NetBSD Problem Report #55403
From mlelstv@tazz.1st.de Sat Jun 20 15:31:59 2020
Return-Path: <mlelstv@tazz.1st.de>
Received: from mail.netbsd.org (mail.netbsd.org [199.233.217.200])
(using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits))
(Client CN "mail.NetBSD.org", Issuer "mail.NetBSD.org CA" (not verified))
by mollari.NetBSD.org (Postfix) with ESMTPS id 54C861A9217
for <gnats-bugs@gnats.NetBSD.org>; Sat, 20 Jun 2020 15:31:59 +0000 (UTC)
Message-Id: <20200620152621.B5F07CCAE7@tazz.1st.de>
Date: Sat, 20 Jun 2020 17:26:21 +0200 (CEST)
From: mlelstv@serpens.de
Reply-To: mlelstv@serpens.de
To: gnats-bugs@NetBSD.org
Subject: npfctl miscompiles IPv6 rules
X-Send-Pr-Version: 3.95
>Number: 55403
>Notify-List: kim
>Category: bin
>Synopsis: npfctl miscompiles IPv6 rules
>Confidential: no
>Severity: critical
>Priority: medium
>Responsible: rmind
>State: open
>Class: sw-bug
>Submitter-Id: net
>Arrival-Date: Sat Jun 20 15:35:00 +0000 2020
>Last-Modified: Sun Dec 13 10:17:37 +0000 2020
>Originator: Michael van Elst
>Release: NetBSD 9.99.64
>Organization:
>Environment:
System: NetBSD tazz 9.99.64 NetBSD 9.99.64 (GENERIC) #2: Sun May 31 21:57:01 UTC 2020 mlelstv@slowpoke:/scratch2/obj.amd64/scratch/netbsd-current/src/sys/arch/amd64/compile/GENERIC amd64
Architecture: x86_64
Machine: amd64
>Description:
The byte code generated from the configuration:
$primary_if = lo0
$list = { fe80::1, fe80::2 }
group "primary" on $primary_if {
pass in final family inet6 proto tcp from $list
}
is mis-compiled to
(000) ld M[0]
(001) jeq #0x6 jt 2 jf 22
(002) ld M[2]
(003) jeq #0x6 jt 4 jf 22
(004) ld [8]
(005) jeq #0xfe800000 jt 21 jf 6
(006) ld [12]
(007) jeq #0x0 jt 21 jf 8
(008) ld [16]
(009) jeq #0x0 jt 21 jf 10
(010) ld [20]
(011) jeq #0x1 jt 21 jf 12
(012) ld [8]
(013) jeq #0xfe800000 jt 21 jf 14
(014) ld [12]
(015) jeq #0x0 jt 21 jf 16
(016) ld [16]
(017) jeq #0x0 jt 21 jf 18
(018) ld [20]
(019) jeq #0x2 jt 21 jf 20
(020) ret #0
(021) ret #-1
(022) ret #0
The match succeeds when any single 32bit word of the address matches.
The same with just a single address compiles correctly.
$primary_if = lo0
$list = { fe80::1 }
group "primary" on $primary_if {
pass in final family inet6 proto tcp from $list
}
is compiled to
(000) ld M[0]
(001) jeq #0x6 jt 2 jf 13
(002) ld M[2]
(003) jeq #0x6 jt 4 jf 13
(004) ld [8]
(005) jeq #0xfe800000 jt 6 jf 13
(006) ld [12]
(007) jeq #0x0 jt 8 jf 13
(008) ld [16]
(009) jeq #0x0 jt 10 jf 13
(010) ld [20]
(011) jeq #0x1 jt 12 jf 13
(012) ret #-1
(013) ret #0
The compiler generates code for an AND condition, i.e.
match family
AND match protocol
AND match word1 of address
AND match word2 of address
AND match word3 of address
AND match word4 of address
-> success
When compiling a list of addresses the code is inverted
to produce an OR condition. For IPv4 that's fine. I.e.
match word1 of address1
AND match word1 of address2
is inverted to
NOT match word1 of address1
AND NOT match word1 of address2
-> failure
But for IPv6, each word match is treated individually as
match word1 of address1
AND match word2 of address1
AND match word3 of address1
AND match word4 of address1
AND match word1 of address2
AND match word2 of address2
AND match word3 of address2
AND match word4 of address2
-> success
is inverted to
NOT match word1 of address1
AND NOT match word2 of address1
AND NOT match word3 of address1
AND NOT match word4 of address1
AND NOT match word1 of address2
AND NOT match word2 of address2
AND NOT match word3 of address2
AND NOT match word4 of address2
-> failure
And that's obviously wrong.
>How-To-Repeat:
Build a rule that matches against a list of IPv6 addresses.
>Fix:
Split the rule into matches against single IPv6 addresses or use a table lookup.
>Release-Note:
>Audit-Trail:
Responsible-Changed-From-To: bin-bug-people->rmind
Responsible-Changed-By: rmind@NetBSD.org
Responsible-Changed-When: Sat, 20 Jun 2020 17:37:59 +0000
Responsible-Changed-Why:
Take.
>Unformatted:
(Contact us)
$NetBSD: query-full-pr,v 1.46 2020/01/03 16:35:01 leot Exp $
$NetBSD: gnats_config.sh,v 1.9 2014/08/02 14:16:04 spz Exp $
Copyright © 1994-2020
The NetBSD Foundation, Inc. ALL RIGHTS RESERVED.