OpenSolaris

Printable Version Enter a New Search
Bug ID 6601771
Synopsis ipfil_sendpkt causes panic with punchin
State 10-Fix Delivered (Fix available in build)
Category:Subcategory kernel:tcp-ip
Keywords punchin
Responsible Engineer Sangeeta Misra
Reported Against snv_66 , snv_71
Duplicate Of
Introduced In solaris_nevada
Commit to Fix snv_76
Fixed In snv_76
Release Fixed solaris_nevada(snv_76)
Related Bugs
Submit Date 6-September-2007
Last Update Date 29-October-2007
Description 
Using IPfilter and punchin causes panic.
Specifically, IPfilter with rules that inject packets, such as sending rst or icmp destination unreachable.

###########################################################################
# Reset/Error for TCP/UDP services, send back TCP-Reset or
# Network unreachable to attempts to initiate connections
###########################################################################
block return-rst in log proto tcp from any to any flags S/SA
block return-icmp(port-unr) in log proto udp from any to any


The stack trace is as follows:

> ::status
debugging crash dump vmcore.1 (32-bit) from helios
operating system: 5.11 snv_71 (i86pc)
panic message: 
BAD TRAP: type=e (#pf Page fault) rp=d25ecec0 addr=68 occurred in module
"unix" 
due to a NULL pointer dereference
dump content: kernel pages only
> > $c
mutex_enter+0xd(d50631e0, d690d208, 0, 0)
ipfil_sendpkt+0x2dc(d25ed03c, d50631e0, 5, 0)
ip_inject_impl+0x777(3, d25ed038, 0, d2aba000)
ip_inject+0x19(3, d25ed038, d946cf08)
net_inject+0x17(d2501568, 3, d25ed038)
fr_fastroute+0x26b(d50631e0, d25ed294, d25ed190, 0)
fr_send_ip+0x1a2(d25ed2b4, d50631e0, d25ed294)
fr_send_reset+0x208(d25ed2b4)
fr_check+0x54c(dac335ac, 14, 5, 0, d25ed3bc, d25ed4ac)
ipf_hook+0xc1(d25ed45c, 0, 0, d946cf08)
ipf_hook_in+0x15(d2ba3280, d25ed45c, d946cf08)
hook_run+0xc3(d2ba3280, d25ed45c, d946cf08)
ip_input+0x2c9(d84d9614, 0, 0, 0)
ip_rput+0xfc(deb1ca10, edddfb60)
putnext+0x1bc(e71e9768, edddfb60)
tun_rdata_v4+0x469(e71e9768, d4f36a80, 0, d8450a80)
tun_rdata+0x15b(e71e9768, d4f36a80, edddfb60, d8450a80, 4)
tun_rproc+0x107(e71e9768, d4f36a80)
tun_rput+0x26(e71e9768, d4f36a80)
putnext+0x1bc(eff22038, d4f36a80)
ip_fanout_proto+0x7c0(de8915b8, edddfb60, d873b014, dac33598, d, 1)
ip_proto_input+0xb39(de8915b8, edddfb60, dac33598, d690dc08, d873b014)
ip_fanout_proto_again+0x293(d4f36a80, d873b014, d873b014, d690dc08)
ip_proto_input+0x984(de8915b8, d797c520, e409a440, d690dc08, d873b014)
ip_input+0x8c0(d873b014, 0, 0, 0)
ip_rput+0xfc(de8915b8, d797c520)
put+0x173(de8915b8, d797c520)
natty_rput_pkt+0x2f3(e8799768, dfce31e0)
natty_rput_other+0xaf(e8799768, dfce31e0)
natty_rput+0x34(e8799768, dfce31e0)
putnext+0x1bc(de906cd8, dfce31e0)
udp_input+0xe9e(deb0d840, dfce31e0)
udp_input_wrapper+0x14(deb0d840, d4ce6540, d2b98ec0)
udp_conn_recv+0x48(deb0d840, d4ce6540)
ip_udp_input+0x6c6(de8915b8, d4ce6540, d4cbc024, d690dc08, d873b014)
ip_input+0x888(d873b014, de8d4020, 0, d25edcac)
i_dls_link_rx+0x250(d5fa6e20, de8d4020, d4ce6540)
mac_rx+0x53(d5fa7e78, de8d4020, d4ce6540)
e1000g_intr_pciexpress+0xc5(d2d90000, 0)
av_dispatch_autovect+0x69(18)
dispatch_hardint+0x1a(18, 0)
switch_sp_and_call+0xf(d25edddc, fe816cd0, 18, 0)
do_interrupt+0x7c(d24c2d38, d25c0a00)
_interrupt+0x59()
i86_mwait+0xc(0, 0)
cpu_idle_mwait+0xc6()
idle+0xde(0, 0)                       
thread_start+8()
Work Around 
N/A
Comments 
N/A