ipf: return-rst on link local address panics/locks up

To: tech-net%netbsd.org@localhost
Subject: ipf: return-rst on link local address panics/locks up
From: Edgar Fuß <ef%math.uni-bonn.de@localhost>
Date: Wed, 12 Jul 2017 15:04:18 +0200

If I install a block rule with return-rst and the rule fires for the link-local
address, it doesn't work. On -6, it doesn't send the RST, on -7, it either
locks up (the network stack or the machine) or panics.

If I omit the return-rst, the rule is logged as expected.

If I retrun-icmp(port-unr) instead, the rule is logged, no ICMP is returned
and it doesn't lock-up/panic.

If I address a "real" IPv6 address instead of the link local one, the same
rule works as expected (sending RST) (at least on -6, haven't tried on -7 yet).


The crash backtrace varies (the first two are from netbsd-7 as of yesterday):

System panicked: trap
Backtrace from time of crash is available.
crash> bt
_KERNEL_OPT_NAGR() at 0
_KERNEL_OPT_ACPI_SCANPCI() at _KERNEL_OPT_ACPI_SCANPCI+0x3
vpanic() at vpanic+0x145
snprintf() at snprintf
startlwp() at startlwp
calltrap() at calltrap+0x11
udp6_sendup() at udp6_sendup+0x99
udp6_realinput() at udp6_realinput+0x11c
udp6_input() at udp6_input+0x19c
ip6_input() at ip6_input+0x55f
ip6intr() at ip6intr+0x4b
softint_dispatch() at softint_dispatch+0x79
DDB lost frame for Xsoftintr+0x4f, trying 0xfffffe810e5b2ff0
Xsoftintr() at Xsoftintr+0x4f
--- interrupt ---
0:

System panicked: m_copydata(0xfffffe821c7c9200,56,0,0xfffffe821c7c929c): m=NULL, off=0 (0), len=4 (52)
Backtrace from time of crash is available.
crash> bt
_KERNEL_OPT_NAGR() at 0
_KERNEL_OPT_ACPI_SCANPCI() at _KERNEL_OPT_ACPI_SCANPCI+0x3
vpanic() at vpanic+0x145
snprintf() at snprintf
m_copydata() at m_copydata+0x11c
tcp_output() at tcp_output+0x9b2
tcp_send_wrapper() at tcp_send_wrapper+0xa2
sosend() at sosend+0x6c3
soo_write() at soo_write+0x2c
dofilewrite() at dofilewrite+0x97
sys_write() at sys_write+0x5f
syscall() at syscall+0x9a
--- syscall (number 4) ---
7f7ff263c1fa:

[This is from 7.0]
System panicked: sbappendaddr
Backtrace from time of crash is available.
crash> bt
_KERNEL_OPT_NVGA_RASTERCONSOLE() at 0
?() at fffffe810e5b3e78
vpanic() at vpanic+0x145
snprintf() at snprintf
sbappendaddrchain() at sbappendaddrchain
udp6_sendup() at udp6_sendup+0x99
udp6_realinput() at udp6_realinput+0x11c
udp6_input() at udp6_input+0x19c
ip6_input() at ip6_input+0x55f
ip6intr() at ip6intr+0x4b
softint_dispatch() at softint_dispatch+0x79
DDB lost frame for Xsoftintr+0x4f, trying 0xfffffe810e5b3ff0
Xsoftintr() at Xsoftintr+0x4f
--- interrupt ---
0:
 

Any idea how to work around? I specifically need to block a port on the 
link-local address, and I need the client to give up fast.

Prev by Date: RFC: make cryptoret() of opencrypto softint
Next by Date: Better control over what mDNS announces
Previous by Thread: RFC: make cryptoret() of opencrypto softint
Next by Thread: Better control over what mDNS announces
Indexes:

Home | Main Index | Thread Index | Old Index