Date: Sat, 19 Sep 1998 07:44:43 +0000 (GMT) From: Terry Lambert <tlambert@primenet.com> To: jkh@time.cdrom.com (Jordan K. Hubbard) Cc: gram@cdsec.com, bright@hotjobs.com, hackers@FreeBSD.ORG Subject: Re: FreeBSD hanging/rebooting Message-ID: <199809190744.AAA18882@usr08.primenet.com> In-Reply-To: <4139.906167609@time.cdrom.com> from "Jordan K. Hubbard" at Sep 18, 98 06:13:29 pm
next in thread | previous in thread | raw e-mail | index | archive | help
> > We have been basing our firewall on 2.2.2 since about a month after > > it was released. We have a reasonably large number of firewalls installed, > > The problem is occurring on about 4 of them, which have been handling > > increasing loads over time. All of them have been running for at least six > > months (previously on FreeBSD 2.1.6). > > > > Two have 32Mb RAM, and two have 64Mb. The swap space in each is calculated > > as (16Mb + 2 x physical). > > If it's any consolation, I have seen this problem at a local ISP > friend whom I help out from time to time and I'm no closer to fixing > it either. It seems to be a combination of some bogus code in inetd > and a low-resource condition, though just what that condition is it's > hard to fathom since different people report different symptoms. To > cite my ISP friend as an example, the errors started to occur most > frequently when they lost a 2nd disk and the amount of available > swap space decreased by half, then the problems started happening > very frequently (and they run many web servers + some large perl5 > CGI scripts there). Others, like yourself, report that it's not swap > related at all. Gah. What to do?! This may be unrelated, but is there a logged firewall "reject" that occurs immediately before the reboot? There was a well known problem with the ip firewall code that resulted in a kernel stack corruption, since a stack buffer was used as an argument to an explicit reject send, and the stack went out of scope before the reject was serviced, resulting in a curruption of a kernel stack with (basically) the remote IP address (among other data). Archie Cobb fixed this a while back, but you may have stale code? It was most frequently triggered (for us) by rejects of RIP packets from ISP's who erroneously configured their dialin network with RIP enabled (a silly thing to do, for a lot of reasons). Terry Lambert terry@lambert.org --- Any opinions in this posting are my own and not those of my present or previous employers. To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-hackers" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?199809190744.AAA18882>