Bug 212077

Summary:

[11.0-RC1][jail][ipfw] adding table causes kernel panic

Product:

Base System

Reporter:

Konrad <konrad.kreciwilk>

Component:

kern

Assignee:

freebsd-ipfw (Nobody) <ipfw>

Status:

Closed FIXED

Severity:

Affects Some People

CC:

R100500B, ae, bz, jail, pi

Priority:

---

Keywords:

vimage

Version:

11.0-RC1

Hardware:

amd64

OS:

Any

See Also:

https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=212576

Bug Depends on:

212105

Bug Blocks:

Attachments:

Description	Flags
Crashdump generated by system	none

Description Konrad 2016-08-23 13:36:50 UTC

Created attachment 173971 [details]
Crashdump generated by system

Kernel with compiled:
# Vimage
options VIMAGE

# Firewall
options         IPFIREWALL              #firewall
options         IPFIREWALL_VERBOSE      #enable logging to syslogd(8)
options         IPFIREWALL_VERBOSE_LIMIT=100    #limit verbosity
options         IPFIREWALL_DEFAULT_TO_ACCEPT    #allow everything by default

# CARP
device  carp


I have created jail (using cbsd) with vnet. When I try to added (on jail):
ipfw add 1 allow ip from 'table(10)' to me 

it causes kernel panic

Comment 1 Bjoern A. Zeeb freebsd_committer

2016-08-23 18:03:07 UTC

OK, it's not the command that triggers the panic, it's a packet that is then checked against the rule.

I can reproduce it on head.

Comment 2 Andrey V. Elsukov freebsd_committer

2016-09-30 03:40:23 UTC

Fixed in head/ and stable/11. Thanks!