panic
Matthew Dillon
dillon at apollo.backplane.com
Fri Apr 7 12:05:14 PDT 2006
: /*
: * Adjust data length if insertion of options will
: * bump the packet length beyond the t_maxopd length.
: * Clear the FIN bit because we cut off the tail of
: * the segment.
: */
: if (len + optlen + ipoptlen > tp->t_maxopd) {
: /*
: * If there is still more to send, don't close the connection.
: */
: flags &= ~TH_FIN;
: len = tp->t_maxopd - optlen - ipoptlen;
: sendalot = TRUE;
: }
:
:len ends up beeing -13 because tp->t_maxopd = 64, optlen = 12,
:and ipoptlen = 65 (because ipsec_hdrsiz_tcp(tp) = 65.
:
:But I don't know, how to handle this case correctly.
:
: Johannes
Hmm. I looked at the crashdump you uploaded and at the definition
of tp->t_maxopd. t_maxopd is supposed to be the maximum packet
payload data + options. A value of 64 doesn't seem right, but
I manually tracked down the stack frame and dumped the tcpcb and
indeed, it is 64. t_maxseg is 52.
These numbers are way too low. They are derived from the
interface MTU, the route table, or from TCP options during handshaking.
I'm not sure where the numbers came from but that is probably our culprit.
The t_state is 5, which is TCPS_ESTABLISHED. So the question is now
how did the TCP connection wind up with such a small packet payload
limit?
-Matt
Matthew Dillon
<dillon at xxxxxxxxxxxxx>
(kgdb) print (struct tcpcb *)0xdd71a040
$37 = (struct tcpcb *) 0xdd71a040
(kgdb) print *$37
$38 = {
t_segq = {
lh_first = 0x0
},
t_dupacks = 0,
tt_cpu = 0,
tt_rexmt = 0xdd71a18c,
tt_persist = 0xdd71a1a8,
tt_keep = 0xdd71a1c4,
tt_2msl = 0xdd71a1e0,
tt_delack = 0xdd71a1fc,
t_inpcb = 0xdd719f80,
t_state = 5,
t_flags = 33761,
snd_up = 463293982,
snd_una = 463293983,
snd_recover = 463293982,
snd_max = 463293983,
snd_nxt = 463293983,
snd_wl1 = 1376273623,
snd_wl2 = 463293983,
iss = 463293982,
irs = 1376273622,
rcv_nxt = 1376273623,
rcv_adv = 1376330979,
rcv_wnd = 57356,
rcv_up = 1376273623,
snd_wnd = 49248,
snd_cwnd = 208,
snd_wacked = 0,
snd_ssthresh = 1073725440,
t_rxtcur = 120,
t_maxseg = 52,
t_srtt = 128,
t_rttvar = 32,
t_maxopd = 64,
t_rcvtime = 316664,
t_starttime = 316664,
t_rtttime = 0,
t_rtseq = 463293982,
t_rxtshift = 0,
t_rttmin = 100,
t_rttbest = 160,
t_rttupdated = 1,
max_sndwnd = 49248,
t_softerror = 0,
t_oobflags = 0 '\0',
t_iobc = 0 '\0',
snd_scale = 0 '\0',
rcv_scale = 0 '\0',
request_r_scale = 0 '\0',
requested_s_scale = 0 '\0',
ts_recent = 53239860,
ts_recent_age = 316664,
last_ack_sent = 0,
cc_send = 240,
cc_recv = 0,
snd_cwnd_prev = 0,
snd_wacked_prev = 0,
snd_ssthresh_prev = 0,
snd_recover_prev = 0,
t_badrxtwin = 0,
t_rexmtTS = 0,
snd_limited = 0 '\0',
rexmt_high = 0,
snd_max_rexmt = 0,
scb = {
nblocks = 0,
sackblocks = {
tqh_first = 0x0,
tqh_last = 0xdd71a130
},
lostseq = 0,
lastfound = 0x0
},
reportblk = {
rblk_start = 0,
rblk_end = 0
},
encloseblk = {
rblk_start = 0,
rblk_end = 0
},
nsackhistory = 0,
sackhistory = {{
rblk_start = 0,
rblk_end = 0
}, {
rblk_start = 0,
rblk_end = 0
}, {
rblk_start = 0,
rblk_end = 0
}, {
rblk_start = 0,
rblk_end = 0
}},
t_outputq = {
tqe_next = 0x0,
tqe_prev = 0x0
},
snd_bandwidth = 0,
snd_bwnd = 1073725440,
t_bw_rtttime = 0,
t_bw_rtseq = 0
}
More information about the Bugs
mailing list