kern/87521: using ipfilter "auth" keyword leads to kernel fault

Bruce Walker bmw at borderware.com
Sun Oct 16 09:10:19 PDT 2005 

>Number:         87521
>Category:       kern
>Synopsis:       using ipfilter "auth" keyword leads to kernel fault
>Confidential:   no
>Severity:       serious
>Priority:       low
>Responsible:    freebsd-bugs
>State:          open
>Quarter:        
>Keywords:       
>Date-Required:
>Class:          sw-bug
>Submitter-Id:   current-users
>Arrival-Date:   Sun Oct 16 16:10:17 GMT 2005
>Closed-Date:
>Last-Modified:
>Originator:     Bruce Walker
>Release:        FreeBSD 6.0-BETA5 i386
>Organization:
Borderware Technologies Inc.
>Environment:
System: FreeBSD mxedge.home.wezel.com 6.0-BETA5 FreeBSD 6.0-BETA5 #0: Mon Sep 19 00:12:45 UTC 2005 root at x64.samsco.home:/usr/obj/usr/src/sys/GENERIC i386

System is a Portwell with three Realtek 10/100 interfaces.


Copyright (c) 1992-2005 The FreeBSD Project.
Copyright (c) 1979, 1980, 1983, 1986, 1988, 1989, 1991, 1992, 1993, 1994
	The Regents of the University of California. All rights reserved.
FreeBSD 6.0-BETA5 #0: Mon Sep 19 00:12:45 UTC 2005
    root at x64.samsco.home:/usr/obj/usr/src/sys/GENERIC
Timecounter "i8254" frequency 1193182 Hz quality 0
CPU: VIA C3 Nehemiah+RNG (997.46-MHz 686-class CPU)
  Origin = "CentaurHauls"  Id = 0x693  Stepping = 3
  Features=0x380b13d<FPU,DE,PSE,TSC,MSR,CX8,MTRR,PGE,CMOV,MMX,FXSR,SSE>
real memory  = 260046848 (248 MB)
avail memory = 245014528 (233 MB)
npx0: [FAST]
npx0: <math processor> on motherboard
npx0: INT 16 interface
cpu0 on motherboard
pcib0: <Host to PCI bridge> pcibus 0 on motherboard
pir0: <PCI Interrupt Routing Table: 12 Entries> on motherboard
pci0: <PCI bus> on pcib0
agp0: <VIA 8601 (Apollo ProMedia/PLE133Ta) host to PCI bridge> mem 0xe0000000-0xe3ffffff at device 0.0 on pci0
pcib1: <PCI-PCI bridge> at device 1.0 on pci0
pci1: <PCI bus> on pcib1
pci1: <display, VGA> at device 0.0 (no driver attached)
isab0: <PCI-ISA bridge> at device 7.0 on pci0
isa0: <ISA bus> on isab0
atapci0: <VIA 82C686B UDMA100 controller> port 0x1f0-0x1f7,0x3f6,0x170-0x177,0x376,0xd000-0xd00f at device 7.1 on pci0
ata0: <ATA channel 0> on atapci0
ata1: <ATA channel 1> on atapci0
uhci0: <VIA 83C572 USB controller> port 0xd400-0xd41f irq 10 at device 7.2 on pci0
uhci0: [GIANT-LOCKED]
usb0: <VIA 83C572 USB controller> on uhci0
usb0: USB revision 1.0
uhub0: VIA UHCI root hub, class 9/0, rev 1.00/1.00, addr 1
uhub0: 2 ports with 2 removable, self powered
pci0: <bridge> at device 7.4 (no driver attached)
re0: <RealTek 8139C+ 10/100BaseTX> port 0xdc00-0xdcff mem 0xe7000000-0xe70000ff irq 5 at device 9.0 on pci0
miibus0: <MII bus> on re0
rlphy0: <RealTek internal media interface> on miibus0
rlphy0:  10baseT, 10baseT-FDX, 100baseTX, 100baseTX-FDX, auto
re0: Ethernet address: 00:90:fb:04:5a:7e
re1: <RealTek 8139C+ 10/100BaseTX> port 0xe000-0xe0ff mem 0xe7001000-0xe70010ff irq 10 at device 10.0 on pci0
miibus1: <MII bus> on re1
