From nobody Wed Feb 15 20:41:52 2023 X-Original-To: net@mlmmj.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mlmmj.nyi.freebsd.org (Postfix) with ESMTP id 4PH93j11WHz3rKFm for ; Wed, 15 Feb 2023 20:41:53 +0000 (UTC) (envelope-from bugzilla-noreply@freebsd.org) Received: from mxrelay.nyi.freebsd.org (mxrelay.nyi.freebsd.org [IPv6:2610:1c1:1:606c::19:3]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256 client-signature RSA-PSS (4096 bits) client-digest SHA256) (Client CN "mxrelay.nyi.freebsd.org", Issuer "R3" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 4PH93h5npQz3G9s for ; Wed, 15 Feb 2023 20:41:52 +0000 (UTC) (envelope-from bugzilla-noreply@freebsd.org) ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim; t=1676493712; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references; bh=oDMVGz9EaElYcUvy6Nvl380qaV9a8r6OUMnAp9ydztI=; b=wCpYdnpQ5LpWuH+07h3I+ZRh77xDD1zbLC2Zo9nJXd2zkL+kWcL+I0vRZTsS3FHVCM54jM Jwhmb47whCuHOtBslG+ZY8U+kxltFDD09FTrljfDcL0INZiTl3wN8/uhXQ4O/Xs4kjBc3r RKceCePqbA5CLB8VIvJM2wqebyjvMiOudKmcf4sDF2UP869pvw2RDkF5jfjsx9SLn4PCgN AK3lDT2Ldf8o6Kp7SYFuJGSYo0NxiEPpJJBdRRVRUWLOa5pwzQ5le/9TQNuU7rWRMUNO0x jHsdLwWWMUJby58PjNU47XL7sr6SpIzyW9UNuNAGfthNVAGFhUi+KT3BZW2v1A== ARC-Authentication-Results: i=1; mx1.freebsd.org; none ARC-Seal: i=1; s=dkim; d=freebsd.org; t=1676493712; a=rsa-sha256; cv=none; b=nbxZMcCmSNwMLDvSHV5JGVYO0Qv1zhaEApoBtGtcGuykeZnXRsepI5cYB7EtJDqu8OYvw0 uyjY07WVX2jukMeE1YPsV5hhKRgIh+Ux5fyNEcVCOwTQqsq5twBs0wZ9//Olut72C5U40j i39LGeEVFPnA23daaRfkaXL6X+AdZEDLgI0U4WFgpiNUkPeL+bvEfs0/TEHcP7SM2XfXNM MGLyy8GdodyaSQTre4mC7RXp9r89qW6jaomXDJS7Ebo4rICbCSI//jjPVOsfv1lZ084/fO HAejBEFMY9WpUWF1T0pYHgokmAbctZ2yXAHO/yT7ZBKcXcXIOt1NAohOkfYNbw== Received: from kenobi.freebsd.org (kenobi.freebsd.org [IPv6:2610:1c1:1:606c::50:1d]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256) (Client did not present a certificate) by mxrelay.nyi.freebsd.org (Postfix) with ESMTPS id 4PH93h4tGtzdVs for ; Wed, 15 Feb 2023 20:41:52 +0000 (UTC) (envelope-from bugzilla-noreply@freebsd.org) Received: from kenobi.freebsd.org ([127.0.1.5]) by kenobi.freebsd.org (8.15.2/8.15.2) with ESMTP id 31FKfqnq055637 for ; Wed, 15 Feb 2023 20:41:52 GMT (envelope-from bugzilla-noreply@freebsd.org) Received: (from www@localhost) by kenobi.freebsd.org (8.15.2/8.15.2/Submit) id 31FKfq9X055636 for net@FreeBSD.org; Wed, 15 Feb 2023 20:41:52 GMT (envelope-from bugzilla-noreply@freebsd.org) X-Authentication-Warning: kenobi.freebsd.org: www set sender to bugzilla-noreply@freebsd.org using -f From: bugzilla-noreply@freebsd.org To: net@FreeBSD.org Subject: [Bug 268246] crash and panic using pfsync on 13.1-RELEASE Date: Wed, 15 Feb 2023 20:41:52 +0000 X-Bugzilla-Reason: AssignedTo X-Bugzilla-Type: changed X-Bugzilla-Watch-Reason: None X-Bugzilla-Product: Base System X-Bugzilla-Component: kern X-Bugzilla-Version: 13.1-RELEASE X-Bugzilla-Keywords: crash, needs-qa X-Bugzilla-Severity: Affects Some People X-Bugzilla-Who: kp@freebsd.org