Re: [Xen-devel] Re: Panic in ipt_do_table with 2.6.16.13-xen

public inbox for linux-kernel@vger.kernel.org
 help / color / mirror / Atom feed

From: Matt Ayres <matta@tektonic.net>
To: James Morris <jmorris@namei.org>
Cc: "xen-devel@lists.xensource.com" <xen-devel@lists.xensource.com>,
	Netfilter Development Mailinglist 
	<netfilter-devel@lists.netfilter.org>,
	Patrick McHardy <kaber@trash.net>,
	Linux Kernel Mailing List <linux-kernel@vger.kernel.org>
Subject: Re: [Xen-devel] Re: Panic in ipt_do_table with 2.6.16.13-xen
Date: Thu, 18 May 2006 19:58:05 -0400	[thread overview]
Message-ID: <446D0A0D.5090608@tektonic.net> (raw)
In-Reply-To: <Pine.LNX.4.64.0605161127030.16379@d.namei>



James Morris wrote:
> On Tue, 16 May 2006, Matt Ayres wrote:
> 
>>>> My ruleset is pretty bland.  2 rules in the raw table to tell the system
>>>> to
>>>> only track my forwarded ports, 2 rules in the nat table for forwarding
>>>> (intercepting) 2 ports, and then in the FORWARD tables 2 rules per VM to
>>>> just
>>>> account traffic.
>>> Can you try using a different NIC?
>>>
>> This happens on 30 different hosts.  Using the same kernel I get varying
>> uptime of "hasn't crashed since the upgrade to 2.6.16" to "crashes every day".
>> All are Tyan S2882D boards w/ integrated Tigon3.  The trace I posted to this
>> thread indicate tg3, but in many other traces I have the trace doesn't include
>> any driver calls.  They all panic in ipt_do_table.  I would have pasted the
>> others, but I didn't save the System.map for either of them and they are all
>> pretty similar.
> 
> I'm trying to suggest eliminating this driver & possible interaction with 
> Xen network changes as a cause.  If you can find a different type of NIC 
> to plug in and use, or even try and change all of the params for the tg3 
> with ethtool, it'll help.
> 

Hi,

Thank you for the assistance. Which parameters do you suggest changing? 
  TSO/flow control off?

Here is my ruleset for those interested:

# iptables -t raw -L -v
Chain OUTPUT (policy ACCEPT 27441 packets, 4832K bytes)
  pkts bytes target     prot opt in     out     source 
destination

Chain PREROUTING (policy ACCEPT 195M packets, 156G bytes)
  pkts bytes target     prot opt in     out     source 
destination
1332K  144M NOTRACK   !tcp  --  any    any     anywhere 
anywhere
    54  5293 ACCEPT     tcp  --  any    any     anywhere 
anywhere            tcp dpt:7373
  4564  223K ACCEPT     tcp  --  any    any     anywhere 
anywhere            tcp dpt:7322
  194M  156G NOTRACK    tcp  --  any    any     anywhere 
anywhere            tcp dpt:!7373
  194M  156G NOTRACK    tcp  --  any    any     anywhere 
anywhere            tcp dpt:!7322

# iptables -t nat -L -v
Chain OUTPUT (policy ACCEPT 2114 packets, 155K bytes)
  pkts bytes target     prot opt in     out     source 
destination

Chain POSTROUTING (policy ACCEPT 2114 packets, 155K bytes)
  pkts bytes target     prot opt in     out     source 
destination

Chain PREROUTING (policy ACCEPT 0 packets, 0 bytes)
  pkts bytes target     prot opt in     out     source 
destination
     6   344 DNAT       tcp  --  eth0   any     anywhere 
anywhere            tcp dpt:7373 to:host.ip.address:443
     8   408 DNAT       tcp  --  eth0   any     anywhere 
anywhere            tcp dpt:7322 to:host.ip.address:22


iptables -L -v just shows 2 rules per Virtual Machine for accounting. 
This averages about 100 rules in the FORWARD chain.  Example:

# iptables -L -v
Chain FORWARD (policy ACCEPT 195M packets, 156G bytes)
  pkts bytes target     prot opt in     out     source 
destination
     0     0            all  --  any    any     xx.xx.xx.xx 
  anywhere
     0     0            all  --  any    any     anywhere 
xx.xx.xx.xx

next prev parent reply	other threads:[~2006-05-18 23:58 UTC|newest]

Thread overview: 20+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2006-05-15 17:46 Panic in ipt_do_table with 2.6.16.13-xen Matt Ayres
2006-05-15 19:27 ` Patrick McHardy
2006-05-16  0:01   ` Matt Ayres
2006-05-16  3:31     ` James Morris
2006-05-16 13:49       ` [Xen-devel] " Matt Ayres
2006-05-16 15:28         ` James Morris
2006-05-18 23:58           ` Matt Ayres [this message]
2006-05-19  0:05             ` James Morris
2006-05-19  0:16               ` Matt Ayres
2006-05-19  0:45                 ` Matt Ayres
2006-05-21 17:43                   ` Patrick McHardy
2006-05-22 14:31                     ` Matt Ayres
2006-05-22 14:42                       ` Keir Fraser
2006-05-22 14:43                       ` Patrick McHardy
2006-05-23  9:54                         ` Keir Fraser
2006-05-23 12:03                           ` Matt Ayres
2006-05-23 21:15                         ` Keir Fraser
2006-05-23 21:23                           ` Matt Ayres
2006-05-23 21:27                             ` Keir Fraser
2006-05-24  7:16                               ` Gerd Hoffmann

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=446D0A0D.5090608@tektonic.net \
    --to=matta@tektonic.net \
    --cc=jmorris@namei.org \
    --cc=kaber@trash.net \
    --cc=linux-kernel@vger.kernel.org \
    --cc=netfilter-devel@lists.netfilter.org \
    --cc=xen-devel@lists.xensource.com \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link

Be sure your reply has a Subject: header at the top and a blank line before the message body.

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox