kern/142877: network-related repeatable 8.0-STABLE hard hang
(kernel loop)
Eugene Grosbein
eugen at grosbein.pp.ru
Sat Jan 16 10:20:04 UTC 2010
>Number: 142877
>Category: kern
>Synopsis: network-related repeatable 8.0-STABLE hard hang (kernel loop)
>Confidential: no
>Severity: serious
>Priority: medium
>Responsible: freebsd-bugs
>State: open
>Quarter:
>Keywords:
>Date-Required:
>Class: sw-bug
>Submitter-Id: current-users
>Arrival-Date: Sat Jan 16 10:20:03 UTC 2010
>Closed-Date:
>Last-Modified:
>Originator: Eugene Grosbein
>Release: FreeBSD 8.0-STABLE i386
>Organization:
RDTC JSC
>Environment:
System: FreeBSD grosbein.pp.ru 8.0-STABLE FreeBSD 8.0-STABLE #10: Thu Jan 14 22:59:15 KRAT 2010 root at grosbein.pp.ru:/usr/local/obj/usr/local/src/sys/DADV i386
>Description:
I've home router (FreeBSD 8.0-STABLE) having one LAN interface (vr0)
and two distinct providers. First uplink is connected using
plain ethernet via vr1 and second through PPPoE connection/mpd (ng0).
Default route points to first provider's gateway IP.
LAN uses "private" IP addresses and I try to run 'ipfw nat' here
using:
sysctl net.inet.ip.fastforwarding=1
sysctl net.inet.ip.fw.one_pass=0
uplink1="vr1"
uplink2="ng0"
ipfw add 40 nat 100 ip4 from any to any via ng0 keep-state
ipfw add 45 skipto 100 ip4 from any to any via ng0
ipfw add 50 nat 123 ip4 from any to any via vr1 # keep-state
ipfw add 100 allow ip from any to any via lo0
ipfw add 200 deny ip from any to 127.0.0.0/8
ipfw add 300 deny ip from 127.0.0.0/8 to any
ipfw 4050 fwd $uplink1_gw ip from $iplink1_ip to any out xmit $uplink2
ipfw 4055 fwd $uplink2_gw ip from $iplink2_ip to any out xmit $uplink1
If I uncomment 'keep-state' clause in the rule 50,
the routes hangs hard at once: it stops responding to pings from LAN,
it does not respond to console and even to Ctrl-Alt-ESC
(it has kernel debugger compiled in). Power cycle is required to reboot.
This PR is not about right way to do NAT and route packets,
it's about how to reproduce kernel hang.
>How-To-Repeat:
See above. This router does not have any module loaded,
all needed options and drivers are compiled in.
It does not use any NETGRAPH module other than mpd uses
to provide client-side PPPoE. Kernel config follows.
Device polling and IPSEC are compiled in but not used presently.
# GW kernel config
# CPU Geode LX 800
options INCLUDE_CONFIG_FILE
machine i386
cpu I586_CPU
cpu I686_CPU
options NO_F00F_HACK
options CPU_GEODE
options CPU_SOEKRIS
ident GW
maxusers 0
options SCHED_ULE
options PREEMPTION # Enable kernel thread preemption
options INET #InterNETworking
options INET6
options SCTP
options FFS #Berkeley Fast Filesystem
options SOFTUPDATES #Enable FFS soft updates support
options _KPOSIX_PRIORITY_SCHEDULING # POSIX P1003_1B real-time extensions
options KTRACE #ktrace(1) support
options UFS_GJOURNAL # Enable gjournal-based UFS journaling
options GEOM_JOURNAL
options GEOM_LABEL
options MSDOSFS # MSDOS Filesystem
options CD9660 # ISO 9660 Filesystem
options NTFS # MSDOS Filesystem
options UDF
options LIBICONV
options CD9660_ICONV
options MSDOSFS_ICONV
options NTFS_ICONV
options UDF_ICONV
options SYSVSHM # SYSV-style shared memory
options SYSVMSG # SYSV-style message queues
options SYSVSEM # SYSV-style semaphores
options P1003_1B_SEMAPHORES # POSIX-style semaphores
options PRINTF_BUFR_SIZE=512 # Prevent printf output being interspersed.
options KBD_INSTALL_CDEV # install a CDEV entry in /dev
options NFSCLIENT # Network Filesystem Client
options NFSSERVER # Network Filesystem Server
options NFSLOCKD # Network Lock Manager
options COMPAT_LINUX
options PROCFS # Process filesystem (requires PSEUDOFS)
options LINPROCFS
options PSEUDOFS # Pseudo-filesystem framework
device eisa
device pci
# atkbdc0 controls both the keyboard and the PS/2 mouse
device atkbdc
device atkbd
options ATKBD_DFLT_KEYMAP # specify the built-in keymap
makeoptions ATKBD_DFLT_KEYMAP=ru.koi8-r
device vga
# syscons is the default console driver, resembling an SCO console
device sc
options SC_HISTORY_SIZE=1000
options SC_DFLT_FONT # compile font in
makeoptions SC_DFLT_FONT=cp866
# Floating point support - do not disable.
device npx
# Serial (COM) ports
device uart
device speaker
# PCI Ethernet NICs that use the common MII bus controller code.
# NOTE: Be sure to keep the 'device miibus' line in order to use these NICs!
device miibus # MII bus support
device vr
# Pseudo devices
device loop # Network loopback
device random
device ether # Ethernet support
device tun # Packet tunnel.
device pty # Pseudo-ttys (telnet etc)
device md
device gif # IPv6 and IPv4 tunneling
device faith # IPv6-to-IPv4 relaying (translation)
device vlan
# The `bpf' pseudo-device enables the Berkeley Packet Filter.
# Be aware of the administrative consequences of enabling this!
device bpf #Berkeley packet filter
device ata
device atadisk # ATA disk drives
# USB support
device ohci
device ehci
device usb # USB Bus (required)
device umass # Disks/Mass storage - Requires scbus and da
device scbus # SCSI bus (required for SCSI)
device da # Direct Access (disks)
device pass # Passthrough device (direct SCSI access)
options LIBALIAS
options IPFIREWALL
options IPDIVERT
options IPFIREWALL_FORWARD
options IPFIREWALL_NAT
options DUMMYNET
options DEVICE_POLLING
options NETGRAPH
options NETGRAPH_BPF
options NETGRAPH_ECHO
options NETGRAPH_ETHER
options NETGRAPH_IFACE
options NETGRAPH_EIFACE
options NETGRAPH_IPFW
options NETGRAPH_SOCKET
options NETGRAPH_KSOCKET
options NETGRAPH_TEE
options NETGRAPH_NAT
options NETGRAPH_MPPC_ENCRYPTION
options NETGRAPH_TCPMSS
options NETGRAPH_PPTPGRE
options NETGRAPH_PPP
options NETGRAPH_PPPOE
options NETGRAPH_VJC
device crypto
device glxsb
options IPSEC
options IPSEC_FILTERTUNNEL
device cpuctl
# Debugging kernel
options KDB # Enable kernel debugger support.
options KDB_UNATTENDED # Enable kernel debugger support.
options DDB # Support DDB.
options GDB # Support remote GDB.
options INVARIANTS # Enable calls of extra sanity checking
options INVARIANT_SUPPORT # Extra sanity checks of internal structures, required by INVARIANTS
options WITNESS # Enable checks to detect deadlocks and cycles
options WITNESS_SKIPSPIN # Don't run witness on spinlocks for speed
>Fix:
Unknown.
>Release-Note:
>Audit-Trail:
>Unformatted:
More information about the freebsd-bugs
mailing list