X-Bugzilla-Status: In Progress X-Bugzilla-Resolution: X-Bugzilla-Priority: --- X-Bugzilla-Assigned-To: net@FreeBSD.org X-Bugzilla-Flags: X-Bugzilla-Changed-Fields: Message-ID: In-Reply-To: References: Content-Type: text/plain; charset="UTF-8" Content-Transfer-Encoding: quoted-printable X-Bugzilla-URL: https://bugs.freebsd.org/bugzilla/ Auto-Submitted: auto-generated List-Id: Networking and TCP/IP with FreeBSD List-Archive: https://lists.freebsd.org/archives/freebsd-net List-Help: List-Post: List-Subscribe: List-Unsubscribe: Sender: owner-freebsd-net@freebsd.org MIME-Version: 1.0 X-ThisMailContainsUnwantedMimeParts: N https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=3D268246 --- Comment #84 from Kristof Provost --- Ah, that's the same issue, but in the tmo function now. Try this: diff --git a/sys/netpfil/pf/if_pfsync.c b/sys/netpfil/pf/if_pfsync.c index 47c3217f399c..fd5be82367aa 100644 --- a/sys/netpfil/pf/if_pfsync.c +++ b/sys/netpfil/pf/if_pfsync.c @@ -102,6 +102,9 @@ __FBSDID("$FreeBSD$"); #include #include +#include +#include + #define PFSYNC_MINPKT ( \ sizeof(struct ip) + \ sizeof(struct pfsync_header) + \ @@ -1819,6 +1822,7 @@ pfsync_defer_tmo(void *arg) struct mbuf *m =3D pd->pd_m; struct pf_kstate *st =3D pd->pd_st; struct pfsync_bucket *b =3D pfsync_get_bucket(sc, st); + struct ip *ip; PFSYNC_BUCKET_LOCK_ASSERT(b); @@ -1833,9 +1837,14 @@ pfsync_defer_tmo(void *arg) pd->pd_st->state_flags &=3D ~PFSTATE_ACK; /* XXX: locking! */ if (pd->pd_refs =3D=3D 0) free(pd, M_PFSYNC); - PFSYNC_BUCKET_UNLOCK(b); + PFSYNC_BUCKET_UNLOCK(b); - ip_output(m, NULL, NULL, 0, NULL, NULL); + ip =3D mtod(m, struct ip *); + + if (ip->ip_v =3D=3D IPVERSION) + ip_output(m, NULL, NULL, 0, NULL, NULL); + else + ip6_output(m, NULL, NULL, 0, NULL, NULL, NULL); pf_release_state(st); @@ -2325,7 +2334,8 @@ pfsyncintr(void *arg) struct pfsync_softc *sc =3D arg; struct pfsync_bucket *b; struct mbuf *m, *n; - int c; + struct ip *ip; + int c, error; NET_EPOCH_ENTER(et); CURVNET_SET(sc->sc_ifp->if_vnet); @@ -2345,15 +2355,26 @@ pfsyncintr(void *arg) n =3D m->m_nextpkt; m->m_nextpkt =3D NULL; + ip =3D mtod(m, struct ip *); + /* * We distinguish between a deferral packet and our * own pfsync packet based on M_SKIP_FIREWALL * flag. This is XXX. */ - if (m->m_flags & M_SKIP_FIREWALL) - ip_output(m, NULL, NULL, 0, NULL, NULL); - else if (ip_output(m, NULL, NULL, IP_RAWOUTPUT, &sc->sc_imo, - NULL) =3D=3D 0) + if (m->m_flags & M_SKIP_FIREWALL) { + if (ip->ip_v =3D=3D IPVERSION) + error =3D ip_output(m, NULL, NULL, = 0, NULL, NULL); + else + error =3D ip6_output(m, NULL, NULL,= 0, NULL, NULL, NULL); + } else { + if (ip->ip_v =3D=3D IPVERSION) + error =3D ip_output(m, NULL, NULL, IP_RAWOUTPUT, &sc->sc_imo, + NULL); + else + error =3D ENOTSUP; // When we add pfsync over IPv6 + } + if (error =3D=3D 0) V_pfsyncstats.pfsyncs_opackets++; else V_pfsyncstats.pfsyncs_oerrors++; --=20 You are receiving this mail because: You are the assignee for the bug.=