Добрый день!
Имеется два канала интернета. Настраиваю сквид с опцией tcp_outgoing_address ip users
Всё прекрасно работает, минут 10-15 от силы 20. После чего сервер сам перезагружается.Fatal double fault:
eip = 0xc095e895
esp = 0xd84a6000
ebp = 0xd84a6008
cpuid = 0; apic id = 00
panic: double fault
cpuid = 0
Uptime: 4m6s
Physical memory: 499 MB
Dumping 105 MB: 90 74 58 42 26 10Обновил сквид до последней весрии, даже кажется стал быстрее перезагружаться.
От чего это может быть?
Всё работает замечательно без tcp_outgoing_address.
У меня есть дамп ядра, можно ли что нибудь там увидеть и если можно то как?
Вот backtrace ядра:%kgdb kernel.debug /var/crash/vmcore.1
GNU gdb 6.1.1 [FreeBSD]
Copyright 2004 Free Software Foundation, Inc.
GDB is free software, covered by the GNU General Public License, and you are
welcome to change it and/or distribute copies of it under certain conditions.
Type "show copying" to see the conditions.
There is absolutely no warranty for GDB. Type "show warranty" for details.
This GDB was configured as "i386-marcel-freebsd"...Unread portion of the kernel message buffer:
Fatal double fault:
eip = 0xc094a468
esp = 0xd8553fc0
ebp = 0xd8554050
cpuid = 0; apic id = 00
panic: double fault
cpuid = 0
Uptime: 37m56s
Physical memory: 499 MB
Dumping 59 MB: 44 28 12Reading symbols from /boot/kernel/ng_socket.ko...Reading symbols from /boot/kernel/ng_socket.ko.symbols...done.
done.
Loaded symbols for /boot/kernel/ng_socket.ko
Reading symbols from /boot/kernel/netgraph.ko...Reading symbols from /boot/kernel/netgraph.ko.symbols...done.
done.
Loaded symbols for /boot/kernel/netgraph.ko
Reading symbols from /boot/kernel/ng_iface.ko...Reading symbols from /boot/kernel/ng_iface.ko.symbols...done.
done.
Loaded symbols for /boot/kernel/ng_iface.ko
Reading symbols from /boot/kernel/ng_ppp.ko...Reading symbols from /boot/kernel/ng_ppp.ko.symbols...done.
done.
Loaded symbols for /boot/kernel/ng_ppp.ko
Reading symbols from /boot/kernel/ng_pptpgre.ko...Reading symbols from /boot/kernel/ng_pptpgre.ko.symbols...done.
done.
Loaded symbols for /boot/kernel/ng_pptpgre.ko
Reading symbols from /boot/kernel/ng_ksocket.ko...Reading symbols from /boot/kernel/ng_ksocket.ko.symbols...done.
done.
Loaded symbols for /boot/kernel/ng_ksocket.ko
Reading symbols from /boot/kernel/ng_vjc.ko...Reading symbols from /boot/kernel/ng_vjc.ko.symbols...done.
done.
Loaded symbols for /boot/kernel/ng_vjc.ko
#0 doadump () at pcpu.h:246
246 __asm __volatile("movl %%fs:0,%0" : "=r" (td));
(kgdb) bt
#0 doadump () at pcpu.h:246
#1 0xc08a7567 in boot (howto=260) at ../../../kern/kern_shutdown.c:416
#2 0xc08a77c9 in panic (fmt=Variable "fmt" is not available.
) at ../../../kern/kern_shutdown.c:590
#3 0xc0bbeaab in dblfault_handler () at ../../../i386/i386/trap.c:971
#4 0xc094a468 in flowtable_lookup (ft=0xc3419000, ssa=0xd85540f0, dsa=0xd8554070, fibnum=0, flags=2050)
at ../../../net/flowtable.c:1115
#5 0xc094acbc in flowtable_lookup_mbuf (ft=0xc3419000, m=0xc3412400, af=2) at ../../../net/flowtable.c:607
#6 0xc09c61cf in ip_output (m=0xc3412400, opt=0x0, ro=0x0, flags=0, imo=0x0, inp=0xc3ef3898)
at ../../../netinet/ip_output.c:164
#7 0xc0a2a396 in tcp_output (tp=0xc3e8cc58) at ../../../netinet/tcp_output.c:1190
#8 0xc0a2cc28 in tcp_mtudisc (inp=0xc3ef3898, errno=0) at tcp_offload.h:282
#9 0xc0a2a48b in tcp_output (tp=0xc3e8cc58) at ../../../netinet/tcp_output.c:1251
#10 0xc0a2cc28 in tcp_mtudisc (inp=0xc3ef3898, errno=0) at tcp_offload.h:282
#11 0xc0a2a48b in tcp_output (tp=0xc3e8cc58) at ../../../netinet/tcp_output.c:1251
#12 0xc0a2cc28 in tcp_mtudisc (inp=0xc3ef3898, errno=0) at tcp_offload.h:282
#13 0xc0a2a48b in tcp_output (tp=0xc3e8cc58) at ../../../netinet/tcp_output.c:1251
#14 0xc0a2cc28 in tcp_mtudisc (inp=0xc3ef3898, errno=0) at tcp_offload.h:282
#15 0xc0a2a48b in tcp_output (tp=0xc3e8cc58) at ../../../netinet/tcp_output.c:1251
#16 0xc0a2cc28 in tcp_mtudisc (inp=0xc3ef3898, errno=0) at tcp_offload.h:282
#17 0xc0a2a48b in tcp_output (tp=0xc3e8cc58) at ../../../netinet/tcp_output.c:1251
#18 0xc0a2cc28 in tcp_mtudisc (inp=0xc3ef3898, errno=0) at tcp_offload.h:282
#19 0xc0a2a48b in tcp_output (tp=0xc3e8cc58) at ../../../netinet/tcp_output.c:1251
#20 0xc0a2cc28 in tcp_mtudisc (inp=0xc3ef3898, errno=0) at tcp_offload.h:282
#21 0xc0a2a48b in tcp_output (tp=0xc3e8cc58) at ../../../netinet/tcp_output.c:1251
#22 0xc0a2cc28 in tcp_mtudisc (inp=0xc3ef3898, errno=0) at tcp_offload.h:282
#23 0xc0a2a48b in tcp_output (tp=0xc3e8cc58) at ../../../netinet/tcp_output.c:1251
#24 0xc0a2cc28 in tcp_mtudisc (inp=0xc3ef3898, errno=0) at tcp_offload.h:282
#25 0xc0a2a48b in tcp_output (tp=0xc3e8cc58) at ../../../netinet/tcp_output.c:1251
#26 0xc0a2cc28 in tcp_mtudisc (inp=0xc3ef3898, errno=0) at tcp_offload.h:282
#27 0xc0a2a48b in tcp_output (tp=0xc3e8cc58) at ../../../netinet/tcp_output.c:1251
#28 0xc0a2cc28 in tcp_mtudisc (inp=0xc3ef3898, errno=0) at tcp_offload.h:282
#29 0xc0a2a48b in tcp_output (tp=0xc3e8cc58) at ../../../netinet/tcp_output.c:1251
#30 0xc0a2cc28 in tcp_mtudisc (inp=0xc3ef3898, errno=0) at tcp_offload.h:282
#31 0xc0a2a48b in tcp_output (tp=0xc3e8cc58) at ../../../netinet/tcp_output.c:1251
#32 0xc0a2cc28 in tcp_mtudisc (inp=0xc3ef3898, errno=0) at tcp_offload.h:282
#33 0xc0a2a48b in tcp_output (tp=0xc3e8cc58) at ../../../netinet/tcp_output.c:1251
#34 0xc0a2cc28 in tcp_mtudisc (inp=0xc3ef3898, errno=0) at tcp_offload.h:282
#35 0xc0a2a48b in tcp_output (tp=0xc3e8cc58) at ../../../netinet/tcp_output.c:1251
#36 0xc0a2cc28 in tcp_mtudisc (inp=0xc3ef3898, errno=0) at tcp_offload.h:282
#37 0xc0a2a48b in tcp_output (tp=0xc3e8cc58) at ../../../netinet/tcp_output.c:1251
#38 0xc0a2cc28 in tcp_mtudisc (inp=0xc3ef3898, errno=0) at tcp_offload.h:282
#39 0xc0a2a48b in tcp_output (tp=0xc3e8cc58) at ../../../netinet/tcp_output.c:1251
#40 0xc0a2cc28 in tcp_mtudisc (inp=0xc3ef3898, errno=0) at tcp_offload.h:282
---Type <return> to continue, or q <return> to quit---
#41 0xc0a2a48b in tcp_output (tp=0xc3e8cc58) at ../../../netinet/tcp_output.c:1251
#42 0xc0a2cc28 in tcp_mtudisc (inp=0xc3ef3898, errno=0) at tcp_offload.h:282
#43 0xc0a2a48b in tcp_output (tp=0xc3e8cc58) at ../../../netinet/tcp_output.c:1251
#44 0xc0a2cc28 in tcp_mtudisc (inp=0xc3ef3898, errno=0) at tcp_offload.h:282
#45 0xc0a2a48b in tcp_output (tp=0xc3e8cc58) at ../../../netinet/tcp_output.c:1251
#46 0xc0a2cc28 in tcp_mtudisc (inp=0xc3ef3898, errno=0) at tcp_offload.h:282
#47 0xc0a2a48b in tcp_output (tp=0xc3e8cc58) at ../../../netinet/tcp_output.c:1251
#48 0xc0a2cc28 in tcp_mtudisc (inp=0xc3ef3898, errno=0) at tcp_offload.h:282
#49 0xc0a2a48b in tcp_output (tp=0xc3e8cc58) at ../../../netinet/tcp_output.c:1251
#50 0xc0a2cc28 in tcp_mtudisc (inp=0xc3ef3898, errno=0) at tcp_offload.h:282
#51 0xc0a2a48b in tcp_output (tp=0xc3e8cc58) at ../../../netinet/tcp_output.c:1251
#52 0xc0a2cc28 in tcp_mtudisc (inp=0xc3ef3898, errno=0) at tcp_offload.h:282
#53 0xc0a2a48b in tcp_output (tp=0xc3e8cc58) at ../../../netinet/tcp_output.c:1251
#54 0xc0a2cc28 in tcp_mtudisc (inp=0xc3ef3898, errno=0) at tcp_offload.h:282
#55 0xc0a2a48b in tcp_output (tp=0xc3e8cc58) at ../../../netinet/tcp_output.c:1251
#56 0xc0a2cc28 in tcp_mtudisc (inp=0xc3ef3898, errno=0) at tcp_offload.h:282
#57 0xc0a2a48b in tcp_output (tp=0xc3e8cc58) at ../../../netinet/tcp_output.c:1251
#58 0xc0a34fe2 in tcp_usr_send (so=0xc3e899a8, flags=0, m=0xc39fd200, nam=0x0, control=0x0, td=0xc3ccd280)
at tcp_offload.h:282
#59 0xc0908a85 in sosend_generic (so=0xc3e899a8, addr=0x0, uio=0xd8555c58, top=0xc39fd200, control=0x0, flags=0,
td=0xc3ccd280) at ../../../kern/uipc_socket.c:1260
#60 0xc0904b8f in sosend (so=0xc3e899a8, addr=0x0, uio=0xd8555c58, top=0x0, control=0x0, flags=0, td=0xc3ccd280)
at ../../../kern/uipc_socket.c:1304
#61 0xc08ebd93 in soo_write (fp=0xc3e21c78, uio=0xd8555c58, active_cred=0xc3df7200, flags=0, td=0xc3ccd280)
at ../../../kern/sys_socket.c:102
#62 0xc08e4f77 in dofilewrite (td=0xc3ccd280, fd=99, fp=0xc3e21c78, auio=0xd8555c58, offset=-1, flags=0) at file.h:239
#63 0xc08e5268 in kern_writev (td=0xc3ccd280, fd=99, auio=0xd8555c58) at ../../../kern/sys_generic.c:446
#64 0xc08e52ef in write (td=0xc3ccd280, uap=0xd8555cf8) at ../../../kern/sys_generic.c:362
#65 0xc0bbf313 in syscall (frame=0xd8555d38) at ../../../i386/i386/trap.c:1111
#66 0xc0ba1ae0 in Xint0x80_syscall () at ../../../i386/i386/exception.s:261
#67 0x00000033 in ?? ()
Previous frame inner to this frame (corrupt stack?)
(kgdb)Что из этого можно сказать? Я честно ни чего не пойму в этой каше.
1. Как ставился сквид?
2. Каков конфиг сквида?
> 1. Как ставился сквид?
> 2. Каков конфиг сквида?# Options for squid-3.1.14
_OPTIONS_READ=squid-3.1.14
WITH_SQUID_KERB_AUTH=true
WITHOUT_SQUID_LDAP_AUTH=true
WITH_SQUID_NIS_AUTH=true
WITHOUT_SQUID_SASL_AUTH=true
WITHOUT_SQUID_IPV6=true
WITH_SQUID_DELAY_POOLS=true
WITH_SQUID_SNMP=true
WITH_SQUID_SSL=true
WITHOUT_SQUID_PINGER=true
WITHOUT_SQUID_DNS_HELPER=true
WITH_SQUID_HTCP=true
WITHOUT_SQUID_VIA_DB=true
WITHOUT_SQUID_CACHE_DIGESTS=true
WITH_SQUID_WCCP=true
WITHOUT_SQUID_WCCPV2=true
WITHOUT_SQUID_STRICT_HTTP=true
WITH_SQUID_IDENT=true
WITHOUT_SQUID_REFERER_LOG=true
WITHOUT_SQUID_USERAGENT_LOG=true
WITHOUT_SQUID_ARP_ACL=true
WITH_SQUID_IPFW=true
WITHOUT_SQUID_PF=true
WITHOUT_SQUID_IPFILTER=true
WITHOUT_SQUID_FOLLOW_XFF=true
WITHOUT_SQUID_ECAP=true
WITHOUT_SQUID_ICAP=true
WITHOUT_SQUID_ESI=true
WITH_SQUID_AUFS=true
WITHOUT_SQUID_COSS=true
WITH_SQUID_KQUEUE=true
WITH_SQUID_LARGEFILE=true
WITHOUT_SQUID_STACKTRACES=true
WITHOUT_SQUID_DEBUG=true#squid.conf
acl manager proto cache_object
acl localhost src 127.0.0.1/32 ::1
acl to_localhost dst 127.0.0.0/8 0.0.0.0/32 ::1acl localnet src 10.0.0.0/8 # RFC1918 possible internal network
acl localnet src 172.16.0.0/12 # RFC1918 possible internal network
acl localnet src 192.168.0.0/16 # RFC1918 possible internal network
acl localnet src fc00::/7 # RFC 4193 local private network range
acl localnet src fe80::/10 # RFC 4291 link-local (directly plugged) machinesacl SSL_ports port 443
acl Safe_ports port 80 # http
acl Safe_ports port 21 # ftp
acl Safe_ports port 443 # https
acl Safe_ports port 70 # gopher
acl Safe_ports port 210 # wais
acl Safe_ports port 1025-65535 # unregistered ports
acl Safe_ports port 280 # http-mgmt
acl Safe_ports port 488 # gss-http
acl Safe_ports port 591 # filemaker
acl Safe_ports port 777 # multiling http
acl CONNECT method CONNECThttp_access allow manager localhost
http_access deny manager
http_access deny !Safe_portshttp_access deny CONNECT !SSL_ports
http_access allow localhost
acl webserver src 192.168.2.254/32
http_access allow manager localhost
http_access allow manager webserver
http_access deny manager
acl banners url_regex "/usr/local/etc/squid/ban/banners"
http_access deny banners
acl all_audio rep_mime_type content-type audio.
acl all_video rep_mime_type content-type video.
http_reply_access deny all_audio
http_reply_access deny all_video
acl music urlpath_regex \.mp3$ \.3gp$ \.midi$ \.wav$ \.amr$ \.mmf$ \.avi$ \.vob$
http_access deny music
acl odno url_regex "/usr/local/etc/squid/ban/odno
http_access deny odno
deny_info http://www.yahoo.com odno
acl dobro src "/usr/local/etc/squid/ban/dobro"
acl dobro-vpn src "/usr/local/etc/squid/ban/dobro-vpn"
http_access allow dobro
acl rbc url_regex "/usr/local/etc/squid/ban/rbc"
http_access allow rbc
http_access deny allicp_access allow localnet
icp_access deny allhtcp_access allow localnet
htcp_access deny allhttp_port 3129 transparent
hierarchy_stoplist cgi-bin ?
cache_dir ufs /usr/local/squid/cache 1024 16 256
logformat squid %tl %ts.%03tu %6tr %>A %Ss/%03>Hs %<st %rm %ru %un %Sh/%<A %mt
access_log /usr/local/squid/logs/access.log squid
cache_store_log /usr/local/squid/logs/store.log
cache_log /usr/local/squid/logs/cache.log
emulate_httpd_log on
coredump_dir /usr/local/squid/cache
refresh_pattern \.bz2$ 43200 100% 43200 override-lastmod override-expire ignore-reload ignore-no-cache
#refresh_pattern \.exe$ 43200 100% 43200 override-lastmod override-expire ignore-reload ignore-no-cache
refresh_pattern \.gif$ 43200 100% 43200 override-lastmod override-expire ignore-reload ignore-no-cache
refresh_pattern \.gz$ 43200 100% 43200 override-lastmod override-expire ignore-reload ignore-no-cache
refresh_pattern \.ico$ 43200 100% 43200 override-lastmod override-expire ignore-reload ignore-no-cache
refresh_pattern \.jpg$ 43200 100% 43200 override-lastmod override-expire ignore-reload ignore-no-cache
#refresh_pattern \.mid$ 43200 100% 43200 override-lastmod override-expire ignore-reload ignore-no-cache
#refresh_pattern \.mp3$ 43200 100% 43200 override-lastmod override-expire ignore-reload ignore-no-cache
#refresh_pattern \.pdf$ 43200 100% 43200 override-lastmod override-expire ignore-reload ignore-no-cache
#refresh_pattern \.swf$ 43200 100% 43200 override-lastmod override-expire ignore-reload ignore-no-cache
#refresh_pattern \.tar$ 43200 100% 43200 override-lastmod override-expire ignore-reload ignore-no-cache
#refresh_pattern \.tgz$ 43200 100% 43200 override-lastmod override-expire ignore-reload ignore-no-cache
#refresh_pattern \.zip$ 43200 100% 43200 override-lastmod override-expire ignore-reload ignore-no-cache
#
refresh_pattern http://ad\. 43200 100% 43200 override-lastmod override-expire ignore-reload ignore-no-cache
refresh_pattern http://ads\. 43200 100% 43200 override-lastmod override-expire ignore-reload ignore-no-cache
refresh_pattern http://adv\. 43200 100% 43200 override-lastmod override-expire ignore-reload ignore-no-cache
refresh_pattern http://click\. 43200 100% 43200 override-lastmod override-expire ignore-reload ignore-no-cache
refresh_pattern http://count\. 43200 100% 43200 override-lastmod override-expire ignore-reload ignore-no-cache
refresh_pattern http://counter\. 43200 100% 43200 override-lastmod override-expire ignore-reload ignore-no-cache
refresh_pattern http://engine\. 43200 100% 43200 override-lastmod override-expire ignore-reload ignore-no-cache
refresh_pattern http://img\.readme\.ru 43200 100% 43200 override-lastmod override-expire ignore-reload ignore-no-cache
refresh_pattern http://userpic\.livejournal\.com 43200 100% 43200 override-lastmod override-expire ignore-reload ignore-no-cache
refresh_pattern \.ru/bf-analyze 43200 100% 43200 override-lastmod override-expire ignore-reload ignore-no-cache
refresh_pattern \.ru/bf-si 43200 100% 43200 override-lastmod override-expire ignore-reload ignore-no-cache
refresh_pattern /advs/ 43200 100% 43200 override-lastmod override-expire ignore-reload ignore-no-cache
refresh_pattern /banners/ 43200 100% 43200 override-lastmod override-expire ignore-reload ignore-no-cache
refresh_pattern /cgi-bin/iframe/ 43200 100% 43200 override-lastmod override-expire ignore-reload ignore-no-cacherefresh_pattern ^ftp: 1440 20% 10080
refresh_pattern ^gopher: 1440 0% 1440
refresh_pattern -i (/cgi-bin/|\?) 0 0% 0
#refresh_pattern . 0 20% 4320
refresh_pattern . 0 60% 14400ie_refresh off
cache_mgr admin@mitro-int.com
visible_hostname "mail.asb.mitro-int.com"
error_directory /usr/local/etc/squid/errors/ru
dns_defnames on
dns_nameservers 192.168.2.254
tcp_outgoing_address 217.17.191.232 dobro-vpn
>[оверквотинг удален]
> 0 20%
> 4320
> refresh_pattern . 0 60% 14400
> ie_refresh off
> cache_mgr admin@mitro-int.com
> visible_hostname "mail.asb.mitro-int.com"
> error_directory /usr/local/etc/squid/errors/ru
> dns_defnames on
> dns_nameservers 192.168.2.254
> tcp_outgoing_address 217.17.191.232 dobro-vpnМожет ошибаюсь, но есть подозрение на дефект железа.
Крайне рекомендуется выстроить опции конфига в том порядке, в каком они идут по дефолту. У сквида не только ацли выполняются в том порядке, в котором записаны в конфиге.
> Что из этого можно сказать? Я честно ни чего не пойму в
> этой каше.#4 0xc094a468 in flowtable_lookup (ft=0xc3419000, ssa=0xd85540f0, dsa=0xd8554070, fibnum=0, flags=2050)
at ../../../net/flowtable.c:1115думаю, поможет выключениее options FLOWTABLE в конфиге ядра.
если собирать лень, попробуйте sysctl -w net.inet.flowtable.enable=0
>> Что из этого можно сказать? Я честно ни чего не пойму в
>> этой каше.
> #4 0xc094a468 in flowtable_lookup (ft=0xc3419000, ssa=0xd85540f0, dsa=0xd8554070, fibnum=0,
> flags=2050)
> at ../../../net/flowtable.c:1115
> думаю, поможет выключениее options FLOWTABLE в конфиге ядра.
> если собирать лень, попробуйте sysctl -w net.inet.flowtable.enable=0Спасибо большое всем за советы! Сделал для проверки sysctl -w net.inet.flowtable.enable=0 - всё равно перезагружается. И заметил одну вещь, когда я включаю tcp_outgoing_address - включаю top и вижу, что процент загрузки процессора прерываниями, увеличивается в два раза, ~1,5-2,4%, а если выключено, то 0,2-0,7%.