Date: Thu, 30 Sep 2004 08:59:21 +0900 From: JINMEI Tatuya / =?ISO-2022-JP?B?GyRCP0BMQEMjOkgbKEI=?= <jinmei@isl.rdc.toshiba.co.jp> To: snap-users@kame.net Cc: freebsd-net@freebsd.org Subject: Re: (KAME-snap 8818) Re: Weird memory exhaustion with FreeBSD 4.10-STABLE Message-ID: <y7vfz50pqxy.wl@ocean.jinmei.org> In-Reply-To: <Pine.LNX.4.44.0409291138360.683-100000@netcore.fi> References: <y7vwtydpk3j.wl@ocean.jinmei.org> <Pine.LNX.4.44.0409291138360.683-100000@netcore.fi>
next in thread | previous in thread | raw e-mail | index | archive | help
>>>>> On Wed, 29 Sep 2004 11:40:23 +0300 (EEST),
>>>>> Pekka Savola <pekkas@netcore.fi> said:
>> >> Okay. Now I think I figure out the problem. Those host routes were
>> >> created not deliberately, so the kernel will eventually need a fix to
>> >> this.
>> >>
>> >> But if you are in a hurry and/or cannot replace the kernel soon, I
>> >> think setting net.inet6.ip6.rtexpire to 0 can be a workaround (with
>> >> this you even do not have to reboot the kernel - though rebooting may
>> >> also help if you can).
>>
>> > Warning: this freezed the system immediately [all network connectivity
>> > broke, and I had to do a quick reset]. Maybe I should have set it up
>> > at reboot before the system was in a 'bad' shape..
>>
>> Sorry for the trouble, but could you be more specific on "freeze"?
>> Does it mean the kernel hanged (you could not type anything from the
>> keyboard, etc)?
> Unfortunately, I can't. The when my SSH session froze, and the 6to4
> SSH sessions as well, my first instinct was 'oh, crap', and knee-jerk
> push of reset button (because the box has no keyboard attached). Sorry
> for being inprecise.
Okay, I just found a bug that only happens when ip6.rtexpire is 0.
Please try the following patch (with rtexpire=0).
JINMEI, Tatuya
Communication Platform Lab.
Corporate R&D Center, Toshiba Corp.
jinmei@isl.rdc.toshiba.co.jp
Index: in6_rmx.c
===================================================================
RCS file: /home/ncvs/src/sys/netinet6/in6_rmx.c,v
retrieving revision 1.1.2.3
diff -u -r1.1.2.3 in6_rmx.c
--- in6_rmx.c 28 Apr 2002 05:40:27 -0000 1.1.2.3
+++ in6_rmx.c 29 Sep 2004 23:57:07 -0000
@@ -270,10 +270,16 @@
rt->rt_flags |= RTPRF_OURS;
rt->rt_rmx.rmx_expire = time_second + rtq_reallyold;
} else {
+ struct rtentry *dummy;
+
+ /*
+ * rtrequest() would recursively call rtfree() without the
+ * dummy entry argument, causing duplicated free.
+ */
rtrequest(RTM_DELETE,
(struct sockaddr *)rt_key(rt),
rt->rt_gateway, rt_mask(rt),
- rt->rt_flags, 0);
+ rt->rt_flags, &dummy);
}
}
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?y7vfz50pqxy.wl>