From root@wezel.com  Sun Oct 16 16:06:37 2005
Return-Path: <root@wezel.com>
Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125])
	by hub.freebsd.org (Postfix) with ESMTP id 2776516A41F
	for <FreeBSD-gnats-submit@freebsd.org>; Sun, 16 Oct 2005 16:06:37 +0000 (GMT)
	(envelope-from root@wezel.com)
Received: from tomts20-srv.bellnexxia.net (tomts20-srv.bellnexxia.net [209.226.175.74])
	by mx1.FreeBSD.org (Postfix) with ESMTP id B08FF43D46
	for <FreeBSD-gnats-submit@freebsd.org>; Sun, 16 Oct 2005 16:06:36 +0000 (GMT)
	(envelope-from root@wezel.com)
Received: from mx-i1200.home.wezel.com ([64.229.170.57])
          by tomts20-srv.bellnexxia.net
          (InterMail vM.5.01.06.10 201-253-122-130-110-20040306) with ESMTP
          id <20051016160635.HZJN26550.tomts20-srv.bellnexxia.net@mx-i1200.home.wezel.com>
          for <FreeBSD-gnats-submit@freebsd.org>;
          Sun, 16 Oct 2005 12:06:35 -0400
Message-Id: <20051016160633.EDB2A1703F@mxedge.home.wezel.com>
Date: Sun, 16 Oct 2005 12:06:33 -0400 (EDT)
From: Bruce Walker <bmw@borderware.com>
Reply-To: Bruce Walker <bmw@borderware.com>
To: FreeBSD-gnats-submit@freebsd.org
Cc:
Subject: using ipfilter "auth" keyword leads to kernel fault
X-Send-Pr-Version: 3.113
X-GNATS-Notify:

>Number:         87521
>Category:       kern
>Synopsis:       [ipfilter] [panic] using ipfilter "auth" keyword leads to kernel fault [regression]
>Confidential:   no
>Severity:       serious
>Priority:       low
>Responsible:    cy
>State:          open
>Quarter:        
>Keywords:       
>Date-Required:  
>Class:          sw-bug
>Submitter-Id:   current-users
>Arrival-Date:   Sun Oct 16 16:10:17 GMT 2005
>Closed-Date:    
>Last-Modified:  Wed Jul 03 05:18:46 UTC 2013
>Originator:     Bruce Walker
>Release:        FreeBSD 6.0-BETA5 i386
>Organization:
Borderware Technologies Inc.
>Environment:
System: FreeBSD mxedge.home.wezel.com 6.0-BETA5 FreeBSD 6.0-BETA5 #0: Mon Sep 19 00:12:45 UTC 2005 root@x64.samsco.home:/usr/obj/usr/src/sys/GENERIC i386

System is a Portwell with three Realtek 10/100 interfaces.


Copyright (c) 1992-2005 The FreeBSD Project.
Copyright (c) 1979, 1980, 1983, 1986, 1988, 1989, 1991, 1992, 1993, 1994
	The Regents of the University of California. All rights reserved.
FreeBSD 6.0-BETA5 #0: Mon Sep 19 00:12:45 UTC 2005
    root@x64.samsco.home:/usr/obj/usr/src/sys/GENERIC
Timecounter "i8254" frequency 1193182 Hz quality 0
CPU: VIA C3 Nehemiah+RNG (997.46-MHz 686-class CPU)
  Origin = "CentaurHauls"  Id = 0x693  Stepping = 3
  Features=0x380b13d<FPU,DE,PSE,TSC,MSR,CX8,MTRR,PGE,CMOV,MMX,FXSR,SSE>
real memory  = 260046848 (248 MB)
avail memory = 245014528 (233 MB)
npx0: [FAST]
npx0: <math processor> on motherboard
npx0: INT 16 interface
cpu0 on motherboard
pcib0: <Host to PCI bridge> pcibus 0 on motherboard
pir0: <PCI Interrupt Routing Table: 12 Entries> on motherboard
pci0: <PCI bus> on pcib0
agp0: <VIA 8601 (Apollo ProMedia/PLE133Ta) host to PCI bridge> mem 0xe0000000-0xe3ffffff at device 0.0 on pci0
pcib1: <PCI-PCI bridge> at device 1.0 on pci0
pci1: <PCI bus> on pcib1
pci1: <display, VGA> at device 0.0 (no driver attached)
isab0: <PCI-ISA bridge> at device 7.0 on pci0
isa0: <ISA bus> on isab0
atapci0: <VIA 82C686B UDMA100 controller> port 0x1f0-0x1f7,0x3f6,0x170-0x177,0x376,0xd000-0xd00f at device 7.1 on pci0
ata0: <ATA channel 0> on atapci0
ata1: <ATA channel 1> on atapci0
uhci0: <VIA 83C572 USB controller> port 0xd400-0xd41f irq 10 at device 7.2 on pci0
uhci0: [GIANT-LOCKED]
usb0: <VIA 83C572 USB controller> on uhci0
usb0: USB revision 1.0
uhub0: VIA UHCI root hub, class 9/0, rev 1.00/1.00, addr 1
uhub0: 2 ports with 2 removable, self powered
pci0: <bridge> at device 7.4 (no driver attached)
re0: <RealTek 8139C+ 10/100BaseTX> port 0xdc00-0xdcff mem 0xe7000000-0xe70000ff irq 5 at device 9.0 on pci0
miibus0: <MII bus> on re0
rlphy0: <RealTek internal media interface> on miibus0
rlphy0:  10baseT, 10baseT-FDX, 100baseTX, 100baseTX-FDX, auto
re0: Ethernet address: 00:90:fb:04:5a:7e
re1: <RealTek 8139C+ 10/100BaseTX> port 0xe000-0xe0ff mem 0xe7001000-0xe70010ff irq 10 at device 10.0 on pci0
miibus1: <MII bus> on re1
rlphy1: <RealTek internal media interface> on miibus1
rlphy1:  10baseT, 10baseT-FDX, 100baseTX, 100baseTX-FDX, auto
re1: Ethernet address: 00:90:fb:04:5a:7d
re2: <RealTek 8139C+ 10/100BaseTX> port 0xe400-0xe4ff mem 0xe7002000-0xe70020ff irq 11 at device 11.0 on pci0
miibus2: <MII bus> on re2
rlphy2: <RealTek internal media interface> on miibus2
rlphy2:  10baseT, 10baseT-FDX, 100baseTX, 100baseTX-FDX, auto
re2: Ethernet address: 00:90:fb:04:5a:7c
pmtimer0 on isa0
orm0: <ISA Option ROMs> at iomem 0xc0000-0xcbfff,0xcc000-0xcffff on isa0
atkbdc0: <Keyboard controller (i8042)> at port 0x60,0x64 on isa0
atkbd0: <AT Keyboard> irq 1 on atkbdc0
kbd0 at atkbd0
atkbd0: [GIANT-LOCKED]
ppc0: parallel port not found.
sc0: <System console> at flags 0x100 on isa0
sc0: VGA <16 virtual consoles, flags=0x300>
sio0 at port 0x3f8-0x3ff irq 4 flags 0x10 on isa0
sio0: type 16550A
sio1 at port 0x2f8-0x2ff irq 3 on isa0
sio1: type 16550A
vga0: <Generic ISA VGA> at port 0x3c0-0x3df iomem 0xa0000-0xbffff on isa0
unknown: <PNP0303> can't assign resources (port)
unknown: <PNP0c01> can't assign resources (memory)
unknown: <PNP0c02> can't assign resources (memory)
unknown: <PNP0501> can't assign resources (port)
unknown: <PNP0501> can't assign resources (port)
uhub1: Mitsumi Electric Hub in Apple Extended USB Keyboard, class 9/0, rev 1.10/4.10, addr 2
uhub1: 3 ports with 2 removable, bus powered
ukbd0: Mitsumi Electric Apple Extended USB Keyboard, rev 1.10/4.10, addr 3, iclass 3/1
kbd1 at ukbd0
uhid0: Mitsumi Electric Apple Extended USB Keyboard, rev 1.10/4.10, addr 3, iclass 3/1
Timecounter "TSC" frequency 997463205 Hz quality 800
Timecounters tick every 1.000 msec
acd0: CDROM <ASUS CD-S400/A/V2.0S> at ata0-master UDMA33
ad2: 19077MB <IBM DJSA-220 JS4OAC2A> at ata1-master UDMA66
Trying to mount root from ufs:/dev/ad2s1a
IP Filter: v4.1.8 initialized.  Default = pass all, Logging = enabled
re0: promiscuous mode enabled
re1: promiscuous mode enabled

