PATCH: ip_input.c, ip_output.c, ipfw.8

Ian FREISLICH if at hetzner.co.za
Wed Mar 10 03:26:53 PST 2004


> > I've needed to get a copy of packets before the firewall potentially
> > drops them or passes them to dummynet, but I still want the firewall
> > to process the packets as normal and not just accept them.
> >=20
> > Here's a patch to fix the bug.  If all is in order, please commit
> > it otherwise let me know how and what I should change so that it can
> > be committed.  It would also be nice if it can be MFC'd.
> 
> First of all, please file a PR to avoid this to be forgotten/lost/etc.
> 
> The diff looks okay to me from a first glance, but it needs a closer look
> and testing (CC'ed ipfw).
>
> As for MFC'ing: I am afraid that this is only possible (in such an easy way)
> since we removed MT_TAGs lately. I am not sure if that is something that
> will be merged.

Oh, well.  This patch was merged from stable where it works and the
current ip_input/output code looked so similar that I thought it
would just work there too.  My current machine paniced after sending
the second copy of the packet (and the packet was delivered) with
a ruleset similar to:

1 tee 5000 ip from me to b
2 divert 5000 ip from me to b
3 permit ip from any to any

I'll have to figure out what the problem is and send a patch that
works for current.  I'm pretty sure this patch is on the right track
though.

Ian

--
Ian Freislich


FWIW, here's a copy of the panic message:

Fatal trap 12: page fault while in kernel mode
cpuid = 1; apic id = 01
fault virtual address   = 0xc
fault code              = supervisor read, page not present
instruction pointer     = 0x8:0xc052e2c0
stack pointer           = 0x10:0xd35ffadc
frame pointer           = 0x10:0xd35ffaf4
code segment            = base 0x0, limit 0xfffff, type 0x1b
                        = DPL 0, pres 1, def32 1, gran 1
processor eflags        = interrupt enabled, resume, IOPL = 0
current process         = 610 (sshd)
trap number             = 12
panic: page fault
at line 819 in file ../../../i386/i386/trap.c
cpuid = 1; 
Stack backtrace:
backtrace(c0658818,1,333,c06766a4,100) at backtrace+0x17
__panic(c06766a4,333,c065405f,c06764fc,1) at __panic+0x15d
trap_fatal(d35ffa9c,c,1,0,c3dc6690) at trap_fatal+0x376
trap_pfault(d35ffa9c,0,c,c0fc4be0,c) at trap_pfault+0x242
trap(c3df0018,d35f0010,c0520010,50,0) at trap+0x30d
calltrap() at calltrap+0x5
--- trap 0xc, eip = 0xc052e2c0, esp = 0xd35ffadc, ebp = 0xd35ffaf4 ---
m_copydata(c0fdaf00,250,50,c0fd9274,4) at m_copydata+0x20
tcp_output(c3c8ca2c,c0fd9000,0,c3dc6690,0) at tcp_output+0x70a
tcp_usr_send(c3c70780,0,c0fd9000,0,0) at tcp_usr_send+0x1bd
sosend(c3c70780,0,d35ffc80,c0fd9000,0) at sosend+0x43d
soo_write(c3bf2770,d35ffc80,c3bf5d00,0,c3dc6690) at soo_write+0x97
dofilewrite(c3dc6690,c3bf2770,4,8082000,50) at dofilewrite+0xfb
write(c3dc6690,d35ffd14,c,d35ffd3c,3) at write+0x6e
syscall(2f,2f,2f,8073dc8,50) at syscall+0x320
Xint0x80_syscall() at Xint0x80_syscall+0x1d
--- syscall (4), eip = 0x282f976f, esp = 0xbfbfe4ec, ebp = 0xbfbfe508 ---
boot() called on cpu#1

syncing disks, buffers remaining... 1599 


More information about the freebsd-ipfw mailing list