Skip site navigation (1)Skip section navigation (2)
Date:      Sun, 30 Mar 2014 04:12:34 +1100 (EST)
From:      Ian Smith <smithi@nimnet.asn.au>
To:        Willy Offermans <Willy@Offermans.Rompen.nl>
Cc:        freebsd-net@freebsd.org, freebsd-stable@freebsd.org
Subject:   Re: TCP packets remain unsent
Message-ID:  <20140330012659.Y78237@sola.nimnet.asn.au>
In-Reply-To: <20140329140229.GE3528@vpn.offrom.nl>
References:  <20140328162554.GA26748@vpn.offrom.nl> <20140329140229.GE3528@vpn.offrom.nl>

next in thread | previous in thread | raw e-mail | index | archive | help
On Sat, 29 Mar 2014 15:02:29 +0100, Willy Offermans wrote:
 > Dear FreeBSD friends,
 > 
 > On Fri, Mar 28, 2014 at 05:25:54PM +0100, Willy Offermans wrote:
 > > Dear FreeBSD friends,
 > > 
 > > I have a problem with my relatively new FreeBSD server. I came across the
 > > problem when sending e-mails of larger size and copying files with scp.
 > > The e-mails were not sent out because of time-out error and the copying was
 > > extremely slow, though successful after a while. I already started a thread
 > > on this topic on freebsd-current. See
 > > http://docs.freebsd.org/mail/current/freebsd-current.html, topic
 > > sendmail Broken Pipe Error. I got some help to narrow down the
 > > error: Sending out e-mails of larger size stops at some point. TCP packets
 > > were not transferred to the smarthost causing a timeout error. There were
 > > still some TCP packets waiting to be sent.
 > > 
 > > My system is a HP ProLiant Gen8 MicroServer with FreeBSD 10.0-STABLE #0
 > > r261266M. The server has two network cards:
[..]
 > > Before the time out error occurs, the CPU loading of natd and dhcpd is
 > > steadily increasing to extreme values to my opinion:
 > > 
 > > PID USERNAME    THR PRI NICE   SIZE    RES STATE   C   TIME    WCPU COMMAND
 > > 
 > >  1235 root          1  93    0 28908K  2144K RUN     0  54:05  71.78% natd
 > >  1614 dhcpd         1   4    0 26784K 14936K RUN     0  29:24  38.77% dhcpd
[..]
 > I could narrow down the cause of the error:
 > 
 > If I remove the following line from my firewall rules, I could sent out
 > e-mails without issues.
 > 
 >  /sbin/ipfw add 50 divert natd all from any to any via bge0
 > 
 > I do not know yet how things are related, but I will dig into it.
 > 
 > If someone has a hint, please respond to the list.

Is your system running IPv6?  Sendmail will prefer using ip6 if enabled.

You need to use 'ip4' rather than 'all' with divert; natd (and I assume, 
ipfw nat?) doesn't like ip6 packets being sent its way.

Also, ipfw nat and natd both use libalias(3) which doesn't work with 
TSO; check that's turned off with ifconfig.  See ipfw(8) /BUGS section.

Just guesswork, Ian



Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20140330012659.Y78237>