Re: 12.2 Splay Tree ipfw potential panic source

Reply: Stefan Esser : "[PATCH] Re: 12.2 Splay Tree ipfw potential panic source"
In reply to: Karl Denninger : "Re: 12.2 Splay Tree ipfw potential panic source"
Go to: [ bottom of page ] [ top of archives ] [ this month ]

From: Stefan Esser <se_at_freebsd.org>
Date: Sat, 10 Jul 2021 08:23:04 UTC

Am 10.07.21 um 04:41 schrieb Karl Denninger:
> Ok, so I have good news and bad news.
> 
> I have the trap and it is definitely in libalias which appears to come about as
> a result of a NAT translation attempt.
> 
> Fatal trap 18: integer divide fault while in kernel mode
[...]
> HouseKeeping() at HouseKeeping+0x1c/frame 0xfffffe0017b6b320

The divide by zero at one of the first instructions of HouseKeeping()
seems to be caused by this line:

/sys/netinet/libalias/alias_db.c:1753:

        if (packets % packet_limit == 0) {

Seems that packet_limit can become zero, there ...

At line 1780 within that function:

      		if (now != LibAliasTime) {
                        /* retry three times a second */
                        packet_limit = packets / 3;
                        packets = 0;
                        LibAliasTime = now;
                }

The static variable packet limit is divided by 3 without any
protection against going down to 0.

A packet_limit of zero makes no sense (besides causing a divide
by zero abort), therefore this value should probably have a lower
limit of 1.

Maybe that
                        packet_limit = packets / 3 + 1;

would give an acceptably close result in all cases.

Else enforce a minimum value of 1 after the division:

                        packet_limit = packets / 3;
                        if (packet_limit == 0)
                                packet_limit = 1;
Or just:
                        packet_limit = packets >= 3 ? packets / 3 : 1;

Regards, STefan