Re: [m0n0wall] Beta 1.3b6 released

From:	"Christopher M. Iarocci" <iarocci at eastendsc dot com>
To:	Manuel Kasper <mk at neon1 dot net>
Cc:	Chris Boot <bootc at bootc dot net>, m0n0wall at lists dot m0n0 dot ch
Subject:	Re: [m0n0wall] Beta 1.3b6 released
Date:	Sun, 23 Dec 2007 13:20:12 -0500

Manuel Kasper wrote:
> On 23.12.2007, at 12:03, Chris Boot wrote:
>
>> I've just upgraded to 1.3b6 and my IPsec VPN appears to crash m0n0wall:
>> ...
>> Fatal trap 12: page fault while in kernel mode
>> fault virtual address   = 0x4
>> fault code              = supervisor write, page not present
>
> Thanks for the report - I've been able to reproduce this issue. It's a 
> bug in FreeBSD 6.2 (i.e. not m0n0wall-specific), as I've also been 
> able to provoke this kind of crash on a stock FreeBSD 6.2 machine. It 
> is encountered in m0n0wall 1.3b6 if all of the following conditions 
> are true:
>
> - at least one IPsec tunnel is configured
>
> - the traffic shaper is enabled
>
> - there is a traffic shaper rule on the WAN interface (or on whichever 
> interface the tunnel is terminated) that matches *incoming* 
> decapsulated packets
>
> Then, as soon as one such packet is received, the kernel tries to 
> write to an invalid memory location and panics. This bug has only 
> surfaced now that m0n0wall supports filtering of decapsulated IPsec 
> packets via the enc0 interface.
>
> I've found the problem in the kernel (technical details: see below) 
> and created a fixed version, 1.3b7-pre, which you can download here:
>
> http://m0n0.ch/wall/downloads-local/cdrom-1.3b7-pre.iso
> http://m0n0.ch/wall/downloads-local/generic-pc-1.3b7-pre.img
> http://m0n0.ch/wall/downloads-local/net45xx-1.3b7-pre.img
> http://m0n0.ch/wall/downloads-local/net48xx-1.3b7-pre.img
> http://m0n0.ch/wall/downloads-local/wrap-1.3b7-pre.img
>
> Please let me know if this fixes the problem for you.
>
> Regards,
>
> Manuel
Manuel,

That indeed did fix the problem.  Again, thank you for a job well done.

Chris