NetBSD Problem Report #52353
From dmb@yenn.ulegend.net Sat Jul 1 13:37:31 2017
Return-Path: <dmb@yenn.ulegend.net>
Received: from mail.netbsd.org (mail.netbsd.org [199.233.217.200])
(using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits))
(Client CN "mail.netbsd.org", Issuer "Postmaster NetBSD.org" (verified OK))
by mollari.NetBSD.org (Postfix) with ESMTPS id B708E7A1FA
for <gnats-bugs@gnats.NetBSD.org>; Sat, 1 Jul 2017 13:37:31 +0000 (UTC)
Message-Id: <20170701133724.D9B1C5E04@yenn.ulegend.net>
Date: Sat, 1 Jul 2017 13:37:24 +0000 (UTC)
From: dmb@yenn.ulegend.net
Reply-To: dmb@yenn.ulegend.net
To: gnats-bugs@NetBSD.org
Subject: [netbsd-8] A crash in icmpv6 code (?)
X-Send-Pr-Version: 3.95
>Number: 52353
>Category: kern
>Synopsis: NetBSD 8 kernel crashed after a few days of uptime, possibly ICMPv6 kernel code involved
>Confidential: no
>Severity: serious
>Priority: medium
>Responsible: kern-bug-people
>State: closed
>Class: sw-bug
>Submitter-Id: net
>Arrival-Date: Sat Jul 01 13:40:00 +0000 2017
>Closed-Date: Thu Aug 17 18:56:44 +0000 2017
>Last-Modified: Thu Aug 17 18:56:44 +0000 2017
>Originator: Dominik Bialy
>Release: NetBSD 8.0_BETA
>Organization:
Underlegend Networks
>Environment:
System: NetBSD yenn 8.0_BETA NetBSD 8.0_BETA (YENN) #6: Mon Jun 26 08:49:07 UTC 2017 builds@yenn:/var/obj/sys/arch/amd64/compile/YENN amd64
Architecture: x86_64
Machine: amd64
>Description:
yenn# crash -M netbsd.3.core -N netbsd.3
Crash version 8.0_BETA, image version 8.0_BETA.
System panicked: in6_cksum: mbuf too short for IPv6 header
Backtrace from time of crash is available.
crash> bt
_KERNEL_OPT_NARCNET() at 0
?() at fffffe80a11bcc00
vpanic() at vpanic+0x149
snprintf() at snprintf
in6_cksum() at in6_cksum+0x1a2
_icmp6_input() at _icmp6_input+0xb4
wqinput_work() at wqinput_work+0x88
workqueue_worker() at workqueue_worker+0xbc
yes, IPv6 is via gif(4), but _before_ the patch for MP-fy
>How-To-Repeat:
possibly ping the machine for some time (?) with IPv6 on a gif(4) (?)
>Fix:
I don't know
>Release-Note:
>Audit-Trail:
From: Kengo NAKAHARA <k-nakahara@iij.ad.jp>
To: gnats-bugs@NetBSD.org, kern-bug-people@netbsd.org, gnats-admin@netbsd.org,
netbsd-bugs@netbsd.org
Cc:
Subject: Re: kern/52353: [netbsd-8] A crash in icmpv6 code (?)
Date: Mon, 3 Jul 2017 08:33:32 +0900
Hi,
On 2017/07/01 22:40, dmb@yenn.ulegend.net wrote:
> System: NetBSD yenn 8.0_BETA NetBSD 8.0_BETA (YENN) #6: Mon Jun 26 08:49:07 UTC 2017 builds@yenn:/var/obj/sys/arch/amd64/compile/YENN amd64
It seems you use other than GENERIC kernel config.Could you show your
kernel config?
> Architecture: x86_64
> Machine: amd64
>> Description:
> yenn# crash -M netbsd.3.core -N netbsd.3
> Crash version 8.0_BETA, image version 8.0_BETA.
> System panicked: in6_cksum: mbuf too short for IPv6 header
> Backtrace from time of crash is available.
> crash> bt
> _KERNEL_OPT_NARCNET() at 0
> ?() at fffffe80a11bcc00
> vpanic() at vpanic+0x149
> snprintf() at snprintf
> in6_cksum() at in6_cksum+0x1a2
> _icmp6_input() at _icmp6_input+0xb4
> wqinput_work() at wqinput_work+0x88
> workqueue_worker() at workqueue_worker+0xbc
>
> yes, IPv6 is via gif(4), but _before_ the patch for MP-fy
>> How-To-Repeat:
> possibly ping the machine for some time (?) with IPv6 on a gif(4) (?)
Which do you use IPv6 over IPv6 or IPv6 over IPv4?
Thanks,
--
//////////////////////////////////////////////////////////////////////
Internet Initiative Japan Inc.
Device Engineering Section,
IoT Platform Development Department,
Network Division,
Technology Unit
Kengo NAKAHARA <k-nakahara@iij.ad.jp>
From: Dominik Bialy <dmb@yenn.ulegend.net>
To: gnats-bugs@NetBSD.org
Cc: kern-bug-people@netbsd.org, gnats-admin@netbsd.org,
netbsd-bugs@netbsd.org, dmb@yenn.ulegend.net
Subject: Re: kern/52353: [netbsd-8] A crash in icmpv6 code (?)
Date: Mon, 3 Jul 2017 05:30:15 +0200
On Sun, Jul 02, 2017 at 11:35:01PM +0000, Kengo NAKAHARA wrote:
> The following reply was made to PR kern/52353; it has been noted by GNATS.
>
> From: Kengo NAKAHARA <k-nakahara@iij.ad.jp>
> To: gnats-bugs@NetBSD.org, kern-bug-people@netbsd.org, gnats-admin@netbsd.org,
> netbsd-bugs@netbsd.org
> Cc:
> Subject: Re: kern/52353: [netbsd-8] A crash in icmpv6 code (?)
> Date: Mon, 3 Jul 2017 08:33:32 +0900
>
> Hi,
>
> On 2017/07/01 22:40, dmb@yenn.ulegend.net wrote:
> > System: NetBSD yenn 8.0_BETA NetBSD 8.0_BETA (YENN) #6: Mon Jun 26 08:49:07 UTC 2017 builds@yenn:/var/obj/sys/arch/amd64/compile/YENN amd64
>
> It seems you use other than GENERIC kernel config.Could you show your
> kernel config?
>
It is almost GENERIC with: GATEWAY, and altq* options added. The setup
is somewhat unusual, since I'm using ipf+pf+the old altq
Here's the config:
http://yenn.ulegend.net/~dmb/YENN
Here's dmesg.boot:
http://yenn.ulegend.net/~dmb/dmesg.boot
(The panic in this dmesg is probably unrelated.)
In altq I'm using WFQ over a 0.75 Mbps uplink.
> > Architecture: x86_64
> > Machine: amd64
> >> Description:
> > yenn# crash -M netbsd.3.core -N netbsd.3
> > Crash version 8.0_BETA, image version 8.0_BETA.
> > System panicked: in6_cksum: mbuf too short for IPv6 header
> > Backtrace from time of crash is available.
> > crash> bt
> > _KERNEL_OPT_NARCNET() at 0
> > ?() at fffffe80a11bcc00
> > vpanic() at vpanic+0x149
> > snprintf() at snprintf
> > in6_cksum() at in6_cksum+0x1a2
> > _icmp6_input() at _icmp6_input+0xb4
> > wqinput_work() at wqinput_work+0x88
> > workqueue_worker() at workqueue_worker+0xbc
> >
> > yes, IPv6 is via gif(4), but _before_ the patch for MP-fy
> >> How-To-Repeat:
> > possibly ping the machine for some time (?) with IPv6 on a gif(4) (?)
>
> Which do you use IPv6 over IPv6 or IPv6 over IPv4?
>
IPv6 over IPv4 -- he.net tunnelbroker
>
> Thanks,
>
> --
> //////////////////////////////////////////////////////////////////////
> Internet Initiative Japan Inc.
>
> Device Engineering Section,
> IoT Platform Development Department,
> Network Division,
> Technology Unit
>
> Kengo NAKAHARA <k-nakahara@iij.ad.jp>
>
Thank you for your reply
Dominik
From: Kengo NAKAHARA <k-nakahara@iij.ad.jp>
To: dmb@yenn.ulegend.net, gnats-bugs@NetBSD.org
Cc: kern-bug-people@netbsd.org, gnats-admin@netbsd.org, netbsd-bugs@netbsd.org
Subject: Re: kern/52353: [netbsd-8] A crash in icmpv6 code (?)
Date: Tue, 4 Jul 2017 14:25:25 +0900
Hi,
Thank you for your quick and detailed reply.
On 2017/07/03 12:30, Dominik Bialy wrote:
> On Sun, Jul 02, 2017 at 11:35:01PM +0000, Kengo NAKAHARA wrote:
>> The following reply was made to PR kern/52353; it has been noted by GNATS.
>>
>> From: Kengo NAKAHARA <k-nakahara@iij.ad.jp>
>> To: gnats-bugs@NetBSD.org, kern-bug-people@netbsd.org, gnats-admin@netbsd.org,
>> netbsd-bugs@netbsd.org
>> Cc:
>> Subject: Re: kern/52353: [netbsd-8] A crash in icmpv6 code (?)
>> Date: Mon, 3 Jul 2017 08:33:32 +0900
>>
>> Hi,
>>
>> On 2017/07/01 22:40, dmb@yenn.ulegend.net wrote:
>> > System: NetBSD yenn 8.0_BETA NetBSD 8.0_BETA (YENN) #6: Mon Jun 26 08:49:07 UTC 2017 builds@yenn:/var/obj/sys/arch/amd64/compile/YENN amd64
>>
>> It seems you use other than GENERIC kernel config.Could you show your
>> kernel config?
>>
> It is almost GENERIC with: GATEWAY, and altq* options added. The setup
> is somewhat unusual, since I'm using ipf+pf+the old altq
>
> Here's the config:
>
> http://yenn.ulegend.net/~dmb/YENN
>
> Here's dmesg.boot:
>
> http://yenn.ulegend.net/~dmb/dmesg.boot
>
> (The panic in this dmesg is probably unrelated.)
>
> In altq I'm using WFQ over a 0.75 Mbps uplink.
>
>> > Architecture: x86_64
>> > Machine: amd64
>> >> Description:
>> > yenn# crash -M netbsd.3.core -N netbsd.3
>> > Crash version 8.0_BETA, image version 8.0_BETA.
>> > System panicked: in6_cksum: mbuf too short for IPv6 header
>> > Backtrace from time of crash is available.
>> > crash> bt
>> > _KERNEL_OPT_NARCNET() at 0
>> > ?() at fffffe80a11bcc00
>> > vpanic() at vpanic+0x149
>> > snprintf() at snprintf
>> > in6_cksum() at in6_cksum+0x1a2
>> > _icmp6_input() at _icmp6_input+0xb4
>> > wqinput_work() at wqinput_work+0x88
>> > workqueue_worker() at workqueue_worker+0xbc
>> >
>> > yes, IPv6 is via gif(4), but _before_ the patch for MP-fy
>> >> How-To-Repeat:
>> > possibly ping the machine for some time (?) with IPv6 on a gif(4) (?)
>>
>> Which do you use IPv6 over IPv6 or IPv6 over IPv4?
>>
> IPv6 over IPv4 -- he.net tunnelbroker
Hmm, I guess there may be the issue in combination ALTQ and gif(4).
So, I try to reproduce it in my simple environment. That is,
- use two NetBSD-8 machine and connect directly their ethernet ports
- create IPv6 over IPv4 gif(4) between the two machines
- apply below WFQ to the gif(4) psrc, pdst ethernet
====================
interface wm2 bandwidth 750000 wfq
====================
- ping6 over gif(4) each other
However, I cannot reproduce it yet...
By the way, ozaki-r@n.o help me to research this issue. He also implements
a patch. Could you try below patch?
====================
diff --git a/sys/netinet6/icmp6.c b/sys/netinet6/icmp6.c
index f740932036d..3b45ba8d785 100644
--- a/sys/netinet6/icmp6.c
+++ b/sys/netinet6/icmp6.c
@@ -494,6 +494,15 @@ _icmp6_input(struct mbuf *m, int off, int proto)
goto freeit;
}
+ if (m->m_len < sizeof(struct ip6_hdr)) {
+ m = m_pullup(m, sizeof(struct ip6_hdr));
+ if (m == NULL) {
+ ICMP6_STATINC(ICMP6_STAT_TOOSHORT);
+ icmp6_ifstat_inc(rcvif, ifs6_in_error);
+ goto freeit;
+ }
+ }
+
ip6 = mtod(m, struct ip6_hdr *);
IP6_EXTHDR_GET(icmp6, struct icmp6_hdr *, m, off, sizeof(*icmp6));
if (icmp6 == NULL) {
====================
If the issue is reproduced after applying above patch, could you tell
me your detailed network configuration and ipf/pf setting?
Of course, within the range you can show with no problem.
Thanks,
--
//////////////////////////////////////////////////////////////////////
Internet Initiative Japan Inc.
Device Engineering Section,
IoT Platform Development Department,
Network Division,
Technology Unit
Kengo NAKAHARA <k-nakahara@iij.ad.jp>
From: Dominik Bialy <dmb@yenn.ulegend.net>
To: Kengo NAKAHARA <k-nakahara@iij.ad.jp>
Cc: dmb@yenn.ulegend.net, gnats-bugs@NetBSD.org, kern-bug-people@netbsd.org,
gnats-admin@netbsd.org, netbsd-bugs@netbsd.org
Subject: Re: kern/52353: [netbsd-8] A crash in icmpv6 code (?)
Date: Thu, 6 Jul 2017 15:17:37 +0200
--sdtB3X0nJg68CQEu
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
Content-Transfer-Encoding: quoted-printable
On Tue, Jul 04, 2017 at 02:25:25PM +0900, Kengo NAKAHARA wrote:
> Hi,
>=20
> Thank you for your quick and detailed reply.
>=20
> On 2017/07/03 12:30, Dominik Bialy wrote:
> > On Sun, Jul 02, 2017 at 11:35:01PM +0000, Kengo NAKAHARA wrote:
> >> The following reply was made to PR kern/52353; it has been noted by GN=
ATS.
> >>
> >> From: Kengo NAKAHARA <k-nakahara@iij.ad.jp>
> >> To: gnats-bugs@NetBSD.org, kern-bug-people@netbsd.org, gnats-admin@net=
bsd.org,
> >> netbsd-bugs@netbsd.org
> >> Cc:=20
> >> Subject: Re: kern/52353: [netbsd-8] A crash in icmpv6 code (?)
> >> Date: Mon, 3 Jul 2017 08:33:32 +0900
> >>
> >> Hi,
> >> =20
> >> On 2017/07/01 22:40, dmb@yenn.ulegend.net wrote:
> >> > System: NetBSD yenn 8.0_BETA NetBSD 8.0_BETA (YENN) #6: Mon Jun 26 =
08:49:07 UTC 2017 builds@yenn:/var/obj/sys/arch/amd64/compile/YENN amd64
> >> =20
> >> It seems you use other than GENERIC kernel config.Could you show your
> >> kernel config?
> >> =20
> > It is almost GENERIC with: GATEWAY, and altq* options added. The setup
> > is somewhat unusual, since I'm using ipf+pf+the old altq
> >=20
> > Here's the config:
> >=20
> > http://yenn.ulegend.net/~dmb/YENN
> >=20
> > Here's dmesg.boot:
> >=20
> > http://yenn.ulegend.net/~dmb/dmesg.boot
> >=20
> > (The panic in this dmesg is probably unrelated.)
> >=20
> > In altq I'm using WFQ over a 0.75 Mbps uplink.
> >=20
> >> > Architecture: x86_64
> >> > Machine: amd64
> >> >> Description:
> >> > yenn# crash -M netbsd.3.core -N netbsd.3
> >> > Crash version 8.0_BETA, image version 8.0_BETA.
> >> > System panicked: in6_cksum: mbuf too short for IPv6 header
> >> > Backtrace from time of crash is available.
> >> > crash> bt
> >> > _KERNEL_OPT_NARCNET() at 0
> >> > ?() at fffffe80a11bcc00
> >> > vpanic() at vpanic+0x149
> >> > snprintf() at snprintf
> >> > in6_cksum() at in6_cksum+0x1a2
> >> > _icmp6_input() at _icmp6_input+0xb4
> >> > wqinput_work() at wqinput_work+0x88
> >> > workqueue_worker() at workqueue_worker+0xbc
> >> >=20
> >> > yes, IPv6 is via gif(4), but _before_ the patch for MP-fy
> >> >> How-To-Repeat:
> >> > possibly ping the machine for some time (?) with IPv6 on a gif(4) =
(?)
> >> =20
> >> Which do you use IPv6 over IPv6 or IPv6 over IPv4?
> >> =20
> > IPv6 over IPv4 -- he.net tunnelbroker
>=20
> Hmm, I guess there may be the issue in combination ALTQ and gif(4).
> So, I try to reproduce it in my simple environment. That is,
> - use two NetBSD-8 machine and connect directly their ethernet ports
> - create IPv6 over IPv4 gif(4) between the two machines
> - apply below WFQ to the gif(4) psrc, pdst ethernet
> =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D
> interface wm2 bandwidth 750000 wfq
> =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D
> - ping6 over gif(4) each other
> However, I cannot reproduce it yet...
>=20
> By the way, ozaki-r@n.o help me to research this issue. He also implements
> a patch. Could you try below patch?
> =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D
> diff --git a/sys/netinet6/icmp6.c b/sys/netinet6/icmp6.c
> index f740932036d..3b45ba8d785 100644
> --- a/sys/netinet6/icmp6.c
> +++ b/sys/netinet6/icmp6.c
> @@ -494,6 +494,15 @@ _icmp6_input(struct mbuf *m, int off, int proto)
> goto freeit;
> }
> =20
> + if (m->m_len < sizeof(struct ip6_hdr)) {
> + m =3D m_pullup(m, sizeof(struct ip6_hdr));
> + if (m =3D=3D NULL) {
> + ICMP6_STATINC(ICMP6_STAT_TOOSHORT);
> + icmp6_ifstat_inc(rcvif, ifs6_in_error);
> + goto freeit;
> + }
> + }
> +
> ip6 =3D mtod(m, struct ip6_hdr *);
> IP6_EXTHDR_GET(icmp6, struct icmp6_hdr *, m, off, sizeof(*icmp6));
> if (icmp6 =3D=3D NULL) {
> =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D
>=20
> If the issue is reproduced after applying above patch, could you tell
> me your detailed network configuration and ipf/pf setting?=20
> Of course, within the range you can show with no problem.
>=20
OK, then I applied the patch, and I'm pinging the machine
for quite some time. The uptime is almost 2 days.
Close the PR? When it'd be needed it could be reopened again, no?
Dominik
--sdtB3X0nJg68CQEu
Content-Type: application/pgp-signature; name="signature.asc"
-----BEGIN PGP SIGNATURE-----
iQEcBAEBAgAGBQJZXjhxAAoJELx367HD7zyxMi4H/0QGdz6Kmtmi+yF3ohqbvdaP
nUw/S4hQFSD42AeGy8r4fLvQ2PxXZU98d6N/3mFrfrnjw93iCmfMf3wq52+BwSVD
pq73jsUOoigEZFyqLNIRFtVMEAwBvR374Vff5OASmPo88PecUM0v7pJE0ZEaHQBW
8+Ci7ErY18ALibEwYctvFDU639/aGcbDNZvILeC4g26vtovNeIv4LUT7SwYtQm93
WESHpaXZdI4b3mo90WCLPVE+d0kT9EK1gZtzeeTvOvC18hoZbUmBSa8kmY9OyPpw
APtMuanhgznYFuAfUZVw2jBQxEqwL4rL0ZnBfKzvEChd8lKGRXiihKAyt6d/qwc=
=NBRi
-----END PGP SIGNATURE-----
--sdtB3X0nJg68CQEu--
From: "Kengo NAKAHARA" <knakahara@netbsd.org>
To: gnats-bugs@gnats.NetBSD.org
Cc:
Subject: PR/52353 CVS commit: src/sys/netinet6
Date: Fri, 7 Jul 2017 00:55:16 +0000
Module Name: src
Committed By: knakahara
Date: Fri Jul 7 00:55:16 UTC 2017
Modified Files:
src/sys/netinet6: icmp6.c
Log Message:
fix PR kern/52353. implemented by ozaki-r@n.o. I just commit by proxy.
XXX need to pullup to -8.
To generate a diff of this commit:
cvs rdiff -u -r1.211 -r1.212 src/sys/netinet6/icmp6.c
Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.
From: Kengo NAKAHARA <k-nakahara@iij.ad.jp>
To: dmb@yenn.ulegend.net
Cc: gnats-bugs@NetBSD.org, kern-bug-people@netbsd.org, gnats-admin@netbsd.org,
netbsd-bugs@netbsd.org
Subject: Re: kern/52353: [netbsd-8] A crash in icmpv6 code (?)
Date: Fri, 7 Jul 2017 10:07:40 +0900
Hi,
On 2017/07/06 22:17, Dominik Bialy wrote:
> On Tue, Jul 04, 2017 at 02:25:25PM +0900, Kengo NAKAHARA wrote:
>> Hi,
>>
>> Thank you for your quick and detailed reply.
>>
>> On 2017/07/03 12:30, Dominik Bialy wrote:
>>> On Sun, Jul 02, 2017 at 11:35:01PM +0000, Kengo NAKAHARA wrote:
>>>> The following reply was made to PR kern/52353; it has been noted by GNATS.
>>>>
>>>> From: Kengo NAKAHARA <k-nakahara@iij.ad.jp>
>>>> To: gnats-bugs@NetBSD.org, kern-bug-people@netbsd.org, gnats-admin@netbsd.org,
>>>> netbsd-bugs@netbsd.org
>>>> Cc:
>>>> Subject: Re: kern/52353: [netbsd-8] A crash in icmpv6 code (?)
>>>> Date: Mon, 3 Jul 2017 08:33:32 +0900
>>>>
>>>> Hi,
>>>>
>>>> On 2017/07/01 22:40, dmb@yenn.ulegend.net wrote:
>>>> > System: NetBSD yenn 8.0_BETA NetBSD 8.0_BETA (YENN) #6: Mon Jun 26 08:49:07 UTC 2017 builds@yenn:/var/obj/sys/arch/amd64/compile/YENN amd64
>>>>
>>>> It seems you use other than GENERIC kernel config.Could you show your
>>>> kernel config?
>>>>
>>> It is almost GENERIC with: GATEWAY, and altq* options added. The setup
>>> is somewhat unusual, since I'm using ipf+pf+the old altq
>>>
>>> Here's the config:
>>>
>>> http://yenn.ulegend.net/~dmb/YENN
>>>
>>> Here's dmesg.boot:
>>>
>>> http://yenn.ulegend.net/~dmb/dmesg.boot
>>>
>>> (The panic in this dmesg is probably unrelated.)
>>>
>>> In altq I'm using WFQ over a 0.75 Mbps uplink.
>>>
>>>> > Architecture: x86_64
>>>> > Machine: amd64
>>>> >> Description:
>>>> > yenn# crash -M netbsd.3.core -N netbsd.3
>>>> > Crash version 8.0_BETA, image version 8.0_BETA.
>>>> > System panicked: in6_cksum: mbuf too short for IPv6 header
>>>> > Backtrace from time of crash is available.
>>>> > crash> bt
>>>> > _KERNEL_OPT_NARCNET() at 0
>>>> > ?() at fffffe80a11bcc00
>>>> > vpanic() at vpanic+0x149
>>>> > snprintf() at snprintf
>>>> > in6_cksum() at in6_cksum+0x1a2
>>>> > _icmp6_input() at _icmp6_input+0xb4
>>>> > wqinput_work() at wqinput_work+0x88
>>>> > workqueue_worker() at workqueue_worker+0xbc
>>>> >
>>>> > yes, IPv6 is via gif(4), but _before_ the patch for MP-fy
>>>> >> How-To-Repeat:
>>>> > possibly ping the machine for some time (?) with IPv6 on a gif(4) (?)
>>>>
>>>> Which do you use IPv6 over IPv6 or IPv6 over IPv4?
>>>>
>>> IPv6 over IPv4 -- he.net tunnelbroker
>>
>> Hmm, I guess there may be the issue in combination ALTQ and gif(4).
>> So, I try to reproduce it in my simple environment. That is,
>> - use two NetBSD-8 machine and connect directly their ethernet ports
>> - create IPv6 over IPv4 gif(4) between the two machines
>> - apply below WFQ to the gif(4) psrc, pdst ethernet
>> ====================
>> interface wm2 bandwidth 750000 wfq
>> ====================
>> - ping6 over gif(4) each other
>> However, I cannot reproduce it yet...
>>
>> By the way, ozaki-r@n.o help me to research this issue. He also implements
>> a patch. Could you try below patch?
>> ====================
>> diff --git a/sys/netinet6/icmp6.c b/sys/netinet6/icmp6.c
>> index f740932036d..3b45ba8d785 100644
>> --- a/sys/netinet6/icmp6.c
>> +++ b/sys/netinet6/icmp6.c
>> @@ -494,6 +494,15 @@ _icmp6_input(struct mbuf *m, int off, int proto)
>> goto freeit;
>> }
>>
>> + if (m->m_len < sizeof(struct ip6_hdr)) {
>> + m = m_pullup(m, sizeof(struct ip6_hdr));
>> + if (m == NULL) {
>> + ICMP6_STATINC(ICMP6_STAT_TOOSHORT);
>> + icmp6_ifstat_inc(rcvif, ifs6_in_error);
>> + goto freeit;
>> + }
>> + }
>> +
>> ip6 = mtod(m, struct ip6_hdr *);
>> IP6_EXTHDR_GET(icmp6, struct icmp6_hdr *, m, off, sizeof(*icmp6));
>> if (icmp6 == NULL) {
>> ====================
>>
>> If the issue is reproduced after applying above patch, could you tell
>> me your detailed network configuration and ipf/pf setting?
>> Of course, within the range you can show with no problem.
>>
> OK, then I applied the patch, and I'm pinging the machine
> for quite some time. The uptime is almost 2 days.
Thank you for your testing! I committed above patch to -current branch,
and sent pullup request to -8 branch. It will merge to -8 branch soon.
> Close the PR? When it'd be needed it could be reopened again, no?
Ok, I close this PR.
Thanks,
--
//////////////////////////////////////////////////////////////////////
Internet Initiative Japan Inc.
Device Engineering Section,
IoT Platform Development Department,
Network Division,
Technology Unit
Kengo NAKAHARA <k-nakahara@iij.ad.jp>
State-Changed-From-To: open->closed
State-Changed-By: knakahara@NetBSD.org
State-Changed-When: Fri, 07 Jul 2017 01:14:19 +0000
State-Changed-Why:
fixed by src/sys/netinet6/icmp6.c:r1.212
State-Changed-From-To: closed->pending-pullups
State-Changed-By: knakahara@NetBSD.org
State-Changed-When: Fri, 07 Jul 2017 01:24:13 +0000
State-Changed-Why:
nonot pullupe to -8 branch yet
From: "Martin Husemann" <martin@netbsd.org>
To: gnats-bugs@gnats.NetBSD.org
Cc:
Subject: PR/52353 CVS commit: [netbsd-8] src/sys/netinet6
Date: Fri, 7 Jul 2017 09:46:40 +0000
Module Name: src
Committed By: martin
Date: Fri Jul 7 09:46:40 UTC 2017
Modified Files:
src/sys/netinet6 [netbsd-8]: icmp6.c
Log Message:
Pull up following revision(s) (requested by knakahara in ticket #106):
sys/netinet6/icmp6.c: revision 1.212
fix PR kern/52353. implemented by ozaki-r@n.o. I just commit by proxy.
XXX need to pullup to -8.
To generate a diff of this commit:
cvs rdiff -u -r1.211 -r1.211.6.1 src/sys/netinet6/icmp6.c
Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.
State-Changed-From-To: pending-pullups->closed
State-Changed-By: jdolecek@NetBSD.org
State-Changed-When: Thu, 17 Aug 2017 18:56:44 +0000
State-Changed-Why:
Pullup to netbsd-8 done. Thank you.
>Unformatted:
(Contact us)
$NetBSD: query-full-pr,v 1.39 2013/11/01 18:47:49 spz Exp $
$NetBSD: gnats_config.sh,v 1.8 2006/05/07 09:23:38 tsutsui Exp $
Copyright © 1994-2014
The NetBSD Foundation, Inc. ALL RIGHTS RESERVED.