[Bug 185633] [pf] scrubbing bug in transparent mode bug with bigger than MTU UDP packet
bugzilla-noreply at freebsd.org
bugzilla-noreply at freebsd.org
Wed May 6 09:08:52 UTC 2015
https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=185633
--- Comment #2 from olivier at cochard.me ---
Same problem on -current r282520:
- Corrupted reassembled packet outgoing the bridge
- Crash
As example, a simple big ping:
ping -c 1 -s 1500 10.0.0.3
Produce this tcpdump output on the INCOMING PF-bridge interface:
[root at R2]~# tcpdump -pni em0
tcpdump: verbose output suppressed, use -v or -vv for full protocol decode
listening on em0, link-type EN10MB (Ethernet), capture size 262144 bytes
11:03:41.790409 IP 10.0.0.1 > 10.0.0.3: ICMP echo request, id 62723, seq 0,
length 1480
11:03:41.790434 IP 10.0.0.1 > 10.0.0.3: ip-proto-1
But produce this tcpdump output on the OUTGOING PF-bridge interface:
[root at R2]~# tcpdump -pni em1
tcpdump: verbose output suppressed, use -v or -vv for full protocol decode
listening on em1, link-type EN10MB (Ethernet), capture size 262144 bytes
11:03:54.863303 20:00:40:01:df:91 > 45:00:05:dc:61:8c, ethertype Unknown
(0x0a00), length 1500:
0x0000: 0001 0a00 0003 0800 3b06 f703 0000 5549 ........;.....UI
0x0010: f51b 0001 c0ed 0809 0a0b 0c0d 0e0f 1011 ................
0x0020: 1213 1415 1617 1819 1a1b 1c1d 1e1f 2021 ...............!
0x0030: 2223 2425 2627 2829 2a2b 2c2d 2e2f 3031 "#$%&'()*+,-./01
0x0040: 3233 3435 3637 3839 3a3b 3c3d 3e3f 4041 23456789:;<=>?@A
0x0050: 4243 4445 4647 4849 4a4b 4c4d 4e4f 5051 BCDEFGHIJKLMNOPQ
0x0060: 5253 5455 5657 5859 5a5b 5c5d 5e5f 6061 RSTUVWXYZ[\]^_`a
0x0070: 6263 6465 6667 6869 6a6b 6c6d 6e6f 7071 bcdefghijklmnopq
0x0080: 7273 7475 7677 7879 7a7b 7c7d 7e7f 8081 rstuvwxyz{|}~...
0x0090: 8283 8485 8687 8889 8a8b 8c8d 8e8f 9091 ................
0x00a0: 9293 9495 9697 9899 9a9b 9c9d 9e9f a0a1 ................
0x00b0: a2a3 a4a5 a6a7 a8a9 aaab acad aeaf b0b1 ................
0x00c0: b2b3 b4b5 b6b7 b8b9 babb bcbd bebf c0c1 ................
0x00d0: c2c3 c4c5 c6c7 c8c9 cacb cccd cecf d0d1 ................
0x00e0: d2d3 d4d5 d6d7 d8d9 dadb dcdd dedf e0e1 ................
0x00f0: e2e3 e4e5 e6e7 e8e9 eaeb eced eeef f0f1 ................
0x0100: f2f3 f4f5 f6f7 f8f9 fafb fcfd feff 0001 ................
0x0110: 0203 0405 0607 0809 0a0b 0c0d 0e0f 1011 ................
0x0120: 1213 1415 1617 1819 1a1b 1c1d 1e1f 2021 ...............!
0x0130: 2223 2425 2627 2829 2a2b 2c2d 2e2f 3031 "#$%&'()*+,-./01
0x0140: 3233 3435 3637 3839 3a3b 3c3d 3e3f 4041 23456789:;<=>?@A
0x0150: 4243 4445 4647 4849 4a4b 4c4d 4e4f 5051 BCDEFGHIJKLMNOPQ
0x0160: 5253 5455 5657 5859 5a5b 5c5d 5e5f 6061 RSTUVWXYZ[\]^_`a
0x0170: 6263 6465 6667 6869 6a6b 6c6d 6e6f 7071 bcdefghijklmnopq
0x0180: 7273 7475 7677 7879 7a7b 7c7d 7e7f 8081 rstuvwxyz{|}~...
0x0190: 8283 8485 8687 8889 8a8b 8c8d 8e8f 9091 ................
0x01a0: 9293 9495 9697 9899 9a9b 9c9d 9e9f a0a1 ................
0x01b0: a2a3 a4a5 a6a7 a8a9 aaab acad aeaf b0b1 ................
0x01c0: b2b3 b4b5 b6b7 b8b9 babb bcbd bebf c0c1 ................
0x01d0: c2c3 c4c5 c6c7 c8c9 cacb cccd cecf d0d1 ................
0x01e0: d2d3 d4d5 d6d7 d8d9 dadb dcdd dedf e0e1 ................
0x01f0: e2e3 e4e5 e6e7 e8e9 eaeb eced eeef f0f1 ................
0x0200: f2f3 f4f5 f6f7 f8f9 fafb fcfd feff 0001 ................
0x0210: 0203 0405 0607 0809 0a0b 0c0d 0e0f 1011 ................
0x0220: 1213 1415 1617 1819 1a1b 1c1d 1e1f 2021 ...............!
0x0230: 2223 2425 2627 2829 2a2b 2c2d 2e2f 3031 "#$%&'()*+,-./01
0x0240: 3233 3435 3637 3839 3a3b 3c3d 3e3f 4041 23456789:;<=>?@A
0x0250: 4243 4445 4647 4849 4a4b 4c4d 4e4f 5051 BCDEFGHIJKLMNOPQ
0x0260: 5253 5455 5657 5859 5a5b 5c5d 5e5f 6061 RSTUVWXYZ[\]^_`a
0x0270: 6263 6465 6667 6869 6a6b 6c6d 6e6f 7071 bcdefghijklmnopq
0x0280: 7273 7475 7677 7879 7a7b 7c7d 7e7f 8081 rstuvwxyz{|}~...
0x0290: 8283 8485 8687 8889 8a8b 8c8d 8e8f 9091 ................
0x02a0: 9293 9495 9697 9899 9a9b 9c9d 9e9f a0a1 ................
0x02b0: a2a3 a4a5 a6a7 a8a9 aaab acad aeaf b0b1 ................
0x02c0: b2b3 b4b5 b6b7 b8b9 babb bcbd bebf c0c1 ................
0x02d0: c2c3 c4c5 c6c7 c8c9 cacb cccd cecf d0d1 ................
0x02e0: d2d3 d4d5 d6d7 d8d9 dadb dcdd dedf e0e1 ................
0x02f0: e2e3 e4e5 e6e7 e8e9 eaeb eced eeef f0f1 ................
0x0300: f2f3 f4f5 f6f7 f8f9 fafb fcfd feff 0001 ................
0x0310: 0203 0405 0607 0809 0a0b 0c0d 0e0f 1011 ................
0x0320: 1213 1415 1617 1819 1a1b 1c1d 1e1f 2021 ...............!
0x0330: 2223 2425 2627 2829 2a2b 2c2d 2e2f 3031 "#$%&'()*+,-./01
0x0340: 3233 3435 3637 3839 3a3b 3c3d 3e3f 4041 23456789:;<=>?@A
0x0350: 4243 4445 4647 4849 4a4b 4c4d 4e4f 5051 BCDEFGHIJKLMNOPQ
0x0360: 5253 5455 5657 5859 5a5b 5c5d 5e5f 6061 RSTUVWXYZ[\]^_`a
0x0370: 6263 6465 6667 6869 6a6b 6c6d 6e6f 7071 bcdefghijklmnopq
0x0380: 7273 7475 7677 7879 7a7b 7c7d 7e7f 8081 rstuvwxyz{|}~...
0x0390: 8283 8485 8687 8889 8a8b 8c8d 8e8f 9091 ................
0x03a0: 9293 9495 9697 9899 9a9b 9c9d 9e9f a0a1 ................
0x03b0: a2a3 a4a5 a6a7 a8a9 aaab acad aeaf b0b1 ................
0x03c0: b2b3 b4b5 b6b7 b8b9 babb bcbd bebf c0c1 ................
0x03d0: c2c3 c4c5 c6c7 c8c9 cacb cccd cecf d0d1 ................
0x03e0: d2d3 d4d5 d6d7 d8d9 dadb dcdd dedf e0e1 ................
0x03f0: e2e3 e4e5 e6e7 e8e9 eaeb eced eeef f0f1 ................
0x0400: f2f3 f4f5 f6f7 f8f9 fafb fcfd feff 0001 ................
0x0410: 0203 0405 0607 0809 0a0b 0c0d 0e0f 1011 ................
0x0420: 1213 1415 1617 1819 1a1b 1c1d 1e1f 2021 ...............!
0x0430: 2223 2425 2627 2829 2a2b 2c2d 2e2f 3031 "#$%&'()*+,-./01
0x0440: 3233 3435 3637 3839 3a3b 3c3d 3e3f 4041 23456789:;<=>?@A
0x0450: 4243 4445 4647 4849 4a4b 4c4d 4e4f 5051 BCDEFGHIJKLMNOPQ
0x0460: 5253 5455 5657 5859 5a5b 5c5d 5e5f 6061 RSTUVWXYZ[\]^_`a
0x0470: 6263 6465 6667 6869 6a6b 6c6d 6e6f 7071 bcdefghijklmnopq
0x0480: 7273 7475 7677 7879 7a7b 7c7d 7e7f 8081 rstuvwxyz{|}~...
0x0490: 8283 8485 8687 8889 8a8b 8c8d 8e8f 9091 ................
0x04a0: 9293 9495 9697 9899 9a9b 9c9d 9e9f a0a1 ................
0x04b0: a2a3 a4a5 a6a7 a8a9 aaab acad aeaf b0b1 ................
0x04c0: b2b3 b4b5 b6b7 b8b9 babb bcbd bebf c0c1 ................
0x04d0: c2c3 c4c5 c6c7 c8c9 cacb cccd cecf d0d1 ................
0x04e0: d2d3 d4d5 d6d7 d8d9 dadb dcdd dedf e0e1 ................
0x04f0: e2e3 e4e5 e6e7 e8e9 eaeb eced eeef f0f1 ................
0x0500: f2f3 f4f5 f6f7 f8f9 fafb fcfd feff 0001 ................
0x0510: 0203 0405 0607 0809 0a0b 0c0d 0e0f 1011 ................
0x0520: 1213 1415 1617 1819 1a1b 1c1d 1e1f 2021 ...............!
0x0530: 2223 2425 2627 2829 2a2b 2c2d 2e2f 3031 "#$%&'()*+,-./01
0x0540: 3233 3435 3637 3839 3a3b 3c3d 3e3f 4041 23456789:;<=>?@A
0x0550: 4243 4445 4647 4849 4a4b 4c4d 4e4f 5051 BCDEFGHIJKLMNOPQ
0x0560: 5253 5455 5657 5859 5a5b 5c5d 5e5f 6061 RSTUVWXYZ[\]^_`a
0x0570: 6263 6465 6667 6869 6a6b 6c6d 6e6f 7071 bcdefghijklmnopq
0x0580: 7273 7475 7677 7879 7a7b 7c7d 7e7f 8081 rstuvwxyz{|}~...
0x0590: 8283 8485 8687 8889 8a8b 8c8d 8e8f 9091 ................
0x05a0: 9293 9495 9697 9899 9a9b 9c9d 9e9f a0a1 ................
0x05b0: a2a3 a4a5 a6a7 a8a9 aaab acad aeaf b0b1 ................
0x05c0: b2b3 b4b5 b6b7 b8b9 babb bcbd bebf ..............
11:03:54.863318 00:b9:40:01:04:85 > 45:00:00:30:61:8c, ethertype Unknown
(0x0a00), length 48:
0x0000: 0001 0a00 0003 c0c1 c2c3 c4c5 c6c7 c8c9 ................
0x0010: cacb cccd cecf d0d1 d2d3 d4d5 d6d7 d8d9 ................
0x0020: dadb ..
And when pushing multiple fragmented packets, it crash:
Fatal trap 12: page fault while in kernel mode
cpuid = 0; apic id = 00
fault virtual address = 0x1c
fault code = supervisor read data, page not present
instruction pointer = 0x20:0xffffffff81a14b13
stack pointer = 0x28:0xfffffe00003857f0
frame pointer = 0x28:0xfffffe0000385860
code segment = base 0x0, limit 0xfffff, type 0x1b
= DPL 0, pres 1, long 1, def32 0, gran 1
processor eflags = interrupt enabled, resume, IOPL = 0
current process = 0 (em0 taskq)
trap number = 12
panic: page fault
cpuid = 0
KDB: stack backtrace:
#0 0xffffffff808582c7 at kdb_backtrace+0x67
#1 0xffffffff808188a9 at vpanic+0x189
#2 0xffffffff80818713 at panic+0x43
#3 0xffffffff80be93d9 at trap_fatal+0x379
#4 0xffffffff80be970e at trap_pfault+0x31e
#5 0xffffffff80be8d51 at trap+0x461
#6 0xffffffff80bcc7b2 at calltrap+0x8
#7 0xffffffff81a150e7 at bridge_forward+0x2f7
#8 0xffffffff81a137cc at bridge_input+0x5dc
#9 0xffffffff809073b3 at ether_nh_input+0x2d3
#10 0xffffffff80910231 at netisr_dispatch_src+0x61
#11 0xffffffff80906ab6 at ether_input+0x26
#12 0xffffffff80902cda at if_input+0xa
#13 0xffffffff804734d0 at lem_rxeof+0x4c0
#14 0xffffffff80473b54 at lem_handle_rxtx+0x34
#15 0xffffffff8086b519 at taskqueue_run_locked+0x139
#16 0xffffffff8086c318 at taskqueue_thread_loop+0xc8
#17 0xffffffff807df92a at fork_exit+0x9a
Uptime: 6m18s
--
You are receiving this mail because:
You are the assignee for the bug.
More information about the freebsd-pf
mailing list