From owner-freebsd-hackers Sun Nov 24 10:33:08 1996 Return-Path: owner-hackers Received: (from root@localhost) by freefall.freebsd.org (8.7.5/8.7.3) id KAA04264 for hackers-outgoing; Sun, 24 Nov 1996 10:33:08 -0800 (PST) Received: from misery.sdf.com (misery.sdf.com [204.244.210.193]) by freefall.freebsd.org (8.7.5/8.7.3) with ESMTP id KAA04258 for ; Sun, 24 Nov 1996 10:33:04 -0800 (PST) Received: from misery.sdf.com ([204.244.213.33]) by misery.sdf.com with SMTP id <1344-9453>; Sun, 24 Nov 1996 10:33:19 -0800 Date: Sun, 24 Nov 1996 10:33:07 -0800 (PST) From: Tom Samplonius To: Kent Vander Velden cc: hackers@freefall.freebsd.org Subject: Re: ping and freebsd crashes In-Reply-To: <9611241054.AA19315@spiff.cc.iastate.edu> Message-ID: MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: owner-hackers@FreeBSD.ORG X-Loop: FreeBSD.org Precedence: bulk On Sun, 24 Nov 1996, Kent Vander Velden wrote: > In message , tom@sdf.c > om writes: > > > >On Sat, 23 Nov 1996, Kent Vander Velden wrote: > > > >> After reading the url that was mentioned earlier about ping I tried to > >> crash an Irix 5.2 machine. I used OSF/1 v3.2 'ping -q -f -l 200 -s > >> 5000'. The network appeared to take quite a beating. Sort of related > >> to wanting to try this was that I have been working on a network packet > >> analyzer and wanted to see how much of a load this pinging would cause. > >> The network analyzer runs on a freebsd machine and uses libpcap. The > >> interesting part of all this is the freebsd machine crashed and in fact > >> crashed really hard. In the worst case a user's home directory and 50% > >> of /bin and misc. was removed. I must point out that the freebsd > >> machine was not being pinged nor was it doing the pinging it was simply > >> a machine on the network with it's interface running in promiscuous mode. > >> I also tried tcpdump to make sure that it was not my program that was > >> causing problems with the same result. > > > > Was your analyzer doing disk i/o at the same time? To the affected > >filesystems? > > It is capable of doing disk i/o. If a sigint was sent to it it would > have dumped some information. > > > How much memory does the test machine have in it? > > 20M and used for very little. There is not really a load on it. Are you using a non-GENERIC kernel? If so, do you have BOUNCE_BUFFERS compiled in? If so, this is your problem. Apparently the lance ethernet cards use DMA, and if you have more than 16MB and no bounce buffers, the card could be overwriting all kinds of thing in main memory, including file buffers (which would explain disk corruption). ... > > Not really. It involves putting the ethernet device in promiscous mode. > >This is rare and involves root access. It has always been risky, because > >some hardware doesn't like it. I've seen some NE2000s get stuck in > >promiscous mode and do all kinds of strange things. > > > > If the interface is not in promiscuous mode the system does not crash > but instead reports the mentioned errors over and over. Unfort. some of > my systems have to be in promiscuous mode all the time since they have > rarpd (or is it rbootd that does it) running on them. Seemed nasty > that I could remotely crash a system in this way :) I believe that both of these tools only look for ethernet broadcasts. Putting a ethernet into promiscous mode is something you want to avoid because of the amount of load it generates on the system. In promiscous mode, the CPU has to store and process *everything* on the wire, rather than just traffic with its ethernet address and the ethernet broadcast address. > --- > Kent Vander Velden > graphix@iastate.edu > Tom