netbsd-help: Bug in ipfilter / kernel?

Subject: Bug in ipfilter / kernel?
To: None <netbsd-help@netbsd.org>
From: Christoph Dietzschold <cd@hoerbe.net>
List: netbsd-help
Date: 10/01/2004 18:25:42
Hi folks,

I'm sure that this is not the correct mailinglist, but before announcing a 
bug I would like to ask for your opinion/help, may be it is just a 
configuration error :)

I just did some network-configuration on my Netbsd 2.0 -RC1 box and got a 
strange feature. Restarting the network after configuring a new ipv6 alias 
for the gif0 interface, the /etc/rc.d/network restart command didn't finish.

An Errorcode, shown below was displayed on the Screen

uvm_fault (0xcc7389e0. 0x5f666000,0,1)-> 0xe
kernel: page fault trap, code=0
stopped in pid 12134.1 (ifconfig) at netbsd: in6ifa_ifpforlinklocal +0x10:
m
ovl 0(%edx),%eax

The chronological order of events was

- editing the /etc/ipf.conf
- /etc/rc.d/ipfilter restart
- the configuration worked well
- editing /etc/ifconfig.gif0
- added an ipv6 alias
- /etc/rc.d/network restart

-> error

To workaround this, I disabled Ipfilter on boot and kicked the added line 
in ifconfig.gif0. After a reboot everything worked fine. (May be it is just 
an ipfilter problem)

The error is reproduceable by simply rebooting the machine or doing a 
/etc/rc.d/network start|restart

I had this problem a few days ago, but I must admit that I can't remember 
the oder of things I did that time.

Here some snips from my configuration.

/etc/rc.conf
[...]

ipv6mode=host
ipfilter=YES

[...]

/etc/ifconfig.fxp0

inet 212.8.218.66 netmask 255.255.255.240
alias 212.8.218.67 netmask 255.255.255.240
alias 212.8.218.68 netmask 255.255.255.240
alias 212.8.218.69 netmask 255.255.255.240

/etc/ifconfig.gif0

create
tunnel 212.8.218.66  <ip-tunendpoint>
inet6 alias 2001:ae0:23:2::1 prefixlen 64
#inet6 alias 2001:ae0:23:3::1 prefixlen 64
! route -n add -inet6 default -interface 2001:ae0:23:2::1

(the #line is the line I added before the error occured)

/etc/ipf.conf

block in all
pass out all

#SSH on main-ip

pass in from any to 212.8.218.66 port = 22

#backup
pass in from any to 212.8.218.67

#DNS

pass in from 212.8.197.2 to 212.8.218.66 port = 53
pass in from 212.8.197.3 to 212.8.218.66 port = 53
pass in from 212.12.48.37 to 212.8.218.66 port = 53

#HTTP

pass in from any to 212.8.218.67 port = 80
pass in from any to 212.8.218.67 port = 443

#Mail

pass in from any to 212.8.218.68 port = 25
pass in from any to 212.8.218.68 port = 110
pass in from any to 212.8.218.68 port = 143

#IPv6

#pass in proto ipv6 from any to 212.8.218.66
pass in from any to 2001:ae0:23:2::1 port = 80
pass in from any to 2001:ae0:23:2::1 port = 22

Thanks for your help.

--
Christoph Dietzschold

hoerbe.net