Bug #1956
closed
Page fault in pf_find_state
0%
Description
Hi.
Apparently `m->m_pkthdr.pf.statekey = NULL' is missing in a few places
for IPv6 paths (I'm not actively using IPv6, but it's enabled on this
machine and the address is configured anyway):
diff --git a/sys/net/pf/pf.c b/sys/net/pf/pf.c
index 770f5f8..74e7c65 100644
--- a/sys/net/pf/pf.c
++ b/sys/net/pf/pf.c@ -5605,6 +5605,8 @ pf_route6(struct mbuf *m, struct pf_rule *r, int dir, struct ifnet *oifp,
if (r->rt == PF_FASTROUTE) {
m0->m_pkthdr.fw_flags |= PF_MBUF_TAGGED;
m0->m_pkthdr.pf.flags = 0;
/ XXX Re-Check when Upgrading to > 4.4 /
+ m0->m_pkthdr.pf.statekey = NULL;
ip6_output(m0, NULL, NULL, 0, NULL, NULL, NULL);
return;
}@ -6187,6 +6189,8 @ pf_test6(int dir, struct ifnet *ifp, struct mbuf **m0,
if (m->m_pkthdr.fw_flags & PF_MBUF_TAGGED)
return (PF_PASS);
m->m_pkthdr.pf.flags = 0;
+ / Re-Check when updating to > 4.4 */
+ m->m_pkthdr.pf.statekey = NULL;
/* We do IP header normalization and packet reassembly here */
if (pf_normalize_ip6(m0, dir, kif, &reason, &pd) != PF_PASS) {My /etc/pf.conf looks like this:
ext_if="re0"
nat log on $ext_if inet from 127.1/16 to !($ext_if) -> ($ext_if)
Here's the backtrace:
#9 0xffffffff80c814c2 in pf_find_state (kif=0xffffffe035c022a8,
key=0xffffffe030d597d0, dir=2, m=0xffffffe05c2b3000)
at /usr/src/sys/net/pf/pf.c:883
#10 0xffffffff80c81a26 in pf_test_state_icmp (state=0xffffffe030d59940,
direction=2, kif=0xffffffe035c022a8, m=0xffffffe05c2b3000, off=48,
h=<value optimized out>, pd=0xffffffe030d598c0, reason=0xffffffe030d5995c)
at /usr/src/sys/net/pf/pf.c:4570
#11 0xffffffff80c8798f in pf_test6 (dir=2, ifp=<value optimized out>,
m0=0xffffffe030d599d0, eh=<value optimized out>, inp=0x0)
at /usr/src/sys/net/pf/pf.c:6361
#12 0xffffffff80c8ba4c in pf_check6_out (arg=<value optimized out>,
m=0xffffffe030d599d0, ifp=0xffffffe035b70e70, dir=<value optimized out>)
at /usr/src/sys/net/pf/pf_ioctl.c:3158
#13 0xffffffff8033489c in pfil_run_hooks (ph=<value optimized out>,
mp=0xffffffe030d59b60, ifp=0xffffffe035b70e70, dir=2)
at /usr/src/sys/net/pfil.c:116
#14 0xffffffff80373b64 in ip6_output (m0=<value optimized out>,
opt=0xffffffff80834e40, ro=0xffffffe030d59b30, flags=0,
im6o=0xffffffe030d59be0, ifpp=0xffffffe030d59bd8, inp=0x0)
at /usr/src/sys/netinet6/ip6_output.c:884
#15 0xffffffff80379101 in mld6_sendpkt (in6m=0xffffffe035dd7ec0, type=131,
dst=0x0) at /usr/src/sys/netinet6/mld6.c:452
#16 0xffffffff8037933c in mld6_fasttimeo () at /usr/src/sys/netinet6/mld6.c:362
#17 0xffffffff80363e5c in icmp6_fasttimo ()
at /usr/src/sys/netinet6/icmp6.c:2122
#18 0xffffffff802e4b24 in pffasttimo (arg=0xffffffe035c022a8)
at /usr/src/sys/kern/uipc_domain.c:268
(kgdb) fr 9
#9 0xffffffff80c814c2 in pf_find_state (kif=0xffffffe035c022a8,
key=0xffffffe030d597d0, dir=2, m=0xffffffe05c2b3000)
at /usr/src/sys/net/pf/pf.c:883
883 if (dir PF_OUT && m->m_pkthdr.pf.statekey &&
(kgdb) l
878 struct pf_state_key *sk;
879 struct pf_state_item *si;
880
881 pf_status.fcounters[FCNT_STATE_SEARCH]++;
882
883 if (dir PF_OUT && m->m_pkthdr.pf.statekey &&
884 ((struct pf_state_key *)m->m_pkthdr.pf.statekey)->reverse)
885 sk = ((struct pf_state_key *)m->m_pkthdr.pf.statekey)->reverse;
886 else {
887 if ((sk = RB_FIND(pf_state_tree, &pf_statetbl,
(kgdb) p m->m_pkthdr
There is no member named m_pkthdr.
(kgdb) shell grep m_pkthdr /sys/sys/mbuf.h
#define m_pkthdr M_dat.MH.MH_pkthdr
* Flags copied when copying m_pkthdr.
#define PF_MBUF_STRUCTURE 0x00000002 /* m_pkthdr.pf valid */
_mm->m_pkthdr.len += _mplen; \
(kgdb) p m->M_dat.MH.MH_pkthdr
$1 = {rcvif = 0x0, len = 72, tags = {slh_first = 0x0}, header = 0x0,
csum_flags = 0, csum_data = 0, fw_flags = 0, pf = {hdr = 0x0,
statekey = 0x17, rtableid = 0, qid = 0, tag = 0, flags = 0 '\000',
routed = 0 '\000', state_hash = 0, ecn_af = 0 '\000', unused01 = 0 '\000',
unused02 = 0 '\000', unused03 = 0 '\000'}, ether_vlantag = 0, hash = 0,
wlan_seqno = 0}
Cheers.
Updated by