From nobody@FreeBSD.org  Tue Apr 29 08:45:14 2008
Return-Path: <nobody@FreeBSD.org>
Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34])
	by hub.freebsd.org (Postfix) with ESMTP id 15EAE1065674
	for <freebsd-gnats-submit@FreeBSD.org>; Tue, 29 Apr 2008 08:45:14 +0000 (UTC)
	(envelope-from nobody@FreeBSD.org)
Received: from www.freebsd.org (www.freebsd.org [IPv6:2001:4f8:fff6::21])
	by mx1.freebsd.org (Postfix) with ESMTP id F36AE8FC17
	for <freebsd-gnats-submit@FreeBSD.org>; Tue, 29 Apr 2008 08:45:13 +0000 (UTC)
	(envelope-from nobody@FreeBSD.org)
Received: from www.freebsd.org (localhost [127.0.0.1])
	by www.freebsd.org (8.14.2/8.14.2) with ESMTP id m3T8ib25010272
	for <freebsd-gnats-submit@FreeBSD.org>; Tue, 29 Apr 2008 08:44:37 GMT
	(envelope-from nobody@www.freebsd.org)
Received: (from nobody@localhost)
	by www.freebsd.org (8.14.2/8.14.1/Submit) id m3T8ibQZ010271;
	Tue, 29 Apr 2008 08:44:37 GMT
	(envelope-from nobody)
Message-Id: <200804290844.m3T8ibQZ010271@www.freebsd.org>
Date: Tue, 29 Apr 2008 08:44:37 GMT
From: Basil <zaulychny@yahoo.com>
To: freebsd-gnats-submit@FreeBSD.org
Subject: Server failure due to netgraph mpd and dhcpclient
X-Send-Pr-Version: www-3.1
X-GNATS-Notify:

>Number:         123200
>Category:       kern
>Synopsis:       [netgraph] Server failure due to netgraph mpd and dhcpclient
>Confidential:   no
>Severity:       serious
>Priority:       high
>Responsible:    freebsd-net
>State:          closed
>Quarter:        
>Keywords:       
>Date-Required:  
>Class:          sw-bug
>Submitter-Id:   current-users
>Arrival-Date:   Tue Apr 29 08:50:00 UTC 2008
>Closed-Date:    Sat Jan 31 13:54:35 UTC 2009
>Last-Modified:  Sat Jan 31 13:54:35 UTC 2009
>Originator:     Basil
>Release:        6.3
>Organization:
CCU
>Environment:
FreeBSD axe.tgh.kiev.ua 6.3-RELEASE FreeBSD 6.3-RELEASE #2: Thu Mar 27 17:43:21 EET 2008     root@axe.tgh.kiev.ua:/usr/src/sys/i386/compile/axe  i386
>Description:
Server has two network cards rl0 and fxp0 (all hardware tested and new.
It works fine before). fxp0 is for LAN, rl0 is on ISP's non-public network
(10.0.0.1/16) configured via DHCP (dhclient: rl0 (dhclient)). Internet
access granted via VPN protocol (mpd5 or mpd4 or even mpd). After booting
has finished server has such ifconfig output: 

rl0: flags=8843<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST> mtu 1500        
        options=8<VLAN_MTU>                                             
        inet 10.24.7.250 netmask 0xfffffc00 broadcast 10.24.7.255       
        ether 00:13:d4:dd:94:4c                                         
        media: Ethernet autoselect (100baseTX <full-duplex>)            
        status: active                                                  
fxp0: flags=8843<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST> mtu 1500       
        options=b<RXCSUM,TXCSUM,VLAN_MTU>                               
        inet 192.168.0.101 netmask 0xffffff00 broadcast 192.168.0.255   
        inet 192.168.2.1 netmask 0xffffff00 broadcast 192.168.2.255     
        inet 192.168.100.1 netmask 0xffffff00 broadcast 192.168.100.255 
        inet 10.113.0.200 netmask 0xffffff00 broadcast 10.113.0.255     
        inet 192.168.0.199 netmask 0xffffff00 broadcast 192.168.0.255   
        inet 192.168.0.1 netmask 0xffffff00 broadcast 192.168.0.255     
        ether 00:02:b3:bc:32:2b                                         
        media: Ethernet autoselect (100baseTX <full-duplex>)            
        status: active                                                  
plip0: flags=108810<POINTOPOINT,SIMPLEX,MULTICAST,NEEDSGIANT> mtu 1500  
lo0: flags=8049<UP,LOOPBACK,RUNNING,MULTICAST> mtu 16384                
        inet 127.0.0.1 netmask 0xff000000                               
ng0: flags=88d1<UP,POINTOPOINT,RUNNING,NOARP,SIMPLEX,MULTICAST> mtu 1416
        inet 83.170.252.222 --> 85.223.129.9 netmask 0xffffffff         

All works fine. Netgraph compiled into kernel statically (see kern conf below) 

machine         i386                                                            
#cpu            I486_CPU                                                        
#cpu            I586_CPU                                                        
cpu             I686_CPU                                                        
ident           axe                                                             
                                                                                
# To statically compile in device wiring instead of /boot/device.hints          
#hints          "GENERIC.hints"         # Default places to look for devices.   
                                                                                
makeoptions     DEBUG=-g                # Build kernel with gdb(1) debug symbols
                                                                                
#options        SCHED_ULE               # ULE scheduler                         
options         SCHED_4BSD              # 4BSD scheduler                        
options         PREEMPTION              # Enable kernel thread preemption       
options         INET                    # InterNETworking                       
options         IPFIREWALL                      # InterNETworking               
options         IPFIREWALL_VERBOSE                      # InterNETworking       
options         IPFIREWALL_VERBOSE_LIMIT=100                                    
options         IPFIREWALL_FORWARD                      # InterNETworking       
options         IPDIVERT                                                        
options         IPFIREWALL_DEFAULT_TO_ACCEPT                                    
options         DUMMYNET                        # InterNETworking               
                                                                                
options         LIBALIAS                                                  
                                                                          
# altq(9). Enable the base part of the hooks with the ALTQ option.        
# Individual disciplines must be built into the base system and can not be
# loaded as modules at this point. In order to build a SMP kernel you must
# also have the ALTQ_NOPCC option.                                        
options         ALTQ                                                      
options         ALTQ_CBQ        # Class Bases Queueing                    
options         ALTQ_RED        # Random Early Detection                  
options         ALTQ_RIO        # RED In/Out                              
options         ALTQ_HFSC       # Hierarchical Packet Scheduler           
options         ALTQ_CDNR       # Traffic conditioner                     
options         ALTQ_PRIQ       # Priority Queueing                       
options         ALTQ_NOPCC      # Required for SMP build                  
options         ALTQ_DEBUG                                                
                                                                          
# netgraph(4). Enable the base netgraph code with the NETGRAPH option.    
# Individual node types can be enabled with the corresponding option      
# listed below; however, this is not strictly necessary as netgraph       
# will automatically load the corresponding KLD module if the node type   
# is not already compiled into the kernel. Each type below has a          
# corresponding man page, e.g., ng_async(8).                              
options         NETGRAPH                # netgraph(4) system              
options         NETGRAPH_DEBUG          # enable extra debugging, this    
                                        # affects netgraph(4) and nodes   
# Node types                                                              
options         NETGRAPH_ASYNC                                            
#options         NETGRAPH_ATMLLC                                          
#options         NETGRAPH_ATM_ATMPIF                                      
#options         NETGRAPH_BLUETOOTH              # ng_bluetooth(4)        
#options         NETGRAPH_BLUETOOTH_BT3C         # ng_bt3c(4)             
#options         NETGRAPH_BLUETOOTH_H4           # ng_h4(4)               
#options         NETGRAPH_BLUETOOTH_HCI          # ng_hci(4)              
#options         NETGRAPH_BLUETOOTH_L2CAP        # ng_l2cap(4)            
#options         NETGRAPH_BLUETOOTH_SOCKET       # ng_btsocket(4)         
#options         NETGRAPH_BLUETOOTH_UBT          # ng_ubt(4)              
#options         NETGRAPH_BLUETOOTH_UBTBCMFW     # ubtbcmfw(4)            
options         NETGRAPH_BPF                                              
options         NETGRAPH_BRIDGE                                           
options         NETGRAPH_CISCO                                            
options         NETGRAPH_DEFLATE                                          
options         NETGRAPH_DEVICE                                           
options         NETGRAPH_ECHO                                             
options         NETGRAPH_EIFACE                                           
options         NETGRAPH_ETHER                                            
options         NETGRAPH_FEC                                              
options         NETGRAPH_FRAME_RELAY                                      
options         NETGRAPH_GIF                                              
options         NETGRAPH_GIF_DEMUX                                        
options         NETGRAPH_HOLE                                             
options         NETGRAPH_IFACE                                            
options         NETGRAPH_IP_INPUT                                         
options         NETGRAPH_IPFW                                             
options         NETGRAPH_KSOCKET                                          
options         NETGRAPH_L2TP                                             
options         NETGRAPH_LMI                                              
# MPPC compression requires proprietary files (not included)              
#options        NETGRAPH_MPPC_COMPRESSION                                 
options         NETGRAPH_MPPC_ENCRYPTION                                  
options         NETGRAPH_NETFLOW                                          
options         NETGRAPH_NAT        
options         NETGRAPH_ONE2MANY                                         
options         NETGRAPH_PPP    
options         NETGRAPH_PPPOE  
options         NETGRAPH_PPTPGRE
options         NETGRAPH_PRED1  
options         NETGRAPH_RFC1490
options         NETGRAPH_SOCKET 
options         NETGRAPH_SPLIT  
options         NETGRAPH_SPPP   
options         NETGRAPH_TAG    
options         NETGRAPH_TCPMSS 
options         NETGRAPH_TEE    
options         NETGRAPH_TTY    
options         NETGRAPH_UI     
options         NETGRAPH_VJC    

