NetBSD Problem Report #55236

From manu@netbsd.org  Tue May  5 15:28:11 2020
Return-Path: <manu@netbsd.org>
Received: from mail.netbsd.org (mail.netbsd.org [199.233.217.200])
	(using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits))
	(Client CN "mail.NetBSD.org", Issuer "mail.NetBSD.org CA" (not verified))
	by mollari.NetBSD.org (Postfix) with ESMTPS id 33D301A9213
	for <gnats-bugs@gnats.NetBSD.org>; Tue,  5 May 2020 15:28:11 +0000 (UTC)
Message-Id: <20200505152810.D924A84D74@mail.netbsd.org>
Date: Tue,  5 May 2020 15:28:10 +0000 (UTC)
From: manu@netbsd.org
Reply-To: manu@netbsd.org
To: gnats-bugs@NetBSD.org
Subject: IPfilter truncates UDP packets on NetBSD-9.0/i386 XEN3PAE_DOMU
X-Send-Pr-Version: 3.95

>Number:         55236
>Category:       kern
>Synopsis:       IPfilter truncates UDP packets on NetBSD-9.0/i386 XEN3PAE_DOMU
>Confidential:   no
>Severity:       critical
>Priority:       high
>Responsible:    kern-bug-people
>State:          open
>Class:          sw-bug
>Submitter-Id:   net
>Arrival-Date:   Tue May 05 15:30:00 +0000 2020
>Last-Modified:  Fri May 29 14:05:01 +0000 2020
>Originator:     Emmanuel Dreyfus
>Release:        NetBSD 9.0
>Organization:
>Environment:
System: NetBSD bacasable 9.0 NetBSD 9.0 (XEN3PAE_DOMU) #0: Fri Feb 14 00:06:28 UTC 2020  mkrepro@mkrepro.NetBSD.org:/usr/src/sys/arch/xen/compile/XEN3PAE_DOMU i386
Architecture: i386
Machine: i386
>Description:
Once IPfilter is enabled, UDP packets sent by the machine are truncated to a 4 bytes boundary. 
>How-To-Repeat:
1) Install a NetBSD-9.0 i386 XEN3PAE_DOMU virtual machine
2) modload ipl; ipF -E
3) nslookup www.example.net

Or it can be explored in detail with nc. This will be fine:
dd if=/dev/zero count=1 bs=32 | nc -u 192.0.2.2 53

This will have one byte missing as reported by tcpdump:
dd if=/dev/zero count=1 bs=33 | nc -u 192.0.2.2 53

Two bytes missing:
dd if=/dev/zero count=1 bs=34 | nc -u 192.0.2.2 53
NB: the last example is 64 bytes long on

Three bytes missing:
dd if=/dev/zero count=1 bs=35 | nc -u 192.0.2.2 53

This goes fine:
dd if=/dev/zero count=1 bs=36 | nc -u 192.0.2.2 53

This problem does not exist on GENERIC kernel (non Xen), nor it happens on amd64 XEN3_DOMU kernels.
>Fix:
No fix known yet. I assume there is an unhelpful alignement somewhere.

>Audit-Trail:
From: manu@netbsd.org (Emmanuel Dreyfus)
To: gnats-bugs@netbsd.org
Cc: 
Subject: Re: kern/55236: IPfilter truncates UDP packets on NetBSD-9.0/i386 XEN3PAE_DOMU
Date: Fri, 29 May 2020 16:00:59 +0200

 This bug disapear if ipfilter is builtin and not loaded as a module.
 ie: if kernel is built with pseudo-device ipfilter

 -- 
 Emmanuel Dreyfus
 http://hcpnet.free.fr/pubz
 manu@netbsd.org
NetBSD Home
NetBSD PR Database Search
(Contact us) $NetBSD: query-full-pr,v 1.46 2020/01/03 16:35:01 leot Exp $
$NetBSD: gnats_config.sh,v 1.9 2014/08/02 14:16:04 spz Exp $
Copyright © 1994-2020 The NetBSD Foundation, Inc. ALL RIGHTS RESERVED.