netbsd-bugs: kern/26853: ipnat's mssclamp is not working and finally crashes the kernel (2.0

Subject: kern/26853: ipnat's mssclamp is not working and finally crashes the kernel (2.0_BETA)
To: None <gnats-bugs@gnats.NetBSD.org>
From: None <kefren@netbsd.ro>
List: netbsd-bugs
Date: 09/05/2004 13:50:45

>Number:         26853
>Category:       kern
>Synopsis:       ipnat's mssclamp is not working and finally crashes the kernel
>Confidential:   no
>Severity:       critical
>Priority:       high
>Responsible:    kern-bug-people
>State:          open
>Class:          sw-bug
>Submitter-Id:   net
>Arrival-Date:   Sun Sep 05 11:24:00 UTC 2004
>Closed-Date:
>Last-Modified:
>Originator:     Mihai CHELARU
>Release:        NetBSD 2.0_BETA
>Organization:
	
>Environment:
	
	
System: NetBSD xxx.xxx.ro 2.0_BETA NetBSD 2.0_BETA (Kefren.MPBIOS) #3: Thu Jul 29 00:06:34 EEST 2004 root@xxx.xxx.ro:/usr/src/sys/arch/i386/compile/Kefren.MPBIOS i386
Architecture: i386
Machine: i386
>Description:
	
	First of all here is my ipnat.conf:

map bge0 from 193.28.151.0/26 to 10.0.0.0/8 -> 10.11.0.176/32 portmap tcp/udp 40000:60000 mssclamp 1200
map bge0 from 193.28.151.0/26 to 10.0.0.0/8 -> 10.11.0.176/32 mssclamp 1200


	The mssclamp is really NOT working. tcpdump on interfaces shows that 3-way handshaking is
negociating a 1460 MSS. I worked around this by routing thru a cisco and clearing DF bit. Btw, is
there any way to clear DF bit from ipf/ipnat ? I left this rules over night, and in the morning the
system was not responding on console. Kernel break worked and I 'reboot'. It says syncing disks and
nothing happened. After an hour same situation. This time I took a trace. System is 2.0_BETA, dual-proc
(if this matters).

db{0}> trace
cpu_Debugger(c035e000,0,400040,0,fffffffe) at netbsd:cpu_Debugger+0x4
comintr(c1738000,5,c1bc0010,30,10) at netbsd:comintr+0x6f2
Xintr_ioapic_edge4() at netbsd:Xintr_ioapic_edge4+0xa4
--- interrupt ---
nat_mssclamp(c1a84d48,4b0,cc03fab8,c1a84d58,c1a89c5b) at netbsd:nat_mssclamp+0x3
7
nat_proto(cc03fab8,c1bc7a00,1,c1a89c5b,cc03fab8) at netbsd:nat_proto+0x8b
fr_natout(cc03fab8,c1bc7a00,1,1,cc03fabf) at netbsd:fr_natout+0xd9
fr_checknatout(cc03fab8,cc03fab4,cc03fab8,d,c183ce00) at netbsd:fr_checknatout+0
xe6
fr_check(c1a84d34,14,c173c034,1,cc03fbd0) at netbsd:fr_check+0x444
fr_check_wrapper(0,cc03fbd0,c173c034,2,5) at netbsd:fr_check_wrapper+0x56
pfil_run_hooks(c03a8a60,cc03fc4c,c173c034,2,c1ced140) at netbsd:pfil_run_hooks+0
x5b
ip_output(c1a84d00,0,c03a8a84,1,0) at netbsd:ip_output+0x483
ip_forward(c1a84d00,0,33,41,40100) at netbsd:ip_forward+0x16a
ip_input(c1a84d00,400042,0,7,0) at netbsd:ip_input+0x273
ipintr(10,30,cddb0010,cc030010,cc03c000) at netbsd:ipintr+0x7c
DDB lost frame for netbsd:Xsoftnet+0x48, trying 0xcc03ff58
Xsoftnet() at netbsd:Xsoftnet+0x48
--- interrupt ---
0x246:
db{0}> sync
syncing disks...

And I pushed the reset button after a couple of minutes.

>How-To-Repeat:
	
>Fix:
	
>Release-Note:
>Audit-Trail:
>Unformatted: