[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: kernel/1816: Repetable crashes of ipfilter code

To: dobbe@xs4all.nl (Camiel Dobbelaar)
Subject: Re: kernel/1816: Repetable crashes of ipfilter code
From: Darren Reed <darrenr@reed.wattle.id.au>
Date: Tue, 8 May 2001 21:56:24 +1000 (EST)
Cc: venglin@freebsd.lublin.pl, bugs@openbsd.org,ipfilter@coombs.anu.edu.au

Given other comments about it not affecting FreeBSD and NetBSD, you might
find that it's a problem with either an IPFilter change they've made when
importing the source tree (they, unlike FreeBSD and NetBSD have non-trivial
changes in their tree which nobody has bothered to get back to me).  It may
also be due to a change in other parts of the kernel IP code, given the
panic message below.

Darren

In some email I received from Camiel Dobbelaar, sie wrote:
> 
> Yep, you almost nailed it.
> 
> I could get it down to this:
> 
> ipf.rules:
> block return-icmp in proto icmp from any to any
> 
> - ipf -Fa -f /etc/ipf.rules
> - ping -R 127.0.0.1
> 
> For the ipfilter list: can this be reproduced on non-OpenBSD systems too?
> 
> --
> Cam
> 
> On Tue, 8 May 2001, Przemyslaw Frasunek wrote:
> 
> > On Tue, May 08, 2001 at 05:54:34AM -0000, venglin@freebsd.lublin.pl wrote:
> > > 	Sending ICMP ECHO with record route, directed to OpenBSD box
> > > 	with ipfilter enabled, causes 'panic: in_cksum: mp == NULL'.
> > 
> > I've noticed, that crash occurs only when record route packet is triggered
> > by rule containing return-icmp keyword. A simple workaround is to remove
> > return-icmp from rules which could match against ICMP packet.
> 
> 
>

References:
- Re: kernel/1816: Repetable crashes of ipfilter code
  - From: Camiel Dobbelaar <dobbe@xs4all.nl>

Prev by Date: Re: kernel/1816: Repetable crashes of ipfilter code
Next by Date: Re: kernel/1816: Repetable crashes of ipfilter code
Prev by thread: Re: kernel/1816: Repetable crashes of ipfilter code
Next by thread: Re: kernel/1816: Repetable crashes of ipfilter code
Index(es):
- Date
- Thread