Crash with GRE und IPFW fwd

[Andrey V. Elsukov]

On 28.05.2015 02:42, Julian Kornberger wrote:
> Fatal trap 12: page fault while in kernel mode
> cpuid = 0; apic id = 00
> fault virtual address   = 0x7c
> fault code              = supervisor read data, page not present
> instruction pointer     = 0x20:0xffffffff80a58105
> stack pointer           = 0x28:0xfffffe00957335e0
> frame pointer           = 0x28:0xfffffe00957336e0
> code segment            = base 0x0, limit 0xfffff, type 0x1b
>                         = DPL 0, pres 1, long 1, def32 0, gran 1
> processor eflags        = interrupt enabled, resume, IOPL = 0
> current process         = 1707 (tcpmssd)
> trap number             = 12
> panic: page fault
> cpuid = 0
> KDB: stack backtrace:
> #0 0xffffffff80963000 at kdb_backtrace+0x60
> #1 0xffffffff80928125 at panic+0x155
> #2 0xffffffff80d258df at trap_fatal+0x38f
> #3 0xffffffff80d25bf8 at trap_pfault+0x308
> #4 0xffffffff80d2525a at trap+0x47a
> #5 0xffffffff80d0b142 at calltrap+0x8
> #6 0xffffffff81a15797 at gre_output+0x467
> #7 0xffffffff80a59024 at ip_output+0x11b4
> #8 0xffffffff819b257a at div_send+0x33a

Just noticed, you use ip_divert(4). gre(4) uses mbuf_tag to prevent
infinity loop and stack exhausting. When packet goes through ip_divert,
it loses this tag. You need to check your rules and avoid applying
divert rules to GRE packets. Also you can use some netgraph based tcpmss
implementation.

-- 
WBR, Andrey V. Elsukov

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 538 bytes
Desc: OpenPGP digital signature
URL: <http://lists.freebsd.org/pipermail/freebsd-net/attachments/20150528/674bf923/attachment.sig>