From owner-freebsd-stable@FreeBSD.ORG Sat Mar 29 17:12:47 2014 Return-Path: Delivered-To: freebsd-stable@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [8.8.178.115]) (using TLSv1 with cipher ADH-AES256-SHA (256/256 bits)) (No client certificate requested) by hub.freebsd.org (Postfix) with ESMTPS id E3BDBF53; Sat, 29 Mar 2014 17:12:47 +0000 (UTC) Received: from sola.nimnet.asn.au (paqi.nimnet.asn.au [115.70.110.159]) (using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits)) (Client did not present a certificate) by mx1.freebsd.org (Postfix) with ESMTPS id 40AE0807; Sat, 29 Mar 2014 17:12:46 +0000 (UTC) Received: from localhost (localhost [127.0.0.1]) by sola.nimnet.asn.au (8.14.2/8.14.2) with ESMTP id s2THCZB0056749; Sun, 30 Mar 2014 04:12:36 +1100 (EST) (envelope-from smithi@nimnet.asn.au) Date: Sun, 30 Mar 2014 04:12:34 +1100 (EST) From: Ian Smith To: Willy Offermans Subject: Re: TCP packets remain unsent In-Reply-To: <20140329140229.GE3528@vpn.offrom.nl> Message-ID: <20140330012659.Y78237@sola.nimnet.asn.au> References: <20140328162554.GA26748@vpn.offrom.nl> <20140329140229.GE3528@vpn.offrom.nl> MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Cc: freebsd-net@freebsd.org, freebsd-stable@freebsd.org X-BeenThere: freebsd-stable@freebsd.org X-Mailman-Version: 2.1.17 Precedence: list List-Id: Production branch of FreeBSD source code List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sat, 29 Mar 2014 17:12:48 -0000 On Sat, 29 Mar 2014 15:02:29 +0100, Willy Offermans wrote: > Dear FreeBSD friends, > > On Fri, Mar 28, 2014 at 05:25:54PM +0100, Willy Offermans wrote: > > Dear FreeBSD friends, > > > > I have a problem with my relatively new FreeBSD server. I came across the > > problem when sending e-mails of larger size and copying files with scp. > > The e-mails were not sent out because of time-out error and the copying was > > extremely slow, though successful after a while. I already started a thread > > on this topic on freebsd-current. See > > http://docs.freebsd.org/mail/current/freebsd-current.html, topic > > sendmail Broken Pipe Error. I got some help to narrow down the > > error: Sending out e-mails of larger size stops at some point. TCP packets > > were not transferred to the smarthost causing a timeout error. There were > > still some TCP packets waiting to be sent. > > > > My system is a HP ProLiant Gen8 MicroServer with FreeBSD 10.0-STABLE #0 > > r261266M. The server has two network cards: [..] > > Before the time out error occurs, the CPU loading of natd and dhcpd is > > steadily increasing to extreme values to my opinion: > > > > PID USERNAME THR PRI NICE SIZE RES STATE C TIME WCPU COMMAND > > > > 1235 root 1 93 0 28908K 2144K RUN 0 54:05 71.78% natd > > 1614 dhcpd 1 4 0 26784K 14936K RUN 0 29:24 38.77% dhcpd [..] > I could narrow down the cause of the error: > > If I remove the following line from my firewall rules, I could sent out > e-mails without issues. > > /sbin/ipfw add 50 divert natd all from any to any via bge0 > > I do not know yet how things are related, but I will dig into it. > > If someone has a hint, please respond to the list. Is your system running IPv6? Sendmail will prefer using ip6 if enabled. You need to use 'ip4' rather than 'all' with divert; natd (and I assume, ipfw nat?) doesn't like ip6 packets being sent its way. Also, ipfw nat and natd both use libalias(3) which doesn't work with TSO; check that's turned off with ifconfig. See ipfw(8) /BUGS section. Just guesswork, Ian