Date: Mon, 27 Sep 2010 11:14:26 +0300 From: Berk Gulenler <gulenler@boun.edu.tr> To: freebsd-questions@freebsd.org Subject: Page Fault While in Kernel Mode (IPNAT) Message-ID: <4CA05262.3040405@boun.edu.tr>
next in thread | raw e-mail | index | archive | help
Hi, I have a firewall for NAT operations only. While doing NAT, server crashes. Below you can find the required info about my problem. Thanks. Some useful info about my NAT server: FreeBSD xxx.cc.boun.edu.tr 7.3-RELEASE FreeBSD 7.3-RELEASE #2: Fri Sep 17 15:09:54 EEST 2010 xxx@xxx.cc.boun.edu.tr:/usr/obj/usr/src/sys/FW i386 bge0: <HP NC7782 Gigabit Server Adapter, ASIC rev. 0x002100> mem 0xfdef0000-0xfdefffff irq 25 at device 1.0 on pci3 bge1: <HP NC7782 Gigabit Server Adapter, ASIC rev. 0x002100> mem 0xfdee0000-0xfdeeffff irq 26 at device 1.1 on pci3 net.inet.ipf.ipf_natrules_sz: 127 net.inet.ipf.ipf_nattable_sz: 300000 513/897/1410 mbufs in use (current/cache/total) 512/540/1052/0 mbuf clusters in use (current/cache/total/max) 512/512 mbuf+clusters out of packet secondary zone in use (current/cache) 0/5/5/12800 4k (page size) jumbo clusters in use (current/cache/total/max) 0/0/0/6400 9k jumbo clusters in use (current/cache/total/max) 0/0/0/3200 16k jumbo clusters in use (current/cache/total/max) 1152K/1324K/2476K bytes allocated to network (current/cache/total) 0/0/0 requests for mbufs denied (mbufs/clusters/mbuf+clusters) 0/0/0 requests for jumbo clusters denied (4k/9k/16k) 0/5/6656 sfbufs in use (current/peak/max) 0 requests for sfbufs denied 0 requests for sfbufs delayed 0 requests for I/O initiated by sendfile 0 calls to protocol drain routines mapped in 183625863 out 126618997 added 2265807 expired 1350387 no memory 8899 bad nat 12314 inuse 13690 orphans 0 rules 49 wilds 0 hash efficiency 97.64% bucket usage 4.46% minimal length 0 maximal length 3 average length 1.024 TCP Entries per state 0 1 2 3 4 5 6 7 8 9 10 11 42 2236 51 417 3311 348 200 23 20 0 3763 729 Debug info: GNU gdb 6.1.1 [FreeBSD] Copyright 2004 Free Software Foundation, Inc. GDB is free software, covered by the GNU General Public License, and you are welcome to change it and/or distribute copies of it under certain conditions. Type "show copying" to see the conditions. There is absolutely no warranty for GDB. Type "show warranty" for details. This GDB was configured as "i386-marcel-freebsd"... Unread portion of the kernel message buffer: Fatal trap 12: page fault while in kernel mode cpuid = 0; apic id = 00 fault virtual address = 0x4 fault code = supervisor read, page not present instruction pointer = 0x20:0x8593c94b stack pointer = 0x28:0x853488dc frame pointer = 0x28:0x85348958 code segment = base 0x0, limit 0xfffff, type 0x1b = DPL 0, pres 1, def32 1, gran 1 processor eflags = interrupt enabled, resume, IOPL = 0 current process = 25 (irq26: bge1) trap number = 12 panic: page fault cpuid = 0 Uptime: 2d0h6m24s Physical memory: 2035 MB Dumping 335 MB: 320 304 288 272 256 240 224 208 192 176 160 144 128 112 96 80 64 48 32 16 Reading symbols from /boot/kernel/acpi.ko...Reading symbols from /boot/kernel/acpi.ko.symbols...done. done. Loaded symbols for /boot/kernel/acpi.ko Reading symbols from /boot/kernel/ipl.ko...Reading symbols from /boot/kernel/ipl.ko.symbols...done. done. Loaded symbols for /boot/kernel/ipl.ko #0 doadump () at pcpu.h:196 196 __asm __volatile("movl %%fs:0,%0" : "=r" (td)); ####################################################################################################### #0 doadump () at pcpu.h:196 #1 0x80746017 in boot (howto=260) at /usr/src/sys/kern/kern_shutdown.c:418 #2 0x807462e9 in panic (fmt=Variable "fmt" is not available. ) at /usr/src/sys/kern/kern_shutdown.c:574 #3 0x8097483c in trap_fatal (frame=0x8534889c, eva=4) at /usr/src/sys/i386/i386/trap.c:950 #4 0x80974aa0 in trap_pfault (frame=0x8534889c, usermode=0, eva=4) at /usr/src/sys/i386/i386/trap.c:863 #5 0x80975459 in trap (frame=0x8534889c) at /usr/src/sys/i386/i386/trap.c:541 #6 0x8095915b in calltrap () at /usr/src/sys/i386/i386/exception.s:166 #7 0x8593c94b in nat_new (fin=0x853489c0, np=0x855ee800, natsave=0x0, flags=Variable "flags" is not available. ) at /usr/src/sys/modules/ipfilter/../../contrib/ipfilter/netinet/ip_nat.c:2577 #8 0x8593cf04 in fr_checknatout (fin=0x853489c0, passp=0x85348a6c) at /usr/src/sys/modules/ipfilter/../../contrib/ipfilter/netinet/ip_nat.c:3828 #9 0x85959c6c in fr_check (ip=0x873c0810, hlen=20, ifp=0x855b7400, out=1, mp=0x85348ab8) at /usr/src/sys/modules/ipfilter/../../contrib/ipfilter/netinet/fil.c:2624 #10 0x859517be in fr_check_wrapper (arg=0x0, mp=0x85348ab8, ifp=0x855b7400, dir=2) at /usr/src/sys/modules/ipfilter/../../contrib/ipfilter/netinet/ip_fil_freebsd.c:178 #11 0x807f5708 in pfil_run_hooks (ph=0x80b026e0, mp=0x85348b44, ifp=0x855b7400, dir=2, inp=0x0) at /usr/src/sys/net/pfil.c:78 #12 0x8080ea72 in ip_output (m=0x85b2a800, opt=0x0, ro=0x85348b7c, flags=1, imo=0x0, inp=0x0) at /usr/src/sys/netinet/ip_output.c:443 #13 0x8080bb04 in ip_forward (m=0x85b2a800, srcrt=0) at /usr/src/sys/netinet/ip_input.c:1366 #14 0x8080d0b0 in ip_input (m=0x85b2a800) at /usr/src/sys/netinet/ip_input.c:609 #15 0x807f3ea5 in netisr_dispatch (num=2, m=0x85b2a800) at /usr/src/sys/net/netisr.c:185 #16 0x807e7b51 in ether_demux (ifp=0x855b7400, m=0x85b2a800) at /usr/src/sys/net/if_ethersubr.c:834 #17 0x807e7f43 in ether_input (ifp=0x855b7400, m=0x85b2a800) at /usr/src/sys/net/if_ethersubr.c:692 #18 0x80529582 in bge_rxeof (sc=0x855c4000, rx_prod=317, holdlck=1) at /usr/src/sys/dev/bge/if_bge.c:3392 #19 0x8052b602 in bge_intr (xsc=0x855c4000) at /usr/src/sys/dev/bge/if_bge.c:3653 #20 0x8072285b in ithread_loop (arg=0x855b97a0) at /usr/src/sys/kern/kern_intr.c:1181 #21 0x8071eff9 in fork_exit (callout=0x807226b0 <ithread_loop>, arg=0x855b97a0, frame=0x85348d38) at /usr/src/sys/kern/kern_fork.c:811 #22 0x809591d0 in fork_trampoline () at /usr/src/sys/i386/i386/exception.s:271 ####################################################################################################### 0x8593c94b is in nat_new (/usr/src/sys/modules/ipfilter/../../contrib/ipfilter/netinet/ip_nat.c:2577). 2572 nat->nat_ifps[1] = np->in_ifps[1]; 2573 nat->nat_ptr = np; 2574 nat->nat_p = fin->fin_p; 2575 nat->nat_mssclamp = np->in_mssclamp; 2576 if (nat->nat_p == IPPROTO_TCP) 2577 nat->nat_seqnext[0] = ntohl(tcp->th_seq); 2578 2579 if ((np->in_apr != NULL) && ((ni->nai_flags & NAT_SLAVE) == 0)) 2580 if (appr_new(fin, nat) == -1) 2581 return -1; -- Berk Gulenler System Administrator Bogazici University Computer Center Phone: +90 212 359 47 16 Fax: +90 212 257 50 21 E-mail: gulenler@boun.edu.tr
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?4CA05262.3040405>