From owner-freebsd-current Thu Oct 10 14:39:44 1996 Return-Path: owner-current Received: (from root@localhost) by freefall.freebsd.org (8.7.5/8.7.3) id OAA17886 for current-outgoing; Thu, 10 Oct 1996 14:39:44 -0700 (PDT) Received: from Kitten.mcs.com (Kitten.mcs.com [192.160.127.90]) by freefall.freebsd.org (8.7.5/8.7.3) with ESMTP id OAA17865; Thu, 10 Oct 1996 14:39:37 -0700 (PDT) Received: from mailbox.mcs.com (Mailbox.mcs.com [192.160.127.87]) by Kitten.mcs.com (8.8.0/8.8.Beta.3) with SMTP id QAA24682; Thu, 10 Oct 1996 16:39:30 -0500 (CDT) Received: by mailbox.mcs.com (/\==/\ Smail3.1.28.1 #28.15) id ; Thu, 10 Oct 96 16:39 CDT Received: (from karl@localhost) by Jupiter.Mcs.Net (8.8.Beta.6/8.8.Beta.3) id QAA13465; Thu, 10 Oct 1996 16:39:27 -0500 (CDT) From: Karl Denninger Message-Id: <199610102139.QAA13465@Jupiter.Mcs.Net> Subject: Re: Crash in -current (from the current SNAP) To: dg@root.com Date: Thu, 10 Oct 1996 16:39:27 -0500 (CDT) Cc: fenner@parc.xerox.com, current@freebsd.org, hackers@freebsd.org, karl@Mcs.Net In-Reply-To: <199610102124.OAA27457@root.com> from "David Greenman" at Oct 10, 96 02:24:00 pm X-Mailer: ELM [version 2.4 PL24] Content-Type: text Sender: owner-current@freebsd.org X-Loop: FreeBSD.org Precedence: bulk > >>>>> (*inetsw[ip_protox[ip->ip_p]].pr_input)(m, hlen); > > > >>What's going on here? > > > >Either ip_protox[ip->ip_p] is out of range (should be 1..7 or 8 > >depending on if what options you have in your kernel), or > >inetsw[ip_protox[ip->ip_p]].pr_input is. > > gdb isn't decoding the stack correctly. The real failure is inside the > pr_input routine (probably tcp_input) somewhere. Yuck. Without a failure address this is going to be a BITCH to find. The decode on the parameters passed (the switch path taken) look valid. This leads me to believe that something's trashed, perhaps in the PCBs, and is leading to a bad indirect reference. > >>Given that it is a timeout call that is generating this, why do I think > >>this has something to do with the anti-syn patches? > > > >Nope, this is a software interrupt causing IP to service its input > >queue. > > ...which if the input queue contains SYNs could cause the queue to overrun. > Right? Or am I missing something? I don't think you are. This started when the SYN attack code was added to the system. Its fairly consistent and shows up with a frequency of every few hours. I have good core dumps here if anyone wants to track this down. -- -- Karl Denninger (karl@MCS.Net)| MCSNet - The Finest Internet Connectivity http://www.mcs.net/~karl | T1 from $600 monthly; speeds to DS-3 available | 23 Chicagoland Prefixes, 13 ISDN, much more Voice: [+1 312 803-MCS1 x219]| Email to "info@mcs.net" WWW: http://www.mcs.net/ Fax: [+1 312 248-9865] | Home of Chicago's only FULL Clarinet feed!