Bug 212077 - [11.0-RC1][jail][ipfw] adding table causes kernel panic
Summary: [11.0-RC1][jail][ipfw] adding table causes kernel panic
Status: Closed FIXED
Alias: None
Product: Base System
Classification: Unclassified
Component: kern (show other bugs)
Version: 11.0-RC1
Hardware: amd64 Any
: --- Affects Some People
Assignee: freebsd-ipfw (Nobody)
Keywords: vimage
Depends on: 212105
  Show dependency treegraph
Reported: 2016-08-23 13:36 UTC by Konrad
Modified: 2016-09-30 03:40 UTC (History)
5 users (show)

See Also:

Crashdump generated by system (73.09 KB, text/plain)
2016-08-23 13:36 UTC, Konrad
no flags Details

Note You need to log in before you can comment on or make changes to this bug.
Description Konrad 2016-08-23 13:36:50 UTC
Created attachment 173971 [details]
Crashdump generated by system

Kernel with compiled:
# Vimage
options VIMAGE

# Firewall
options         IPFIREWALL              #firewall
options         IPFIREWALL_VERBOSE      #enable logging to syslogd(8)
options         IPFIREWALL_VERBOSE_LIMIT=100    #limit verbosity
options         IPFIREWALL_DEFAULT_TO_ACCEPT    #allow everything by default

device  carp

I have created jail (using cbsd) with vnet. When I try to added (on jail):
ipfw add 1 allow ip from 'table(10)' to me 

it causes kernel panic
Comment 1 Bjoern A. Zeeb freebsd_committer 2016-08-23 18:03:07 UTC
OK, it's not the command that triggers the panic, it's a packet that is then checked against the rule.

I can reproduce it on head.
Comment 2 Andrey V. Elsukov freebsd_committer 2016-09-30 03:40:23 UTC
Fixed in head/ and stable/11. Thanks!