rlphy1: <RealTek internal media interface> on miibus1
rlphy1:  10baseT, 10baseT-FDX, 100baseTX, 100baseTX-FDX, auto
re1: Ethernet address: 00:90:fb:04:5a:7d
re2: <RealTek 8139C+ 10/100BaseTX> port 0xe400-0xe4ff mem 0xe7002000-0xe70020ff irq 11 at device 11.0 on pci0
miibus2: <MII bus> on re2
rlphy2: <RealTek internal media interface> on miibus2
rlphy2:  10baseT, 10baseT-FDX, 100baseTX, 100baseTX-FDX, auto
re2: Ethernet address: 00:90:fb:04:5a:7c
pmtimer0 on isa0
orm0: <ISA Option ROMs> at iomem 0xc0000-0xcbfff,0xcc000-0xcffff on isa0
atkbdc0: <Keyboard controller (i8042)> at port 0x60,0x64 on isa0
atkbd0: <AT Keyboard> irq 1 on atkbdc0
kbd0 at atkbd0
atkbd0: [GIANT-LOCKED]
ppc0: parallel port not found.
sc0: <System console> at flags 0x100 on isa0
sc0: VGA <16 virtual consoles, flags=0x300>
sio0 at port 0x3f8-0x3ff irq 4 flags 0x10 on isa0
sio0: type 16550A
sio1 at port 0x2f8-0x2ff irq 3 on isa0
sio1: type 16550A
vga0: <Generic ISA VGA> at port 0x3c0-0x3df iomem 0xa0000-0xbffff on isa0
unknown: <PNP0303> can't assign resources (port)
unknown: <PNP0c01> can't assign resources (memory)
unknown: <PNP0c02> can't assign resources (memory)
unknown: <PNP0501> can't assign resources (port)
unknown: <PNP0501> can't assign resources (port)
uhub1: Mitsumi Electric Hub in Apple Extended USB Keyboard, class 9/0, rev 1.10/4.10, addr 2
uhub1: 3 ports with 2 removable, bus powered
ukbd0: Mitsumi Electric Apple Extended USB Keyboard, rev 1.10/4.10, addr 3, iclass 3/1
kbd1 at ukbd0
uhid0: Mitsumi Electric Apple Extended USB Keyboard, rev 1.10/4.10, addr 3, iclass 3/1
Timecounter "TSC" frequency 997463205 Hz quality 800
Timecounters tick every 1.000 msec
acd0: CDROM <ASUS CD-S400/A/V2.0S> at ata0-master UDMA33
ad2: 19077MB <IBM DJSA-220 JS4OAC2A> at ata1-master UDMA66
Trying to mount root from ufs:/dev/ad2s1a
IP Filter: v4.1.8 initialized.  Default = pass all, Logging = enabled
re0: promiscuous mode enabled
re1: promiscuous mode enabled

>Description:
	Attempting to use the ipfilter (ipf) "auth" filter match.  With
	that rule installed, if a packet matching that rule is received,
	a kernel fault occurs.  I am using the GENERIC installed kernel,
	bridging module is installed, ipf is enabled.

	I verified that general networking and bridging work fine,
	and other ipf filter rules work fine too.

>How-To-Repeat:
	
[rc.conf]
	ifconfig_re0="inet 192.168.131.3  netmask 255.255.255.0"
	defaultrouter="192.168.131.5"
	ipfilter_enable="YES"
	ipmon_enable="YES"

[rc.local]
	kldload -v bridge
	sysctl -w net.link.ether.bridge.enable=1
	sysctl -w net.link.ether.bridge.ipf=1
	sysctl -w net.link.ether.bridge.config=re0,re1

[ipf.rules]
	pass in from any to any
	pass out from any to any
	block return-icmp-as-dest(port-unr) in log on re0 proto tcp from any to any port = 23
	auth in on re0 proto tcp from any to any port = 23 flags S keep state

Then try to telnet through (or to) the bridge.

>Fix:

	


>Release-Note:
>Audit-Trail:
>Unformatted:

More information about the freebsd-bugs mailing list