>Description:
	Attempting to use the ipfilter (ipf) "auth" filter match.  With
	that rule installed, if a packet matching that rule is received,
	a kernel fault occurs.  I am using the GENERIC installed kernel,
	bridging module is installed, ipf is enabled.

	I verified that general networking and bridging work fine,
	and other ipf filter rules work fine too.

>How-To-Repeat:
	
[rc.conf]
	ifconfig_re0="inet 192.168.131.3  netmask 255.255.255.0"
	defaultrouter="192.168.131.5"
	ipfilter_enable="YES"
	ipmon_enable="YES"

[rc.local]
	kldload -v bridge
	sysctl -w net.link.ether.bridge.enable=1
	sysctl -w net.link.ether.bridge.ipf=1
	sysctl -w net.link.ether.bridge.config=re0,re1

[ipf.rules]
	pass in from any to any
	pass out from any to any
	block return-icmp-as-dest(port-unr) in log on re0 proto tcp from any to any port = 23
	auth in on re0 proto tcp from any to any port = 23 flags S keep state

Then try to telnet through (or to) the bridge.

>Fix:

	


>Release-Note:
>Audit-Trail:

From: Bruce Walker <bmw@borderware.com>
To: bug-followup@FreeBSD.org, bmw@borderware.com
Cc:  
Subject: Re: kern/87521: using ipfilter "auth" keyword leads to kernel fault
Date: Sun, 16 Oct 2005 20:47:11 -0400

 This is a multi-part message in MIME format.
 --------------060001040709020907010606
 Content-Type: text/plain; charset=ISO-8859-1; format=flowed
 Content-Transfer-Encoding: 7bit
 
 I have verified that this same setup works in FreeBSD 4.11.  (With small 
 adjustments in ipf.rules for interface name [rl0 instead of re0], and in 
 rc.local for enabling bridging.)
 
 --------------060001040709020907010606--
Responsible-Changed-From-To: freebsd-bugs->darrenr 
Responsible-Changed-By: glebius 
Responsible-Changed-When: Sun Oct 23 09:12:41 GMT 2005 
Responsible-Changed-Why:  
To ipfilter maintainer. 

http://www.freebsd.org/cgi/query-pr.cgi?pr=87521 

From: Darren Reed <darrenr@freebsd.org>
To: bug-followup@FreeBSD.org, bmw@borderware.com
Cc:  
Subject: Re: kern/87521: [ipfilter] [panic] using ipfilter "auth" keyword
 leads to kernel fault
Date: Fri, 21 Dec 2007 23:19:31 +1100

 Recent patches applied to the RELENG_6_3 should resolve these problems
 but further bug fixes (that are still coming should completely address
 the problems of auth rules.)
 
Responsible-Changed-From-To: freebsd-net->cy 
Responsible-Changed-By: cy 
Responsible-Changed-When: Wed Jul 3 05:18:27 UTC 2013 
Responsible-Changed-Why:  
Mine. 

http://www.freebsd.org/cgi/query-pr.cgi?pr=87521 
>Unformatted:
