From owner-freebsd-net@FreeBSD.ORG Mon Jan 24 19:14:27 2011 Return-Path: Delivered-To: freebsd-net@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 1F980106566B for ; Mon, 24 Jan 2011 19:14:27 +0000 (UTC) (envelope-from ptyll@nitronet.pl) Received: from mail.nitronet.pl (smtp.nitronet.pl [195.90.106.27]) by mx1.freebsd.org (Postfix) with ESMTP id CF3958FC0A for ; Mon, 24 Jan 2011 19:14:26 +0000 (UTC) Received: from mailnull by mail.nitronet.pl with virscan (Exim 4.72 (FreeBSD)) (envelope-from ) id 1PhRrt-000AuL-Uv for freebsd-net@freebsd.org; Mon, 24 Jan 2011 20:14:25 +0100 Date: Mon, 24 Jan 2011 20:14:14 +0100 From: Pawel Tyll X-Priority: 3 (Normal) Message-ID: <814029043.20110124201414@nitronet.pl> To: Jack Vogel In-Reply-To: References: <201953550.20110106221821@nitronet.pl> <57312439.20110107171430@nitronet.pl> <13247006.20110124020848@nitronet.pl> MIME-Version: 1.0 Content-Type: text/plain; charset=iso-8859-1 Content-Transfer-Encoding: quoted-printable X-Virus-Scanned: Nitronet.pl X-SA-Exim-Connect-IP: X-SA-Exim-Mail-From: ptyll@nitronet.pl X-SA-Exim-Scanned: No (on mail.nitronet.pl); SAEximRunCond expanded to false Cc: Brandon Gooch , freebsd-ipfw@freebsd.org, Luigi Rizzo , freebsd-net@freebsd.org Subject: Re: [Panic] Dummynet/IPFW related recurring crash. X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 24 Jan 2011 19:14:27 -0000 > Just replying so you know I'm seeing it, but something that takes 14 days= to > even happen > is NOT going to be an easy one to find. As Brandon said, all the info you > can provide please. Here's the dump in case you've not seen it before. Somehow 8.1-RELEASE managed to make a proper dump, which became impossible later on. http://www.freebsd.org/cgi/query-pr.cgi?pr=3D152360 I strongly feel that it's related to dummynet. Not only panic seems to always be pointing at it, but also this is the only one of four identical machines, that crashes (and also only one that uses dummynet). From it's neighbor: up 166 days, 18:45 (FreeBSD 8.1-RELEASE) There's also this problem with fail to reboot after panic, and failure to dump properly. I think I have one more spare box laying around somewhere, so I will look into it. I can trace all this panic business back to one thing I started doing: # ipfw pipe list | grep flows | wc -l 2318 # crontab -l (...) */1 * * * * /root/fw/pipestats.sh (...) # cat /root/fw/pipestats.sh /sbin/ipfw pipe list > pipestats-`date "+%Y%m%d-%H%M%S"` Maybe something overflows here? Don't know :( Ruleset itself seems to be as simple as it gets: 00010 1397 106004 deny ip from any to any not antispoof in 00020 70490095 5395475808 fwd [...] ip from table(60) to table(61) 00050 3741 173481 allow tcp from any to [...] dst-port 53 00051 1868319 195628380 allow udp from any to [...] 00059 19993 1043277 deny ip from any to [...] 00100 603380 33725224 deny ip from any to table(10) dst-port 131-13= 9,445 00102 21201 874326 fwd [...] tcp from table(1) to not table(5) d= st-port 80 00103 0 0 fwd [...] tcp from table(2) to not table(5) d= st-port 80 00104 31 2196 fwd [...] tcp from table(3) to not table(5) 00105 4577 296736 deny ip from table(3) to not table(5) 30000 299626026 144893738712 pipe tablearg ip from table(100) to any in 30001 349984632 312762616666 pipe tablearg ip from any to table(101) out 34900 6724440 1768229912 skipto 35001 ip from table(10) to table(10) 35000 344337771 135015696767 fwd [...] ip from 192.168.0.0/16 to not 192.1= 68.0.0/16 65534 1118791481 888359380351 allow ip from any to any 65535 0 0 allow ip from any to any Two weeks seems to be rather strange. It never happens much earlier, and I don't remember panics much later. Too bad I didn't install uptimed back then, would have at least 10 panics recorded now ;) There's something elusive somewhere here, and sad part is it doesn't happen to others. Machine itself isn't really heavy loaded, processing 40-60kpps. Thank you for your interest, I very much appreciate it.