panic

Johannes Hofmann Johannes.Hofmann at gmx.de
Mon Apr 17 05:19:17 PDT 2006


Matthew Dillon <dillon at xxxxxxxxxxxxxxxxxxxx> wrote:
> 
> :ipw0: flags=8843<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST> mtu 1492
> :        inet 192.168.1.5 netmask 0xffffff00 broadcast 192.168.1.255
> :        ether 00:0c:f1:3b:d1:ef
> :        media: IEEE 802.11 Wireless Ethernet autoselect (DS/11Mbps)
> :        status: associated
> :
> :
> :Perhaps it's some negotiation with the remote host that reduces t_maxopd?
> :And the problem only occurs since I have upgarded my openwrt router...
> 
>    A tcpdump may give us a clue.  Something like:
> 
>        tcpdump -i ipw0 -s 4096 -l -vvv
> 
>    would do the job, but you need to filter out data unrelated to the TCP
>    connection causing the problem.  So, e.g. you might have to add
>    'not port 22 and not port <blah> and not port <blah>' or things of
>    that nature.

Unfortunately the traffic is encrypted by IPSEC, so there is not much,
one can see in the tcpdump output:

18:33:12.872804 IP (tos 0x10, ttl  64, id 3341, offset 0, flags [none], length: 104) blob > 192.168.1.1: ESP(spi=0xf50f7c30,seq=0x69)
18:33:12.876106 IP (tos 0x0, ttl  64, id 43795, offset 0, flags [none], length: 152) 192.168.1.1 > blob: ESP(spi=0x0fe09ce6,seq=0x11a)
18:33:12.971780 IP (tos 0x10, ttl  64, id 3343, offset 0, flags [none], length: 104) blob > 192.168.1.1: ESP(spi=0xf50f7c30,seq=0x6a)

and so on...

> 
>    I have enclosed a patch that I believe will stop the crashes.  The TCP
>    connection will still fail, because its an unrecoverable situation (the
>    MTU must be large enough to hold the packet's options!), but hopefully
>    the system will not crash.  It should report problem packets on the
>    console/dmesg (limited to one report per second).

The patch fixes the core dumps, thanks. I think the other thing is a 
bug or misconfiguration in my router. I will try to track this down
later.

   Johannes

PS: Sorry for the late reply. Weather and snow have been too good here :-)

>    
>                                        -Matt
>                                        Matthew Dillon 
>                                        <dillon at xxxxxxxxxxxxx>
> 
> Index: netinet/tcp_output.c
> ===================================================================
> RCS file: /cvs/src/sys/netinet/tcp_output.c,v
> retrieving revision 1.30
> diff -u -r1.30 tcp_output.c
> --- netinet/tcp_output.c        14 Jan 2006 11:33:50 -0000      1.30
> +++ netinet/tcp_output.c        9 Apr 2006 17:34:48 -0000
> @@ -631,18 +631,29 @@
> #endif
> 
>        /*
> -        * Adjust data length if insertion of options will
> -        * bump the packet length beyond the t_maxopd length.
> -        * Clear the FIN bit because we cut off the tail of
> -        * the segment.
> +        * Adjust data length if insertion of options will bump the packet
> +        * length beyond the t_maxopd length.  Clear FIN to prevent premature
> +        * closure since there is still more data to send after this (now
> +        * truncated) packet.
> +        *
> +        * If just the options do not fit we are in a no-win situation and
> +        * we treat it as an unreachable host.
>         */
>        if (len + optlen + ipoptlen > tp->t_maxopd) {
> -               /*
> -                * If there is still more to send, don't close the connection.
> -                */
> -               flags &= ~TH_FIN;
> -               len = tp->t_maxopd - optlen - ipoptlen;
> -               sendalot = TRUE;
> +               if (tp->t_maxopd <= optlen + ipoptlen) {
> +                       static time_t last_optlen_report;
> +
> +                       if (last_optlen_report != time_second) {
> +                               last_optlen_report = time_second;
> +                               printf("tcpcb %p: MSS (%d) too small to hold options!\n", tp, tp->t_maxopd);
> +                       }
> +                       error = EHOSTUNREACH;
> +                       goto out;
> +               } else {
> +                       flags &= ~TH_FIN;
> +                       len = tp->t_maxopd - optlen - ipoptlen;
> +                       sendalot = TRUE;
> +               }
>        }
> 
> #ifdef INET6





More information about the Bugs mailing list