Re: [CFT] modular kernel config
2012/2/29 Łukasz Wąsikowski : > W dniu 2012-02-28 22:22, Arnaud Lacombe pisze: > > FLOWTABLE on 8.x crashed BGP routers (kern/144917). > no crash dump, no backtrace, no follow-up whatsoever after 1 year and 2 years, what's your points ? You could really have chosen a better PR to back up your argument... >>> >>> Sorry, but I don't want to bug trace this issue, simply because lack of >>> time, resources and interest in this feature. I've run into this bug on >>> production box, went through hell because of it and turned off flowtable >>> which I do not use and not need. If this problem is still alive (it >>> might be, the PR I've mentioned is still open) then it's not a good idea >>> to turn on this feature by default. If you're interested in using this >>> feature then feel free to debug and test. >>> >> Give me a deterministic way to reproduce the issue and I will. > > Enable FLOWTABLES in kernel and setup BGP4+ router (with net/quagga). > You need three peers sending you full Internet routing table (3x400k > prefixes). Some people got it with only two peers. After a short while > your CPU should stuck in 100% busy. > > -- > best regards, > Lukasz Wasikowski > In my cased, I used OpenBGPD. Rgds, -- Lasta Yani ___ freebsd-stable@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-stable To unsubscribe, send any mail to "freebsd-stable-unsubscr...@freebsd.org"
Re: [CFT] modular kernel config
On Tue, Feb 28, 2012 at 10:37 PM, Alexander Leidinger wrote: > Quoting ~Lst (from Tue, 28 Feb 2012 16:38:43 +0700): > >> 2012/2/28 Steve Wills : >>> >>> -BEGIN PGP SIGNED MESSAGE- >>> Hash: SHA1 >>> >>> On 02/27/12 10:53, Łukasz Wąsikowski wrote: >>>> >>>> W dniu 2012-02-22 23:31, Bjoern A. Zeeb pisze: >>>> >>>>> You cannot ship that on by default for non-tecnical reasons in a >>>>> kernel. Please do not commit a kernel config that can be booted >>>>> (no LINT cannot be booted) with these on without consulting >>>>> appropriate hats upfront. >>>>> >>>>> >>>>>> - ALTQ - SW_WATCHDOG - QUOTA - IPSTEALTH (disabled in >>>>>> loader.conf) - IPFIREWALL_FORWARD (touches every packet, power >>>>>> users which need a bigger PPS but not this feature can >>>>>> recompile the kernel, discussed with julian@) - FLOWTABLE >>>>>> (disabled in loader.conf) >>>>> >>>>> Which is not the same as it's not 100% disabled and will still >>>>> allocate memory. >>>> >>>> >>>> FLOWTABLE on 8.x crashed BGP routers (kern/144917). I don't know if >>>> it is fixed by now, but this kind of potential problematic features >>>> should not be enabled by default. >>>> >>> >>> Agree, I've run into problems with FLOWTABLE (with just the features >>> that were enabled by default in 8.0) when routers changed MAC >>> addresses. As far as I understand it, FLOWTABLE is both broken and >>> abandoned (but if I'm wrong, please let me know). >>> >>> So, IMHO, not only should it not be enabled by default, but given that >>> it was disabled complete in 8.x after 8.0 (too lazy to look at exactly >>> when right now), I think it shouldn't even be included, since that >>> might encourage users to try it out only to encounter problems with it. >>> >>> Steve >>> >> >> Definitely yes, I'd some problems too with FLOWTABLE running for router. >> So I have to disabled in kernel and sysctl. > > > To make sure I understand you correctly: Did you disabled it with the > sysctl/loader-tunable and everything was OK again, or did you had to remove > it from the kernel config (disabling via sysctl was not enough) to resolve > the issue? > > I have one report where a person has issue with FLOWTABLE, but disabling it > via the sysctl/loader-tunable was enough to address his concerns. > > Bye, > Alexander. > I had to remove it from the kernel config and in my cased disabling via sysctl was not enough to resolve the issue Rgds, -- Lasta Yani ___ freebsd-stable@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-stable To unsubscribe, send any mail to "freebsd-stable-unsubscr...@freebsd.org"
Re: [CFT] modular kernel config
2012/2/28 Steve Wills : > -BEGIN PGP SIGNED MESSAGE- > Hash: SHA1 > > On 02/27/12 10:53, Łukasz Wąsikowski wrote: >> W dniu 2012-02-22 23:31, Bjoern A. Zeeb pisze: >> >>> You cannot ship that on by default for non-tecnical reasons in a >>> kernel. Please do not commit a kernel config that can be booted >>> (no LINT cannot be booted) with these on without consulting >>> appropriate hats upfront. >>> >>> - ALTQ - SW_WATCHDOG - QUOTA - IPSTEALTH (disabled in loader.conf) - IPFIREWALL_FORWARD (touches every packet, power users which need a bigger PPS but not this feature can recompile the kernel, discussed with julian@) - FLOWTABLE (disabled in loader.conf) >>> Which is not the same as it's not 100% disabled and will still >>> allocate memory. >> >> FLOWTABLE on 8.x crashed BGP routers (kern/144917). I don't know if >> it is fixed by now, but this kind of potential problematic features >> should not be enabled by default. >> > > Agree, I've run into problems with FLOWTABLE (with just the features > that were enabled by default in 8.0) when routers changed MAC > addresses. As far as I understand it, FLOWTABLE is both broken and > abandoned (but if I'm wrong, please let me know). > > So, IMHO, not only should it not be enabled by default, but given that > it was disabled complete in 8.x after 8.0 (too lazy to look at exactly > when right now), I think it shouldn't even be included, since that > might encourage users to try it out only to encounter problems with it. > > Steve > Definitely yes, I'd some problems too with FLOWTABLE running for router. So I have to disabled in kernel and sysctl. Rgds, -- Lasta Yani ___ freebsd-stable@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-stable To unsubscribe, send any mail to "freebsd-stable-unsubscr...@freebsd.org"
Re: [CFT] modular kernel config
On Wed, Feb 22, 2012 at 8:03 PM, Alexander Leidinger wrote: > Quoting timp (from Tue, 21 Feb 2012 21:56:04 -0800 > (PST)): > >> Sorry, but for loader.conf you need use 'load' instead of 'enable' >> sed -e "s/enable/load/" loader.conf > > > [blush]fixed[/blush] > > Thanks, > Alexander. It's typo too .. net.inet.ip.stealth: IP stealth mode, no TTL decrementation on forwarding In your file's (i386|amd64)__SMALL_loader.conf : # Disable stealth forwarding and flowtable. net.inet.ip.stealt=0 net.inet6.ip6.stealt=0 Rgds, -- ~Lst ___ freebsd-stable@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-stable To unsubscribe, send any mail to "freebsd-stable-unsubscr...@freebsd.org"
Re: vlan and openbgpd
Hi, There might be no one had same experience with me, or should I ask to another (freebsd-net@) or..? On Sun, May 9, 2010 at 5:28 AM, ~Lst wrote: > Hi, > > I had an experienced in FreeBSD 8.0 (not with FreeBSD 7.3), that if we > removed any vlan in any interfaces it makes sessions in openbgpd with > connect but never get established. > The logs only said like this, ``received notification: HoldTimer > expired, unknown subcode 0'' and ``socket error: Connection refused'' > and ``socket error: No route to host''. > When I tried to ping to the neighbor, it worked fine. I tried to > restart daemon openbgpd but sessions never established, then I should > to reboot our router and the session was established. > > Does anyone have same experienced with me ? > Rgds, -- ~Lst ___ freebsd-stable@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-stable To unsubscribe, send any mail to "freebsd-stable-unsubscr...@freebsd.org"
vlan and openbgpd
Hi, I had an experienced in FreeBSD 8.0 (not with FreeBSD 7.3), that if we removed any vlan in any interfaces it makes sessions in openbgpd with connect but never get established. The logs only said like this, ``received notification: HoldTimer expired, unknown subcode 0'' and ``socket error: Connection refused'' and ``socket error: No route to host''. When I tried to ping to the neighbor, it worked fine. I tried to restart daemon openbgpd but sessions never established, then I should to reboot our router and the session was established. Does anyone have same experienced with me ? Rgds, -- ~Lst ___ freebsd-stable@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-stable To unsubscribe, send any mail to "freebsd-stable-unsubscr...@freebsd.org"
FreeBSD local r00t zeroday
Hello all, What d'you think about this ? http://seclists.org/fulldisclosure/2009/Nov/371 Rgds, -- ~Lst ___ freebsd-stable@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-stable To unsubscribe, send any mail to "freebsd-stable-unsubscr...@freebsd.org"
