[LOR]: IPFW static rules against udp

From: Andre Guibert de Bruet (andy_at_siliconlandmark.com)
Date: 12/23/03

  • Next message: Alfred Perlstein: "em0 watchdog timeouts" 
    Date: Tue, 23 Dec 2003 14:25:59 -0500 (EST)
To: current@freebsd.org

    lock order reversal
     1st 0xc081af48 IPFW static rules (IPFW static rules) @
    netinet/ip_fw2.c:1547
     2nd 0xc081bd8c udp (udp) @ netinet/ip_fw2.c:1319
    Stack backtrace:
    backtrace(c0770519,c081bd8c,c077681a,c077681a,c0776da2) at backtrace+0x17
    witness_lock(c081bd8c,8,c0776da2,527,8ff3) at witness_lock+0x671
    _mtx_lock_flags(c081bd8c,0,c0776d99,527,c0584532) at _mtx_lock_flags+0xb2
    check_uidgid(caa86564,11,ca862000,9804fa0,829b) at check_uidgid+0x6c
    ipfw_chk(e91acaf8,2,22,e91acac0,0) at ipfw_chk+0x468
    ip_output(c6907d00,0,0,22,0,cb11d438) at ip_output+0xa40
    rip_output(c6907d00,cb1f1d20,9804fa0,2cf,c6907d00) at rip_output+0x1b5
    rip_send(cb1f1d20,0,c6907d00,cef10e00,0) at rip_send+0xf7
    sosend(cb1f1d20,cef10e00,e91acc4c,c6907d00,0) at sosend+0x48d
    kern_sendit(caa7fc80,7,e91accc4,0,0) at kern_sendit+0x170
    sendit(caa7fc80,7,e91accc4,0,8053028) at sendit+0x16e
    sendto(caa7fc80,e91acd14,c078c176,3ee,6) at sendto+0x5b
    syscall(2f,2f,2f,1,8051030) at syscall+0x292
    Xint0x80_syscall() at Xint0x80_syscall+0x1d
    --- syscall (133), eip = 0x280c7d4f, esp = 0xbfbfeb9c, ebp = 0xbfbfebc8 ---

    I have previously not seen this LOR on this system. Mind you, this is the
    first time that I've tried using uid/gid matching in ipfw. The rule that i
    was trying to add was:
    ipfw add 65000 allow ip from any to any uid root

    This system is (world and kernel in sync):
    FreeBSD bling.home 5.2-CURRENT FreeBSD 5.2-CURRENT #0: Fri Dec 12 18:30:26
    EST 2003 root@bling.home:/usr/src/sys/i386/compile/BLING i386

    Kernel options that differ from a slimmed down GENERIC:
    options ADAPTIVE_MUTEXES
    options CPU_ENABLE_SSE
    options IPFIREWALL
    options IPFIREWALL_VERBOSE
    options IPFIREWALL_VERBOSE_LIMIT=0
    options IPSEC
    Sptions IPV6FIREWALL
    options IPV6FIREWALL_VERBOSE
    options IPV6FIREWALL_VERBOSE_LIMIT=0
    options QUOTA
    options RANDOM_IP_ID
    options SC_ALT_MOUSE_IMAGE
    options SC_HISTORY_SIZE=4096
    options SC_PIXEL_MODE
    options VESA
    options VGA_WIDTH90
    options ZERO_COPY_SOCKETS

    Any ideas?

    > Andre Guibert de Bruet | Enterprise Software Consultant >
    > Silicon Landmark, LLC. | http://siliconlandmark.com/ >
    _______________________________________________
    freebsd-current@freebsd.org mailing list
    http://lists.freebsd.org/mailman/listinfo/freebsd-current
    To unsubscribe, send any mail to "freebsd-current-unsubscribe@freebsd.org"

  • Next message: Alfred Perlstein: "em0 watchdog timeouts"