Subject: kern/25223: ftp proxy in ipnat causes panic
To: None <gnats-bugs@gnats.NetBSD.org>
From: None <aniou@smutek.pl>
List: netbsd-bugs
Date: 04/18/2004 11:42:12
>Number:         25223
>Category:       kern
>Synopsis:       ftp proxy in ipnat causes panic
>Confidential:   no
>Severity:       critical
>Priority:       high
>Responsible:    kern-bug-people
>State:          open
>Class:          sw-bug
>Submitter-Id:   net
>Arrival-Date:   Sun Apr 18 11:43:00 UTC 2004
>Closed-Date:
>Last-Modified:
>Originator:     Piotr Meyer
>Release:        NetBSD-2.0_BETA
>Organization:
>Environment:
NetBSD drop 2.0_BETA NetBSD 2.0_BETA (DROP) #4: Sun Apr 18 12:17:25 CEST 2004  root@czyzyk.smutek.pl:/usr/src/sys/arch/i386/compile/DROP i386

>Description:
Simple router with PPP connection and two ethernets. Some ftp sites (ok, I found one at this time) causes panic on router when NATed client try to connect. Example:

[client]
$ ftp ftp://ftp.iso.pld-linux.org/2.0/
Connected to ftp.iso.pld-linux.org.
220  Server ready.
331 Anonymous login ok, send your complete email address as your password.
230-
230-****************************************************************

(session hangs)

[router]
panic: m_copydata
Stopped at      netbsd:cpu_Debugger+0x4:        leave
db> bt
cpu_Debugger(25ead800,6f2,5f95fa7,c0587e00,0) at netbsd:cpu_Debugger+0x4
panic(c02b1138,5,ba87c,0,3e9fd1b3) at netbsd:panic+0x11d
m_cat(0,0,28,c0587e64,a2ca) at netbsd:m_cat
ipllog(0,c035dce0,c035dc18,c035dc10,c035dc08) at netbsd:ipllog+0x1cb
ipflog(c035dce0,40009011,c035dca8,0,0) at netbsd:ipflog+0x167
fr_dolog(c035dce0,c035dcdc,c035dce0,d,c057b800) at netbsd:fr_dolog+0x8b
fr_check(c04cf438,14,c0318180,0,c035ddf8) at netbsd:fr_check+0x214
fr_check_wrapper(0,c035ddf8,c0318180,1,c04cf400) at netbsd:fr_check_wrapper+0x56

pfil_run_hooks(c03068a0,c035de60,c0318180,1,c04cf800) at netbsd:pfil_run_hooks+0
x5b
ip_input(c04cf400,c04d2d20,0,c0100e1c,0) at netbsd:ip_input+0x74f
ipintr(36af0010,30,5f90010,10,c035a000) at netbsd:ipintr+0x71
DDB lost frame for netbsd:Xsoftnet+0x40, trying 0xc035de80
Xsoftnet() at netbsd:Xsoftnet+0x40
--- interrupt ---
0x246:

router's config:

# cat /etc/ipnat.conf
map ppp0 192.168.7.0/24 -> 0/32 proxy port ftp ftp/tcp
map ppp0 192.168.7.0/24 -> 0/32 portmap tcp/udp 20000:30000
map ppp0 192.168.7.0/24 -> 0/32

after commenting out first line in /etc/ipnat.conf (map ... proxy ...)
all working fine:

[client]
$ ftp ftp://ftp.iso.pld-linux.org/2.0/
Connected to ftp.iso.pld-linux.org.
220  Server ready.
331 Anonymous login ok, send your complete email address as your password.
230-
230-****************************************************************
230-  ___ _    ___
230- | _ \ |  |   \
230- |  _/ |__| |) | Linux Project
230- |_| |____|___/  ISO FTP Archive
230-
[snip]

Kernel and core are available under:
http://smutek.pl/~aniou/netbsd.gdb.gz
http://smutek.pl/~aniou/netbsd.1.core.gz

>How-To-Repeat:
Create config with NAT ftp proxy and try connect to: ftp://ftp.iso.pld-linux.org/2.0/.
>Fix:

>Release-Note:
>Audit-Trail:
>Unformatted: