From owner-freebsd-ipfw@FreeBSD.ORG Sun Feb 20 23:04:56 2011 Return-Path: Delivered-To: freebsd-ipfw@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 4247E106566B; Sun, 20 Feb 2011 23:04:56 +0000 (UTC) (envelope-from luigi@onelab2.iet.unipi.it) Received: from onelab2.iet.unipi.it (onelab2.iet.unipi.it [131.114.59.238]) by mx1.freebsd.org (Postfix) with ESMTP id 00CB58FC15; Sun, 20 Feb 2011 23:04:55 +0000 (UTC) Received: by onelab2.iet.unipi.it (Postfix, from userid 275) id CAEB473098; Mon, 21 Feb 2011 00:18:25 +0100 (CET) Date: Mon, 21 Feb 2011 00:18:25 +0100 From: Luigi Rizzo To: Pawel Tyll Message-ID: <20110220231825.GA10566@onelab2.iet.unipi.it> References: <410175608.20110220013900@nitronet.pl> <1145317277.20110220045434@nitronet.pl> <20110220135855.GA4794@onelab2.iet.unipi.it> <288793167.20110220235028@nitronet.pl> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <288793167.20110220235028@nitronet.pl> User-Agent: Mutt/1.4.2.3i Cc: Brandon Gooch , freebsd-ipfw@freebsd.org, Jack Vogel , freebsd-net@freebsd.org Subject: Re: problem analysys (Re: [Panic] Dummynet/IPFW related recurring crash.) X-BeenThere: freebsd-ipfw@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: IPFW Technical Discussions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sun, 20 Feb 2011 23:04:56 -0000 On Sun, Feb 20, 2011 at 11:50:28PM +0100, Pawel Tyll wrote: ... > This machine is only doing dummynet traffic shaping from significant > things (otherwise it runs a dhcpd, ntpd and named). It's pretty > straight-forward routing, packets come in, packets come out via static > routes - there are currently no routing daemons involved. As to the > interfaces, there are two physical ifaces, em0 and em1, only em1 is > currently used. There are 49 vlan interfaces connected to em1, and > they are pretty much static, no IP address changes, no interfaces > going up or down, sometimes new one is being added, but there is no > automation here, and panics do not coincide with anything significant > in logs, or being done manually. Traffic oscillates between 20k pps at > night and close to 35-40k pps daytime, slightly more on weekends. > There are currently 2556 pipes defined and traffic shaping is done > with two rules: > > 30000 pipe tablearg ip from table(100) to any in > 30001 pipe tablearg ip from any to table(101) out > ... > If I missed anything here, then just tell me what more I can do, my > intentions were never to make this harder to debug or hide anything > relevant. understood. I am just saying that for instance the vlan presence and changes is quite significant in this context. You say vlans are "pretty much static" but can you tell us who adds/remove them, assign addresses ? Also the ruleset must have something more than those two rules. >From the stack trace, the panic seems to occur in a call to the "antispoof" option which presumably is somewhere in your ruleset. If not, then the stack is corrupt. cheers luigi