From owner-freebsd-net@FreeBSD.ORG  Wed Dec 31 18:41:50 2008
Return-Path: <owner-freebsd-net@FreeBSD.ORG>
Delivered-To: freebsd-net@freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34])
	by hub.freebsd.org (Postfix) with ESMTP id D80E6106566B
	for <freebsd-net@freebsd.org>; Wed, 31 Dec 2008 18:41:50 +0000 (UTC)
	(envelope-from jason.dicioccio@ods.org)
Received: from nf-out-0910.google.com (nf-out-0910.google.com [64.233.182.188])
	by mx1.freebsd.org (Postfix) with ESMTP id 8403E8FC0C
	for <freebsd-net@freebsd.org>; Wed, 31 Dec 2008 18:41:49 +0000 (UTC)
	(envelope-from jason.dicioccio@ods.org)
Received: by nf-out-0910.google.com with SMTP id h3so1185565nfh.33
	for <multiple recipients>; Wed, 31 Dec 2008 10:41:47 -0800 (PST)
Received: by 10.210.43.10 with SMTP id q10mr8031963ebq.179.1230748907352;
	Wed, 31 Dec 2008 10:41:47 -0800 (PST)
Received: by 10.210.80.20 with HTTP; Wed, 31 Dec 2008 10:41:47 -0800 (PST)
Message-ID: <f372a76b0812311041t35762cd2nd9b0bb7634001054@mail.gmail.com>
Date: Wed, 31 Dec 2008 10:41:47 -0800
From: "Jason DiCioccio" <jd@ods.org>
To: vwe@freebsd.org
In-Reply-To: <200812311353.mBVDraLJ042040@freefall.freebsd.org>
MIME-Version: 1.0
References: <200812311353.mBVDraLJ042040@freefall.freebsd.org>
Content-Type: text/plain; charset=ISO-8859-1
Content-Transfer-Encoding: 7bit
Content-Disposition: inline
X-Content-Filtered-By: Mailman/MimeDel 2.1.5
Cc: freebsd-net@freebsd.org, freebsd-bugs@freebsd.org
Subject: Re: kern/130059: [panic] Leaking 50k mbufs/hour
X-BeenThere: freebsd-net@freebsd.org
X-Mailman-Version: 2.1.5
Precedence: list
List-Id: Networking and TCP/IP with FreeBSD <freebsd-net.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-net>,
	<mailto:freebsd-net-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-net>
List-Post: <mailto:freebsd-net@freebsd.org>
List-Help: <mailto:freebsd-net-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-net>,
	<mailto:freebsd-net-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Wed, 31 Dec 2008 18:41:51 -0000

(oops.. replying to list(s) as well this time)
Hello,

On Wed, Dec 31, 2008 at 05:53, <vwe@freebsd.org> wrote:

> Synopsis: [panic] Leaking 50k mbufs/hour
>
> State-Changed-From-To: open->feedback
> State-Changed-By: vwe
> State-Changed-When: Wed Dec 31 13:44:37 UTC 2008
> State-Changed-Why:
> Jason,
> your network setup is looking very complex.
> Are all these aliases to lo0 really needed?


Probably not all of them anymore.  The 66.29.58 addresses, while still
allocated to us aren't really used anymore, so they could probably go.  The
rest are needed.


> If these are required for IPSec, can you give us an idea
> of the IPSec SPD entries being used without leaking sensitive
> information to the public?


 You know..  IPSec is probably the only thing I'm *not* using, though you
probably noticed I was at least thinking about it at one point :)..  It
might not be a bad idea for me to remove it from the kernel though and see
what happens..


> I think we need to also have a look at the routing tables and
> output of `sysctl net.inet kern.ipc` might be useful.
> Also give us the list of loaded modules (kldstat).


Sure..  The routing table is managed mainly by quagga (outside of the
default route) bgpd.

Routing tables

Internet:
Destination        Gateway            Flags    Refs      Use  Netif Expire
default            66.246.72.1        UGS         1  2724330    em0
10.8.0.0/25        10.8.0.2           UGS         0        0  tun10
10.8.0.2           10.8.0.1           UH          1        0  tun10
10.8.8.0/24        link#5             UC          0        0   tap0
10.8.8.6           10.8.8.5           UH          0      467   gre0
10.8.8.32          00:ff:9b:11:23:64  UHLW        3      328   tap0   1198
10.8.8.33          00:bd:7f:46:00:00  UHLW        2       13   tap0    845
10.8.8.36          00:ff:c4:72:96:17  UHLW        2       14   tap0    803
10.8.10.0/24       10.8.8.33          UG1         0        0   tap0
64.247.11.248      64.247.11.248      UH          0        0    lo0
64.247.11.249      64.247.11.249      UH          0        0    lo0
64.247.11.250      64.247.11.250      UH          0        0    lo0
64.247.11.251      64.247.11.251      UH          0        0    lo0
64.247.11.252      64.247.11.252      UH          0        0    lo0
64.247.11.253      64.247.11.253      UH          0        0    lo0
64.247.11.254      64.247.11.254      UH          0        0    lo0
64.247.11.255      64.247.11.255      UH          0        0    lo0
66.29.58.64        66.29.58.64        UH          0        0    lo0
66.29.58.65        66.29.58.65        UH          0        0    lo0
66.29.58.66        66.29.58.66        UH          0        0    lo0
66.29.58.67        66.29.58.67        UH          0        0    lo0
66.29.58.68        66.29.58.68        UH          0        0    lo0
66.29.58.69        66.29.58.69        UH          0        0    lo0
66.29.58.70        66.29.58.70        UH          0        0    lo0
66.246.72.0/24     link#1             UC          0        0    em0
66.246.72.1        00:00:5e:00:01:01  UHLW        2        0    em0    671
66.246.72.2        00:90:69:9d:24:00  UHLW        1        0    em0   1200
66.246.72.3        00:90:69:9e:74:00  UHLW        1        0    em0   1199
66.246.72.188      00:1b:21:26:13:f2  UHLW        1     3078    lo0
127.0.0.1          127.0.0.1          UH          0    54997    lo0
172.16.0.0/24      10.8.8.32          UG1         0        0   tap0
192.168.1.0/24     10.8.8.33          UG1         0      210   tap0
192.168.2.0/24     10.8.8.33          UG1         0        0   tap0
192.168.5.0/24     10.8.8.32          UG1         0     3357   tap0
192.168.15.1       192.168.15.1       UH          0    57808    lo0
192.168.21.0/24    10.8.8.33          UG1         0        0   tap0
192.168.25.0/24    10.8.8.36          UG1         0      102   tap0
192.168.30.0/24    10.8.8.33          UG1         0        0   tap0

Internet6:
Destination                       Gateway                       Flags
 Netif Expire
::/96                             ::1                           UGRS
 lo0 =>
default                           2001:470:1f06:208::1          UGS
 gif0
::1                               ::1                           UHL
lo0
::ffff:0.0.0.0/96                 ::1                           UGRS
 lo0
2001:470:1f06:208::1              link#4                        UHL
 gif0
2001:470:1f06:208::2              link#4                        UHL
lo0
2001:470:1f07:208::/64            fe80::1%lo0                   U
lo0
2001:470:1f07:208::beef:cafe      link#2                        UHL
lo0
2001:470:89e1::/112               link#5                        UC
tap0
2001:470:89e1::1                  00:bd:89:02:01:00             UHL
lo0
fe80::/10                         ::1                           UGRS
 lo0
fe80::%em0/64                     link#1                        UC
 em0
fe80::21b:21ff:fe26:13f2%em0      00:1b:21:26:13:f2             UHL
lo0
fe80::%lo0/64                     fe80::1%lo0                   U
lo0
fe80::1%lo0                       link#2                        UHL
lo0
fe80::%gre0/64                    link#3                        UC
gre0
fe80::21b:21ff:fe26:13f2%gre0     link#3                        UHL
lo0
fe80::%gif0/64                    link#4                        UC
gif0
fe80::21b:21ff:fe26:13f2%gif0     link#4                        UHL
lo0
fe80::%tap0/64                    link#5                        UC
tap0
fe80::2bd:89ff:fe02:100%tap0      00:bd:89:02:01:00             UHL
lo0
fe80::%tun10/64                   link#6                        UC
 tun10
fe80::21b:21ff:fe26:13f2%tun10    link#6                        UHL
lo0
ff01:1::/32                       link#1                        UC
 em0
ff01:2::/32                       ::1                           UC
 lo0
ff01:3::/32                       link#3                        UC
gre0
ff01:4::/32                       link#4                        UC
gif0
ff01:5::/32                       link#5                        UC
tap0
ff01:6::/32                       link#6                        UC
 tun10
ff02::/16                         ::1                           UGRS
 lo0
ff02::%em0/32                     link#1                        UC
 em0
ff02::%lo0/32                     ::1                           UC
 lo0
ff02::%gre0/32                    link#3                        UC
gre0
ff02::%gif0/32                    link#4                        UC
gif0
ff02::%tap0/32                    link#5                        UC
tap0
ff02::%tun10/32                   link#6                        UC
 tun10


-- sysctl net.inet kern.ipc --
net.inet.ip.portrange.randomtime: 45
net.inet.ip.portrange.randomcps: 10
net.inet.ip.portrange.randomized: 1
net.inet.ip.portrange.reservedlow: 0
net.inet.ip.portrange.reservedhigh: 1023
net.inet.ip.portrange.hilast: 65535
net.inet.ip.portrange.hifirst: 49152
net.inet.ip.portrange.last: 65535
net.inet.ip.portrange.first: 49152
net.inet.ip.portrange.lowlast: 600
net.inet.ip.portrange.lowfirst: 1023
net.inet.ip.forwarding: 1
net.inet.ip.redirect: 1
net.inet.ip.ttl: 64
net.inet.ip.rtexpire: 3600
net.inet.ip.rtminexpire: 10
net.inet.ip.rtmaxcache: 128
net.inet.ip.sourceroute: 0
net.inet.ip.intr_queue_maxlen: 50
net.inet.ip.intr_queue_drops: 0
net.inet.ip.accept_sourceroute: 0
net.inet.ip.keepfaith: 0
net.inet.ip.gifttl: 30
net.inet.ip.same_prefix_carp_only: 0
net.inet.ip.subnets_are_local: 0
net.inet.ip.fastforwarding: 0
net.inet.ip.maxfragpackets: 800
net.inet.ip.maxfragsperpacket: 16
net.inet.ip.fragpackets: 0
net.inet.ip.check_interface: 0
net.inet.ip.random_id: 0
net.inet.ip.sendsourcequench: 0
net.inet.ip.process_options: 1
net.inet.icmp.maskrepl: 0
net.inet.icmp.icmplim: 200
net.inet.icmp.bmcastecho: 0
net.inet.icmp.quotelen: 8
net.inet.icmp.reply_from_interface: 0
net.inet.icmp.reply_src:
net.inet.icmp.icmplim_output: 1
net.inet.icmp.log_redirect: 0
net.inet.icmp.drop_redirect: 0
net.inet.icmp.maskfake: 0
net.inet.ipip.ipip_allow: 0
net.inet.tcp.rfc1323: 1
net.inet.tcp.mssdflt: 512
net.inet.tcp.keepidle: 7200000
net.inet.tcp.keepintvl: 75000
net.inet.tcp.sendspace: 32768
net.inet.tcp.recvspace: 65536
net.inet.tcp.keepinit: 75000
net.inet.tcp.delacktime: 100
net.inet.tcp.v6mssdflt: 1024
net.inet.tcp.hostcache.purge: 0
net.inet.tcp.hostcache.prune: 300
net.inet.tcp.hostcache.expire: 3600
net.inet.tcp.hostcache.count: 472
net.inet.tcp.hostcache.bucketlimit: 30
net.inet.tcp.hostcache.hashsize: 512
net.inet.tcp.hostcache.cachelimit: 15360
net.inet.tcp.recvbuf_max: 262144
net.inet.tcp.recvbuf_inc: 16384
net.inet.tcp.recvbuf_auto: 1
net.inet.tcp.insecure_rst: 0
net.inet.tcp.rfc3390: 1
net.inet.tcp.rfc3042: 1
net.inet.tcp.drop_synfin: 0
net.inet.tcp.delayed_ack: 1
net.inet.tcp.blackhole: 0
net.inet.tcp.log_in_vain: 0
net.inet.tcp.sendbuf_max: 262144
net.inet.tcp.sendbuf_inc: 8192
net.inet.tcp.sendbuf_auto: 1
net.inet.tcp.tso: 1
net.inet.tcp.newreno: 1
net.inet.tcp.local_slowstart_flightsize: 4
net.inet.tcp.slowstart_flightsize: 1
net.inet.tcp.path_mtu_discovery: 1
net.inet.tcp.reass.overflows: 0
net.inet.tcp.reass.maxqlen: 48
net.inet.tcp.reass.cursegments: 0
net.inet.tcp.reass.maxsegments: 1600
net.inet.tcp.sack.globalholes: 0
net.inet.tcp.sack.globalmaxholes: 65536
net.inet.tcp.sack.maxholes: 128
net.inet.tcp.sack.enable: 1
net.inet.tcp.inflight.stab: 20
net.inet.tcp.inflight.max: 1073725440
net.inet.tcp.inflight.min: 6144
net.inet.tcp.inflight.rttthresh: 10
net.inet.tcp.inflight.debug: 0
net.inet.tcp.inflight.enable: 1
net.inet.tcp.isn_reseed_interval: 0
net.inet.tcp.icmp_may_rst: 1
net.inet.tcp.pcbcount: 134
net.inet.tcp.do_tcpdrain: 1
net.inet.tcp.tcbhashsize: 512
net.inet.tcp.log_debug: 0
net.inet.tcp.minmss: 216
net.inet.tcp.syncache.rst_on_sock_fail: 1
net.inet.tcp.syncache.rexmtlimit: 3
net.inet.tcp.syncache.hashsize: 512
net.inet.tcp.syncache.count: 13
net.inet.tcp.syncache.cachelimit: 15360
net.inet.tcp.syncache.bucketlimit: 30
net.inet.tcp.syncookies_only: 0
net.inet.tcp.syncookies: 1
net.inet.tcp.timer_race: 0
net.inet.tcp.finwait2_timeout: 60000
net.inet.tcp.fast_finwait2_recycle: 0
net.inet.tcp.always_keepalive: 1
net.inet.tcp.rexmit_slop: 200
net.inet.tcp.rexmit_min: 30
net.inet.tcp.msl: 30000
net.inet.tcp.nolocaltimewait: 0
net.inet.tcp.maxtcptw: 5120
net.inet.udp.checksum: 1
net.inet.udp.maxdgram: 9216
net.inet.udp.recvspace: 42080
net.inet.udp.soreceive_dgram_enabled: 0
net.inet.udp.blackhole: 0
net.inet.udp.log_in_vain: 0
net.inet.esp.esp_enable: 1
net.inet.ah.ah_cleartos: 1
net.inet.ah.ah_enable: 1
net.inet.ipcomp.ipcomp_enable: 0
net.inet.sctp.enable_sack_immediately: 0
net.inet.sctp.udp_tunneling_port: 0
net.inet.sctp.udp_tunneling_for_client_enable: 0
net.inet.sctp.mobility_fasthandoff: 0
net.inet.sctp.mobility_base: 0
net.inet.sctp.default_frag_interleave: 1
net.inet.sctp.default_cc_module: 0
net.inet.sctp.log_level: 0
net.inet.sctp.max_retran_chunk: 30
net.inet.sctp.min_residual: 1452
net.inet.sctp.strict_data_order: 0
net.inet.sctp.abort_at_limit: 0
net.inet.sctp.hb_max_burst: 4
net.inet.sctp.do_sctp_drain: 1
net.inet.sctp.max_chained_mbufs: 5
net.inet.sctp.abc_l_var: 1
net.inet.sctp.nat_friendly: 1
net.inet.sctp.auth_disable: 0
net.inet.sctp.asconf_auth_nochk: 0
net.inet.sctp.early_fast_retran_msec: 250
net.inet.sctp.early_fast_retran: 0
net.inet.sctp.cwnd_maxburst: 1
net.inet.sctp.cmt_pf: 0
net.inet.sctp.cmt_use_dac: 0
net.inet.sctp.cmt_on_off: 0
net.inet.sctp.outgoing_streams: 10
net.inet.sctp.add_more_on_output: 1452
net.inet.sctp.path_rtx_max: 5
net.inet.sctp.assoc_rtx_max: 10
net.inet.sctp.init_rtx_max: 8
net.inet.sctp.valid_cookie_life: 60000
net.inet.sctp.init_rto_max: 60000
net.inet.sctp.rto_initial: 3000
net.inet.sctp.rto_min: 1000
net.inet.sctp.rto_max: 60000
net.inet.sctp.secret_lifetime: 3600
net.inet.sctp.shutdown_guard_time: 180
net.inet.sctp.pmtu_raise_time: 600
net.inet.sctp.heartbeat_interval: 30000
