Date: Thu, 06 Sep 2007 09:08:53 +0200 From: Ian FREISLICH <ianf@clue.co.za> Cc: bu7cher@yandex.ru, rwatson@freebsd.org, freebsd-current@freebsd.org Subject: Re: Panic in ipfw Message-ID: <E1ITBTy-00056T-4G@clue.co.za> In-Reply-To: Message from Ian FREISLICH <ianf@clue.co.za> of "Tue, 04 Sep 2007 15:21:02 %2B0200." <E1ISYL0-000158-7n@clue.co.za>
next in thread | previous in thread | raw e-mail | index | archive | help
Ian FREISLICH wrote: > Ian FREISLICH wrote: > > "Andrey V. Elsukov" wrote: > > > Hi, Ian. > > > > > > > I got this panic yesterday on a fairly busy firewall. I have some > > > > private patches to ip_fw2.c and to the em driver (see the earlier > > > > "em0 hijacking traffic to port 623" thread). I don't think this > > > > panic is a result of those changes. > > > > > > > It occurred round about the time an address was added to an interface. > > > > > > I have a patch that can help you (i guess..). > > > Can you test this patch? > > > > > > http://butcher.heavennet.ru/patches/kernel/inaddr_locking/ > > > > Thanks. Wow, that looks like it touches a lot more than just ipfw. > > It took about 1.5 years of production at 2.3 billion backets a day > > to trigger this condition twice. It's going to be difficult to > > tell if this patch fixes the problem. > > This code is touched by Andrey's patch. I'm going to put that patch > into production tomorrow - this locking issue is raising it's head > too often now. That didn't go too well. The onsite admins messed up the serial console arangement so I couldn't see what happened when things went wrong. But they did. The only difference to the kernel was the inclusion of Audrey's patch. After about 6 hours we started seeing about 90% packet loss. I'm not sure if I'll get another chance to try this patch. Ian -- Ian Freislich
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?E1ITBTy-00056T-4G>