From owner-freebsd-net@FreeBSD.ORG Sun Feb 13 09:30:10 2011 Return-Path: Delivered-To: freebsd-net@hub.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 60FD31065694 for ; Sun, 13 Feb 2011 09:30:10 +0000 (UTC) (envelope-from gnats@FreeBSD.org) Received: from freefall.freebsd.org (freefall.freebsd.org [IPv6:2001:4f8:fff6::28]) by mx1.freebsd.org (Postfix) with ESMTP id 3557D8FC12 for ; Sun, 13 Feb 2011 09:30:10 +0000 (UTC) Received: from freefall.freebsd.org (localhost [127.0.0.1]) by freefall.freebsd.org (8.14.4/8.14.4) with ESMTP id p1D9UAlu073239 for ; Sun, 13 Feb 2011 09:30:10 GMT (envelope-from gnats@freefall.freebsd.org) Received: (from gnats@localhost) by freefall.freebsd.org (8.14.4/8.14.4/Submit) id p1D9UA0b073232; Sun, 13 Feb 2011 09:30:10 GMT (envelope-from gnats) Date: Sun, 13 Feb 2011 09:30:10 GMT Message-Id: <201102130930.p1D9UA0b073232@freefall.freebsd.org> To: freebsd-net@FreeBSD.org From: Arnaud Lacombe Cc: Subject: [debugged] Re: kern/154676: [netgraph] [panic] HEAD, 8.1-RELEASE panic after some play with netgraph X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list Reply-To: Arnaud Lacombe List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sun, 13 Feb 2011 09:30:10 -0000 The following reply was made to PR kern/154676; it has been noted by GNATS. From: Arnaud Lacombe To: bug-followup@FreeBSD.org, sergey.dyatko@gmail.com, =?ISO-8859-1?Q?Andr=E9_Oppermann?= Cc: Subject: [debugged] Re: kern/154676: [netgraph] [panic] HEAD, 8.1-RELEASE panic after some play with netgraph Date: Sun, 13 Feb 2011 04:29:58 -0500 [Adding andre@, see below] I think I narrowed this down to right after the call to sbappendstream_locked() in netinet/tcp_input.c:tcp_do_segment(), line 2713. On 7.1, the mbuf has its M_PKTHDR set. It is not set in -current. However, the mbuf passed to tcp_do_segment() has the flag set (enforced by M_ASSERTPKTHDR(m)), so it should have been lost in-between. [...] ... of course ...sbappendstream_locked() of 7.1 has no call to m_demote(). I suppose that ng_ksocket will work again if I remove the call. [...] Yes it does... For the record, this call has been introduced in: commit ec3cce1383deb16282c3576cc3dc2f3bb1ba9375 Author: andre Date: Mon Jun 22 21:46:40 2009 +0000 In sbappendstream_locked() demote all incoming packet mbufs (and chains) to pure data mbufs using m_demote(). This removes the packet header and all m_tag information as they are not meaningful anymore on a stream socket where mbufs are linked through m->m_next. Strictly speaking a packet header can be only ever valid on the first mbuf in an m_next chain. sbcompress() was doing this already when the mbuf chain layout lent itself to it (e.g. header splitting or merge-append), just not consistently. This frees resources at socket buffer append time instead of at sbdrop_internal() time after data has been read from the socket. For MAC the per packet information has done its duty and during socket buffer appending the policy of the socket itself takes over. With the append the packet boundaries disappear naturally and with it any context that was based on it. None of the residual information from mbuf headers in the socket buffer on stream sockets was looked at.