>Number:         26947
>Category:       kern
>Synopsis:       ipf.conf line causes kernel panic
>Confidential:   no
>Severity:       serious
>Priority:       medium
>Responsible:    kern-bug-people
>State:          open
>Class:          sw-bug
>Submitter-Id:   net
>Arrival-Date:   Tue Sep 14 12:58:00 UTC 2004
>Closed-Date:
>Last-Modified:
>Originator:     Brett Lymn (Master of the Siren)
>Release:        NetBSD 2.0G
>Organization:
Brett Lymn
>Environment:
System: NetBSD siren 2.0G NetBSD 2.0G (SIREN.ACPI.MP) #0: Tue Sep 14 19:38:01 CST 2004 blymn@siren:/usr/src/sys/arch/amd64/compile/SIREN.ACPI.MP amd64
Architecture: x86_64
Machine: amd64
>Description:
	This, possibly syntactically incorrect, line in ipf.conf will
cause a kernel panic - looks like a null dereference in frrequest():

pass out log quick on pppoe0 keep state keep frags

Sorry there is no kernel core dump - I was unable to capture one.

>How-To-Repeat:
	run "ipf -E -Fa -f -" and paste the above line in, hit control-d,
the kernel should panic immediately.

>Fix:
	No fix offered...sorry.
>Release-Note:
>Audit-Trail:
>Unformatted: