Date: Tue, 15 Mar 2011 21:06:29 GMT From: Andrey Smagin <samspeed@mail.ru> To: freebsd-gnats-submit@FreeBSD.org Subject: kern/155585: tcp_output tcp_mtudisc loop until kernel panic Message-ID: <201103152106.p2FL6TPE010452@red.freebsd.org> Resent-Message-ID: <201103152110.p2FLABg5011368@freefall.freebsd.org>
next in thread | raw e-mail | index | archive | help
>Number: 155585 >Category: kern >Synopsis: tcp_output tcp_mtudisc loop until kernel panic >Confidential: no >Severity: critical >Priority: high >Responsible: freebsd-bugs >State: open >Quarter: >Keywords: >Date-Required: >Class: sw-bug >Submitter-Id: current-users >Arrival-Date: Tue Mar 15 21:10:10 UTC 2011 >Closed-Date: >Last-Modified: >Originator: Andrey Smagin >Release: FreeBSD 8.x, 9-current >Organization: DiP Interactive >Environment: FreeBSD ns.vvt 9.0-CURRENT FreeBSD 9.0-CURRENT #15: Mon Feb 21 10:00:16 MSK 2011 root@ns.vvt:/usr/obj/usr/src/sys/SAM amd64 >Description: My box is connected to 8 different ISP I use IPFW for split trafic between ISP by ports and IP addreses. ruleset is 10000 rules for outgoing connections direct from this host via any iface *10001 fwd ISP1_GATE ip from ISP1_IP to not 172.17.0.0/16 *10016 fwd ISP2_GATE ip from ISP2_IP to not 172.17.0.0/16 *10021 fwd ISP3_GATE ip from ISP3_IP to not 172.17.0.0/16 *10026 fwd ISP4_GATE ip from ISP4_IP to not 172.17.0.0/16 *10031 fwd ISP5_GATE ip from ISP5_IP to not 172.17.0.0/16 *10036 fwd ISP6_GATE ip from ISP6_IP to not 172.17.0.0/16 10100 rules for incoming packets from ISP to NAT in_port *10101 divert 8682 ip from not 172.17.0.0/16 to ISP1_IP *10116 divert 8686 ip from not 172.17.0.0/16 to ISP2_IP *10121 divert 8688 ip from not 172.17.0.0/16 to ISP3_IP *10126 divert 8690 ip from not 172.17.0.0/16 to ISP4_IP *10131 divert 8692 ip from not 172.17.0.0/16 to ISP5_IP *10136 divert 8694 ip from not 172.17.0.0/16 to ISP6_IP 10200 if packet after NAT for this host allow it *10201 allow ip from not 172.17.0.0/16 to ISP1_IP *10216 allow ip from not 172.17.0.0/16 to ISP2_IP *10221 allow ip from not 172.17.0.0/16 to ISP3_IP *10226 allow ip from not 172.17.0.0/16 to ISP4_IP *10231 allow ip from not 172.17.0.0/16 to ISP5_IP *10236 allow ip from not 172.17.0.0/16 to ISP6_IP 10500...45000 is rules for move outgoing trafic to ISP from local network hosts default gateway for FIB0 if my_local_net_IP then use NAT 10500 skipto 50010 ip from 172.17.1.myip to not 172.17.0.0/16 move http via ISP1 10501 skipto 50000 ip from 172.17.1.12 to not 172.17.0.0/16 80 move all another via ISP2 10502 skipto 50005 ip from 172.17.1.12 to not 172.17.0.0/16 .. and so on at 50000.. rules like virtual ISP_No this rules dynamicaly change by scripts if any numbers of ISP will disconnected or his uplink will down 50000 skipto 50200 ip from any to any 50005 skipto 50225 ip from any to any 50010 skipto 50200 ip from any to any 50015 skipto 50215 ip from any to any 50020 skipto 50220 ip from any to any 50025 skipto 50225 ip from any to any 50030 skipto 50230 ip from any to any 50035 skipto 50235 ip from any to any 50040 skipto 50225 ip from any to any 50199 skipto 50500 ip from any to any 50200 this rules for real connected ISP with NAT out_port for local net IP *50201 131542 12711357 divert 8683 ip from any to any *50202 93400 6215615 fwd ISP1_GATE ip from any to any *50203 0 0 skipto 50500 ip from any to any *50209 0 0 skipto 50500 ip from any to any *50214 0 0 skipto 50500 ip from any to any *50214 0 0 skipto 50500 ip from any to any *50216 51907 5752794 divert 8687 ip from any to any *50217 51907 5752794 fwd ISP2_GATE ip from any to any *50218 0 0 skipto 50500 ip from any to any *50219 0 0 skipto 50500 ip from any to any *50221 13372501 1432345573 divert 8689 ip from any to any *50222 13372330 1432341986 fwd ISP3_GATE ip from any to any *50223 0 0 skipto 50500 ip from any to any *50224 0 0 skipto 50500 ip from any to any *50226 2081341 297746506 divert 8691 ip from any to any *50227 2081336 297746190 fwd ISP4_GATE ip from any to any *50228 0 0 skipto 50500 ip from any to any *50229 0 0 skipto 50500 ip from any to any *50231 0 0 divert 8693 ip from any to any *50232 0 0 fwd ISP5_GATE ip from any to any *50233 0 0 skipto 50500 ip from any to any *50234 0 0 skipto 50500 ip from any to any *50236 502925 35831696 divert 8695 ip from any to any *50237 502924 35831612 fwd ISP6_GATE ip from any to any *50238 0 0 skipto 50500 ip from any to any 50500 deny ip from any to any also in system 9 FIB's 1-8 - ISP connection default gateway FIB0 have default gateway local_net_this_host_ip for using NAT for self connection, rule 10500 rules marked * changeb by iface_up iface_down scrips in MPD 5.5 if all IPS work without disconnection - system is stable. under load if some ISP disconnected and connected again - system kernel panic: Fatal double fault: ipfw_chk ipfw_check_ tcp_output tcp_mtudisc tcp_output tcp_mtudisc tcp_output tcp_mtudisc tcp_output tcp_mtudisc tcp_output tcp_mtudisc tcp_output .. many times tcp_mtudisc tcp_output this different source code call first tcp_output ithread, netgraph, etc... >How-To-Repeat: under heavy load with often ISP disconnection uptime 5-15 minutes >Fix: use 5 ISP uptime increased to 1-2 days use 2 ISP uptime increased to 3-7 days >Release-Note: >Audit-Trail: >Unformatted:
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?201103152106.p2FL6TPE010452>