[LOR]: IPFW static rules against udp

From: Andre Guibert de Bruet <andy_at_siliconlandmark.com>
Date: Tue, 23 Dec 2003 14:25:59 -0500 (EST)
lock order reversal
 1st 0xc081af48 IPFW static rules (IPFW static rules) _at_
netinet/ip_fw2.c:1547
 2nd 0xc081bd8c udp (udp) _at_ netinet/ip_fw2.c:1319
Stack backtrace:
backtrace(c0770519,c081bd8c,c077681a,c077681a,c0776da2) at backtrace+0x17
witness_lock(c081bd8c,8,c0776da2,527,8ff3) at witness_lock+0x671
_mtx_lock_flags(c081bd8c,0,c0776d99,527,c0584532) at _mtx_lock_flags+0xb2
check_uidgid(caa86564,11,ca862000,9804fa0,829b) at check_uidgid+0x6c
ipfw_chk(e91acaf8,2,22,e91acac0,0) at ipfw_chk+0x468
ip_output(c6907d00,0,0,22,0,cb11d438) at ip_output+0xa40
rip_output(c6907d00,cb1f1d20,9804fa0,2cf,c6907d00) at rip_output+0x1b5
rip_send(cb1f1d20,0,c6907d00,cef10e00,0) at rip_send+0xf7
sosend(cb1f1d20,cef10e00,e91acc4c,c6907d00,0) at sosend+0x48d
kern_sendit(caa7fc80,7,e91accc4,0,0) at kern_sendit+0x170
sendit(caa7fc80,7,e91accc4,0,8053028) at sendit+0x16e
sendto(caa7fc80,e91acd14,c078c176,3ee,6) at sendto+0x5b
syscall(2f,2f,2f,1,8051030) at syscall+0x292
Xint0x80_syscall() at Xint0x80_syscall+0x1d
--- syscall (133), eip = 0x280c7d4f, esp = 0xbfbfeb9c, ebp = 0xbfbfebc8 ---

I have previously not seen this LOR on this system. Mind you, this is the
first time that I've tried using uid/gid matching in ipfw. The rule that i
was trying to add was:
ipfw add 65000 allow ip from any to any uid root

This system is (world and kernel in sync):
FreeBSD bling.home 5.2-CURRENT FreeBSD 5.2-CURRENT #0: Fri Dec 12 18:30:26
EST 2003     root_at_bling.home:/usr/src/sys/i386/compile/BLING  i386

Kernel options that differ from a slimmed down GENERIC:
options         ADAPTIVE_MUTEXES
options         CPU_ENABLE_SSE
options         IPFIREWALL
options         IPFIREWALL_VERBOSE
options         IPFIREWALL_VERBOSE_LIMIT=0
options         IPSEC
Sptions         IPV6FIREWALL
options         IPV6FIREWALL_VERBOSE
options         IPV6FIREWALL_VERBOSE_LIMIT=0
options         QUOTA
options         RANDOM_IP_ID
options         SC_ALT_MOUSE_IMAGE
options         SC_HISTORY_SIZE=4096
options         SC_PIXEL_MODE
options         VESA
options         VGA_WIDTH90
options         ZERO_COPY_SOCKETS

Any ideas?

> Andre Guibert de Bruet | Enterprise Software Consultant >
> Silicon Landmark, LLC. | http://siliconlandmark.com/    >
Received on Tue Dec 23 2003 - 10:26:05 UTC

This archive was generated by hypermail 2.4.0 : Wed May 19 2021 - 11:37:35 UTC