WARNING - OLD ARCHIVES

This is an archived copy of the Xen.org mailing list, which we have preserved to ensure that existing links to archives are not broken. The live archive, which contains the latest emails, can be found at http://lists.xen.org/
   
 
 
Xen 		  
Home Products Support Community News
 
   
 

xen-devel

[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

Re: [Xen-devel] Re: Panic in ipt_do_table with 2.6.16.13-xen

from [Matt Ayres] [Permanent Link][Original]
To: James Morris <jmorris@xxxxxxxxx>
Subject: Re: [Xen-devel] Re: Panic in ipt_do_table with 2.6.16.13-xen
From: Matt Ayres <matta@xxxxxxxxxxxx>
Date: Thu, 18 May 2006 19:58:05 -0400
Cc: "xen-devel@xxxxxxxxxxxxxxxxxxx" <xen-devel@xxxxxxxxxxxxxxxxxxx>, Netfilter Development Mailinglist <netfilter-devel@xxxxxxxxxxxxxxxxxxx>, Patrick McHardy <kaber@xxxxxxxxx>, Linux Kernel Mailing List <linux-kernel@xxxxxxxxxxxxxxx>
Delivery-date: Thu, 18 May 2006 16:59:00 -0700
Envelope-to: www-data@xxxxxxxxxxxxxxxxxx
In-reply-to: <Pine.LNX.4.64.0605161127030.16379@xxxxxxx>
List-help: <mailto:xen-devel-request@lists.xensource.com?subject=help>
List-id: Xen developer discussion <xen-devel.lists.xensource.com>
List-post: <mailto:xen-devel@lists.xensource.com>
List-subscribe: <http://lists.xensource.com/cgi-bin/mailman/listinfo/xen-devel>, <mailto:xen-devel-request@lists.xensource.com?subject=subscribe>
List-unsubscribe: <http://lists.xensource.com/cgi-bin/mailman/listinfo/xen-devel>, <mailto:xen-devel-request@lists.xensource.com?subject=unsubscribe>
Organization: TekTonic
References: <4468BE70.7030802@xxxxxxxxxxxx> <4468D613.20309@xxxxxxxxx> <44691669.4080903@xxxxxxxxxxxx> <Pine.LNX.4.64.0605152331140.10964@xxxxxxx> <4469D84F.8080709@xxxxxxxxxxxx> <Pine.LNX.4.64.0605161127030.16379@xxxxxxx>
Sender: xen-devel-bounces@xxxxxxxxxxxxxxxxxxx
User-agent: Thunderbird 1.5.0.2 (Windows/20060308) 


James Morris wrote:

On Tue, 16 May 2006, Matt Ayres wrote:


My ruleset is pretty bland.  2 rules in the raw table to tell the system
to
only track my forwarded ports, 2 rules in the nat table for forwarding
(intercepting) 2 ports, and then in the FORWARD tables 2 rules per VM to
just
account traffic.

Can you try using a different NIC?


This happens on 30 different hosts.  Using the same kernel I get varying
uptime of "hasn't crashed since the upgrade to 2.6.16" to "crashes every day".
All are Tyan S2882D boards w/ integrated Tigon3.  The trace I posted to this
thread indicate tg3, but in many other traces I have the trace doesn't include
any driver calls.  They all panic in ipt_do_table.  I would have pasted the
others, but I didn't save the System.map for either of them and they are all
pretty similar.
I'm trying to suggest eliminating this driver & possible interaction with Xen network changes as a cause. If you can find a different type of NIC to plug in and use, or even try and change all of the params for the tg3 with ethtool, it'll help. 



Hi,
Thank you for the assistance. Which parameters do you suggest changing? TSO/flow control off? 

Here is my ruleset for those interested:

# iptables -t raw -L -v
Chain OUTPUT (policy ACCEPT 27441 packets, 4832K bytes)
pkts bytes target prot opt in out source destination 

Chain PREROUTING (policy ACCEPT 195M packets, 156G bytes)
pkts bytes target prot opt in out source destination 1332K 144M NOTRACK !tcp -- any any anywhere anywhere 54 5293 ACCEPT tcp -- any any anywhere anywhere tcp dpt:7373 4564 223K ACCEPT tcp -- any any anywhere anywhere tcp dpt:7322 194M 156G NOTRACK tcp -- any any anywhere anywhere tcp dpt:!7373 194M 156G NOTRACK tcp -- any any anywhere anywhere tcp dpt:!7322 

# iptables -t nat -L -v
Chain OUTPUT (policy ACCEPT 2114 packets, 155K bytes)
pkts bytes target prot opt in out source destination 

Chain POSTROUTING (policy ACCEPT 2114 packets, 155K bytes)
pkts bytes target prot opt in out source destination 

Chain PREROUTING (policy ACCEPT 0 packets, 0 bytes)
pkts bytes target prot opt in out source destination 6 344 DNAT tcp -- eth0 any anywhere anywhere tcp dpt:7373 to:host.ip.address:443 8 408 DNAT tcp -- eth0 any anywhere anywhere tcp dpt:7322 to:host.ip.address:22
iptables -L -v just shows 2 rules per Virtual Machine for accounting. This averages about 100 rules in the FORWARD chain. Example: 

# iptables -L -v
Chain FORWARD (policy ACCEPT 195M packets, 156G bytes)
pkts bytes target prot opt in out source destination 0 0 all -- any any xx.xx.xx.xx anywhere 0 0 all -- any any anywhere xx.xx.xx.xx 

_______________________________________________
Xen-devel mailing list
Xen-devel@xxxxxxxxxxxxxxxxxxx
http://lists.xensource.com/xen-devel
[More with this subject...]
<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  Re: [Xen-devel] problem about changing state to XenbusStateClosed resulting in vbd entry removed from xenstore, Ewan Mellor
Next by Date:  RE: [Xen-devel] [PATCH] Make "xm mem-set" be lower bound on domX-min-mem, Puthiyaparambil, Aravindh
Previous by Thread:  Re: [Xen-devel] Re: Panic in ipt_do_table with 2.6.16.13-xen, James Morris
Next by Thread:  Re: [Xen-devel] Re: Panic in ipt_do_table with 2.6.16.13-xen, James Morris
Indexes:  [Date] [Thread] [Top] [All Lists]
 
   

Copyright , Citrix Systems Inc. All rights reserved. Legal and Privacy