Bug #1552
closedDNS Reject Rule Crashes Router
0%
Description
UDP - LAN - net - * - !Router - 53(DNS) - WAN - none - DNS Reject
If this rule is setup on the LAN interface to reject DNS traffic NOT going to the router's DNS forwarder and a request is sent through the router to another DNS server this happens:
Fatal trap 12: page fault while in kernel mode
cpuid = 0; apic id = 00
fault virtual address = 0xc
fault code = supervisor read, page not present
instruction pointer = 0x20:0xc0970497
stack pointer = 0x28:0xe2ca2498
frame pointer = 0x28:0xe2ca24c4
code segment = base 0x0, limit 0xfffff, type 0x1b = DPL 0, pres 1, def32 1, gran 1
processor eflags = interrupt enabled, resume, IOPL = 0
current process = 11 (irq10: vr0)
trap number = 12
panic: page fault
cpuid = 0
Uptime: 2h35m4s
Cannot dump. Device not defined or unavailable.
Automatic reboot in 15 seconds - press a key on the console to abort
Rebooting...
All that is needed to crash the router is running "nslookup google.com. 8.8.8.8" from windows and the box will reboot. The solution is to change the gateway for this rule back to default and the problem does not occur.
Files
Updated by Chris Buechler over 13 years ago
- Status changed from New to Feedback
- Target version set to 2.0
- Affected Version set to 2.0
need backtrace
Updated by Jim Pingle over 13 years ago
- File udp_reject_panic.png udp_reject_panic.png added
- Status changed from Feedback to New
This really does crash the box. Attaching a backtrace. I can reproduce it at will.
Updated by Evgeny Yurchenko over 13 years ago
I have slightly different results.
1. Setup as in the bug description - blocking rule just does not work, DNS request goes through firewall and reply is passed back to requestor.
2. The rule is blocking DNS traffic as expected when I return gateway in this rule to default.
Updated by Ermal Luçi over 13 years ago
Evgeny you need fragments to trigger this panic.
Updated by Ermal Luçi over 13 years ago
This has been fixed for now by nullifying the gateway selection silently.
Updated by Chris Buechler over 13 years ago
- Status changed from Feedback to Resolved