I get the panic when the rule is in an anchor as well. PGP: 0x1F81112D62A9ADCE / 3586 3350 BFEA C101 DB1A 4AF0 1F81 112D 62A9 ADCE
>> On Jul 7, 2019, at 4:39 PM, Mike Belopuhov <m...@belopuhov.com> wrote: > > Aaron Bieber writes: > >> Hi, >> >> Adding a rule similar to the below causes a panic on -current (OpenBSD >> 6.5-current (GENERIC) #95: Thu Jul 4 21:22:25 MDT 2019). This also panics >> 6.3 >> and 6.5 (I didn't test 6.4): >> >> pass in quick on egress proto tcp from any to port 8888 once rdr-to \ >> 127.0.0.1 port 3333 >> >> Once the rule is in place, fire up: >> >> nc -l 127.0.0.1 3333 >> >> Connect a few times from a remote machine: >> >> nc <ip> 8888 >> >> Eventually it will panic with (sometimes it happens right away, other times I >> have to restart nc a few times): > > This is because it's meant to be used inside of an anchor > (it removes the rule once it's matched). > > The most sensible way to use it is to put it into the anchor > inside a recursive anchor (e.g. 'relayd/*'). > > It's possible that the check protecting the system from > the misuse like you've described here got lost during > refactoring or it never existed in the first place :-( > > Cheers, > Mike > >> ddb> trace >> pf_rm_rule(ffffffff81d900a8,ffff8000003bbfe8) at pf_rm_rule+0xa9 >> pf_purge_rule(ffff8000003bbfe8) at pf_purge_rule+0x26 >> pf_purge(ffffffff81dc1088) at pf_purge+0x55 >> taskq_thread(ffff800000022040) at taskq_thread+0x3d >> end trace frame: 0x0, count: -4 >> ddb> >> ddb> ps >> PID TID PPID UID S FLAGS WAIT COMMAND >> 69502 12189 1 0 3 0x100083 ttyin ksh >> 53972 340673 1 0 3 0x100098 poll cron >> 81827 279222 1 110 3 0x100090 poll sndiod >> 54852 68160 1 99 3 0x100090 poll sndiod >> 79474 94554 3215 95 3 0x100092 kqread smtpd >> 90212 164878 3215 103 3 0x100092 kqread smtpd >> 43199 482512 3215 95 3 0x100092 kqread smtpd >> 38765 100663 3215 95 3 0x100092 kqread smtpd >> 33241 424770 3215 95 3 0x100092 kqread smtpd >> 5338 193750 3215 95 3 0x100092 kqread smtpd >> 3215 481909 1 0 3 0x100080 kqread smtpd >> 57742 143403 1 0 3 0x80 select sshd >> 31904 460143 1 0 3 0x100080 poll ntpd >> 65592 182120 47006 83 3 0x100092 poll ntpd >> 47006 103509 1 83 3 0x100092 poll ntpd >> 60875 292765 99617 74 3 0x100092 bpf pflogd >> 99617 524148 1 0 3 0x80 netio pflogd >> 4242 324170 49064 73 3 0x100090 kqread syslogd >> 49064 413359 1 0 3 0x100082 netio syslogd >> 20955 102995 68995 115 3 0x100092 kqread slaacd >> 99883 518930 68995 115 3 0x100092 kqread slaacd >> 68995 175540 1 0 3 0x100080 kqread slaacd >> 5278 238159 0 0 3 0x14200 pgzero zerothread >> 2253 479921 0 0 3 0x14200 aiodoned aiodoned >> 98149 310276 0 0 3 0x14200 syncer update >> 78055 259911 0 0 3 0x14200 cleaner cleaner >> 68827 324781 0 0 3 0x14200 reaper reaper >> 93269 98863 0 0 3 0x14200 pgdaemon pagedaemon >> 75284 447451 0 0 3 0x14200 bored crynlk >> 34868 513191 0 0 3 0x14200 bored crypto >> *18776 255193 0 0 7 0x14200 softnet >> 64918 469356 0 0 3 0x14200 bored systqmp >> 902 49537 0 0 3 0x14200 bored systq >> 17250 200730 0 0 3 0x40014200 bored softclock >> 2990 510299 0 0 3 0x40014200 idle0 >> 947 215447 0 0 3 0x14200 bored smr >> 1 180680 0 0 3 0x82 wait init >> 0 0 -1 0 3 0x10200 scheduler swapper >> ddb> >> >> dmesg (from a VM in vmm - I have also reproduced this on physical hw): >> OpenBSD 6.5-current (GENERIC) #95: Thu Jul 4 21:22:25 MDT 2019 >> dera...@amd64.openbsd.org:/usr/src/sys/arch/amd64/compile/GENERIC >> real mem = 4278181888 (4079MB) >> avail mem = 4138524672 (3946MB) >> mpath0 at root >> scsibus0 at mpath0: 256 targets >> mainbus0 at root >> bios0 at mainbus0: SMBIOS rev. 2.4 @ 0xf3f10 (12 entries) >> bios0: vendor SeaBIOS version "1.11.0p2-OpenBSD-vmm" date 01/01/2011 >> bios0: OpenBSD VMM >> acpi at bios0 not configured >> cpu0 at mainbus0: (uniprocessor) >> cpu0: AMD Ryzen 7 PRO 2700U w/ Radeon Vega Mobile Gfx, 37466.79 MHz, 17-11-00 >> cpu0: >> FPU,VME,DE,PSE,TSC,MSR,PAE,CX8,SEP,PGE,CMOV,PAT,PSE36,CFLUSH,MMX,FXSR,SSE,SSE2,SSE3,PCLMUL,SSSE3,FMA3,CX16,SSE4.1,SSE4.2,MOVBE,POPCNT,AES,XSAVE,AVX,F16C,RDRAND,HV,NXE,MMXX,FFXSR,PAGE1GB,LONG,LAHF,CMPLEG,EAPICSP,AMCR8,ABM,SSE4A,MASSE,3DNOWP,OSVW,SKINIT,TCE,TOPEXT,CPCTR,DBKP,PCTRL3,ITSC,FSGSBASE,BMI1,AVX2,SMEP,BMI2,RDSEED,ADX,SMAP,CLFLUSHOPT,SHA >> cpu0: 64KB 64b/line 4-way I-cache, 32KB 64b/line 8-way D-cache, 512KB >> 64b/line 8-way L2 cache, 4MB 64b/line 16-way L3 cache >> cpu0: ITLB 64 4KB entries fully associative, 64 4MB entries fully associative >> cpu0: DTLB 64 4KB entries fully associative, 64 4MB entries fully associative >> pvbus0 at mainbus0: OpenBSD >> pvclock0 at pvbus0 >> pci0 at mainbus0 bus 0 >> pchb0 at pci0 dev 0 function 0 "OpenBSD VMM Host" rev 0x00 >> virtio0 at pci0 dev 1 function 0 "Qumranet Virtio RNG" rev 0x00 >> viornd0 at virtio0 >> virtio0: irq 3 >> virtio1 at pci0 dev 2 function 0 "Qumranet Virtio Network" rev 0x00 >> vio0 at virtio1: address fe:e1:bb:d1:eb:4d >> virtio1: irq 5 >> virtio2 at pci0 dev 3 function 0 "Qumranet Virtio Storage" rev 0x00 >> vioblk0 at virtio2 >> scsibus1 at vioblk0: 2 targets >> sd0 at scsibus1 targ 0 lun 0: <VirtIO, Block Device, > SCSI3 0/direct fixed >> sd0: 40960MB, 512 bytes/sector, 83886080 sectors >> virtio2: irq 6 >> virtio3 at pci0 dev 4 function 0 "OpenBSD VMM Control" rev 0x00 >> vmmci0 at virtio3 >> virtio3: irq 7 >> isa0 at mainbus0 >> isadma0 at isa0 >> com0 at isa0 port 0x3f8/8 irq 4: ns8250, no fifo >> com0: console >> vscsi0 at root >> scsibus2 at vscsi0: 256 targets >> softraid0 at root >> scsibus3 at softraid0: 256 targets >> root on sd0a (66c460169c410440.a) swap on sd0b dump on sd0b >> WARNING: / was not properly unmounted