net.inet.sctp.asoc_resource: 10
net.inet.sctp.sys_resource: 1000
net.inet.sctp.sack_freq: 2
net.inet.sctp.delayed_sack_time: 200
net.inet.sctp.chunkscale: 10
net.inet.sctp.min_split_point: 2904
net.inet.sctp.pcbhashsize: 256
net.inet.sctp.tcbhashsize: 1024
net.inet.sctp.maxchunks: 3200
net.inet.sctp.maxburst: 4
net.inet.sctp.peer_chkoh: 256
net.inet.sctp.strict_init: 1
net.inet.sctp.loopback_nocsum: 1
net.inet.sctp.strict_sacks: 0
net.inet.sctp.ecn_nonce: 0
net.inet.sctp.ecn_enable: 1
net.inet.sctp.auto_asconf: 1
net.inet.sctp.recvspace: 233016
net.inet.sctp.sendspace: 233016
net.inet.ipsec.def_policy: 1
net.inet.ipsec.esp_trans_deflev: 1
net.inet.ipsec.esp_net_deflev: 1
net.inet.ipsec.ah_trans_deflev: 1
net.inet.ipsec.ah_net_deflev: 1
net.inet.ipsec.ah_cleartos: 1
net.inet.ipsec.ah_offsetmask: 0
net.inet.ipsec.dfbit: 0
net.inet.ipsec.ecn: 0
net.inet.ipsec.debug: 0
net.inet.ipsec.esp_randpad: -1
net.inet.ipsec.crypto_support: 50331648
net.inet.raw.recvspace: 9216
net.inet.raw.maxdgram: 9216
net.inet.accf.unloadable: 0
kern.ipc.maxsockbuf: 262144
kern.ipc.sockbuf_waste_factor: 8
kern.ipc.somaxconn: 128
kern.ipc.max_linkhdr: 16
kern.ipc.max_protohdr: 60
kern.ipc.max_hdr: 76
kern.ipc.max_datalen: 128
kern.ipc.nmbjumbo16: 3200
kern.ipc.nmbjumbo9: 6400
kern.ipc.nmbjumbop: 12800
kern.ipc.nmbclusters: 25600
kern.ipc.piperesizeallowed: 1
kern.ipc.piperesizefail: 0
kern.ipc.pipeallocfail: 0
kern.ipc.pipefragretry: 0
kern.ipc.pipekva: 1409024
kern.ipc.maxpipekva: 26841088
kern.ipc.msgseg: 2048
kern.ipc.msgssz: 8
kern.ipc.msgtql: 40
kern.ipc.msgmnb: 2048
kern.ipc.msgmni: 40
kern.ipc.msgmax: 16384
kern.ipc.semaem: 16384
kern.ipc.semvmx: 32767
kern.ipc.semusz: 812
kern.ipc.semume: 100
kern.ipc.semopm: 100
kern.ipc.semmsl: 512
kern.ipc.semmnu: 256
kern.ipc.semmns: 512
kern.ipc.semmni: 128
kern.ipc.semmap: 30
kern.ipc.shm_allow_removed: 0
kern.ipc.shm_use_phys: 0
kern.ipc.shmall: 131072
kern.ipc.shmseg: 128
kern.ipc.shmmni: 192
kern.ipc.shmmin: 1
kern.ipc.shmmax: 536870912
kern.ipc.maxsockets: 25600
kern.ipc.numopensockets: 348
kern.ipc.nsfbufsused: 0
kern.ipc.nsfbufspeak: 37
kern.ipc.nsfbufs: 6656


-- kldstat --
Id Refs Address    Size     Name
 1    7 0xc0400000 4a4314   kernel
 2    1 0xc08a5000 6a2c4    acpi.ko
 3    1 0xc3e2b000 4000     if_gre.ko
 4    1 0xc3e36000 5000     if_gif.ko
 5    1 0xc3eda000 33000    pf.ko
 6    1 0xc433f000 5000     if_tap.ko


>
>
>
> Responsible-Changed-From-To: freebsd-bugs->freebsd-net
> Responsible-Changed-By: vwe
> Responsible-Changed-When: Wed Dec 31 13:44:37 UTC 2008
> Responsible-Changed-Why:
>
> Over to maintainer(s).
>
> http://www.freebsd.org/cgi/query-pr.cgi?pr=130059
>