kern/52074: -current npf map directive broken

To: kern-bug-people%netbsd.org@localhost,gnats-admin%netbsd.org@localhost,netbsd-bugs%netbsd.org@localhost
Subject: kern/52074: -current npf map directive broken
From: kardel%netbsd.org@localhost
Date: Tue, 14 Mar 2017 22:50:00 +0000 (UTC)

>Number:         52074
>Category:       kern
>Synopsis:       -current npf map directive broken
>Confidential:   no
>Severity:       serious
>Priority:       high
>Responsible:    kern-bug-people
>State:          open
>Class:          sw-bug
>Submitter-Id:   net
>Arrival-Date:   Tue Mar 14 22:50:00 +0000 2017
>Originator:     kardel%netbsd.org@localhost
>Release:        NetBSD 7.99.65
>Organization:
	
>Environment:
	
	
System: NetBSD Gateway 7.99.65 NetBSD 7.99.65 (GATEWAY) #9: Tue Mar 14 09:27:38 CET 2017 kardel@xxx:/fs/raid2a/src/NetBSD/cur/src/obj.i386/sys/arch/i386/compile/GATEWAY i386
Architecture: i386
Machine: i386
>Description:
	/etc/npf.conf
	map tun0 dynamic 127.0.0.1 port smtp <- 10.x.y.z port smtp

	This used to currectly intercept and reroute to localhost:smtp in 7.99.16
	Now replied reply packets bear the source address 127.0.0.1 instead of 10.x.y.z.
	These packets travel happily through the tunnel to be dropped at the other side...

	This is a regression against 7.99.16 or some later time,
	It is also unlikely that the "man npf.conf map <-" example will still work.

	Additionally a panic was triggered during and /etc/rc.d/npf reload.
uvm_fault(0xc60dd018, 0, 2) -> 0xe
fatal page fault in supervisor mode
trap type 6 code 2 eip db9cda2c cs 8 eflags 10246 cr2 0 ilevel 0 esp c563c200
curlwp 0xc60242a0 pid 13351 lid 1 lowest kstack 0xdcf5c2c0
panic: trap
cpu1: Begin traceback...
vpanic(c0cb26d0,dcf5ebe0,dcf5ec5c,c0117302,c0cb26d0,dcf5ec68,dcf5ec68,1,dcf5c2c0,10246) at netbsd:vpanic+0x121
snprintf(c0cb26d0,dcf5ec68,dcf5ec68,1,dcf5c2c0,10246,0,0,c563c200,0) at netbsd:snprintf
trap_tss() at netbsd:trap_tss
--- trap via task gate ---
0:
cpu1: End traceback...

dumping to dev 0,9 offset 8
dump uvm_fault(0xc0faa880, 0xdb80f000, 2) -> 0xd
fatal page fault in supervisor mode
trap type 6 code 3 eip c011160c cs 8 eflags 10246 cr2 db80fdc0 ilevel 8 esp c0f68040
curlwp 0xc60242a0 pid 13351 lid 1 lowest kstack 0xdcf5c2c0
Skipping crash dump on recursive panic
panic: trap
cpu1: Begin traceback...
vpanic(c0cb26d0,dcf5ea70,dcf5eaec,c0117302,c0cb26d0,dcf5eaf8,dcf5eaf8,1,dcf5c2c0,10246) at netbsd:vpanic+0x121
snprintf(c0cb26d0,dcf5eaf8,dcf5eaf8,1,dcf5c2c0,10246,db80fdc0,8,c0f68040,0) at netbsd:snprintf
trap_tss() at netbsd:trap_tss
--- trap via task gate ---
1:
cpu1: End traceback...
rebooting...

>How-To-Repeat:
	Take a recent -current (20170312) and try to redirect a connection.
	See that the new destination address is used as source fr the reply
	packets instead of the orginal destination address,

>Fix:
	n/a

>Unformatted:

Prev by Date: Re: bin/51839 ([PATCH] tests/lib/libm/t_scalbn: reset errno to 0 before calling scalbn*)
Next by Date: Re: kern/52070: Keyboard freeze after using touchpad
Previous by Thread: port-evbarm/52073: Attempting to write to onboard eMMC of BeagleBone Black results in errors
Next by Thread: Re: kern/52074: -current npf map directive broken
Indexes:

Home | Main Index | Thread Index | Old Index