Date: Sun, 24 Jul 2005 00:27:38 +0200 From: Max Laier <max@love2party.net> To: Edwin <edwin@verolan.com> Cc: freebsd-hackers@freebsd.org, Giorgos Keramidas <keramida@freebsd.org> Subject: Re: help w/panic under heavy load - 5.4 Message-ID: <200507240027.54127.max@love2party.net> In-Reply-To: <20050723184108.GA14076@asx01.verolan.com> References: <20050719034215.GB20752@asx01.verolan.com> <200507231623.16183.max@love2party.net> <20050723184108.GA14076@asx01.verolan.com>
next in thread | previous in thread | raw e-mail | index | archive | help
--nextPart1700961.AHckfZInam
Content-Type: text/plain;
charset="iso-8859-1"
Content-Transfer-Encoding: quoted-printable
Content-Disposition: inline
On Saturday 23 July 2005 20:41, Edwin wrote:
> Kernel name: D1-0722 (for reference)
>
> mbsd05# kgdb kernel.debug /usr/local/STORAGE/crash/vmcore.5
> #13 0xc06933c1 in ip_fastforward (m=3D0xc12e6c00) at
> /usr/src/sys/netinet/ip_fastfwd.c:572 warning: Source file is more recent
> than executable.
Let's hope that's still correct ...
> 572 if (ip_fragment(ip, &m, mtu, ifp->if_hwassist,
> (kgdb) l
> 567 m->m_pkthdr.csum_flags |=3D CSUM_IP;
> 568 /*
> 569 * ip_fragment expects ip_len and ip_off in host byte
> 570 * order but returns all packets in network byte order
> 571 */
> 572 if (ip_fragment(ip, &m, mtu, ifp->if_hwassist,
> 573 (~ifp->if_hwassist & CSUM_DELAY_IP))) {
> 574 goto drop;
> 575 }
> 576 KASSERT(m !=3D NULL, ("null mbuf and no error"));
> (kgdb) i loc
> ip =3D (struct ip *) 0xc12f700e
> m0 =3D (struct mbuf *) 0xc12f700e
> ro =3D {ro_rt =3D 0xc11f8420, ro_dst =3D {sa_len =3D 16 '\020', sa_family=
=3D 2
> '\002', sa_data =3D "\000\000=C0=A8\002\005\000\000\000\000\000\000\000"}}
> dst =3D (struct sockaddr_in *) 0xc76bfc3c
> ia =3D (struct in_ifaddr *) 0x0
> ifa =3D (struct ifaddr *) 0x0
> ifp =3D (struct ifnet *) 0xc0f91800
> odest =3D {s_addr =3D 84060352}
> dest =3D {s_addr =3D 84060352}
> sum =3D 0
> ip_len =3D 0
This should not happen. ip_len is initialize from ntohs(ip->ip_len) and nev=
er=20
touched again. Anyway, let's look some more ...
> error =3D 84060352
> hlen =3D -1057417216
> mtu =3D 0
> __func__ =3D "ip_fastforward"
> (kgdb) p *ip
> $1 =3D {ip_hl =3D 5, ip_v =3D 4, ip_tos =3D 0 '\0', ip_len =3D 10240, ip_=
id =3D 61249,
ip_len should be 40 as ip_len is supposed to be in HOST BYTE ORDER at this=
=20
point. Feeding 10240 to ntohs() give the correct value, so something=20
obviously went wrong.
Let's see how we got here:
355 does the byteorder flip to host byte order
366 pfil OUT
451 pfil IN
527 first check ip_len < if_mtu etc ...
Obviously, the only thing that might mess with the byte order (unless I mis=
sed=20
something along the way) is one of the pfil consumers.
***
*** What firewall(s) are you running with?
***
> ip_off =3D 0, ip_ttl =3D 63 '?', ip_p =3D 17 '\021', ip_sum =3D 31921, ip=
_src =3D
> {s_addr =3D 67479744}, ip_dst =3D {s_addr =3D 84060352}} (kgdb) p *m
> $2 =3D {m_hdr =3D {mh_next =3D 0x0, mh_nextpkt =3D 0x0, mh_data =3D 0xc12=
f700e "E",
> mh_len =3D 40, mh_flags =3D 3, mh_type =3D 1}, M_dat =3D {MH =3D {MH_pkth=
dr =3D {rcvif
> =3D 0xc0f90000, len =3D 40, header =3D 0x0, csum_flags =3D 769, csum_data=
=3D 0, tags
40, there you have it - no need to fragment at all!
> /usr/src/sys/netinet/ip_output.c:967
> 967 m->m_next =3D m_copy(m0, off, len);
> (kgdb) l
> 962 len =3D ip->ip_len - off;
> 963 m->m_flags |=3D M_LASTFRAG;
> 964 } else
> 965 mhip->ip_off |=3D IP_MF;
> 966 mhip->ip_len =3D htons((u_short)(len + mhlen));
> 967 m->m_next =3D m_copy(m0, off, len);
> 968 if (m->m_next =3D=3D NULL) { /* copy failed */
> 969 m_free(m);
> 970 error =3D ENOBUFS; /* ??? */
> 971 ipstat.ips_odropped++;
Just to make sure, we didn't touch the original packet at this point so the=
=20
above values are still the ones we based the (wrong) decision on.
=2D-=20
/"\ Best regards, | mlaier@freebsd.org
\ / Max Laier | ICQ #67774661
X http://pf4freebsd.love2party.net/ | mlaier@EFnet
/ \ ASCII Ribbon Campaign | Against HTML Mail and News
--nextPart1700961.AHckfZInam
Content-Type: application/pgp-signature
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.1 (FreeBSD)
iD8DBQBC4sRqXyyEoT62BG0RAh+KAJ94YzIMUpdJ4uevZzhCaKBTwp+zswCfblzk
issKUmM+7rkv7Ir28mgPI5E=
=HYJP
-----END PGP SIGNATURE-----
--nextPart1700961.AHckfZInam--
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?200507240027.54127.max>