Manuel Kasper wrote:
> On 23.12.2007, at 12:03, Chris Boot wrote:
>> I've just upgraded to 1.3b6 and my IPsec VPN appears to crash m0n0wall:
>> Fatal trap 12: page fault while in kernel mode
>> fault virtual address = 0x4
>> fault code = supervisor write, page not present
> Thanks for the report - I've been able to reproduce this issue. It's a
> bug in FreeBSD 6.2 (i.e. not m0n0wall-specific), as I've also been
> able to provoke this kind of crash on a stock FreeBSD 6.2 machine. It
> is encountered in m0n0wall 1.3b6 if all of the following conditions
> are true:
> - at least one IPsec tunnel is configured
> - the traffic shaper is enabled
> - there is a traffic shaper rule on the WAN interface (or on whichever
> interface the tunnel is terminated) that matches *incoming*
> decapsulated packets
> Then, as soon as one such packet is received, the kernel tries to
> write to an invalid memory location and panics. This bug has only
> surfaced now that m0n0wall supports filtering of decapsulated IPsec
> packets via the enc0 interface.
> I've found the problem in the kernel (technical details: see below)
> and created a fixed version, 1.3b7-pre, which you can download here:
> Please let me know if this fixes the problem for you.
That indeed did fix the problem. Again, thank you for a job well done.