NetBSD-Bugs archive

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]

kern/47607: npf tables cause panic



>Number:         47607
>Category:       kern
>Synopsis:       npf tables cause panic
>Confidential:   no
>Severity:       serious
>Priority:       low
>Responsible:    kern-bug-people
>State:          open
>Class:          sw-bug
>Submitter-Id:   net
>Arrival-Date:   Sat Mar 02 15:00:01 +0000 2013
>Originator:     Gary Bainbridge
>Release:        6.1_RC1
>Organization:
>Environment:
NetBSD dsg12.net0.intranet 6.1_RC1 NetBSD 6.1_RC1 (GENERIC) amd64
>Description:
When trying to load a tree table using dynamic or file it panics:

printf_nolog() at netbsd:printf_nolog
startlwp() at netbsd:startup
alltraps() at netbsd:alltraps+0x96
compat_50_iflist() at netbsd:compat_50_iflist+0x9f0
ptree_insert_mask_node() at netbsd:ptree_insert_mask_node+0x8a
npf_table_insert() at npf:npf_table_insert+0x12b
npf_mk_tables.clone.0() at npf:npf_mk_tables.clone.0+0x16d
npfctl_reload() at npf:npfctl_reload+0x166
VOP_IOCTL() at netbsd:VOP_IOCTL+0x3b
vn_ioctl() at netbsd_vn_ioctl+0x76 
sys_ioctl() at netbsd:sys_ioctl+0x13c
syscall() at netbsd:syscall+0xc4
cpu3: End traceback...

Below is the config file which works.  However, as indicated above, if the 
tables are uncommented it panics.  I have tried "table <1> type tree dynamic" 
and it boots and starts, but when I try to add entries with "npfctl table 1 add 
x.x.x.x/xx" it panics.  I was able to load tables successfully in 6.0 and 6.0.1.
$ext_if = ifnet(re0)
$int_if = ifnet(axe0)
$dmz_if = ifnet(aue0)

#table <1> type tree file "/etc/rfc1918"
#table <2> type tree file "/etc/blockedcountryips.conf"

procedure "log" {
        log: npflog0
}

procedure "rid" {
        normalise: "random-id", "min-ttl" 64
}

group (name "external", interface $ext_if) {
        block all
}

group (name "internal", interface $int_if) {
        block all
}

group (name "dmz", interface $dmz_if) {
        block all
}

group (default) {
        pass final on lo0 all
        block all apply "log"
}
Also, when I added one entry using "npfctl table 1 add 192.168.0.0/16" it was 
successful, but the next entry I tried to add "npfctl table 1 add 
172.16.0.0/12" caused a panic.  npf.conf had "table <1> type tree dynamic".


>How-To-Repeat:
In npf.conf:
table <1> type tree file "/etc/rfc1918"
then /etc/rc.d/npf stop; /etc/rc.d/npf start and it will panic

or

in npf.conf:
table <1> type tree dynamic

then /etc/rc.d/npf stop; /etc/rc.d/npf start and run npfctl table 1 add 
192.168.0.0/16 and it adds to the table, but npfctl table 1 add 172.16.0.0/12 
causes a panic.
>Fix:
Worked in 6.0 release and 6.0.1



Home | Main Index | Thread Index | Old Index