The failure leads to server reboot after some non-constant time period
(3-9 days). More over, some time ago when server has not statically
compiled netgraph into kernel it simply crashes (no reboot) and not
responding even on keyboard!

It seems to me that netgraph module leads to memory leak and kernel
killing all working processes, because server responds only on ACPI
power button pressing writing on display message.

After some searching in the Internet I have found some issues about
similar problem where people have point on DHCP+MPD+NETGRAPH failure
(They simply kill mpd from dhclient-script to vanish the problem)

So problem still open :(
>How-To-Repeat:
Setup VPN via DHCP configured eth using mpd5 on Freebsd 6.x server
>Fix:
To vanish silent crash of server you must compile statically netgraph
into kernel.  This unfortunately not solve the periodical reboot of
server due to kernel panic...

>Release-Note:
>Audit-Trail:
State-Changed-From-To: open->feedback 
State-Changed-By: vwe 
State-Changed-When: Tue Apr 29 20:28:08 UTC 2008 
State-Changed-Why:  

At the very first look on your configuration, I've seen one misconfiguration 
which might cause problems: You're using a netmask greater than /32 for alias 
addresses on same subnet (take a look at I/F fxp0 addresses 192.168.0.101, 
192.168.0.199 and 192.168.0.1 share the same subnet (/24) and all three have 
a netmask of /24. Only one should have a /24, the others should be created 
as /32. 
If you're experiencing kernel panics, please provide us with the kernel dump 
(panic message AND the backtrace). 
If you don't get a panic, please recompile your kernel with WITNESS enabled 
and show us the witness messages. 
Also please explain a bit about your DHCP issue (to me it's unclear what role 
dhcp_client may play here). Do you start mpd from the DHCP script of vice versa? 
Please show us your mpd configuration. Also a look to the routing table might 
be useful. 
Anyway we need the panic message and a backtrace to analyze or witness
messages. 
Problem does not seem to be i386 related - reclassify. 


Responsible-Changed-From-To: freebsd-i386->freebsd-bugs 
Responsible-Changed-By: vwe 
Responsible-Changed-When: Tue Apr 29 20:28:08 UTC 2008 
Responsible-Changed-Why:  

set to feedback 

http://www.freebsd.org/cgi/query-pr.cgi?pr=123200 

From: Basil Zaulychny <zaulychny@yahoo.com>
To: bug-followup@FreeBSD.org, zaulychny@yahoo.com
Cc:  
Subject: Re: kern/123200: Server failure due to netgraph mpd and dhcpclient
Date: Mon, 19 May 2008 11:57:25 -0700 (PDT)

 --0-659038347-1211223445=:97365
 Content-Type: text/plain; charset=us-ascii
 
  Hello guys,
 
 >At the very first look on your configuration, I've seen one misconfiguration 
 >which might cause problems: You're using a netmask greater than /32 for alias 
 >addresses on same subnet (take a look at I/F fxp0 addresses 192.168.0.101, 
 >192.168.0.199 and 192.168.0.1 share the same subnet (/24) and all three have 
 >a netmask of /24. Only one should have a /24, the others should be created 
 >as /32.
 
 I have corrected configuration according to above mentioned notice and
 switch on the dump capabilites but all of this result in dead server
 crash without reboot and without dump (no files like vmcore.0 etc. no
 dump found server have said) after 2 days of uptime! :(

 I have reconfigured server back, so until  now server may crash but
 with the following reboot.
 
 Next time I'll try WITNESS  option enabled.
 
 >Also please explain a bit about your DHCP issue (to me it's unclear what role 
 >dhcp_client may play here). 

 Some people claim that similar failure on Freebsd 6.x is due to Netgraph
 DHCP (dhclient)  interaction... (They suspect bug inside netgraph )

 >Do you start mpd from the DHCP script of vice versa? 

 No. mpd starts from rc.conf

 >Please show us your mpd configuration. Also a look to the routing table might 
 >be useful. 
 
  mpd.conf  (mpd5)
 ====================
 default:           
    load vpn        
    load pptp_server
 
 vpn:                                                  
         create bundle static B1                       
         set bundle disable noretry                    
         set iface route default                       
         set iface enable tcpmssfix                    
         set iface idle 0                              
         set iface enable nat                          
         set iface up-script /home/basil/inet.sh       
         set ipcp ranges 0.0.0.0/0 0.0.0.0/0           
         create link static L1 pptp                    
         set link action bundle B1                     
         set auth authname mylogin@my.isp.com
         set link max-redial 0                         
         set link mtu 1416                             
         set link keep-alive 20 75                     
         set pptp peer 10.0.0.1                        
         set pptp disable windowing                    
         open                      
 
 pptp_server:                                                      
 # Define dynamic IP address pool.                                 
         set ippool add pool1 192.168.8.2 192.168.8.254            
                                                                   
 # Create clonable bundle template named B                         
         create bundle template B                                  
         set iface enable proxy-arp                                
         set iface idle 0                                          
         set iface enable tcpmssfix                                
         set ipcp yes vjcomp                                       
 # Specify IP address pool for dynamic assigment.                  
         set ipcp ranges 192.168.8.1/32 ippool pool1               
         set ipcp dns 192.168.2.1                                  
 #        set ipcp nbns 192.168.1.4                                
 # The five lines below enable Microsoft Point-to-Point encryption 
 # (MPPE) using the ng_mppc(8) netgraph node type.                 
         set bundle enable compression                             
         set ccp yes mppc                                          
         set mppc yes e40                                          
         set mppc yes e128                                         
         set mppc yes stateless                                    
                                                                   
 # Create clonable link template named L                           
         create link template L pptp                               
 # Set bundle template to use                                      
         set link action bundle B                                  
 # Multilink adds some overhead, but gives full 1500 MTU.          
         set link enable multilink                                 
         set link yes acfcomp protocomp                            
         set link no pap chap                                      
         set link enable chap                                      
 # We can use use RADIUS authentication/accounting by including    
 # another config section with label 'radius'.                     
 #       load radius                                               
         set link keep-alive 10 60                                 
 # We reducing link mtu to avoid GRE packet fragmentation.         
         set link mtu 1416                                         
 # Configure PPTP                                                  
         set pptp self 10.113.0.200                                
 #        set pptp self 192.168.0.101                              
 # Allow to accept calls                                           
         set link enable incoming                                  
                                                                                       
 ====================
 
 netstat -rn
 ----------------------------------------------
 Internet:                                                                  
 Destination        Gateway            Flags    Refs      Use  Netif Expire 
 default            85.223.129.9       UGS         0 38220149    ng0        
 10/16              link#1             UCS         0        0    rl0        
 10.0.0.1           00:1c:0f:5c:ee:40  UHLW        1 167711651    rl0    251
 10.24.4/22         link#1             UC          0        0    rl0        
 10.24.7.78         00:1d:7d:a4:33:b4  UHLW        1        1    rl0    833 
 10.113/24          link#2             UC          0        0   fxp0 =>     
 10.113/16          10.113.0.1         UGS         0 58324308   fxp0        
 10.113.0.1         00:07:e9:0a:6c:de  UHLW        5       10   fxp0   1200 
 10.113.0.2         00:1d:60:36:96:0d  UHLW        1        3   fxp0        
 10.113.0.6         00:02:44:5f:9c:00  UHLW        1        4   fxp0   1171 
 10.113.0.19        00:13:8f:db:10:43  UHLW        1        2   fxp0        
 10.113.0.35        00:19:db:7b:a3:99  UHLW        1        4   fxp0        
 10.113.0.36        00:02:44:86:00:c4  UHLW        1        6   fxp0   1093 
 10.113.0.41        00:0d:87:58:3e:ad  UHLW        1      135   fxp0   1199 
 10.113.0.99        00:03:47:99:8e:a9  UHLW        1      103   fxp0    136 
 85.223.129.9       83.170.252.218     UH          1        0    ng0        
 127.0.0.1          127.0.0.1          UH          0   522765    lo0        
 192.168.0          link#2             UC          0        0   fxp0        
 192.168.0.1        00:02:b3:bc:32:2b  UHLW        1    10569    lo0        
 192.168.0.3        00:13:77:02:ca:4b  UHLW        1       89   fxp0   1174 
 192.168.0.10       00:04:61:45:e1:9e  UHLW        1  1659931   fxp0    738 
 192.168.0.12       00:11:d8:9e:3c:69  UHLW        1    24059   fxp0        
 192.168.0.18       00:1d:60:2c:33:11  UHLW        1     1959   fxp0    181 
 192.168.0.20       00:13:d4:58:61:49  UHLW        1     2583   fxp0    539 
 192.168.0.26       00:00:21:2c:ee:e0  UHLW        1    17086   fxp0    814 
 192.168.0.27       00:02:44:40:e7:e0  UHLW        1        9   fxp0    821 
 192.168.0.30       00:02:44:74:83:12  UHLW        1  1114763   fxp0   1174 
 192.168.0.31       00:1e:8c:b5:e0:72  UHLW        1  1797609   fxp0   1094 
 192.168.0.47       00:1e:8c:14:55:7d  UHLW        1      415   fxp0    807 
 192.168.0.56       00:0a:48:03:41:f8  UHLW        1    22371   fxp0    423 
 192.168.0.59       00:08:54:39:79:0b  UHLW        1    29435   fxp0   1194 
 192.168.0.60       00:13:d3:6f:a5:97  UHLW        1       55   fxp0   1040 
 192.168.0.70       00:0c:76:ae:84:53  UHLW        1     9759   fxp0    924 
 192.168.0.77       00:13:8f:29:20:23  UHLW        1      188   fxp0   1073 
 192.168.0.99       00:03:47:99:8e:a9  UHLW        1      205   fxp0    256 
 192.168.0.101      00:02:b3:bc:32:2b  UHLW        1        1    lo0        
 192.168.0.111      00:60:97:bc:a3:ad  UHLW        1       55   fxp0   1200 
 192.168.0.201      00:16:d4:ae:af:03  UHLW        1      662   fxp0    985 
 192.168.0.255      ff:ff:ff:ff:ff:ff  UHLWb       1    56772   fxp0        
 192.168.1          10.113.0.1         UGS         0    12222   fxp0        
 192.168.2          link#2             UC          0        0   fxp0        
 192.168.2.1        00:02:b3:bc:32:2b  UHLW        1    10645    lo0        
 192.168.3          10.113.0.1         UGS         0     2412   fxp0        
 192.168.4          10.113.0.1         UGS         0     2387   fxp0        
 192.168.8.6        192.168.8.1        UH          0   134133    ng1        
 192.168.8.10       192.168.8.1        UH          0     3833    ng2        
 192.168.100        link#2             UC          0        0   fxp0        
 192.168.100.7      00:1b:fc:ca:01:38  UHLW        1   156128   fxp0    639 
 
 Best regards,
 Basil Zaulychny
 
 --0-659038347-1211223445=:97365--
Responsible-Changed-From-To: freebsd-bugs->freebsd-net 
Responsible-Changed-By: linimon 
Responsible-Changed-When: Sun Jul 6 09:09:28 UTC 2008 
Responsible-Changed-Why:  
Over to maintainer(s).  Note that some feedback has been received. 

http://www.freebsd.org/cgi/query-pr.cgi?pr=123200 

From: Alexander Motin <mav@FreeBSD.org>
To: bug-followup@FreeBSD.org, zaulychny@yahoo.com
Cc:  
Subject: Re: kern/123200: [netgraph] Server failure due to netgraph mpd and
 dhcpclient
Date: Mon, 07 Jul 2008 21:27:58 +0300

 If I understand right, you are receiving route to you VPN server using 
 DHCP. I think you could get in trouble when DHCP lease time ended and 
 you loose that route making VPN connection route default. In it's place 
 it could cause routing loop by wrapping tunnel inside itself, causing 
 in-kernel recursion loop.
 
 I have some feedbacks that stack protection mechanisms added to stable 
 allow system better handle such case. Could you upgrade you system to 
 the 6-STABLE and try again?
 
 -- 
 Alexander Motin
State-Changed-From-To: feedback->closed 
State-Changed-By: mav 
State-Changed-When: Sat Jan 31 13:52:36 UTC 2009 
State-Changed-Why:  
Patches fixing crashes/freezes on VPN routing loop were merged to 7-STABLE.  

http://www.freebsd.org/cgi/query-pr.cgi?pr=123200 
>Unformatted:
