Re: Welcome to Hell / Mysterious networking troubles on FreeBSD
On Fri, 23 Nov 2007 23:59:41 +0200 "Joel V." <[EMAIL PROTECTED]> wrote: > Hello all, > > I'm not experiencing this problem, my friend is. He's simply too > pissed off to write here and I'm afraid he's going to set his office > on fire if he doesn't solve the problem soon, so without further ado, > here's the problem: > > He has two fbsd boxes, main server running 6.1 and dns server running > 4.3. He has 4 public IPs which he can use and the main server is > running on x.x.x.122. He's main box is NOT acting as a gateway/NAT > box in the office. Today he noticed that net is getting awfully slow. > Sometimes there would be 50% pl when pinging, sometimes pinging would > be all OK, but SSH is dead-slow and the webpages running on the main > server are not displaying. E-mails are not going through. He calls > the ISP, who say that his network is showing major uploading > activity. He switches off networking services one by one in the main > box but situation does not improve. He disconnects the main server > and puts a windows xp box instead, which seems to run fine. He puts > back the freebsd box, disables all networking services again except > for SSH and connects the network: instant 100% networking slow-down. > He tried to change the switch, thinking it's faulty. He disconnect > every other computer in the office from the network: nothing. He put > the public IP address on the second, internal network NIC: same > thing. Now it gets really mysterious: he puts the old dns server with > the x.x.x.122 IP and instantly it becomes slow as death. The logical > conclusion would be that someone is flooding that IP? Only the > windows xp box seemed to work fine and the ISP guy said it was upload > bandwidth that was excessive... > > Netstat -a doesn't show anything interesting, arp -a doesn't show any > incomplete addresses He tried to build and install a new fresh kernel. > Nothing. This is the most creepy networking problem I've heard of. > Can YOU help? Any ideas where to start looking? Not enough information (a bit hard to extract from above...) To date I remember experiencing only 2 causes that had symptoms very similar to your buddie's: 0. DDoS attack -- started suddenly one day after I scanned some spammer's gateway with Nessus (or just nmap? can't remember); 1. All my home network is 10/100, but workstation has a Gigabit NIC, Marvell Yukon 88E8056, using their driver myk(4) [thanks, Marvell! but where is the source code? ;)]. Right after I replaced an old 10/100 switch by a gigabit one, the network speed dropped to less than 100 kbytes/s. Turns out the NIC began autonegotiating to 1000baseTX for some reason. Setting media manually to 100baseTX improved things to my satisfaction. > I'm not in the freebsd-hackers list, so if you want the e-mail to > reach me, send a copy to [EMAIL PROTECTED] > > Thank you in advance! > Joel [SorAlx] ridin' VS1400 ___ freebsd-hackers@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-hackers To unsubscribe, send any mail to "[EMAIL PROTECTED]"
Re: a strange/stupid question
2007/11/24, Aryeh Friedman <[EMAIL PROTECTED]>: > Where do I find the main() [and/or other entery point] for the > kernel I tend to understand stuff better if I follow the flow of > exec from the start It is highly MD. For IA32 it is in i386/i386/locore.s::btext Attilio -- Peace can only be achieved by understanding - A. Einstein ___ freebsd-hackers@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-hackers To unsubscribe, send any mail to "[EMAIL PROTECTED]"
Re: a strange/stupid question
Aryeh Friedman wrote: On 11/24/07, Attilio Rao <[EMAIL PROTECTED]> wrote: 2007/11/24, Aryeh Friedman <[EMAIL PROTECTED]>: Where do I find the main() [and/or other entery point] for the kernel I tend to understand stuff better if I follow the flow of exec from the start It is highly MD. For IA32 it is in i386/i386/locore.s::btext For AMD64 I assume something close to that... I just relized that I actually want to understand everything from POST on (actually from power on but I know that is very mobo dependant) so I guess the question is where do I find the first executed statement for BTX (I know how to disamble the MBR so that part is not an issue) ___ freebsd-hackers@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-hackers To unsubscribe, send any mail to "[EMAIL PROTECTED]" As Attilio said: for the kernel, execution starts (for the x86) in /usr/src/sys/i386/i386/locore.s at around line 205. look for: /** * * This is where the bootblocks start us, set the ball rolling... * */ NON_GPROF_ENTRY(btext) it then skips to sys/kern/init_main.c (mi_startup) (from memory) and that jumps back to machdep.c (cpu_startup()) I suggest of course that you also read the bootblocks. ___ freebsd-hackers@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-hackers To unsubscribe, send any mail to "[EMAIL PROTECTED]"
Re: a strange/stupid question
2007/11/24, Aryeh Friedman <[EMAIL PROTECTED]>: > On 11/24/07, Attilio Rao <[EMAIL PROTECTED]> wrote: > > 2007/11/24, Aryeh Friedman <[EMAIL PROTECTED]>: > > > Where do I find the main() [and/or other entery point] for the > > > kernel I tend to understand stuff better if I follow the flow of > > > exec from the start > > > > It is highly MD. > > For IA32 it is in i386/i386/locore.s::btext > > For AMD64 I assume something close to that... > > I just relized that I actually want to understand everything from POST > on (actually from power on but I know that is very mobo dependant) so > I guess the question is where do I find the first executed statement > for BTX (I know how to disamble the MBR so that part is not an issue) It should be: boot/i386/boot0/boot0.S::start Attilio -- Peace can only be achieved by understanding - A. Einstein ___ freebsd-hackers@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-hackers To unsubscribe, send any mail to "[EMAIL PROTECTED]"
Re: a strange/stupid question
On 11/24/07, Attilio Rao <[EMAIL PROTECTED]> wrote: > 2007/11/24, Aryeh Friedman <[EMAIL PROTECTED]>: > > Where do I find the main() [and/or other entery point] for the > > kernel I tend to understand stuff better if I follow the flow of > > exec from the start > > It is highly MD. > For IA32 it is in i386/i386/locore.s::btext For AMD64 I assume something close to that... I just relized that I actually want to understand everything from POST on (actually from power on but I know that is very mobo dependant) so I guess the question is where do I find the first executed statement for BTX (I know how to disamble the MBR so that part is not an issue) ___ freebsd-hackers@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-hackers To unsubscribe, send any mail to "[EMAIL PROTECTED]"
a strange/stupid question
Where do I find the main() [and/or other entery point] for the kernel I tend to understand stuff better if I follow the flow of exec from the start ___ freebsd-hackers@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-hackers To unsubscribe, send any mail to "[EMAIL PROTECTED]"
Re: Welcome to Hell / Mysterious networking troubles on FreeBSD
Joel V. wrote: Netstat -a doesn't show anything interesting, arp -a doesn't show any incomplete addresses He tried to build and install a new fresh kernel. Nothing. This is the most creepy networking problem I've heard of. Can YOU help? Any ideas where to start looking? tcpdump you need 5 seconds of packet capture on the approproate interface tcpdump -s0 -wcapture.out -i (interface) wait 5 seconds ^C then you can talk with authority about what IS and IS NOT happenning on his network. Thank you in advance! Joel ___ freebsd-hackers@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-hackers To unsubscribe, send any mail to "[EMAIL PROTECTED]" ___ freebsd-hackers@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-hackers To unsubscribe, send any mail to "[EMAIL PROTECTED]"
Welcome to Hell / Mysterious networking troubles on FreeBSD
Hello all, I'm not experiencing this problem, my friend is. He's simply too pissed off to write here and I'm afraid he's going to set his office on fire if he doesn't solve the problem soon, so without further ado, here's the problem: He has two fbsd boxes, main server running 6.1 and dns server running 4.3. He has 4 public IPs which he can use and the main server is running on x.x.x.122. He's main box is NOT acting as a gateway/NAT box in the office. Today he noticed that net is getting awfully slow. Sometimes there would be 50% pl when pinging, sometimes pinging would be all OK, but SSH is dead-slow and the webpages running on the main server are not displaying. E-mails are not going through. He calls the ISP, who say that his network is showing major uploading activity. He switches off networking services one by one in the main box but situation does not improve. He disconnects the main server and puts a windows xp box instead, which seems to run fine. He puts back the freebsd box, disables all networking services again except for SSH and connects the network: instant 100% networking slow-down. He tried to change the switch, thinking it's faulty. He disconnect every other computer in the office from the network: nothing. He put the public IP address on the second, internal network NIC: same thing. Now it gets really mysterious: he puts the old dns server with the x.x.x.122 IP and instantly it becomes slow as death. The logical conclusion would be that someone is flooding that IP? Only the windows xp box seemed to work fine and the ISP guy said it was upload bandwidth that was excessive... Netstat -a doesn't show anything interesting, arp -a doesn't show any incomplete addresses He tried to build and install a new fresh kernel. Nothing. This is the most creepy networking problem I've heard of. Can YOU help? Any ideas where to start looking? I'm not in the freebsd-hackers list, so if you want the e-mail to reach me, send a copy to [EMAIL PROTECTED] Thank you in advance! Joel ___ freebsd-hackers@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-hackers To unsubscribe, send any mail to "[EMAIL PROTECTED]"
Re: amrd disk performance drop after running under high load
Kris Kennaway wrote: what is your RAID controller configuration (read ahead/cache/write policy)? I have seen weird/bogus numbers (~100% busy) reported by systat -v when read ahead was enabled on LSI/amr controllers. I tried to run with disabled Read-ahead, but it didn't help. I just ran into this myself, and apparently it can be caused by "Patrol Reads" where the adapter periodically scans the disks to look for media errors. You can turn this off using -stopPR with the megarc gg port. Oops, -disPR is the correct command to disable, -stopPR just halts a PR event in progress. Wow! Really disabling Patrol Reads solves the problem. Thank you! I have many amrd's and all of them appear to have Patrol Reads enabled by default. But the problem happenes only on three of them. Is this a hardware problem? With best regards, Alexey Popov ___ freebsd-hackers@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-hackers To unsubscribe, send any mail to "[EMAIL PROTECTED]"
List reposts from mx.kash.tomsk.ru
Could the admin of mx.kash.tomsk.ru (presumably, he's reading this list) please turn off "reposts" for mails delivered to him/her via this list? The address the mail is getting delivered to (and which reinjects it for [EMAIL PROTECTED] and possibly other mail addresses, in the case of the mail mentioned below, also reinjected the mail for delivery to [EMAIL PROTECTED]) is <[EMAIL PROTECTED]>. All this means I'm getting some (not all) mails twice on -hackers, once directly from mx.freebsd.org, once reinjected into mx.freebsd.org after being delivered to the above mentioned host. The extracted header info from the repost is the following: --- Received: from mx2.freebsd.org (mx2.freebsd.org [69.147.83.53]) by mail.beenic.net (Postfix) with ESMTP id A357BA44529 for <[EMAIL PROTECTED]>; Fri, 23 Nov 2007 11:49:46 +0100 (CET) Received: from hub.freebsd.org (hub.freebsd.org [IPv6:2001:4f8:fff6::36]) by mx2.freebsd.org (Postfix) with ESMTP id 5A3F05CBD1; Fri, 23 Nov 2007 10:56:03 + (UTC) (envelope-from [EMAIL PROTECTED]) Received: from hub.freebsd.org (localhost [127.0.0.1]) by hub.freebsd.org (Postfix) with ESMTP id 4007A16A47D; Fri, 23 Nov 2007 10:56:03 + (UTC) (envelope-from [EMAIL PROTECTED]) Delivered-To: [EMAIL PROTECTED] Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 0181B16A421; Fri, 23 Nov 2007 10:55:57 + (UTC) (envelope-from [EMAIL PROTECTED]) Received: from mx.kash.tomsk.ru (ns2.kash.tomsk.ru [88.204.35.2]) by mx1.freebsd.org (Postfix) with ESMTP id 1F75613C467; Fri, 23 Nov 2007 10:55:56 + (UTC) (envelope-from [EMAIL PROTECTED]) Received: by mx.kash.tomsk.ru (Postfix, from userid 0) id A93E1DAE72; Fri, 23 Nov 2007 16:55:38 +0600 (NOVT) Received: from mx2.freebsd.org (mx2.freebsd.org [69.147.83.53]) by mx.kash.tomsk.ru (Postfix) with ESMTP id 4C99DDAE68 for <[EMAIL PROTECTED]>; Fri, 23 Nov 2007 16:55:37 +0600 (NOVT) Received: from hub.freebsd.org (hub.freebsd.org [IPv6:2001:4f8:fff6::36]) by mx2.freebsd.org (Postfix) with ESMTP id 32AF3B9A09; Fri, 23 Nov 2007 10:54:08 + (UTC) (envelope-from [EMAIL PROTECTED]) Received: from hub.freebsd.org (localhost [127.0.0.1]) by hub.freebsd.org (Postfix) with ESMTP id 80F4716A49C; Fri, 23 Nov 2007 10:54:07 + (UTC) (envelope-from [EMAIL PROTECTED]) Delivered-To: freebsd-hackers@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 71C3F16A418; Fri, 23 Nov 2007 10:53:55 + (UTC) (envelope-from [EMAIL PROTECTED]) Received: from weak.local (pointyhat.freebsd.org [IPv6:2001:4f8:fff6::2b]) by mx1.freebsd.org (Postfix) with ESMTP id A2A6513C468; Fri, 23 Nov 2007 10:53:53 + (UTC) (envelope-from [EMAIL PROTECTED]) --- The original (equivalent) mail I received directly was: --- Received: from mx2.freebsd.org (mx2.freebsd.org [69.147.83.53]) by mail.beenic.net (Postfix) with ESMTP id 7D2C2A44529 for <[EMAIL PROTECTED]>; Fri, 23 Nov 2007 11:48:20 +0100 (CET) Received: from hub.freebsd.org (hub.freebsd.org [IPv6:2001:4f8:fff6::36]) by mx2.freebsd.org (Postfix) with ESMTP id 257ABB96AF; Fri, 23 Nov 2007 10:54:05 + (UTC) (envelope-from [EMAIL PROTECTED]) Received: from hub.freebsd.org (localhost [127.0.0.1]) by hub.freebsd.org (Postfix) with ESMTP id 0DDDC16A418; Fri, 23 Nov 2007 10:54:05 + (UTC) (envelope-from [EMAIL PROTECTED]) Delivered-To: freebsd-hackers@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 71C3F16A418; Fri, 23 Nov 2007 10:53:55 + (UTC) (envelope-from [EMAIL PROTECTED]) Received: from weak.local (pointyhat.freebsd.org [IPv6:2001:4f8:fff6::2b]) by mx1.freebsd.org (Postfix) with ESMTP id A2A6513C468; Fri, 23 Nov 2007 10:53:53 + (UTC) (envelope-from [EMAIL PROTECTED]) --- (which clearly has the same headers as the repost until after Mailman starts delivering it over the mailinglist). Thanks. -- Heiko Wundram Product & Application Development ___ freebsd-hackers@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-hackers To unsubscribe, send any mail to "[EMAIL PROTECTED]"
Re: amrd disk performance drop after running under high load
Alexey Popov wrote: Kris Kennaway wrote: what is your RAID controller configuration (read ahead/cache/write policy)? I have seen weird/bogus numbers (~100% busy) reported by systat -v when read ahead was enabled on LSI/amr controllers. I tried to run with disabled Read-ahead, but it didn't help. I just ran into this myself, and apparently it can be caused by "Patrol Reads" where the adapter periodically scans the disks to look for media errors. You can turn this off using -stopPR with the megarc gg port. Oops, -disPR is the correct command to disable, -stopPR just halts a PR event in progress. Wow! Really disabling Patrol Reads solves the problem. Thank you! I have many amrd's and all of them appear to have Patrol Reads enabled by default. But the problem happenes only on three of them. Is this a hardware problem? I am not sure, maybe for some reason the patrol reads are not interfering with other disk I/O so much (e.g. the hardware prioritises them differently or something). Anyway, glad to hear it was resolved. Kris ___ freebsd-hackers@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-hackers To unsubscribe, send any mail to "[EMAIL PROTECTED]"
