Bug 17109

Summary: [ipfilter] fastroute crashes for lo0 udp
Product: Base System Reporter: jguyett <jguyett>
Component: kernAssignee: Cy Schubert <cy>
Status: Closed Feedback Timeout    
Severity: Affects Only Me    
Priority: Normal    
Version: 4.0-CURRENT   
Hardware: Any   
OS: Any   

Description jguyett 2000-03-01 20:30:33 UTC 
>Number:         17109
>Category:       kern
>Synopsis:       fastroute crashes for lo0 udp
>Confidential:   yes
>Severity:       non-critical
>Priority:       medium
>Responsible:    freebsd-bugs
>State:          open
>Quarter:        
>Keywords:       
>Date-Required:
>Class:          sw-bug
>Submitter-Id:   current-users
>Arrival-Date:   Wed Mar  1 12:40:00 PST 2000
>Closed-Date:
>Last-Modified:
>Originator:     tyme
>Release:        FreeBSD 4.0-CURRENT i386
>Organization:
>Environment:

	FreeBSD-current cvsupped on 2/28

>Description:

IPFilter rule crashed a machine with a specific lo0 fastroute rule
In syslog:
 Mar  1 14:32:32 pc47668 /kernel: vr0: can't handle af139


>How-To-Repeat:

Insert the rule somewhere where it will be hit by a traceroute to localhost.
block in log quick on lo0 fastroute proto udp from any port != 53 to any

>Fix:

Unknown


>Release-Note:
>Audit-Trail:
>Unformatted:


To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-bugs" in the body of the message
Comment 1 jguyett 2000-03-01 20:30:33 UTC 
>Number:         17109
>Category:       kern
>Synopsis:       fastroute crashes for lo0 udp
>Confidential:   yes
>Severity:       non-critical
>Priority:       medium
>Responsible:    freebsd-bugs
>State:          open
>Quarter:        
>Keywords:       
>Date-Required:
>Class:          sw-bug
>Submitter-Id:   current-users
>Arrival-Date:   Wed Mar  1 12:40:00 PST 2000
>Closed-Date:
>Last-Modified:
>Originator:     tyme
>Release:        FreeBSD 4.0-CURRENT i386
>Organization:
>Environment:

	FreeBSD-current cvsupped on 2/28

>Description:

IPFilter rule crashed a machine with a specific lo0 fastroute rule
In syslog:
 Mar  1 14:32:32 pc47668 /kernel: vr0: can't handle af139


>How-To-Repeat:

Insert the rule somewhere where it will be hit by a traceroute to localhost.
block in log quick on lo0 fastroute proto udp from any port != 53 to any

>Fix:

Unknown


>Release-Note:
>Audit-Trail:
>Unformatted:


To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-bugs" in the body of the message
Comment 2 jguyett 2000-03-01 20:40:00 UTC 
IPFilter rule crashed a machine with a specific lo0 fastroute rule
In syslog:
 Mar  1 14:32:32 pc47668 /kernel: vr0: can't handle af139

Fix: 

Unknown
How-To-Repeat: 
Insert the rule somewhere where it will be hit by a traceroute to localhost.
block in log quick on lo0 fastroute proto udp from any port != 53 to any
Comment 3 Darern Reed freebsd_committer freebsd_triage 2000-09-17 09:42:20 UTC 
Responsible Changed
From-To: freebsd-bugs->darrenr

darrenr is responsible for ipfilter
Comment 4 Darren Reed 2002-05-09 15:55:56 UTC 
The problem rule is:
block in log quick on lo0 fastroute proto udp from any port != 53 to any

The problem action is:
traceroute localhost

This no longer causes a crash but causes an infinite loop.  Why ?

"fastroute" re-routes the packet back onto lo0.

When fr_check returns, ipintr() sees another packet on the lo0 queue and
calls ip_input() for it.  So we process the same packet *again* (it gets
fastroute'd to lo0...)

Darren
Comment 5 Darern Reed freebsd_committer freebsd_triage 2002-05-09 15:57:45 UTC 
State Changed
From-To: open->suspended

it's not clear what the solution to this should be...packet goes around in 
circles, forever, because the TTL isn't dropping (fastroute) and always comes 
back to match the same rule...punt on it for now.
Comment 6 Mark Linimon freebsd_committer freebsd_triage 2013-07-03 01:50:32 UTC 
State Changed
From-To: suspended->suspended

commit bit has been taken in for safekeeping.
Comment 7 Mark Linimon freebsd_committer freebsd_triage 2013-07-03 01:50:32 UTC 
Responsible Changed
From-To: darrenr->freebsd-net
Comment 8 Cy Schubert freebsd_committer freebsd_triage 2013-07-03 06:07:39 UTC 
Responsible Changed
From-To: freebsd-net->cy

Mine.
Comment 9 Cy Schubert freebsd_committer freebsd_triage 2014-07-16 04:51:53 UTC 
Have you experienced this panic in FreeBSD 8, 9, 10, or CURRENT (11)?
Comment 10 Cy Schubert freebsd_committer freebsd_triage 2014-08-06 03:56:08 UTC 
FreeBSD 4.0 no longer supported. (4.0 has ipf 3.3.8 whereas 8.X and 9.X use ipf 4.1.28 and 10.X+ has 5.1.2.)