netbsd-bugs: kern/25868: Bringing up an interface freezes the system when IPFilter is enabled

Subject: kern/25868: Bringing up an interface freezes the system when IPFilter is enabled
To: None <gnats-bugs@gnats.NetBSD.org>
From: Matthias Scheler <tron@colwyn.zhadum.de>
List: netbsd-bugs
Date: 06/08/2004 09:23:40

>Number:         25868
>Category:       kern
>Synopsis:       Bringing up an interface freezes the system when IPFilter is enabled
>Confidential:   no
>Severity:       serious
>Priority:       medium
>Responsible:    kern-bug-people
>State:          open
>Class:          sw-bug
>Submitter-Id:   net
>Arrival-Date:   Tue Jun 08 07:24:00 UTC 2004
>Closed-Date:
>Last-Modified:
>Originator:     Matthias Scheler
>Release:        NetBSD 2.0_BETA 2004-05-30 sources
>Organization:
Matthias Scheler                                  http://scheler.de/~matthias/
>Environment:
System: NetBSD ivanova.zhadum.de 2.0_BETA NetBSD 2.0_BETA (IVANOVA) #0: Sun May 30 19:54:35 CEST 2004 tron@lyssa.zhadum.de:/src/sys/compile/IVANOVA sparc
Architecture: sparc
Machine: sparc

>Description:
My firewall a SPARCstation LX running NetBSD 2.0_BETA didn't come back up
when I had to reboot this morning. It always frooze when activating the
PPPoE interface. I finally commented that interface out in "/etc/rc.conf"
and the system came up. Afterwards I tried to bring the PPPoE interface
up step by step. "ifconfig pppoe0 create" and "ipf -y" worked fine
but "/sbin/ifconfig le0 up" wedge the system completely and I had to
reboot. After the next reboot I tried "/sbin/ifconfig le0 up" as the
first command and the system frooze again. I booted into single user
mode, tried "/sbin/ifconfig le0 up" again and it worked. I booted into
multi user mode and tried to setup "pppoe0" again. This I could
completely configure the interface but when I tried to bring it up
with "ifconfig pppoe0 up" the system was dead again. I finally
deactivated "ipfilter" in "/etc/rc.conf", booted the system - it
came up fine with all interface activated - and started "ipfilter"
manually afterwards. The system is now working fine.

Here is a shortend version of my "ipf.conf":

pass in quick on hme0 from any to any
pass out quick on hme0 from any to any

pass in all
pass out all

block in log quick on le0 all
block out log quick on le0 all

block in log quick on pppoe0 from 10.0.0.0/8 to any
block in log quick on pppoe0 from 192.168.0.0/16 to any
block in log quick on pppoe0 from 172.16.0.0/12 to any
block in log quick on pppoe0 from 127.0.0.0/8 to any
block in log quick on pppoe0 from any to 127.0.0.0/8
block in log quick on pppoe0 from 213.146.107.0/29 to any
block in log quick on pppoe0 proto icmp from any to any icmp-type 13
block in log quick on pppoe0 proto icmp from any to any icmp-type 14
block return-rst in log on pppoe0 proto tcp from any to any port < 1024
block return-icmp(port-unr) in log on pppoe0 proto udp from any to any port < 1024

Note that both interfaces which caused trouble are mentioned in the
configuration.

>How-To-Repeat:
/etc/rc.d/ipfilter start
ifconfig le0 up

>Fix:
Starting IPFilter after all interface are up avoids the problem.

>Release-Note:
>Audit-Trail:
>Unformatted: