DragonFly bugs List (threaded) for 2010-11
[issue1914] warning: nested extern declaration of 'lwkt_replymsg'

From: Stephane Russell
Date: Sun, 28 Nov 2010 20:41:15 +0000
Date: Sun, 28 Nov 2010 20:41:15 +0000

Stephane Russell <srussell@prodigeinfo.com> added the comment:

I tried to go further with pf. I started to test some firewall functionalities
to reimplement my ipfw firewall. The natting is working well. But DFBSD crashes
when I activate some type of filtering. Here is my last configuration file:

1  table <crackers> persist file "/etc/pf/crackers.db"
2  table <volume> persist file "/etc/pf/volume.db"
3  set skip on lo0
4  scrub in
5  nat on $ext_if from $lan_net -> ($ext_if)
6  #block in
7  block in quick from urpf-failed
8  block in quick on ext_if from <crackers>
9  block out quick on ext_if to <volume> 
10 pass in  on $int_if from $lan_net
11 pass out on $int_if to $lan_net
12 pass out on $ext_if proto { tcp udp icmp } all modulate state

This configuration causes a page fault. I didn't activate the line 6 yet,
because I wanted to test pass rules before closing everything. When the line 12
is commented, everything seems to work fine. But when I activate it, DFBSD
crashes with this message (copied by hand):

Fatal trap 12: page fault while in kernel mode
fault virtual address = 0x3e
fault code = supervisor read, page not present
instruction pointer = 0x8:0xc03a5ee2
stack pointer = 0x10:0xc7d4e9a4
frame pointer = 0x10:0xc7d4ea18
code segment = base 0x0, limit 0xffffff, type 0x16
             = DPL 0, pres 1, def 32 1, gran 1
processor eflags = interrupt enabled, resume, 10PL = 0
currentthread = pri 12

kernel:type 12 trap, code=0
Stopped at pf_new_inst 0x2e: cmpb $0x1,0x3e(%ebx)

