain conditions. Type show copying to see the conditions. There is absolutely no warranty for GDB. Type show warranty for details. This GDB was configured as i386-undermydesk-freebsd...(no debugging symbols found)... Core was generated by `natd'. Program terminated with signal 10, Bus error. #0 0x08050c27 in ?? () (gdb) bt #0 0x08050c27 in ?? () #1 0x0804f0f0 in ?? () #2 0x0804f0a6 in ?? () #3 0x080503b5 in ?? () #4 0x0804b489 in ?? () #5 0x08048b38 in ?? () #6 0x080487ee in ?? () #7 0x08048131 in ?? () (gdb) If you need something else to diagnose this let me know and I'll do whatever I can to help. To Unsubscribe: send mail to [EMAIL PROTECTED] with unsubscribe freebsd-current in the body of the message
