panic

Matthew Dillon dillon at apollo.backplane.com
Fri Apr 7 12:05:14 PDT 2006


:    /*
:     * Adjust data length if insertion of options will
:     * bump the packet length beyond the t_maxopd length.
:     * Clear the FIN bit because we cut off the tail of
:     * the segment.
:     */
:    if (len + optlen + ipoptlen > tp->t_maxopd) {
:        /*
:         * If there is still more to send, don't close the connection.
:         */
:        flags &= ~TH_FIN;
:        len = tp->t_maxopd - optlen - ipoptlen;
:        sendalot = TRUE;
:    }
:
:len ends up beeing -13 because tp->t_maxopd = 64, optlen = 12, 
:and ipoptlen = 65 (because ipsec_hdrsiz_tcp(tp) = 65.
:
:But I don't know, how to handle this case correctly.
:
: Johannes

    Hmm.  I looked at the crashdump you uploaded and at the definition
    of tp->t_maxopd.  t_maxopd is supposed to be the maximum packet
    payload data + options.  A value of 64 doesn't seem right, but
    I manually tracked down the stack frame and dumped the tcpcb and
    indeed, it is 64.  t_maxseg is 52.

    These numbers are way too low.  They are derived from the 
    interface MTU, the route table, or from TCP options during handshaking.
    I'm not sure where the numbers came from but that is probably our culprit.

    The t_state is 5, which is TCPS_ESTABLISHED.  So the question is now
    how did the TCP connection wind up with such a small packet payload
    limit?

					-Matt
					Matthew Dillon 
					<dillon at xxxxxxxxxxxxx>

(kgdb) print (struct tcpcb *)0xdd71a040
$37 = (struct tcpcb *) 0xdd71a040
(kgdb) print *$37
$38 = {
  t_segq = {
    lh_first = 0x0
  }, 
  t_dupacks = 0, 
  tt_cpu = 0, 
  tt_rexmt = 0xdd71a18c, 
  tt_persist = 0xdd71a1a8, 
  tt_keep = 0xdd71a1c4, 
  tt_2msl = 0xdd71a1e0, 
  tt_delack = 0xdd71a1fc, 
  t_inpcb = 0xdd719f80, 
  t_state = 5, 
  t_flags = 33761, 
  snd_up = 463293982, 
  snd_una = 463293983, 
  snd_recover = 463293982, 
  snd_max = 463293983, 
  snd_nxt = 463293983, 
  snd_wl1 = 1376273623, 
  snd_wl2 = 463293983, 
  iss = 463293982, 
  irs = 1376273622, 
  rcv_nxt = 1376273623, 
  rcv_adv = 1376330979, 
  rcv_wnd = 57356, 
  rcv_up = 1376273623, 
  snd_wnd = 49248, 
  snd_cwnd = 208, 
  snd_wacked = 0, 
  snd_ssthresh = 1073725440, 
  t_rxtcur = 120, 
  t_maxseg = 52, 
  t_srtt = 128, 
  t_rttvar = 32, 
  t_maxopd = 64, 
  t_rcvtime = 316664, 
  t_starttime = 316664, 
  t_rtttime = 0, 
  t_rtseq = 463293982, 
  t_rxtshift = 0, 
  t_rttmin = 100, 
  t_rttbest = 160, 
  t_rttupdated = 1, 
  max_sndwnd = 49248, 
  t_softerror = 0, 
  t_oobflags = 0 '\0', 
  t_iobc = 0 '\0', 
  snd_scale = 0 '\0', 
  rcv_scale = 0 '\0', 
  request_r_scale = 0 '\0', 
  requested_s_scale = 0 '\0', 
  ts_recent = 53239860, 
  ts_recent_age = 316664, 
  last_ack_sent = 0, 
  cc_send = 240, 
  cc_recv = 0, 
  snd_cwnd_prev = 0, 
  snd_wacked_prev = 0, 
  snd_ssthresh_prev = 0, 
  snd_recover_prev = 0, 
  t_badrxtwin = 0, 
  t_rexmtTS = 0, 
  snd_limited = 0 '\0', 
  rexmt_high = 0, 
  snd_max_rexmt = 0, 
  scb = {
    nblocks = 0, 
    sackblocks = {
      tqh_first = 0x0, 
      tqh_last = 0xdd71a130
    }, 
    lostseq = 0, 
    lastfound = 0x0
  }, 
  reportblk = {
    rblk_start = 0, 
    rblk_end = 0
  }, 
  encloseblk = {
    rblk_start = 0, 
    rblk_end = 0
  }, 
  nsackhistory = 0, 
  sackhistory = {{
      rblk_start = 0, 
      rblk_end = 0
    }, {
      rblk_start = 0, 
      rblk_end = 0
    }, {
      rblk_start = 0, 
      rblk_end = 0
    }, {
      rblk_start = 0, 
      rblk_end = 0
    }}, 
  t_outputq = {
    tqe_next = 0x0, 
    tqe_prev = 0x0
  }, 
  snd_bandwidth = 0, 
  snd_bwnd = 1073725440, 
  t_bw_rtttime = 0, 
  t_bw_rtseq = 0
}






More information about the Bugs mailing list