Yesterday both of my EPIA routers running FreeBSD 5-STABLE freezed. After I rebooted them i updated the world because a lot of bugs have been fixed in the last month, but today the Firewall EPIA freezed again 🙁
Both times I was not at home, so i don’t know if something mysterious happend. My other Systems didn’t crash, so it can’t be a powerfailure, and heating problems are very unlikely as there are -3�C outside and around 18�C inside.
I have now built a debug kernel on the firewall and additional disabled SACK TCP and the MPsafe network subsystem.
I hope this increases the stability, that i don’t have to reenable the old gateway running FreeBSD 4-STABLE (which btw last week hit the 300 days uptime mark) for the chrismas holidays.
If you have any other ideas how to increase stability, please let me know.
8 thoughts on “Mysterious Freezes”
Comments are closed.
hate to say that – maybe a change to OpenBSD/pf would help.
Well switching to PF is a tempting option, as I would really like to try CARP.
But i doubt that IPF is the reason of the problem, it has been working without a problem for years.
And OpenBSD, hm…….
come on arved … try it *eg* …
easy it is, the path to the dark side of the force … hrhr
there are of course other features at openbsd, as the rule optimization, pfauth (very nice) and spamd which you should give a try.
Well I am not really interested in spamd, as I have only one IP, where i need to run sendmail, but pfauth might be nice for the wlan.
I will put an item on my TODO list, “Install OpenBSD on Polly”, but i don’t really have the time to play with another Operating System in the next months.
spamd (OpenBSDs Spam Tarpit) doesn�t depend on wether you got one IP or not. it�s feeded by pf via a blacklist and simply slows down the sending mta by faking a slow SMTP “handshake” – this can slow down spammers mta hardly – and just costs you one port.
Daniel Hartmeier wrote nice stuff:
http://www.benzedrine.cx/relaydb.html
worth to check out, it�s read in 5 minutes and actually _figths_ spam (I don�t consider filtering as figthing ;))
Do you have any experience, how much traffic it costs?
I can’t spend any traffic for fighting spammers, as my ADSL account has no spare bandwith.
BTW dhartmei’s page says, all feature have been ported to FreeBSD, so it is not necessary to install OpenBSD 🙂
a few bytes just for the slow handshake; if you can afford running your mailserver via ADSL, you can afford not getting spam mails. if you just filter them via spamassassin, you�ll have definitly more bandwith usage than just slowing down the other MTA by _not_ taking it (and not telling hime, you (spamd) are no MTA) …
spamd is just claiming to be a MTA, it�ll never process any mail.
Oh, I thought you wanted to give openbsd a try 😉
I finally got a backtrace from the panic the panic that occured once a week since December.
panic: m_copydata, length > size of mbuf chain
KDB: enter: panic
[thread pid 27 tid 100021 ]
Stopped at kdb_enter+0x2b: nop
db> where
Tracing pid 27 tid 100021 td 0xc107f190
kdb_enter(c06b8a22) at kdb_enter+0x2b
panic(c06be9b5,1,c2213340,c2213300,ca8a8b34) at panic+0xbb
m_copydata(c123a600,0,38,c2213340,0) at m_copydata+0x66
ipllog(0,ca8a8be0,ca8a8b68,ca8a8b60,ca8a8b58) at ipllog+0x1f1
ipflog(19,c123a650,ca8a8be0,c123a600,0) at ipflog+0x18f
fr_check(c123a650,14,c1120000,0,ca8a8c88) at fr_check+0xc6c
fr_check_wrapper(0,ca8a8c88,c1120000,1,0) at fr_check_wrapper+0x2a
pfil_run_hooks(c074a000,ca8a8cd4,c1120000,1,0) at pfil_run_hooks+0xbd
ip_input(c123a600) at ip_input+0x231
netisr_processqueue(c0749298) at netisr_processqueue+0x6e
swi_net(0) at swi_net+0x88
ithread_loop(c1074500,ca8a8d48,c1074500,c050f198,0) at ithread_loop+0x124
fork_exit(c050f198,c1074500,ca8a8d48) at fork_exit+0xa4
fork_trampoline() at fork_trampoline+0x8
So maybe I should really switch to PF. But first lets see if someone on the FreeBSD Mailinglist knows a solution.