From owner-freebsd-pf@FreeBSD.ORG Wed Mar 13 15:51:06 2013 Return-Path: Delivered-To: freebsd-pf@freebsd.org Received: from mx1.freebsd.org (mx1.FreeBSD.org [8.8.178.115]) by hub.freebsd.org (Postfix) with ESMTP id CEE7843F for ; Wed, 13 Mar 2013 15:51:06 +0000 (UTC) (envelope-from vegeta@tuxpowered.net) Received: from mail-bk0-x229.google.com (mail-bk0-x229.google.com [IPv6:2a00:1450:4008:c01::229]) by mx1.freebsd.org (Postfix) with ESMTP id 485ECE6 for ; Wed, 13 Mar 2013 15:51:06 +0000 (UTC) Received: by mail-bk0-f41.google.com with SMTP id q16so550386bkw.0 for ; Wed, 13 Mar 2013 08:51:05 -0700 (PDT) X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=20120113; h=x-received:from:to:subject:date:user-agent:cc:references :in-reply-to:mime-version:content-type:content-transfer-encoding :message-id:x-gm-message-state; bh=F6yqG1/38K14avVxMvRqadOiK8R1IAZXFddoi4E4v7Q=; b=BFLpe8RGkbxGX8Px0q1sj/1aPmsKvBxgP7wKxy+2Gv6XNuAW8+pKl4lDoXnxoW8z79 FOTcLvWm2b1FoIkJ0oDfTuqUbBi3HTa3MWq1DHlTuQ20dU1wiec8ueSRyBxscDfPuqla xE6xsmSzhS+qEh8XhzPPfdlmNEcfVyV5bJShvXQDm8uH6L6X9wLepKdaXqRmf5MTXwgJ lRtwplKUqA7aUnFpn1BybC41/48QE6xOiEGdb8tidx1os5ZOphVJOIBVcMJ2qWXiFGo5 B46FBW0NvIFbCaIlbf7bltwWHbp387jvxL7elO5RbPqSnJNseGGmvyHvWmOzAwiY7Gfm ZMsQ== X-Received: by 10.204.238.133 with SMTP id ks5mr7923229bkb.101.1363189865108; Wed, 13 Mar 2013 08:51:05 -0700 (PDT) Received: from zvezda.localnet ([212.48.107.10]) by mx.google.com with ESMTPS id o2sm6185337bkv.3.2013.03.13.08.51.03 (version=TLSv1 cipher=RC4-SHA bits=128/128); Wed, 13 Mar 2013 08:51:04 -0700 (PDT) From: Kajetan Staszkiewicz To: Ermal =?iso-8859-1?q?Lu=E7i?= Subject: Re: [patch] Source entries removing is awfully slow. Date: Wed, 13 Mar 2013 16:51:03 +0100 User-Agent: KMail/1.13.5 (Linux/3.6.6-vegeta.1; KDE/4.4.5; x86_64; ; ) References: <201303081419.17743.vegeta@tuxpowered.net> <201303111751.18274.vegeta@tuxpowered.net> In-Reply-To: <201303111751.18274.vegeta@tuxpowered.net> MIME-Version: 1.0 Content-Type: Text/Plain; charset="us-ascii" Content-Transfer-Encoding: 7bit Message-Id: <201303131651.03250.vegeta@tuxpowered.net> X-Gm-Message-State: ALoCoQlV33zAGuz5PcvnaXY10vJvz1Do4Y4U4/qOzktWEFBUHkME5tDTD7HowzNV3P7ugSFvBuuf Cc: "freebsd-net@freebsd.org" , "freebsd-pf@freebsd.org" X-BeenThere: freebsd-pf@freebsd.org X-Mailman-Version: 2.1.14 Precedence: list List-Id: "Technical discussion and general questions about packet filter \(pf\)" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 13 Mar 2013 15:51:06 -0000 I managed to run your patch on production machine and it produced panic in a few seconds after network traffic was directed through it. The difference I spotted is that you insert the State entry to state_list near the end of pf_create_state: @@ -3950,8 +3970,18 @@ pf_create_state(struct pf_rule *r, struc pool_put(&pf_state_pl, s); #endif return (PF_DROP); +#ifdef __FreeBSD__ + } else { + if (sn != NULL) + TAILQ_INSERT_HEAD(&sn->state_list, s, srcnode_link); + if (nsn != NULL) + TAILQ_INSERT_HEAD(&nsn->state_list, s, srcnode_link); + *sm = s; + } +#else } else *sm = s; +#endif while my original aproach was to do it much earlier. The working version is: @@ -3895,12 +3915,18 @@ pf_create_state(struct pf_rule *r, struc if (sn != NULL) { s->src_node = sn; s->src_node->states++; +#ifdef __FreeBSD__ + TAILQ_INSERT_HEAD(&sn->state_list, s, srcnode_link); +#endif } if (nsn != NULL) { /* XXX We only modify one side for now. */ PF_ACPY(&nsn->raddr, &nk->addr[1], pd->af); s->nat_src_node = nsn; s->nat_src_node->states++; +#ifdef __FreeBSD__ + TAILQ_INSERT_HEAD(&nsn->state_list, s, srcnode_link); +#endif } if (pd->proto == IPPROTO_TCP) { if ((pd->flags & PFDESC_TCP_NORM) && pf_normalize_tcp_init(m, backtrace: #7 0xffffffff810d7d2a in pf_src_tree_remove_state (s=0xfffffe007bfd55f0) at /usr/src/sys/modules/pf/../../contrib/pf/net/pf.c:1564 #8 0xffffffff810e01c2 in pf_test_rule (rm=0xffffff862f6ec848, sm=0xffffff862f6ec840, direction=2, kif=0xfffffe000ab67400, m=0xfffffe0070be9500, off=20, h=0xfffffe0070be9580, pd=0xffffff862f6ec780, am=0xffffff862f6ec850, rsm=0xffffff862f6ec838, ifq=0x0, inp=0x0) at /usr/src/sys/modules/pf/../../contrib/pf/net/pf.c:3965 #9 0xffffffff810e1d26 in pf_test (dir=2, ifp=Variable "ifp" is not available. ) at /usr/src/sys/modules/pf/../../contrib/pf/net/pf.c:6964 #10 0xffffffff810e8cc1 in pf_check_out (arg=Variable "arg" is not available. ) at /usr/src/sys/modules/pf/../../contrib/pf/net/pf_ioctl.c:4187 #11 0xffffffff8078816e in pfil_run_hooks (ph=Variable "ph" is not available. ) at /usr/src/sys/net/pfil.c:82 #12 0xffffffff807a20f5 in ip_fastforward (m=0xfffffe0070be9500) at /usr/src/sys/netinet/ip_fastfwd.c:445 contrib/pf/net/pf.c:3965 3961 if (pf_state_insert(BOUND_IFACE(r, kif), skw, sks, s)) { 3962 if (pd->proto == IPPROTO_TCP) 3963 pf_normalize_tcp_cleanup(s); 3964 REASON_SET(&reason, PFRES_STATEINS); 3965 pf_src_tree_remove_state(s); 3966 STATE_DEC_COUNTERS(s); 3967 #ifdef __FreeBSD__ 3968 pool_put(&V_pf_state_pl, s); 3969 #else 3970 pool_put(&pf_state_pl, s); 3971 #endif 3972 return (PF_DROP); contrib/pf/net/pf.c:1564 1561 } 1562 #ifdef __FreeBSD__ 1563 if (!TAILQ_EMPTY(&s->nat_src_node->state_list)) 1564 TAILQ_REMOVE(&s->nat_src_node->state_list, s, srcnode_link); 1565 #endif 1566 } 1567 s->src_node = s->nat_src_node = NULL; Following s -> nat_src_node -> state_list: state_list = {tqh_first = 0xfffffe01fe360130, tqh_last = 0x0} s and nat_src_node seem ok for me, not any memory garbage, e.g. they have proper creation and expiration times. Do we hit a src_node that has the state_list uninitialised, and performing an early insert automatically fixes it? -- | pozdrawiam / greetings | powered by Debian, CentOS and FreeBSD | | Kajetan Staszkiewicz | jabber,email: vegeta()tuxpowered net | | Vegeta | www: http://vegeta.tuxpowered.net | `------------------------^---------------------------------------'