Date: Fri, 01 Oct 2004 05:45:00 +0900 From: JINMEI Tatuya / =?ISO-2022-JP?B?GyRCP0BMQEMjOkgbKEI=?= <jinmei@isl.rdc.toshiba.co.jp> To: Pekka Savola <pekkas@netcore.fi> Cc: snap-users@kame.net Subject: Re: (KAME-snap 8820) Re: Weird memory exhaustion with FreeBSD 4.10-STABLE Message-ID: <y7vhdpfo59v.wl@ocean.jinmei.org> In-Reply-To: <Pine.LNX.4.44.0409301202280.2833-100000@netcore.fi> References: <y7vfz50pqxy.wl@ocean.jinmei.org> <Pine.LNX.4.44.0409301202280.2833-100000@netcore.fi>
next in thread | previous in thread | raw e-mail | index | archive | help
>>>>> On Thu, 30 Sep 2004 12:04:05 +0300 (EEST),
>>>>> Pekka Savola <pekkas@netcore.fi> said:
>> > Unfortunately, I can't. The when my SSH session froze, and the 6to4
>> > SSH sessions as well, my first instinct was 'oh, crap', and knee-jerk
>> > push of reset button (because the box has no keyboard attached). Sorry
>> > for being inprecise.
>>
>> Okay, I just found a bug that only happens when ip6.rtexpire is 0.
>> Please try the following patch (with rtexpire=0).
> Well, the box no longer crashed at least, so I'd guess it works. :-)
Glad to hear that.
> Btw, is there any particular reason why net.inet.ip.rtexpire
> automatically dynamically re-adjusts itself (here, it's typically
> around 10 or 12), while net.inet6.ip6.rtexpire does not?
Hmm, good point. I was also wondering why such a massive number of
route entries remained despite the periodical cleanup mechanism. Then
I found another bug, which set the cleanup interval to a huge value
(almost infinite in a practical sense).
The patch below, including the previous fix, should also solve the
problem (I must confess I even did not compile it, so please be
careful). Perhaps you can then live with the original rtexpire value.
JINMEI, Tatuya
Communication Platform Lab.
Corporate R&D Center, Toshiba Corp.
jinmei@isl.rdc.toshiba.co.jp
Index: in6_rmx.c
===================================================================
RCS file: /home/ncvs/src/sys/netinet6/in6_rmx.c,v
retrieving revision 1.1.2.3
diff -u -r1.1.2.3 in6_rmx.c
--- in6_rmx.c 28 Apr 2002 05:40:27 -0000 1.1.2.3
+++ in6_rmx.c 30 Sep 2004 20:40:14 -0000
@@ -270,10 +270,16 @@
rt->rt_flags |= RTPRF_OURS;
rt->rt_rmx.rmx_expire = time_second + rtq_reallyold;
} else {
+ struct rtentry *dummy;
+
+ /*
+ * rtrequest() would recursively call rtfree() without the
+ * dummy entry argument, causing duplicated free.
+ */
rtrequest(RTM_DELETE,
(struct sockaddr *)rt_key(rt),
rt->rt_gateway, rt_mask(rt),
- rt->rt_flags, 0);
+ rt->rt_flags, &dummy);
}
}
@@ -379,7 +385,7 @@
}
atv.tv_usec = 0;
- atv.tv_sec = arg.nextstop;
+ atv.tv_sec = arg.nextstop - time_second;
timeout(in6_rtqtimo, rock, tvtohz(&atv));
}
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?y7vhdpfo59v.wl>