NetBSD Problem Report #55236
From manu@netbsd.org Tue May 5 15:28:11 2020
Return-Path: <manu@netbsd.org>
Received: from mail.netbsd.org (mail.netbsd.org [199.233.217.200])
(using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits))
(Client CN "mail.NetBSD.org", Issuer "mail.NetBSD.org CA" (not verified))
by mollari.NetBSD.org (Postfix) with ESMTPS id 33D301A9213
for <gnats-bugs@gnats.NetBSD.org>; Tue, 5 May 2020 15:28:11 +0000 (UTC)
Message-Id: <20200505152810.D924A84D74@mail.netbsd.org>
Date: Tue, 5 May 2020 15:28:10 +0000 (UTC)
From: manu@netbsd.org
Reply-To: manu@netbsd.org
To: gnats-bugs@NetBSD.org
Subject: IPfilter truncates UDP packets on NetBSD-9.0/i386 XEN3PAE_DOMU
X-Send-Pr-Version: 3.95
>Number: 55236
>Category: kern
>Synopsis: IPfilter truncates UDP packets on NetBSD-9.0/i386 XEN3PAE_DOMU
>Confidential: no
>Severity: critical
>Priority: high
>Responsible: kern-bug-people
>State: open
>Class: sw-bug
>Submitter-Id: net
>Arrival-Date: Tue May 05 15:30:00 +0000 2020
>Last-Modified: Fri May 29 14:05:01 +0000 2020
>Originator: Emmanuel Dreyfus
>Release: NetBSD 9.0
>Organization:
>Environment:
System: NetBSD bacasable 9.0 NetBSD 9.0 (XEN3PAE_DOMU) #0: Fri Feb 14 00:06:28 UTC 2020 mkrepro@mkrepro.NetBSD.org:/usr/src/sys/arch/xen/compile/XEN3PAE_DOMU i386
Architecture: i386
Machine: i386
>Description:
Once IPfilter is enabled, UDP packets sent by the machine are truncated to a 4 bytes boundary.
>How-To-Repeat:
1) Install a NetBSD-9.0 i386 XEN3PAE_DOMU virtual machine
2) modload ipl; ipF -E
3) nslookup www.example.net
Or it can be explored in detail with nc. This will be fine:
dd if=/dev/zero count=1 bs=32 | nc -u 192.0.2.2 53
This will have one byte missing as reported by tcpdump:
dd if=/dev/zero count=1 bs=33 | nc -u 192.0.2.2 53
Two bytes missing:
dd if=/dev/zero count=1 bs=34 | nc -u 192.0.2.2 53
NB: the last example is 64 bytes long on
Three bytes missing:
dd if=/dev/zero count=1 bs=35 | nc -u 192.0.2.2 53
This goes fine:
dd if=/dev/zero count=1 bs=36 | nc -u 192.0.2.2 53
This problem does not exist on GENERIC kernel (non Xen), nor it happens on amd64 XEN3_DOMU kernels.
>Fix:
No fix known yet. I assume there is an unhelpful alignement somewhere.
>Audit-Trail:
From: manu@netbsd.org (Emmanuel Dreyfus)
To: gnats-bugs@netbsd.org
Cc:
Subject: Re: kern/55236: IPfilter truncates UDP packets on NetBSD-9.0/i386 XEN3PAE_DOMU
Date: Fri, 29 May 2020 16:00:59 +0200
This bug disapear if ipfilter is builtin and not loaded as a module.
ie: if kernel is built with pseudo-device ipfilter
--
Emmanuel Dreyfus
http://hcpnet.free.fr/pubz
manu@netbsd.org
(Contact us)
$NetBSD: query-full-pr,v 1.46 2020/01/03 16:35:01 leot Exp $
$NetBSD: gnats_config.sh,v 1.9 2014/08/02 14:16:04 spz Exp $
Copyright © 1994-2020
The NetBSD Foundation, Inc. ALL RIGHTS RESERVED.