From nobody@FreeBSD.org  Fri Dec 10 21:37:37 2004
Return-Path: <nobody@FreeBSD.org>
Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125])
	by hub.freebsd.org (Postfix) with ESMTP id 515F916A4CE
	for <freebsd-gnats-submit@FreeBSD.org>; Fri, 10 Dec 2004 21:37:37 +0000 (GMT)
Received: from www.freebsd.org (www.freebsd.org [216.136.204.117])
	by mx1.FreeBSD.org (Postfix) with ESMTP id 4120143D5C
	for <freebsd-gnats-submit@FreeBSD.org>; Fri, 10 Dec 2004 21:37:37 +0000 (GMT)
	(envelope-from nobody@FreeBSD.org)
Received: from www.freebsd.org (localhost [127.0.0.1])
	by www.freebsd.org (8.13.1/8.13.1) with ESMTP id iBALbaEx049250
	for <freebsd-gnats-submit@FreeBSD.org>; Fri, 10 Dec 2004 21:37:36 GMT
	(envelope-from nobody@www.freebsd.org)
Received: (from nobody@localhost)
	by www.freebsd.org (8.13.1/8.13.1/Submit) id iBALbaUn049247;
	Fri, 10 Dec 2004 21:37:36 GMT
	(envelope-from nobody)
Message-Id: <200412102137.iBALbaUn049247@www.freebsd.org>
Date: Fri, 10 Dec 2004 21:37:36 GMT
From: Hugo <adm@celeritystorm.com>
To: freebsd-gnats-submit@FreeBSD.org
Subject: pf crashes the system (unknown reasons)
X-Send-Pr-Version: www-2.3

>Number:         74930
>Category:       kern
>Synopsis:       pf crashes the system (unknown reasons)
>Confidential:   no
>Severity:       serious
>Priority:       medium
>Responsible:    dhartmei
>State:          closed
>Quarter:        
>Keywords:       
>Date-Required:  
>Class:          sw-bug
>Submitter-Id:   current-users
>Arrival-Date:   Fri Dec 10 21:40:19 GMT 2004
>Closed-Date:    Sun Dec 19 19:44:12 GMT 2004
>Last-Modified:  Sun Dec 19 19:44:12 GMT 2004
>Originator:     Hugo
>Release:        5.3-STABLE
>Organization:
Celeritystorm
>Environment:
FreeBSD evilreborn 5.3-STABLE FreeBSD 5.3-STABLE #0: Wed Dec  1 20:07:36 WET 2004     klr@evilreborn:/usr/obj/usr/src/sys/evilreborn  i386
      
>Description:
I can't play NeverWinter Nights (internet) with my brother at the same time, or my FreeBSD gateway will freeze (numlock doesn't respond, no panic), needing a cold boot. NeverWinter Nights uses UDP 5120-5121 for communication.

I'm using pf, FreeBSD 5.3-STABLE, the box is a P200 MMX w/ 80MB ram.

>How-To-Repeat:
Play NeverWinter Nights on the internet , using two different hosts on the lan.

Possible causes I can think of:

- I use 'user unknown' directives, to separate nat'ed traffic from the gateway-generated traffic

- nat on $net inet from $lan_mask to any -> ($net) static-port (perhaps the static port directive has something to do with it?)

pass out quick on $net proto udp from ($net) to any port { 5120:5122 } user unknown keep state

(my rule to allow NWN traffic on the firewall)
>Fix:
      
>Release-Note:
>Audit-Trail:
Responsible-Changed-From-To: freebsd-bugs->dhartmei@freebsd.org 
Responsible-Changed-By: dhartmei 
Responsible-Changed-When: Mon Dec 13 09:10:35 GMT 2004 
Responsible-Changed-Why:  
There can be only one connection using the same source/destination 
address/port quadruple at the same time. When using static-port, 
this rule is easily violated (when opening multiple connections 
from the same source port to the same destination address/port), 
i.e. if you have only one NAT address, you can have only one 
concurrent connection like that. To support N concurrent connections 
(to the same server and port), you need N addresses in the NAT pool. 
Maybe the protocol does not require static source addresses, and 
you can just remove the 'static-port' option. 

However, locking up the kernel (in an endless loop trying to find 
an available NAT address) is a bug in pf. You should get an error 
like ""pf: NAT proxy port allocation (0-0) failed" instead. A fix 
is being worked on. 

http://www.freebsd.org/cgi/query-pr.cgi?pr=74930 
Responsible-Changed-From-To: dhartmei@freebsd.org->dhartmei 
Responsible-Changed-By: linimon 
Responsible-Changed-When: Mon Dec 13 09:22:11 GMT 2004 
Responsible-Changed-Why:  
Canonicalize assignment. 

http://www.freebsd.org/cgi/query-pr.cgi?pr=74930 
State-Changed-From-To: open->closed 
State-Changed-By: dhartmei 
State-Changed-When: Sun Dec 19 19:43:24 GMT 2004 
State-Changed-Why:  
fixed in -rHEAD now, MFC pending, thanks for the report and testing. 

http://www.freebsd.org/cgi/query-pr.cgi?pr=74930 
>Unformatted:
