id,summary,reporter,owner,description,type,status,priority,milestone,component,version,severity,resolution,keywords,cc 163,Segfault in PF,svimik,,"OS ----------- Bug reproduced on all versions and operating systems I tried: OS: Debian (2.6.32-5-amd64 and 3.0.0-1-amd64), CentOS (2.6.38.2.domU.x86_64) OpenVPN versions: 2.1.0, 2.1.3, 2.2.0 and openvpn-201130 CONFIG ----------- configured as udp server with server-bridge. with simple plugin just to enable PF: http://backreference.org/2010/06/18/openvpns-built-in-packet-filter/ CONDITION ----------- Shortly after starting the server, launch two clients with ~5 seconds delay. Segfault probability on the server: >80% if proper delay between two connections were discovered. VERSION ----------- OpenVPN 2.x-testing-b7e0d372e3ae x86_64-unknown-linux-gnu [SSL] [LZO2] [EPOLL] [eurephia] [MH] [PF_INET6] [IPv6 payload 20110522-1 (2.2.0)] built on Sep 26 2011 Originally developed by James Yonan Copyright (C) 2002-2010 OpenVPN Technologies, Inc. $ ./configure Compile time defines: ENABLE_CLIENT_SERVER ENABLE_DEBUG ENABLE_EUREPHIA ENABLE_FRAGMENT ENABLE_HTTP_PROXY ENABLE_MANAGEMENT ENABLE_MULTIHOME ENABLE_PORT_SHARE ENABLE_SOCKS USE_CRYPTO USE_LIBDL USE_LZO USE_PF_INET6 USE_SSL GDB ----------- (gdb) run --cd /etc/openvpn --config /etc/openvpn/server_tcp.conf Starting program: /usr/local/sbin/openvpn --cd /etc/openvpn --config /etc/openvpn/server_tcp.conf Detaching after fork from child process 17280. Detaching after fork from child process 17281. Program received signal SIGSEGV, Segmentation fault. pf_cn_test (pfs=0x0, tm=0x6cc230, type=2, prefix=0x468736 ""bcast_c2c"") at pf.c:414 414 if (!pfs->kill) GDB bt ----------- (gdb) bt #0 pf_cn_test (pfs=0x0, tm=0x6cc230, type=2, prefix=0x468736 ""bcast_c2c"") at pf.c:414 #1 0x0000000000429cd3 in pf_c2c_test (m=0x7fffffffcd60, buf=, sender_instance=0x6ad770, sender_addr=0x0) at pf-inline.h:38 #2 multi_bcast (m=0x7fffffffcd60, buf=, sender_instance=0x6ad770, sender_addr=0x0) at multi.c:1898 #3 0x000000000042dc4d in multi_process_incoming_link (m=0x7fffffffcd60, instance=, mpp_flags=5) at multi.c:2173 #4 0x0000000000428e0c in tunnel_server_udp_single_threaded (top=0x7fffffffdbb0) at mudp.c:167 #5 tunnel_server_udp (top=0x7fffffffdbb0) at mudp.c:274 #6 0x000000000042fa73 in main (argc=5, argv=0x7fffffffe9c8) at openvpn.c:211 LOG ----------- http://svimik.com/openvpn_devel.log (815 KB)",Bug / Defect,closed,major,,Networking,OpenVPN git master branch (Community Ed),Patch Queue: Merged,fixed,pf,