kern/155585: tcp_output tcp_mtudisc loop until kernel panic
Andrey Smagin
samspeed at mail.ru
Tue Mar 15 21:10:11 UTC 2011
>Number: 155585
>Category: kern
>Synopsis: tcp_output tcp_mtudisc loop until kernel panic
>Confidential: no
>Severity: critical
>Priority: high
>Responsible: freebsd-bugs
>State: open
>Quarter:
>Keywords:
>Date-Required:
>Class: sw-bug
>Submitter-Id: current-users
>Arrival-Date: Tue Mar 15 21:10:10 UTC 2011
>Closed-Date:
>Last-Modified:
>Originator: Andrey Smagin
>Release: FreeBSD 8.x, 9-current
>Organization:
DiP Interactive
>Environment:
FreeBSD ns.vvt 9.0-CURRENT FreeBSD 9.0-CURRENT #15: Mon Feb 21 10:00:16 MSK 2011 root at ns.vvt:/usr/obj/usr/src/sys/SAM amd64
>Description:
My box is connected to 8 different ISP
I use IPFW for split trafic between ISP by ports and IP addreses.
ruleset is
10000 rules for outgoing connections direct from this host via any iface
*10001 fwd ISP1_GATE ip from ISP1_IP to not 172.17.0.0/16
*10016 fwd ISP2_GATE ip from ISP2_IP to not 172.17.0.0/16
*10021 fwd ISP3_GATE ip from ISP3_IP to not 172.17.0.0/16
*10026 fwd ISP4_GATE ip from ISP4_IP to not 172.17.0.0/16
*10031 fwd ISP5_GATE ip from ISP5_IP to not 172.17.0.0/16
*10036 fwd ISP6_GATE ip from ISP6_IP to not 172.17.0.0/16
10100 rules for incoming packets from ISP to NAT in_port
*10101 divert 8682 ip from not 172.17.0.0/16 to ISP1_IP
*10116 divert 8686 ip from not 172.17.0.0/16 to ISP2_IP
*10121 divert 8688 ip from not 172.17.0.0/16 to ISP3_IP
*10126 divert 8690 ip from not 172.17.0.0/16 to ISP4_IP
*10131 divert 8692 ip from not 172.17.0.0/16 to ISP5_IP
*10136 divert 8694 ip from not 172.17.0.0/16 to ISP6_IP
10200 if packet after NAT for this host allow it
*10201 allow ip from not 172.17.0.0/16 to ISP1_IP
*10216 allow ip from not 172.17.0.0/16 to ISP2_IP
*10221 allow ip from not 172.17.0.0/16 to ISP3_IP
*10226 allow ip from not 172.17.0.0/16 to ISP4_IP
*10231 allow ip from not 172.17.0.0/16 to ISP5_IP
*10236 allow ip from not 172.17.0.0/16 to ISP6_IP
10500...45000 is rules for move outgoing trafic to ISP from local network hosts
default gateway for FIB0 if my_local_net_IP then use NAT
10500 skipto 50010 ip from 172.17.1.myip to not 172.17.0.0/16
move http via ISP1
10501 skipto 50000 ip from 172.17.1.12 to not 172.17.0.0/16 80
move all another via ISP2
10502 skipto 50005 ip from 172.17.1.12 to not 172.17.0.0/16
.. and so on
at 50000.. rules like virtual ISP_No
this rules dynamicaly change by scripts if any numbers of ISP will
disconnected or his uplink will down
50000 skipto 50200 ip from any to any
50005 skipto 50225 ip from any to any
50010 skipto 50200 ip from any to any
50015 skipto 50215 ip from any to any
50020 skipto 50220 ip from any to any
50025 skipto 50225 ip from any to any
50030 skipto 50230 ip from any to any
50035 skipto 50235 ip from any to any
50040 skipto 50225 ip from any to any
50199 skipto 50500 ip from any to any
50200 this rules for real connected ISP with NAT out_port for local net IP
*50201 131542 12711357 divert 8683 ip from any to any
*50202 93400 6215615 fwd ISP1_GATE ip from any to any
*50203 0 0 skipto 50500 ip from any to any
*50209 0 0 skipto 50500 ip from any to any
*50214 0 0 skipto 50500 ip from any to any
*50214 0 0 skipto 50500 ip from any to any
*50216 51907 5752794 divert 8687 ip from any to any
*50217 51907 5752794 fwd ISP2_GATE ip from any to any
*50218 0 0 skipto 50500 ip from any to any
*50219 0 0 skipto 50500 ip from any to any
*50221 13372501 1432345573 divert 8689 ip from any to any
*50222 13372330 1432341986 fwd ISP3_GATE ip from any to any
*50223 0 0 skipto 50500 ip from any to any
*50224 0 0 skipto 50500 ip from any to any
*50226 2081341 297746506 divert 8691 ip from any to any
*50227 2081336 297746190 fwd ISP4_GATE ip from any to any
*50228 0 0 skipto 50500 ip from any to any
*50229 0 0 skipto 50500 ip from any to any
*50231 0 0 divert 8693 ip from any to any
*50232 0 0 fwd ISP5_GATE ip from any to any
*50233 0 0 skipto 50500 ip from any to any
*50234 0 0 skipto 50500 ip from any to any
*50236 502925 35831696 divert 8695 ip from any to any
*50237 502924 35831612 fwd ISP6_GATE ip from any to any
*50238 0 0 skipto 50500 ip from any to any
50500 deny ip from any to any
also in system 9 FIB's 1-8 - ISP connection default gateway
FIB0 have default gateway local_net_this_host_ip for using NAT
for self connection, rule 10500
rules marked * changeb by iface_up iface_down scrips in MPD 5.5
if all IPS work without disconnection - system is stable.
under load if some ISP disconnected and connected again - system kernel panic:
Fatal double fault:
ipfw_chk
ipfw_check_
tcp_output
tcp_mtudisc
tcp_output
tcp_mtudisc
tcp_output
tcp_mtudisc
tcp_output
tcp_mtudisc
tcp_output
tcp_mtudisc
tcp_output
.. many times
tcp_mtudisc
tcp_output
this different source code call first tcp_output
ithread, netgraph, etc...
>How-To-Repeat:
under heavy load with often ISP disconnection uptime 5-15 minutes
>Fix:
use 5 ISP uptime increased to 1-2 days
use 2 ISP uptime increased to 3-7 days
>Release-Note:
>Audit-Trail:
>Unformatted:
More information about the freebsd-bugs
mailing list