Date: Sat, 16 Jan 2010 17:09:54 +0700 (KRAT) From: Eugene Grosbein <eugen@grosbein.pp.ru> To: FreeBSD-gnats-submit@FreeBSD.org Subject: kern/142877: network-related repeatable 8.0-STABLE hard hang (kernel loop) Message-ID: <201001161009.o0GA9sxF013497@grosbein.pp.ru> Resent-Message-ID: <201001161020.o0GAK35x020672@freefall.freebsd.org>
next in thread | raw e-mail | index | archive | help
>Number: 142877 >Category: kern >Synopsis: network-related repeatable 8.0-STABLE hard hang (kernel loop) >Confidential: no >Severity: serious >Priority: medium >Responsible: freebsd-bugs >State: open >Quarter: >Keywords: >Date-Required: >Class: sw-bug >Submitter-Id: current-users >Arrival-Date: Sat Jan 16 10:20:03 UTC 2010 >Closed-Date: >Last-Modified: >Originator: Eugene Grosbein >Release: FreeBSD 8.0-STABLE i386 >Organization: RDTC JSC >Environment: System: FreeBSD grosbein.pp.ru 8.0-STABLE FreeBSD 8.0-STABLE #10: Thu Jan 14 22:59:15 KRAT 2010 root@grosbein.pp.ru:/usr/local/obj/usr/local/src/sys/DADV i386 >Description: I've home router (FreeBSD 8.0-STABLE) having one LAN interface (vr0) and two distinct providers. First uplink is connected using plain ethernet via vr1 and second through PPPoE connection/mpd (ng0). Default route points to first provider's gateway IP. LAN uses "private" IP addresses and I try to run 'ipfw nat' here using: sysctl net.inet.ip.fastforwarding=1 sysctl net.inet.ip.fw.one_pass=0 uplink1="vr1" uplink2="ng0" ipfw add 40 nat 100 ip4 from any to any via ng0 keep-state ipfw add 45 skipto 100 ip4 from any to any via ng0 ipfw add 50 nat 123 ip4 from any to any via vr1 # keep-state ipfw add 100 allow ip from any to any via lo0 ipfw add 200 deny ip from any to 127.0.0.0/8 ipfw add 300 deny ip from 127.0.0.0/8 to any ipfw 4050 fwd $uplink1_gw ip from $iplink1_ip to any out xmit $uplink2 ipfw 4055 fwd $uplink2_gw ip from $iplink2_ip to any out xmit $uplink1 If I uncomment 'keep-state' clause in the rule 50, the routes hangs hard at once: it stops responding to pings from LAN, it does not respond to console and even to Ctrl-Alt-ESC (it has kernel debugger compiled in). Power cycle is required to reboot. This PR is not about right way to do NAT and route packets, it's about how to reproduce kernel hang. >How-To-Repeat: See above. This router does not have any module loaded, all needed options and drivers are compiled in. It does not use any NETGRAPH module other than mpd uses to provide client-side PPPoE. Kernel config follows. Device polling and IPSEC are compiled in but not used presently. # GW kernel config # CPU Geode LX 800 options INCLUDE_CONFIG_FILE machine i386 cpu I586_CPU cpu I686_CPU options NO_F00F_HACK options CPU_GEODE options CPU_SOEKRIS ident GW maxusers 0 options SCHED_ULE options PREEMPTION # Enable kernel thread preemption options INET #InterNETworking options INET6 options SCTP options FFS #Berkeley Fast Filesystem options SOFTUPDATES #Enable FFS soft updates support options _KPOSIX_PRIORITY_SCHEDULING # POSIX P1003_1B real-time extensions options KTRACE #ktrace(1) support options UFS_GJOURNAL # Enable gjournal-based UFS journaling options GEOM_JOURNAL options GEOM_LABEL options MSDOSFS # MSDOS Filesystem options CD9660 # ISO 9660 Filesystem options NTFS # MSDOS Filesystem options UDF options LIBICONV options CD9660_ICONV options MSDOSFS_ICONV options NTFS_ICONV options UDF_ICONV options SYSVSHM # SYSV-style shared memory options SYSVMSG # SYSV-style message queues options SYSVSEM # SYSV-style semaphores options P1003_1B_SEMAPHORES # POSIX-style semaphores options PRINTF_BUFR_SIZE=512 # Prevent printf output being interspersed. options KBD_INSTALL_CDEV # install a CDEV entry in /dev options NFSCLIENT # Network Filesystem Client options NFSSERVER # Network Filesystem Server options NFSLOCKD # Network Lock Manager options COMPAT_LINUX options PROCFS # Process filesystem (requires PSEUDOFS) options LINPROCFS options PSEUDOFS # Pseudo-filesystem framework device eisa device pci # atkbdc0 controls both the keyboard and the PS/2 mouse device atkbdc device atkbd options ATKBD_DFLT_KEYMAP # specify the built-in keymap makeoptions ATKBD_DFLT_KEYMAP=ru.koi8-r device vga # syscons is the default console driver, resembling an SCO console device sc options SC_HISTORY_SIZE=1000 options SC_DFLT_FONT # compile font in makeoptions SC_DFLT_FONT=cp866 # Floating point support - do not disable. device npx # Serial (COM) ports device uart device speaker # PCI Ethernet NICs that use the common MII bus controller code. # NOTE: Be sure to keep the 'device miibus' line in order to use these NICs! device miibus # MII bus support device vr # Pseudo devices device loop # Network loopback device random device ether # Ethernet support device tun # Packet tunnel. device pty # Pseudo-ttys (telnet etc) device md device gif # IPv6 and IPv4 tunneling device faith # IPv6-to-IPv4 relaying (translation) device vlan # The `bpf' pseudo-device enables the Berkeley Packet Filter. # Be aware of the administrative consequences of enabling this! device bpf #Berkeley packet filter device ata device atadisk # ATA disk drives # USB support device ohci device ehci device usb # USB Bus (required) device umass # Disks/Mass storage - Requires scbus and da device scbus # SCSI bus (required for SCSI) device da # Direct Access (disks) device pass # Passthrough device (direct SCSI access) options LIBALIAS options IPFIREWALL options IPDIVERT options IPFIREWALL_FORWARD options IPFIREWALL_NAT options DUMMYNET options DEVICE_POLLING options NETGRAPH options NETGRAPH_BPF options NETGRAPH_ECHO options NETGRAPH_ETHER options NETGRAPH_IFACE options NETGRAPH_EIFACE options NETGRAPH_IPFW options NETGRAPH_SOCKET options NETGRAPH_KSOCKET options NETGRAPH_TEE options NETGRAPH_NAT options NETGRAPH_MPPC_ENCRYPTION options NETGRAPH_TCPMSS options NETGRAPH_PPTPGRE options NETGRAPH_PPP options NETGRAPH_PPPOE options NETGRAPH_VJC device crypto device glxsb options IPSEC options IPSEC_FILTERTUNNEL device cpuctl # Debugging kernel options KDB # Enable kernel debugger support. options KDB_UNATTENDED # Enable kernel debugger support. options DDB # Support DDB. options GDB # Support remote GDB. options INVARIANTS # Enable calls of extra sanity checking options INVARIANT_SUPPORT # Extra sanity checks of internal structures, required by INVARIANTS options WITNESS # Enable checks to detect deadlocks and cycles options WITNESS_SKIPSPIN # Don't run witness on spinlocks for speed >Fix: Unknown. >Release-Note: >Audit-Trail: >Unformatted:
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?201001161009.o0GA9sxF013497>