Re: "panic: ipintr no HDR" when attempting to connect OpenBSD running l2tp/IPsec

classic Classic list List threaded Threaded
9 messages Options
Reply | Threaded
Open this post in threaded view
|

Re: "panic: ipintr no HDR" when attempting to connect OpenBSD running l2tp/IPsec

Mike Belopuhov-5
On Thu, Dec 03, 2015 at 11:46 +0000, Sevan / Venture37 wrote:

> Hi,
> I ran into this issue last night when I was testing out a trivial VPN
> config & assumed it may have been related to virtualbox but I've just
> replicated it on a ThinkPad X60s.
>
> panic: ipintr no HDR
> Stopped at Debugger+0x7: leave
> Tid PID UID PRFLAGS PFLAGS CPU COMMAND
> 21363 21363 82 0x10 0 1 npppd
> Debugger ( ) at Debugger+0x7
> panic( ) at panic+0x71
> ipintr( ) at ipintr+0x34
> netintr( ) at netintr+0x78
> softintr_dispatch(1) at softintr_dispatch+0x5f
> Xsoftnet() at Xsoftnet+0x12
>
> screenshots from a -current #1575 running an a guest
> http://sevan.sdf.org/trace-58current.png
> http://sevan.sdf.org/ps1.png
> http://sevan.sdf.org/ps2.png
> http://sevan.sdf.org/ps3.png
>
> Confirmed issue on 5.8-RELEASE amd64, the -current snapshot from
> yesterday #1575 (2/12/2015) (SP kernel) on virtualbox 5 and the i386
> snapshot from 14/11/2015 #1378 (SMP kernel) on a ThinkPad X60s.
>
> In each case no changes were made to the default OpenBSD install other
> than assigning a IP address to network interface, adding a user to
> /etc/npppd/nppd-users & adding a ipsec.conf.
>
> ipsec.conf:
> ike passive esp transport proto udp from 1.2.3.4 to any port 1701 \
> main auth "hmac-sha1" enc "3des" group modp1024 psk "password".
>
> (have to use these crypto settings because it's not possible to
> connect from a manually configured VPN on OS X otherwise, it's just
> for my testing purposes to "succeed", not what's used in production).
>
> Run:
> isakmpd -K
> ipsecctl -f /etc/ipsec.conf
> npppd
>
> On OS X (tested with 10.11.1)
> System Preferences > Network, add a L2TP over IPsec VPN, fill in the
> username, password & psk. hit connect.
>
> Upon establishing a connecting succesfully, OS X will start the timer
> & display the I/O indicator at which point OpenBSD will have panicked.
>
>
>
> Sevan / Venture37
>

Hi Sevan!

Please try this diff below.  Hopefully it will tell us where does this
packet come from.

diff --git sys/net/if.c sys/net/if.c
index 2d8aedc..ba02a9f 100644
--- sys/net/if.c
+++ sys/net/if.c
@@ -670,10 +670,12 @@ if_input_local(struct ifnet *ifp, struct mbuf *m, sa_family_t af)
  printf("%s: can't handle af%d\n", ifp->if_xname, af);
  m_freem(m);
  return (EAFNOSUPPORT);
  }
 
+ if ((m->m_flags & M_PKTHDR) == 0)
+ panic("no HDR: %s", __func__);
  if (niq_enqueue(ifq, m) != 0)
  return (ENOBUFS);
 
  ifp->if_ipackets++;
  ifp->if_ibytes += m->m_pkthdr.len;
diff --git sys/net/if_ethersubr.c sys/net/if_ethersubr.c
index 9b4e7ad..bdeb81a 100644
--- sys/net/if_ethersubr.c
+++ sys/net/if_ethersubr.c
@@ -455,10 +455,12 @@ decapsulate:
  default:
  goto dropanyway;
  }
  }
 
+ if ((m->m_flags & M_PKTHDR) == 0)
+ panic("no HDR: %s", __func__);
  niq_enqueue(inq, m);
  return (1);
 dropanyway:
  m_freem(m);
  return (1);
diff --git sys/net/if_pppx.c sys/net/if_pppx.c
index fd87512..7523901 100644
--- sys/net/if_pppx.c
+++ sys/net/if_pppx.c
@@ -381,10 +381,12 @@ pppxwrite(dev_t dev, struct uio *uio, int ioflag)
  default:
  m_freem(top);
  return (EAFNOSUPPORT);
  }
 
+ if ((m->m_flags & M_PKTHDR) == 0)
+ panic("no HDR: %s", __func__);
  if (niq_enqueue(ifq, m) != 0)
  return (ENOBUFS);
 
  return (error);
 }
diff --git sys/net/pipex.c sys/net/pipex.c
index ae36c52..f42adae 100644
--- sys/net/pipex.c
+++ sys/net/pipex.c
@@ -1144,10 +1144,12 @@ pipex_ip_input(struct mbuf *m0, struct pipex_session *session)
 #if NBPFILTER > 0
  if (ifp->if_bpf)
  bpf_mtap_af(ifp->if_bpf, AF_INET, m0, BPF_DIRECTION_IN);
 #endif
 
+ if ((m0->m_flags & M_PKTHDR) == 0)
+ panic("no HDR: %s", __func__);
  if (niq_enqueue(&ipintrq, m0) != 0) {
  ifp->if_collisions++;
  goto dropped;
  }
 
diff --git sys/netinet/ipsec_input.c sys/netinet/ipsec_input.c
index fe0ee48..11a7e22 100644
--- sys/netinet/ipsec_input.c
+++ sys/netinet/ipsec_input.c
@@ -759,10 +759,12 @@ esp4_input_cb(struct mbuf *m, ...)
 {
  /*
  * Interface pointer is already in first mbuf; chop off the
  * `outer' header and reschedule.
  */
+ if ((m->m_flags & M_PKTHDR) == 0)
+ panic("no HDR: %s", __func__);
  if (niq_enqueue(&ipintrq, m) != 0) {
  espstat.esps_qfull++;
  DPRINTF(("esp4_input_cb(): dropped packet because of full "
     "IP queue\n"));
  return ENOBUFS;

Reply | Threaded
Open this post in threaded view
|

Re: "panic: ipintr no HDR" when attempting to connect OpenBSD running l2tp/IPsec

Sevan / Venture37-2
Hi Mike,

On 03/12/2015 14:20, Mike Belopuhov wrote:
> Please try this diff below.  Hopefully it will tell us where does this
> packet come from.

I checked out current src/sys from sthen's mirror, the sys/net/if.c line
numbers didn't match what I had in the checkout but manually made the
necessary changes.

panic: no HDR: pppxwrite
tid pid uid prflags pflags cpu command
10059 10059 82 0x10 0 0 npppd
Debugger () at Debugger+0x7
panic() at panic+0x71
pppxwrite() at pppxwrite+0x225
spec_write() at spec_write+0xaf
VOP_WRITE() at VOP_WRITE+0x42
vn_write() at vn_write+0x92
dofilewritev() at dofilewritev+0x1c6
sys_writev() at sys_writev+0x71
syscall at syscall+0x36a
--- syscall (number 1694498826) ---
0x14:

Photo of the panic message
http://sevan.sdf.org/x60s-panic1.jpg
Need output from ps?


Sevan

Reply | Threaded
Open this post in threaded view
|

Re: "panic: ipintr no HDR" when attempting to connect OpenBSD running l2tp/IPsec

Alexander Bluhm
On Thu, Dec 03, 2015 at 03:09:37PM +0000, Sevan / Venture37 wrote:
> panic: no HDR: pppxwrite

Please try this (untested)

bluhm

Index: net/if_pppx.c
===================================================================
RCS file: /data/mirror/openbsd/cvs/src/sys/net/if_pppx.c,v
retrieving revision 1.46
diff -u -p -r1.46 if_pppx.c
--- net/if_pppx.c 20 Nov 2015 05:31:24 -0000 1.46
+++ net/if_pppx.c 3 Dec 2015 15:44:11 -0000
@@ -383,7 +383,7 @@ pppxwrite(dev_t dev, struct uio *uio, in
  return (EAFNOSUPPORT);
  }
 
- if (niq_enqueue(ifq, m) != 0)
+ if (niq_enqueue(ifq, top) != 0)
  return (ENOBUFS);
 
  return (error);

Reply | Threaded
Open this post in threaded view
|

Re: "panic: ipintr no HDR" when attempting to connect OpenBSD running l2tp/IPsec

Mike Belopuhov-5
On 3 December 2015 at 16:46, Alexander Bluhm <[hidden email]> wrote:
> On Thu, Dec 03, 2015 at 03:09:37PM +0000, Sevan / Venture37 wrote:
>> panic: no HDR: pppxwrite
>
> Please try this (untested)
>

this looks correct.

Reply | Threaded
Open this post in threaded view
|

Re: "panic: ipintr no HDR" when attempting to connect OpenBSD running l2tp/IPsec

Sevan / Venture37-2
In reply to this post by Alexander Bluhm


On 03/12/2015 15:46, Alexander Bluhm wrote:
> Please try this (untested)
>
> bluhm

Still crashes.
http://sevan.sdf.org/x60s-panic2.jpg



Sevan

Reply | Threaded
Open this post in threaded view
|

Re: "panic: ipintr no HDR" when attempting to connect OpenBSD running l2tp/IPsec

Sevan / Venture37-2
In reply to this post by Mike Belopuhov-5


On 03/12/2015 16:08, Mike Belopuhov wrote:
> this looks correct.

I applied Alexander's patch on top of yours.
Still crashed.


Sevan

Reply | Threaded
Open this post in threaded view
|

Re: "panic: ipintr no HDR" when attempting to connect OpenBSD running l2tp/IPsec

Alexander Bluhm
On Thu, Dec 03, 2015 at 04:14:08PM +0000, Sevan / Venture37 wrote:
>
>
> On 03/12/2015 16:08, Mike Belopuhov wrote:
> > this looks correct.
>
> I applied Alexander's patch on top of yours.
> Still crashed.

That's because Mike's patch got the same bug by copy@pase.
So we could see what is going on.

+       if ((m->m_flags & M_PKTHDR) == 0)
+               panic("no HDR: %s", __func__);
        if (niq_enqueue(ifq, m) != 0)
                return (ENOBUFS);

So either you change both "m" to "top" or you only use my fix of
niq_enqueue().  This should work:

        if ((top->m_flags & M_PKTHDR) == 0)
                panic("no HDR: %s", __func__);
        if (niq_enqueue(ifq, top) != 0)
                return (ENOBUFS);

bluhm

Reply | Threaded
Open this post in threaded view
|

Re: "panic: ipintr no HDR" when attempting to connect OpenBSD running l2tp/IPsec

Sevan / Venture37-2


On 03/12/2015 16:22, Alexander Bluhm wrote:
> That's because Mike's patch got the same bug by copy@pase.

Ah, ok :)
Confirmed, with the amended you suggested, OpenBSD no longer panics when
I establish a connection.


Sevan

Reply | Threaded
Open this post in threaded view
|

Re: "panic: ipintr no HDR" when attempting to connect OpenBSD running l2tp/IPsec

Alexander Bluhm
On Thu, Dec 03, 2015 at 04:40:07PM +0000, Sevan / Venture37 wrote:
> Confirmed, with the amended you suggested, OpenBSD no longer panics when
> I establish a connection.

I have commited the fix.  Thanks for testing.

bluhm