similar to: 10.0-RC1: bad mbuf leak?

Hi, Anyone else noticing any TCP Stack requests for information under a useraccount with mild to moderate TCP activity on HTTP and other sorts of ports returns zero results back unless you are root. [site@Eden ~]$ netstat -i reports netstat: kvm not available: /dev/mem: Permission denied ifnet: symbol not defined [site@Eden ~]$ netstat -an [site@Eden ~]$ netstat -m 377/823/1200 mbufs in use

Box with fresh RELENG_7 panic under heavy network load (more than 50k connections). This panics seems to be senfile(2) related, because when sendfile disabled in nginx, I can't reproduce the problem. Backtrace in all cases like this: # kgdb kernel /spool/crash/vmcore.1 GNU gdb 6.1.1 [FreeBSD] Copyright 2004 Free Software Foundation, Inc. GDB is free software, covered by the GNU General

Hi All, Mysql service is going down continously in my system due to lack of memory space. I checked the messages log and found the following error message. All mbuf clusters exhausted, please see tuning(7). I have no idea about mbuf cluster. Can anyone please help me to fix the issue. I hope the information below will help you. Following is the output of top. last pid: 84718; load

----- Original Message ---- > From: Pyun YongHyeon <pyunyh@gmail.com> > To: Ian FREISLICH <ianf@clue.co.za> > Cc: FreeBSD Current <freebsd-current@freebsd.org>; Robert Backhaus <robbak@robbak.com> > Sent: Monday, March 17, 2008 8:12:03 AM > Subject: Re: Packet corruption in re0 > > On Fri, Feb 22, 2008 at 10:43:22AM +0200, Ian FREISLICH wrote: >

BM_207650 MEDIUM Vulnerability Version: 1 2/18/2004@03:47:29 GMT Initial report <https://ialert.idefense.com/KODetails.jhtml?irId=207650> ID#207650: FreeBSD Memory Buffer Exhaustion Denial of Service Vulnerability (iDEFENSE Exclusive): Remote exploitation of a denial of service (DoS) vulnerability in FreeBSD's memory buffers (mbufs) could allow attackers to launch a DoS attack.

Ive been googling quite a bit now for problems with running out of mbuf clusters. Im basically sending a 30k datachunk down 1000-4000 connections, but 1000 is more than enough to quickly fill upp 8192 mbuf clusters. I also tried setting maximum amount of mbuf clusters to 65536, but that only made the box hard-wire 86MB of 96MB RAM, making it just as unsuable as a dead machine. Of course, when the

Hi list, since we activated 10gbe on ixgbe cards + jumbo frames(9k) on 9.0 and now on 9.1 we recognize that after a random period of time, sometimes a week, sometimes only a day, the system doesn't send any packets out. The phenomenon is that you can't login via ssh, nfs and istgt is not operative. Yet you can login on the console and execute commands. A clean shutdown isn't possible

In http://docs.freebsd.org/cgi/mid.cgi?200402260743.IAA18903 it seems RELENG_4 is vulnerable. Is there any work around to a system that has to have ports open ? Version: 1 2/18/2004@03:47:29 GMT >Initial report > <<https://ialert.idefense.com/KODetails.jhtml?irId=207650>https://ialert.idefense.com/KODetails.jhtml?irId=207650; >ID#207650: >FreeBSD Memory Buffer

Hi there, I have some DDOS(?) attack on my router going where my apache HTTP server is flooded with short-timed connections from some host. This results in LOTS of sockets in TIME_WAIT/LAST_ACK/CLOSING states and eventually I'm out of mbufs, which, consequently means I can't even connect to the router from LAN. The kern.ipc.nmbclusters is 2560, (I guess high enough for router with

Hi, I have a Dell T710 with 4 X 10G ethernet interfaces (2 X Dual port Intel 82599 cards). It is running FreeBSD RELENG_8 last updated on July 13. What I see is packet loss (0 - 40%) on IPv6 packets in vlans, when the machine is not the originator of the packets. Let me try to describe a little more. If a neigbouring machine ping6 it, there will be packet loss. If it act as a router for ipv6,

Hello! I''m working on a guest OS port which uses NetBSD drivers, and I''m currently working on the netfront support. I''m basing the driver on the FreeBSD 7.0 driver, and I''ve run into a problem in network_alloc_rx_buffers. Parts of the code with line numbers is given below, and I''ll try to explain where the problem occurs. The basic problem is that

Hello List, I know 4.9 is ancient history, but unfortunately we have several thousand sites installed. We are in the process of moving to 6.1 when it is released. Right now I have an immediate problem where we are going to install two system at a HQ site. Each of the 2 systems will have two gre/vpn/ospf tunnels to a 100 remote sites in the field. The broadband will be a T3 with failover to

I have some questions about what needs tuned on a high traffic syslog box. I seem to be dropping quite a few syslog packets. This is a syslog server for a high usage Firewall btw. Nic is a Compaq tl0 4.8-P13 netstat -s -p udp | grep buf 19,762,079 dropped due to full socket buffers uptime 5:28PM up 7 days, 18:30, 2 users, load averages: 0.21, 0.23, 0.23 I though maybe syslogd was the

I noticed with active ftp clients (specifically IMP's .forward modification plugin), an sbsize of something under 32M in /etc/login.conf on the target server now gives Can't create data socket (M-^A> (^A,_<F5>^R(^C): No buffer space available. in the ftp logs. What is a safe value to prevent users from abusing the system by eating up all mbufs ? There is a local DoS if

I noticed with active ftp clients (specifically IMP's .forward modification plugin), an sbsize of something under 32M in /etc/login.conf on the target server now gives Can't create data socket (M-^A> (^A,_<F5>^R(^C): No buffer space available. in the ftp logs. What is a safe value to prevent users from abusing the system by eating up all mbufs ? There is a local DoS if

Hi, We have a pretty serious problem with our news server crashing during the expire cronjob. This happened with 4.7-RELEASE, so we upgraded to 4.8-RELEASE recently, hoping that the problem might be fixed, but it isn't. The machine is a Compaq DL360-G2. I've searched the PR database as well as the mailing list archives for the panic string, but didn't find anything. What makes the

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ============================================================================= FreeBSD-SA-04:04.tcp Security Advisory The FreeBSD Project Topic: many out-of-sequence TCP packets denial-of-service Category: core Module: kernel

Dear List, the attached patch makes rsync of local folders almost as fast as cp. when rsync client and server has detected that they are working in local_server mode, they use local_socket, a unix domain socket pair, to pass the file descriptors of the synced files. the server uses the file descriptor it receives from the client to fast copy from src to dst file. on completion of every file fast

I finally got a 10G card that is recognized by FreeBSD (9.1-stable): ... ix0: <Intel(R) PRO/10GbE PCI-Express Network Driver, Version - 2.4.8> port 0xecc0-0xecdf mem 0xd9e80000-0xd9efffff,0xd9ff8000-0xd9ffbfff irq 40 at device 0.0 on pci4 ix0: Using MSIX interrupts with 9 vectors ix0: RX Descriptors exceed system mbuf max, using default instead! ix0: Ethernet address: 90:e2:ba:29:c0:54

Dear SIR's On Tru64 4.0F i get do you know how I can avoid it? Rgds Henrik PS. What should I expect on LDAP (got an error using --with-ldap): ============================================================================ ==== Compiling nmbd/nmbd_nameregister.c In file included from include/includes.h:258, from nmbd/nmbd_nameregister.c:25: /usr/include/net/if.h:182: