Hiya, I've encountered this bug for about a few weeks now . The attached kernel config and the minimalist ruleset (i have a much more complicated ruleset), when pf is enabled and you have ipv6, when sending ipv6 packets? (in this case icmp6) to, say, your ipv6 default gw, will crash your box always at this spot:
++++++++++++++++++++++
Fatal trap 12: page fault while in kernel mode
cpuid = 0; apic id = 00
fault virtual address = 0x1e8
fault code = supervisor read, page not present
instruction pointer = 0x20:0xc094a726
stack pointer = 0x28:0xe606dbc0
frame pointer = 0x28:0xe606dc6c
code segment = base 0x0, limit 0xfffff, type 0x1b
= DPL 0, pres 1, def32 1, gran 1
processor eflags = interrupt enabled, resume, IOPL = 0
current process = 17 (swi1: net)
trap number = 12
panic: page fault
cpuid = 0
Uptime: 1h35m21s
Physical memory: 3955 MB
Dumping 122 MB: 107 91 75 59 43 27 11
#0 doadump () at pcpu.h:195
195 __asm __volatile("movl %%fs:0,%0" : "=r" (td));
(kgdb) list *0xc094a726
0xc094a726 is in ip6_input (/usr/src/sys/netinet6/ip6_input.c:265).
260 ip6stat.ip6s_m1++;
261 #undef M2MMAX
262 }
263
264 /* drop the packet if IPv6 operation is disabled on the IF */
265 if ((ND_IFINFO(m->m_pkthdr.rcvif)->flags &
ND6_IFF_IFDISABLED)) {
266 m_freem(m);
267 return;
268 }
269
++++++++++++++++++
Adding in ipv6 neighb* rules (comment out lines 47,48 in the attached
ruleset) seem to not crash your box.
This is on 7.0-BETA2 (i386,amd64) and from my own tests, this has
been on 7.X, since around August back then. This does not seem to
exist on 6.X.
Thanks.
cheers
mars
CRASHPFIPV6
Description: Binary data
pf.rules.crash
Description: Binary data
_______________________________________________ [email protected] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-pf To unsubscribe, send any mail to "[EMAIL PROTECTED]"
