Date: Mon, 21 Feb 2011 00:18:25 +0100 From: Luigi Rizzo <rizzo@iet.unipi.it> To: Pawel Tyll <ptyll@nitronet.pl> Cc: Brandon Gooch <jamesbrandongooch@gmail.com>, freebsd-ipfw@freebsd.org, Jack Vogel <jfvogel@gmail.com>, freebsd-net@freebsd.org Subject: Re: problem analysys (Re: [Panic] Dummynet/IPFW related recurring crash.) Message-ID: <20110220231825.GA10566@onelab2.iet.unipi.it> In-Reply-To: <288793167.20110220235028@nitronet.pl> References: <410175608.20110220013900@nitronet.pl> <AANLkTimWkWYj=HB5BTM0nwYWgNia-Wq4bYHsRB=OjVP7@mail.gmail.com> <AANLkTi=CLDFGxLQ8rdq3hg0KN9aYZA_YDwDWbqk5gcz2@mail.gmail.com> <1145317277.20110220045434@nitronet.pl> <20110220135855.GA4794@onelab2.iet.unipi.it> <288793167.20110220235028@nitronet.pl>
next in thread | previous in thread | raw e-mail | index | archive | help
On Sun, Feb 20, 2011 at 11:50:28PM +0100, Pawel Tyll wrote: ... > This machine is only doing dummynet traffic shaping from significant > things (otherwise it runs a dhcpd, ntpd and named). It's pretty > straight-forward routing, packets come in, packets come out via static > routes - there are currently no routing daemons involved. As to the > interfaces, there are two physical ifaces, em0 and em1, only em1 is > currently used. There are 49 vlan interfaces connected to em1, and > they are pretty much static, no IP address changes, no interfaces > going up or down, sometimes new one is being added, but there is no > automation here, and panics do not coincide with anything significant > in logs, or being done manually. Traffic oscillates between 20k pps at > night and close to 35-40k pps daytime, slightly more on weekends. > There are currently 2556 pipes defined and traffic shaping is done > with two rules: > > 30000 pipe tablearg ip from table(100) to any in > 30001 pipe tablearg ip from any to table(101) out > ... > If I missed anything here, then just tell me what more I can do, my > intentions were never to make this harder to debug or hide anything > relevant. understood. I am just saying that for instance the vlan presence and changes is quite significant in this context. You say vlans are "pretty much static" but can you tell us who adds/remove them, assign addresses ? Also the ruleset must have something more than those two rules. >From the stack trace, the panic seems to occur in a call to the "antispoof" option which presumably is somewhere in your ruleset. If not, then the stack is corrupt. cheers luigi
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20110220231825.GA10566>