Re: ipfilter causing kernel panic in FreeBSD 6.1
This is a discussion on Re: ipfilter causing kernel panic in FreeBSD 6.1 within the IPFilter forums, part of the System Security and Security Related category; Steve Clark wrote: > Hi Darren, > > I am now getting the following panic: > > Fatal trap 12: ...
|
|||||||
| FAQ | Members List | Calendar | Search | Today's Posts | Mark Forums Read |
02-07-2008
|
|||
|
|||
Re: ipfilter causing kernel panic in FreeBSD 6.1
Steve Clark wrote:
> Hi Darren, > > I am now getting the following panic: > > Fatal trap 12: page fault while in kernel mode > cpuid = 0; apic id = 00 > fault virtual address = 0x1c > fault code = supervisor write, page not present > instruction pointer = 0x20:0xc06404ba > stack pointer = 0x28:0xc75169f8 > frame pointer = 0x28:0xc75169f8 > code segment = base 0x0, limit 0xfffff, type 0x1b > = DPL 0, pres 1, def32 1, gran 1 > processor eflags = interrupt enabled, resume, IOPL = 0 > current process = 13 (swi1: net) > trap number = 12 > panic: page fault > cpuid = 0 > Uptime: 1h4m48s > Dumping 111 MB (2 chunks) > chunk 0: 1MB (159 pages) ... ok > chunk 1: 111MB (28400 pages) 95 79 63 47 31 15 > > #0 doadump () at pcpu.h:165 > 165 __asm __volatile("movl %%fs:0,%0" : "=r" (td)); > (kgdb) add-symbol-file > /mnt/src/ip_fil4.1.26/BSD/FreeBSD-6.1-STABLE-i386/ipf.ko 0xc0b3b084 > add symbol table from file > "/mnt/src/ip_fil4.1.26/BSD/FreeBSD-6.1-STABLE-i386/ipf.ko" at > .text_addr = 0xc0b3b084 > (y or n) y > Reading symbols from > /mnt/src/ip_fil4.1.26/BSD/FreeBSD-6.1-STABLE-i386/ipf.ko...done. > (kgdb) bt > #0 doadump () at pcpu.h:165 > #1 0xc06492b2 in boot (howto=260) at ../../../kern/kern_shutdown.c:409 > #2 0xc06495d9 in panic (fmt=0xc0910386 "%s") at > ./../../kern/kern_shutdown.c:565 > #3 0xc082d99c in trap_fatal (frame=0xc75169b8, eva=28) at > ./../../i386/i386/trap.c:837 > #4 0xc082d6db in trap_pfault (frame=0xc75169b8, usermode=0, eva=28) > at ../../../i386/i386/trap.c:745 > #5 0xc082d335 in trap (frame= > {tf_fs = 8, tf_es = 40, tf_ds = 40, tf_edi = 0, tf_esi = > -1061813396, tf_ebp = -950965768, tf_isp = -950965788, tf_ebx = > -1032953240, tf_edx = -1048515968, tf_ecx = 0, tf_eax = 4, tf_trapno = > 12, tf_err = 2, tf_eip = -1067187014, tf_cs = 32, tf_eflags = 590466, > tf_esp = -950965720, tf_ss = -1061944816}) at > ./../../i386/i386/trap.c:435 > #6 0xc08198fa in calltrap () at ../../../i386/i386/exception.s:139 > #7 0xc06404ba in _mtx_lock_flags (m=0x0, opts=0, file=0xc0b5a16f > "../../fil.c", line=5222) at atomic.h:146 > #8 0xc0b40210 in fr_movequeue (tqe=0xc26e6268, oifq=0x0, > nifq=0xc0b6036c) at ../../fil.c:5222 > #9 0xc0b4d81b in fr_tcp_age (tqe=0xc26e6268, fin=0x4, tqtab=0x4, > flags=0, seqnext=0) at ../../ip_state.c:3605 > #10 0xc0b468aa in nat_update (fin=0xc7516b40, nat=0xc26e6200, > np=0xc94d76c) at ../../ip_nat.c:3666 ... Not unexpected. See below for the patch I should have sent you the first time. Darren Index: ip_nat.c ================================================== ================= RCS file: /devel/CVS/IP-Filter/ip_nat.c,v retrieving revision 2.195.2.105 diff -c -r2.195.2.105 ip_nat.c *** ip_nat.c 21 Dec 2007 23:03:24 -0000 2.195.2.105 --- ip_nat.c 7 Feb 2008 01:41:35 -0000 *************** *** 2587,2593 **** nat->nat_ptr = np; nat->nat_p = fin->fin_p; nat->nat_mssclamp = np->in_mssclamp; ! if (nat->nat_p == IPPROTO_TCP) nat->nat_seqnext[0] = ntohl(tcp->th_seq); if ((np->in_apr != NULL) && ((ni->nai_flags & NAT_SLAVE) == 0)) --- 2587,2593 ---- nat->nat_ptr = np; nat->nat_p = fin->fin_p; nat->nat_mssclamp = np->in_mssclamp; ! if (nat->nat_p == IPPROTO_TCP && tcp != NULL) nat->nat_seqnext[0] = ntohl(tcp->th_seq); if ((np->in_apr != NULL) && ((ni->nai_flags & NAT_SLAVE) == 0)) *************** *** 3678,3704 **** ifq2 = NULL; if (nat->nat_p == IPPROTO_TCP && ifq2 == NULL) { ! u_32_t end, ack; ! u_char tcpflags; ! tcphdr_t *tcp; ! int dsize; ! tcp = fin->fin_dp; ! tcpflags = tcp->th_flags; ! dsize = fin->fin_dlen - (TCP_OFF(tcp) << 2) + ! ((tcpflags & TH_SYN) ? 1 : 0) + ! ((tcpflags & TH_FIN) ? 1 : 0); ! ack = ntohl(tcp->th_ack); ! end = ntohl(tcp->th_seq) + dsize; ! if (SEQ_GT(ack, nat->nat_seqnext[1 - fin->fin_rev])) ! nat->nat_seqnext[1 - fin->fin_rev] = ack; ! if (nat->nat_seqnext[fin->fin_rev] == 0) ! nat->nat_seqnext[fin->fin_rev] = end; ! (void) fr_tcp_age(&nat->nat_tqe, fin, nat_tqb, 0); } else { if (ifq2 == NULL) { if (nat->nat_p == IPPROTO_UDP) --- 3678,3706 ---- ifq2 = NULL; if (nat->nat_p == IPPROTO_TCP && ifq2 == NULL) { ! if (!fin->fin_off) { ! u_32_t end, ack; ! u_char tcpflags; ! tcphdr_t *tcp; ! int dsize; ! tcp = fin->fin_dp; ! tcpflags = tcp->th_flags; ! dsize = fin->fin_dlen - (TCP_OFF(tcp) << 2) + ! ((tcpflags & TH_SYN) ? 1 : 0) + ! ((tcpflags & TH_FIN) ? 1 : 0); ! ack = ntohl(tcp->th_ack); ! end = ntohl(tcp->th_seq) + dsize; ! if (SEQ_GT(ack, nat->nat_seqnext[1 - fin->fin_rev])) ! nat->nat_seqnext[1 - fin->fin_rev] = ack; ! if (nat->nat_seqnext[fin->fin_rev] == 0) ! nat->nat_seqnext[fin->fin_rev] = end; ! (void) fr_tcp_age(&nat->nat_tqe, fin, nat_tqb, 0); ! } } else { if (ifq2 == NULL) { if (nat->nat_p == IPPROTO_UDP) 
|
Linear Mode
