Hello.
We are running an (IRC) server that under high-rate traffic (ie. DDoS
attack) stops to respond to the network. The network remains locked up
even after the original attack stops. However running tcpdump (which
switches the interface into promisc mode) unlocks networking and things
work again.
At the moment, we are running 6.2-RC1 cvsupped at Dec 10, with if_fxp.c
from Nov 11 (previously, we had 6.1 for a while, having the same issues)
if_fxp.c,v 1.240.2.10.2.1 2006/11/20 16:21:12
The same machine used to run FreeBSD 4.11 without any problems.
Any help/pointers/suggestions would be appreciated.
More hardware details:
fxp0@pci2:3:0: class=0x020000 card=0x10408086 chip=0x12298086 rev=0x0c
hdr=0x00
vendor = 'Intel Corporation'
device = '82550/1/7/8/9 EtherExpress PRO/100(B) Ethernet Adapter'
class = network
subclass = ethernet
fxp0: <Intel 82550 Pro/100 Ethernet> port 0xc800-0xc83f mem
0xd9020000-0xd9020fff,0xd9000000-0xd901ffff irq 11 at device 3.0 on pci2
miibus0: <MII bus> on fxp0
fxp0: Ethernet address: 00:02:b3:90:65:86
interrupt total rate
irq11: fxp0 67322 0
--
() ASCII Ribbon Campaign
/\ Support plain text e-mail
On Sun, Jan 07, 2007 at 04:52:29PM +0100, Krzysztof Kowalik wrote:> Hello. > > We are running an (IRC) server that under high-rate traffic (ie. DDoS > attack) stops to respond to the network. The network remains locked up > even after the original attack stops. However running tcpdump (which > switches the interface into promisc mode) unlocks networking and things > work again. > > At the moment, we are running 6.2-RC1 cvsupped at Dec 10, with if_fxp.c > from Nov 11 (previously, we had 6.1 for a while, having the same issues) > > if_fxp.c,v 1.240.2.10.2.1 2006/11/20 16:21:12 > > The same machine used to run FreeBSD 4.11 without any problems. > > Any help/pointers/suggestions would be appreciated.You'll probably need to set up DDB and run the usual tracing commands (see the developers handbook) to obtain further debugging information to proceed here. Kris -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: application/pgp-signature Size: 187 bytes Desc: not available Url : http://lists.freebsd.org/pipermail/freebsd-stable/attachments/20070110/2ca7cea3/attachment.pgp
Krzysztof Kowalik <kkowalik@uci.agh.edu.pl> wrote:> We are running an (IRC) server that under high-rate traffic (ie. DDoS > attack) stops to respond to the network. The network remains locked up > even after the original attack stops. [...]And it turns out to be an usual PEBKAC. The system was running out of mbuf clusters, and after increasing kern.ipc.nmbclusters to a sane value things started to work as expected again. Since it's usually the first thing one changes on such a box, we didn't even think of checking it. Sorry for the noise. -- () ASCII Ribbon Campaign /\ Support plain text e-mail