From owner-freebsd-bugs@FreeBSD.ORG  Tue Sep 30 16:59:53 2008
Return-Path: <owner-freebsd-bugs@FreeBSD.ORG>
Delivered-To: freebsd-bugs@freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34])
	by hub.freebsd.org (Postfix) with ESMTP id 250B9106568B
	for <freebsd-bugs@freebsd.org>; Tue, 30 Sep 2008 16:59:53 +0000 (UTC)
	(envelope-from EricB@summit-tech.ca)
Received: from summit-tech.ca (exchange.summit-tech.ca [64.254.226.150])
	by mx1.freebsd.org (Postfix) with ESMTP id E19708FC16
	for <freebsd-bugs@freebsd.org>; Tue, 30 Sep 2008 16:59:52 +0000 (UTC)
	(envelope-from EricB@summit-tech.ca)
Content-class: urn:content-classes:message
MIME-Version: 1.0
Content-Type: text/plain;
	charset="us-ascii"
Content-Transfer-Encoding: quoted-printable
X-MimeOLE: Produced By Microsoft Exchange V6.5
Date: Tue, 30 Sep 2008 12:49:46 -0400
Message-ID: <6B7B1A20E3B05A46A8AFF312316329D2014044F1@exchange01.pacifica.ca>
X-MS-Has-Attach: 
X-MS-TNEF-Correlator: 
Thread-Topic: 6.3-RELEASE Page Fault in ipfilter on heavy load
Thread-Index: AckjHIvTk0uyySvNQgWQ8BkUe6Q93w==
From: "Eric Bellotti" <EricB@summit-tech.ca>
To: <freebsd-bugs@freebsd.org>
Subject: 6.3-RELEASE Page Fault in ipfilter on heavy load
X-BeenThere: freebsd-bugs@freebsd.org
X-Mailman-Version: 2.1.5
Precedence: list
List-Id: Bug reports <freebsd-bugs.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-bugs>,
	<mailto:freebsd-bugs-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-bugs>
List-Post: <mailto:freebsd-bugs@freebsd.org>
List-Help: <mailto:freebsd-bugs-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-bugs>,
	<mailto:freebsd-bugs-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Tue, 30 Sep 2008 16:59:53 -0000

Hi,
=20
6.3 RELEASE SMP.  We have a firewall with ipfilter and 418 in rules, 16
out rules, and roughly 700 nat rules.
We had previously installed 7.0 RELEASE, which also page faulted about 5
min after being plugged in.
The box has is a Dell PE1950 with two on-board BCM75008, and a quad
Intel PRO/1000 PCIX card.

What do you experts make of this?  What else can I provide to assist in
debugging?

(kgdb) bt
#0  doadump () at pcpu.h:165
#1  0xc06a7872 in boot (howto=3D260) at
/usr/src/sys/kern/kern_shutdown.c:409
#2  0xc06a7b99 in panic (fmt=3D0xc0975003 "%s") at
/usr/src/sys/kern/kern_shutdown.c:565
#3  0xc0915e9c in trap_fatal (frame=3D0xe38d0a38, eva=3D4) at
/usr/src/sys/i386/i386/trap.c:838
#4  0xc0915bdb in trap_pfault (frame=3D0xe38d0a38, usermode=3D0, =
eva=3D4) at
/usr/src/sys/i386/i386/trap.c:745
#5  0xc0915815 in trap (frame=3D
      {tf_fs =3D 8, tf_es =3D 40, tf_ds =3D -477298648, tf_edi =3D =
167772191,
tf_esi =3D 0, tf_ebp =3D -477295884, tf_isp =3D -477296028, tf_ebx =3D
-977793024, tf_edx =3D 6, tf_ecx =3D -965245440, tf_eax =3D 0, tf_trapno =
=3D 12,
tf_err =3D 0, tf_eip =3D -986197785, tf_cs =3D 32, tf_eflags =3D 66118, =
tf_esp =3D
1, tf_ss =3D -477295788}) at /usr/src/sys/i386/i386/trap.c:435
#6  0xc09006ca in calltrap () at /usr/src/sys/i386/i386/exception.s:139
#7  0xc537d0e7 in nat_new (fin=3D0xe38d0b68, np=3D0xc5b81000, =
natsave=3D0x0,
flags=3D0, direction=3D0) at endian.h:144
#8  0xc537d7de in fr_checknatin (fin=3D0xe38d0b68, passp=3D0xe38d0b64) =
at
/usr/src/sys/modules/ipfilter/../../contrib/ipfilter/netinet/ip_nat.c:41
40
#9  0xc5392155 in fr_check (ip=3D0xc539e4cc, hlen=3D-477295772, =
ifp=3D0x0,
out=3D0, mp=3D0xe38d0c50) at
/usr/src/sys/modules/ipfilter/../../contrib/ipfilter/netinet/fil.c:2572
#10 0xc538d985 in fr_check_wrapper (arg=3D0x0, mp=3D0x6, =
ifp=3D0xc500e800,
dir=3D1) at
/usr/src/sys/modules/ipfilter/../../contrib/ipfilter/netinet/ip_fil_free
bsd.c:178
#11 0xc072455f in pfil_run_hooks (ph=3D0xc0a80ca0, mp=3D0xe38d0ca8,
ifp=3D0xc500e800, dir=3D1, inp=3D0x0) at /usr/src/sys/net/pfil.c:139
#12 0xc0749cf5 in ip_input (m=3D0xc7912c00) at
/usr/src/sys/netinet/ip_input.c:468
#13 0xc07230d3 in netisr_processqueue (ni=3D0xc0a80278) at
/usr/src/sys/net/netisr.c:236
#14 0xc07232d2 in swi_net (dummy=3D0x0) at /usr/src/sys/net/netisr.c:349
#15 0xc0690ff5 in ithread_execute_handlers (p=3D0xc4ede430, =
ie=3D0xc4f2e180)
at /usr/src/sys/kern/kern_intr.c:682
#16 0xc0691115 in ithread_loop (arg=3D0xc4ebd8b0) at
/usr/src/sys/kern/kern_intr.c:766
#17 0xc068fda9 in fork_exit (callout=3D0xc06910c0 <ithread_loop>,
arg=3D0xc4ebd8b0, frame=3D0xe38d0d38) at =
/usr/src/sys/kern/kern_fork.c:788
#18 0xc090072c in fork_trampoline () at
/usr/src/sys/i386/i386/exception.s:208
(kgdb)

# sysctl  -a | grep ipf
net.inet.ipf.fr_minttl: 4
net.inet.ipf.fr_chksrc: 0
net.inet.ipf.fr_defaultauthage: 600
net.inet.ipf.fr_authused: 0
net.inet.ipf.fr_authsize: 32
net.inet.ipf.ipf_hostmap_sz: 2047
net.inet.ipf.ipf_rdrrules_sz: 1009
net.inet.ipf.ipf_natrules_sz: 1009
net.inet.ipf.ipf_nattable_sz: 16889
net.inet.ipf.fr_statemax: 7079
net.inet.ipf.fr_statesize: 10163
net.inet.ipf.fr_running: 1
net.inet.ipf.fr_ipfrttl: 120
net.inet.ipf.fr_defnatage: 1200
net.inet.ipf.fr_icmptimeout: 120
net.inet.ipf.fr_udpacktimeout: 24
net.inet.ipf.fr_udptimeout: 240
net.inet.ipf.fr_tcpclosed: 60
net.inet.ipf.fr_tcptimeout: 480
net.inet.ipf.fr_tcplastack: 60
net.inet.ipf.fr_tcpclosewait: 480
net.inet.ipf.fr_tcphalfclosed: 7200
net.inet.ipf.fr_tcpidletimeout: 172800
net.inet.ipf.fr_active: 0
net.inet.ipf.fr_pass: 134217730
net.inet.ipf.fr_flags: 0
net.link.ether.ipfw: 0

BR

Eric