Re: [External] : Re: ip6 forwarding with pf and pfsync over veb/vport

Tue, 24 May 2022 05:25:26 -0700 

On 24.5.2022. 9:01, Alexandr Nedvedicky wrote:
>     interesting. I went through mbuf handling in if_veb.c
>     I just could find a single nit, which is most likely unrelated,
>     however I think it's still worth to give it a try a diff below.
> 
>     basically all calls to veb_pf() read as follows:
>       m = veb_pf(ifp, ..., m);
>     except the one in veb_broadcast(), which readsa as:
>       m = veb_pf(ifp, ..., m0);
>     I think it is a bug, veb_pf() caller should continue to run
>     with packet returned by veb_pf().
> 
> thanks and
> regards
> sashan


Hi,

and with this diff i can panic box the same way as before... ip6
forwarding, pf and veb/vport

panic:
r620-1# panuicvm:_ f paoulotl(_0caxcffhfef_iftfeffm8_2ma2gfi13ca_c8h, e
ck :    m bu f p
l   cp u    f r
 e0ex1 7 , l i 0s,t   2 )   - >  e
 mkoedrnieflie: d :  i t e  m   a dd r    0 xf f  f ff d 8  0 a 42 0 e
5 00 + 2  4   0x 6
 a  b 22 4 5  9 6 1e e  9 8 5c ! =  0 x 6 ab 2 2  4 5
9pcadge0 a f8 5 c
Stopped at      db_enter+0x10:  popq    %rbp
    TID    PID    UID     PRFLAGS     PFLAGS  CPU  COMMAND
 418374  46077      0     0x14000      0x200    3  softnet
 355064  80120      0     0x14000      0x200    2K softnet
*401307  69853      0     0x14000      0x200    5  softnet
db_enter() at db_enter+0x10
panic(ffffffff81f3c6f5) at panic+0xbf
pool_cache_get(ffffffff82483608) at pool_cache_get+0x25b
pool_get(ffffffff82483608,2) at pool_get+0x61
m_get(2,1) at m_get+0x3f
m_copym(fffffd80a3b50900,0,40,2) at m_copym+0xd8
ip6_forward(fffffd80a3b50900,fffffd842ce9c708,0) at ip6_forward+0x1cc
ip6_input_if(ffff800022c6b728,ffff800022c6b734,29,0,ffff80000074b000) at
ip6_input_if+0x80a
ipv6_input(ffff80000074b000,fffffd80a3b50900) at ipv6_input+0x39
ether_input(ffff80000074b000,fffffd80a3b50900) at ether_input+0x3ad
vport_if_enqueue(ffff80000074b000,fffffd80a3b50900) at vport_if_enqueue+0x19
veb_port_input(ffff800000095048,fffffd80a3b50900,ecf4bbdaf7f8,ffff800000747300)
 at veb_port_input+0x5b0
ether_input(ffff800000095048,fffffd80a3b50900) at ether_input+0x100
if_input_process(ffff800000095048,ffff800022c6b938) at if_input_process+0x6f
end trace frame: 0xffff800022c6b980, count: 0
https://www.openbsd.org/ddb.html describes the minimum info required in
bug reports.  Insufficient info makes it difficult to find and fix bugs.



ddb{5}> show panic
*cpu5: pool_cache_item_magic_check: mbufpl cpu free list modified: item
addr 0x
fffffd80a420e500+24 0x6ab2245961ee985c!=0x6ab22459cd0af85c
 cpu2: uvm_fault(0xffffffff822f13a8, 0x17, 0, 2) -> e
ddb{5}>

Reply via email to