[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
kernel/3736: Loop prevention in PF
- To: gnats@openbsd.org
- Subject: kernel/3736: Loop prevention in PF
- From: iss@iface.ru
- Date: Mon, 5 Apr 2004 19:12:56 +0600 (YEKST)
- Resent-Date: Mon, 5 Apr 2004 07:35:03 -0600 (MDT)
- Resent-From: gnats@cvs.openbsd.org (GNATS Filer)
- Resent-Message-Id: <200404051335.i35DZ3ax000443@cvs.openbsd.org>
- Resent-Reply-To: gnats@cvs.openbsd.org, iss@iface.ru
- Resent-To: bugs@cvs.openbsd.org
>Number: 3736
>Category: kernel
>Synopsis: OpenBSD freezes on loops in PF rules (priority 0 at i386)
>Confidential: yes
>Severity: critical
>Priority: medium
>Responsible: bugs
>State: open
>Quarter:
>Keywords:
>Date-Required:
>Class: sw-bug
>Submitter-Id: net
>Arrival-Date: Mon Apr 05 13:30:01 GMT 2004
>Closed-Date:
>Last-Modified:
>Originator: Ivan S. Solonin
>Release: 3.4
>Organization:
TM systems
>Environment:
System : OpenBSD 3.4
Architecture: OpenBSD.i386
Machine : i386
>Description:
When redirecting connections on loopback interface occur (may be on
another, I don't test this on other interfaces) ending of TCP connection
breaks kernel to loop at highest priority (mashine freezes, no logs
or dumps can be produced for analize, only cold reboot (RESET) helps). This may
occur when ending processes, which has connections from lo0 and to lo0
(127.0.0.1:53674 -> 127.0.0.1:3128), for example.
>How-To-Repeat:
This error may be invoked by:
starting httpd with wrong httpd.conf (not syntax, only parameters);
ending Squid after some work (about 30 min) by command "squid -k interrupt";
rotating Squid logs by command "squid -k rotate";
by using this special test rules in pf.conf:
table <a_ifs> const { self }
pass out route-to lo0 from <a_ifs> to ! <a_ifs>
or similar
>Fix:
My knowledge of OpenBSD is not enough to provide correct source
patch, but I can see solution in loop prevention
>Release-Note:
>Audit-Trail:
>Unformatted: