Project

General

Profile

Bug #1552

DNS Reject Rule Crashes Router

Added by Aaron Lusk almost 8 years ago. Updated over 7 years ago.

Status:
Resolved
Priority:
Normal
Assignee:
-
Category:
Operating System
Target version:
Start date:
05/24/2011
Due date:
% Done:

0%

Estimated time:
Affected Version:
2.0
Affected Architecture:

Description

UDP - LAN - net - * - !Router - 53(DNS) - WAN - none - DNS Reject

If this rule is setup on the LAN interface to reject DNS traffic NOT going to the router's DNS forwarder and a request is sent through the router to another DNS server this happens:

Fatal trap 12: page fault while in kernel mode
cpuid = 0; apic id = 00
fault virtual address = 0xc
fault code = supervisor read, page not present
instruction pointer = 0x20:0xc0970497
stack pointer = 0x28:0xe2ca2498
frame pointer = 0x28:0xe2ca24c4
code segment = base 0x0, limit 0xfffff, type 0x1b = DPL 0, pres 1, def32 1, gran 1
processor eflags = interrupt enabled, resume, IOPL = 0
current process = 11 (irq10: vr0)
trap number = 12
panic: page fault
cpuid = 0
Uptime: 2h35m4s
Cannot dump. Device not defined or unavailable.
Automatic reboot in 15 seconds - press a key on the console to abort
Rebooting...

All that is needed to crash the router is running "nslookup google.com. 8.8.8.8" from windows and the box will reboot. The solution is to change the gateway for this rule back to default and the problem does not occur.

udp_reject_panic.png (29.7 KB) udp_reject_panic.png Jim Pingle, 05/25/2011 04:10 PM

Associated revisions

Revision e5df770b (diff)
Added by Ermal Luçi almost 8 years ago

Ticket #1552. Do not allow route-to to be set on block/reject rules for now. The issue is in the kernel but for 2.0 this protection is enough.

Revision d470bf70 (diff)
Added by Ermal Luçi almost 8 years ago

Ticket #1552. Do not allow route-to to be set on block/reject rules for now. The issue is in the kernel but for 2.0 this protection is enough.

History

#1 Updated by Chris Buechler almost 8 years ago

  • Status changed from New to Feedback
  • Target version set to 2.0
  • Affected Version set to 2.0

need backtrace

#2 Updated by Jim Pingle almost 8 years ago

This really does crash the box. Attaching a backtrace. I can reproduce it at will.

#3 Updated by Evgeny Yurchenko almost 8 years ago

I have slightly different results.
1. Setup as in the bug description - blocking rule just does not work, DNS request goes through firewall and reply is passed back to requestor.
2. The rule is blocking DNS traffic as expected when I return gateway in this rule to default.

#4 Updated by Ermal Luçi almost 8 years ago

Evgeny you need fragments to trigger this panic.

#5 Updated by Ermal Luçi almost 8 years ago

  • Status changed from New to Feedback

#6 Updated by Ermal Luçi almost 8 years ago

This has been fixed for now by nullifying the gateway selection silently.

#7 Updated by Chris Buechler almost 8 years ago

  • Category set to Operating System

Aaron - is this fixed?

#8 Updated by Chris Buechler over 7 years ago

  • Status changed from Feedback to Resolved

Also available in: Atom PDF