>Number:         26701
>Category:       kern
>Synopsis:       ipf ftp proxy panics kernel on long 221- lines
>Confidential:   no
>Severity:       critical
>Priority:       high
>Responsible:    kern-bug-people
>State:          open
>Class:          sw-bug
>Submitter-Id:   net
>Arrival-Date:   Tue Aug 17 22:52:00 UTC 2004
>Closed-Date:
>Last-Modified:
>Originator:     Manuel Bouyer
>Release:        NetBSD 2.0_BETA ipf v4.1.3 (sources as of a few hours ago)
>Organization:
>Environment:
System: NetBSD chassiron.antioche.eu.org 2.0_BETA NetBSD 2.0_BETA (CHASSIRON) #1: Wed Aug 18 00:13:02 CEST 2004 bouyer@pop.lip6.fr:/local/pop1/bouyer/tmp/sparc/obj/local/pop1/bouyer/netbsd-2-0/src/sys/arch/sparc/compile/CHASSIRON sparc
Architecture: sparc
Machine: sparc
>Description:
	When the ftp server sends a long 221- line (see kern/25810 for
	details on this), the ipnat router panics with:
data fault: pc=0xf001beb0 addr=0x45100120 ser=80<INVAL>
panic: kernel fault
Begin traceback...
0x0(0x9, 0x80, 0x45100120, 0xf001beb0, 0x10047, 0xf026b650) at 0xf00062f4
0xf00062f4(0x688, 0x1fd, 0x5078b, 0x1a2, 0xffffffff, 0x1fd) at netbsd:icmp_reflect+0xac
icmp_reflect(0xf043f300, 0x0, 0x0, 0xf043f400, 0x1, 0x0) at netbsd:icmp_error+0x430
icmp_error(0xf043f600, 0x3, 0x1, 0x0, 0x0, 0x0) at netbsd:ip_forward+0x258
ip_forward(0xf043f700, 0x1, 0x5078b, 0x0, 0xffffffff, 0x1fd) at netbsd:ip_input+0x3d8
ip_input(0xf043f700, 0x0, 0x4011a1, 0xfe014000, 0x0, 0x1) at netbsd:ipintr+0x88
ipintr(0x0, 0xf043f100, 0x440, 0x10906c, 0x100, 0x163000) at netbsd:softnet+0x9c
softnet(0xf026bbb0, 0xf01f5f44, 0x100, 0x8010a3, 0x0, 0xc) at 0xf000668c
End traceback...
	This is completely reproductible on my setup.
	This is a regression, before the ipf 4.1.3 import, the proxy would
	fail to pass the long 221- line causing a client timeout (see
	kern/25810), but would not panic.

>How-To-Repeat:
	ftp -a ftp.fr.netbsd.org
	quit
or
	ftp -a asim.lip6.fr
	quit
though a ipf 4.1.3 ipnat proxy.

>Fix:
	unknown.
>Release-Note:
>Audit-Trail:
>Unformatted: