Date: Tue, 30 Sep 2008 12:49:46 -0400 From: "Eric Bellotti" <EricB@summit-tech.ca> To: <freebsd-bugs@freebsd.org> Subject: 6.3-RELEASE Page Fault in ipfilter on heavy load Message-ID: <6B7B1A20E3B05A46A8AFF312316329D2014044F1@exchange01.pacifica.ca>
next in thread | raw e-mail | index | archive | help
Hi,
=20
6.3 RELEASE SMP. We have a firewall with ipfilter and 418 in rules, 16
out rules, and roughly 700 nat rules.
We had previously installed 7.0 RELEASE, which also page faulted about 5
min after being plugged in.
The box has is a Dell PE1950 with two on-board BCM75008, and a quad
Intel PRO/1000 PCIX card.
What do you experts make of this? What else can I provide to assist in
debugging?
(kgdb) bt
#0 doadump () at pcpu.h:165
#1 0xc06a7872 in boot (howto=3D260) at
/usr/src/sys/kern/kern_shutdown.c:409
#2 0xc06a7b99 in panic (fmt=3D0xc0975003 "%s") at
/usr/src/sys/kern/kern_shutdown.c:565
#3 0xc0915e9c in trap_fatal (frame=3D0xe38d0a38, eva=3D4) at
/usr/src/sys/i386/i386/trap.c:838
#4 0xc0915bdb in trap_pfault (frame=3D0xe38d0a38, usermode=3D0, =
eva=3D4) at
/usr/src/sys/i386/i386/trap.c:745
#5 0xc0915815 in trap (frame=3D
{tf_fs =3D 8, tf_es =3D 40, tf_ds =3D -477298648, tf_edi =3D =
167772191,
tf_esi =3D 0, tf_ebp =3D -477295884, tf_isp =3D -477296028, tf_ebx =3D
-977793024, tf_edx =3D 6, tf_ecx =3D -965245440, tf_eax =3D 0, tf_trapno =
=3D 12,
tf_err =3D 0, tf_eip =3D -986197785, tf_cs =3D 32, tf_eflags =3D 66118, =
tf_esp =3D
1, tf_ss =3D -477295788}) at /usr/src/sys/i386/i386/trap.c:435
#6 0xc09006ca in calltrap () at /usr/src/sys/i386/i386/exception.s:139
#7 0xc537d0e7 in nat_new (fin=3D0xe38d0b68, np=3D0xc5b81000, =
natsave=3D0x0,
flags=3D0, direction=3D0) at endian.h:144
#8 0xc537d7de in fr_checknatin (fin=3D0xe38d0b68, passp=3D0xe38d0b64) =
at
/usr/src/sys/modules/ipfilter/../../contrib/ipfilter/netinet/ip_nat.c:41
40
#9 0xc5392155 in fr_check (ip=3D0xc539e4cc, hlen=3D-477295772, =
ifp=3D0x0,
out=3D0, mp=3D0xe38d0c50) at
/usr/src/sys/modules/ipfilter/../../contrib/ipfilter/netinet/fil.c:2572
#10 0xc538d985 in fr_check_wrapper (arg=3D0x0, mp=3D0x6, =
ifp=3D0xc500e800,
dir=3D1) at
/usr/src/sys/modules/ipfilter/../../contrib/ipfilter/netinet/ip_fil_free
bsd.c:178
#11 0xc072455f in pfil_run_hooks (ph=3D0xc0a80ca0, mp=3D0xe38d0ca8,
ifp=3D0xc500e800, dir=3D1, inp=3D0x0) at /usr/src/sys/net/pfil.c:139
#12 0xc0749cf5 in ip_input (m=3D0xc7912c00) at
/usr/src/sys/netinet/ip_input.c:468
#13 0xc07230d3 in netisr_processqueue (ni=3D0xc0a80278) at
/usr/src/sys/net/netisr.c:236
#14 0xc07232d2 in swi_net (dummy=3D0x0) at /usr/src/sys/net/netisr.c:349
#15 0xc0690ff5 in ithread_execute_handlers (p=3D0xc4ede430, =
ie=3D0xc4f2e180)
at /usr/src/sys/kern/kern_intr.c:682
#16 0xc0691115 in ithread_loop (arg=3D0xc4ebd8b0) at
/usr/src/sys/kern/kern_intr.c:766
#17 0xc068fda9 in fork_exit (callout=3D0xc06910c0 <ithread_loop>,
arg=3D0xc4ebd8b0, frame=3D0xe38d0d38) at =
/usr/src/sys/kern/kern_fork.c:788
#18 0xc090072c in fork_trampoline () at
/usr/src/sys/i386/i386/exception.s:208
(kgdb)
# sysctl -a | grep ipf
net.inet.ipf.fr_minttl: 4
net.inet.ipf.fr_chksrc: 0
net.inet.ipf.fr_defaultauthage: 600
net.inet.ipf.fr_authused: 0
net.inet.ipf.fr_authsize: 32
net.inet.ipf.ipf_hostmap_sz: 2047
net.inet.ipf.ipf_rdrrules_sz: 1009
net.inet.ipf.ipf_natrules_sz: 1009
net.inet.ipf.ipf_nattable_sz: 16889
net.inet.ipf.fr_statemax: 7079
net.inet.ipf.fr_statesize: 10163
net.inet.ipf.fr_running: 1
net.inet.ipf.fr_ipfrttl: 120
net.inet.ipf.fr_defnatage: 1200
net.inet.ipf.fr_icmptimeout: 120
net.inet.ipf.fr_udpacktimeout: 24
net.inet.ipf.fr_udptimeout: 240
net.inet.ipf.fr_tcpclosed: 60
net.inet.ipf.fr_tcptimeout: 480
net.inet.ipf.fr_tcplastack: 60
net.inet.ipf.fr_tcpclosewait: 480
net.inet.ipf.fr_tcphalfclosed: 7200
net.inet.ipf.fr_tcpidletimeout: 172800
net.inet.ipf.fr_active: 0
net.inet.ipf.fr_pass: 134217730
net.inet.ipf.fr_flags: 0
net.link.ether.ipfw: 0
BR
Eric
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?6B7B1A20E3B05A46A8AFF312316329D2014044F1>