From owner-freebsd-hackers@FreeBSD.ORG Sat Jul 23 22:27:59 2005 Return-Path: X-Original-To: freebsd-hackers@freebsd.org Delivered-To: freebsd-hackers@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id A4E1D16A41F; Sat, 23 Jul 2005 22:27:59 +0000 (GMT) (envelope-from max@love2party.net) Received: from moutng.kundenserver.de (moutng.kundenserver.de [212.227.126.188]) by mx1.FreeBSD.org (Postfix) with ESMTP id 0959B43D46; Sat, 23 Jul 2005 22:27:58 +0000 (GMT) (envelope-from max@love2party.net) Received: from p54A3C0F3.dip.t-dialin.net [84.163.192.243] (helo=donor.laier.local) by mrelayeu.kundenserver.de with ESMTP (Nemesis), id 0ML21M-1DwSTM3cWt-0000YG; Sun, 24 Jul 2005 00:27:56 +0200 From: Max Laier To: Edwin Date: Sun, 24 Jul 2005 00:27:38 +0200 User-Agent: KMail/1.8 References: <20050719034215.GB20752@asx01.verolan.com> <200507231623.16183.max@love2party.net> <20050723184108.GA14076@asx01.verolan.com> In-Reply-To: <20050723184108.GA14076@asx01.verolan.com> MIME-Version: 1.0 Content-Type: multipart/signed; boundary="nextPart1700961.AHckfZInam"; protocol="application/pgp-signature"; micalg=pgp-sha1 Content-Transfer-Encoding: 7bit Message-Id: <200507240027.54127.max@love2party.net> X-Provags-ID: kundenserver.de abuse@kundenserver.de login:61c499deaeeba3ba5be80f48ecc83056 Cc: freebsd-hackers@freebsd.org, Giorgos Keramidas Subject: Re: help w/panic under heavy load - 5.4 X-BeenThere: freebsd-hackers@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: Technical Discussions relating to FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sat, 23 Jul 2005 22:27:59 -0000 --nextPart1700961.AHckfZInam Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: quoted-printable Content-Disposition: inline On Saturday 23 July 2005 20:41, Edwin wrote: > Kernel name: D1-0722 (for reference) > > mbsd05# kgdb kernel.debug /usr/local/STORAGE/crash/vmcore.5 > #13 0xc06933c1 in ip_fastforward (m=3D0xc12e6c00) at > /usr/src/sys/netinet/ip_fastfwd.c:572 warning: Source file is more recent > than executable. Let's hope that's still correct ... > 572 if (ip_fragment(ip, &m, mtu, ifp->if_hwassist, > (kgdb) l > 567 m->m_pkthdr.csum_flags |=3D CSUM_IP; > 568 /* > 569 * ip_fragment expects ip_len and ip_off in host byte > 570 * order but returns all packets in network byte order > 571 */ > 572 if (ip_fragment(ip, &m, mtu, ifp->if_hwassist, > 573 (~ifp->if_hwassist & CSUM_DELAY_IP))) { > 574 goto drop; > 575 } > 576 KASSERT(m !=3D NULL, ("null mbuf and no error")); > (kgdb) i loc > ip =3D (struct ip *) 0xc12f700e > m0 =3D (struct mbuf *) 0xc12f700e > ro =3D {ro_rt =3D 0xc11f8420, ro_dst =3D {sa_len =3D 16 '\020', sa_family= =3D 2 > '\002', sa_data =3D "\000\000=C0=A8\002\005\000\000\000\000\000\000\000"}} > dst =3D (struct sockaddr_in *) 0xc76bfc3c > ia =3D (struct in_ifaddr *) 0x0 > ifa =3D (struct ifaddr *) 0x0 > ifp =3D (struct ifnet *) 0xc0f91800 > odest =3D {s_addr =3D 84060352} > dest =3D {s_addr =3D 84060352} > sum =3D 0 > ip_len =3D 0 This should not happen. ip_len is initialize from ntohs(ip->ip_len) and nev= er=20 touched again. Anyway, let's look some more ... > error =3D 84060352 > hlen =3D -1057417216 > mtu =3D 0 > __func__ =3D "ip_fastforward" > (kgdb) p *ip > $1 =3D {ip_hl =3D 5, ip_v =3D 4, ip_tos =3D 0 '\0', ip_len =3D 10240, ip_= id =3D 61249, ip_len should be 40 as ip_len is supposed to be in HOST BYTE ORDER at this= =20 point. Feeding 10240 to ntohs() give the correct value, so something=20 obviously went wrong. Let's see how we got here: 355 does the byteorder flip to host byte order 366 pfil OUT 451 pfil IN 527 first check ip_len < if_mtu etc ... Obviously, the only thing that might mess with the byte order (unless I mis= sed=20 something along the way) is one of the pfil consumers. *** *** What firewall(s) are you running with? *** > ip_off =3D 0, ip_ttl =3D 63 '?', ip_p =3D 17 '\021', ip_sum =3D 31921, ip= _src =3D > {s_addr =3D 67479744}, ip_dst =3D {s_addr =3D 84060352}} (kgdb) p *m > $2 =3D {m_hdr =3D {mh_next =3D 0x0, mh_nextpkt =3D 0x0, mh_data =3D 0xc12= f700e "E", > mh_len =3D 40, mh_flags =3D 3, mh_type =3D 1}, M_dat =3D {MH =3D {MH_pkth= dr =3D {rcvif > =3D 0xc0f90000, len =3D 40, header =3D 0x0, csum_flags =3D 769, csum_data= =3D 0, tags 40, there you have it - no need to fragment at all! > /usr/src/sys/netinet/ip_output.c:967 > 967 m->m_next =3D m_copy(m0, off, len); > (kgdb) l > 962 len =3D ip->ip_len - off; > 963 m->m_flags |=3D M_LASTFRAG; > 964 } else > 965 mhip->ip_off |=3D IP_MF; > 966 mhip->ip_len =3D htons((u_short)(len + mhlen)); > 967 m->m_next =3D m_copy(m0, off, len); > 968 if (m->m_next =3D=3D NULL) { /* copy failed */ > 969 m_free(m); > 970 error =3D ENOBUFS; /* ??? */ > 971 ipstat.ips_odropped++; Just to make sure, we didn't touch the original packet at this point so the= =20 above values are still the ones we based the (wrong) decision on. =2D-=20 /"\ Best regards, | mlaier@freebsd.org \ / Max Laier | ICQ #67774661 X http://pf4freebsd.love2party.net/ | mlaier@EFnet / \ ASCII Ribbon Campaign | Against HTML Mail and News --nextPart1700961.AHckfZInam Content-Type: application/pgp-signature -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.1 (FreeBSD) iD8DBQBC4sRqXyyEoT62BG0RAh+KAJ94YzIMUpdJ4uevZzhCaKBTwp+zswCfblzk issKUmM+7rkv7Ir28mgPI5E= =HYJP -----END PGP SIGNATURE----- --nextPart1700961.AHckfZInam--