net/mpd causes a kernel freeze

Deomid Ryabkov myself at rojer.pp.ru
Mon Dec 25 07:36:01 PST 2006 

Gonzalo Arana wrote:
> Hi,
> 
> When I open a pptp tunnel with net/mpd, my PC freezes (numlock stops
> responding, for instance).

exactly. a complete freeze, not even being able to break into DDB (i.e. even ctrl-alt-esc stops working)

> 
> I am using 6.1-RELEASE with GENERIC kernel.  I've recompiled removing
> USB, SCSI/RAID controllers, with the same result.

also occurs on -CURRENT as of Nov 4.

> The freeze occurs right after the tunnel is up.

actually, it's after the first packet is sent. i.e., i can have tunnel up as long as i want,
but as soon as a packet is sent down the route, the system freezes.

> Does anyone expierence the same problem?

yes. and i'm glad to report that i found a solution for at least my instance.
it turned out to be a config error.

so what happened was this. i created an entry for a new tunnel in my mpd.conf nad of course done that
by just copy-pasting the previous entry. ended up with these mysterious freezes.
because this happened on -CURRENT, i went through great pains to try it on something more -STABLE,
but to my complete astonishment it was all the same on -STABLE. and i positively knew that -STABLE
was previously able to handle a tunnel to this very same endpoint. now i knew something was not right.
my -CURRENT is vanilla GENERIC, so it already had WITNESS, INVARIANTS and DDB, but neither did i see any messages
on the console, nor could i break into debugger (i could, prior to the freeze, but not after).
so anyway, some fairly long time into the whole process, i just decided to start commenting my config line by line,
to maybe see if any particular option would trigger this freeze. and bingo, there it was:
i used _wrong_ up_script for this connection. i wrote the right one, but forgot to change the config line i copied from previous entry.
so yeh, it's 100% reproducible: wrong up_script - freeze, no up_script or the right one - no freeze.
so what's in the script? here it is in its entirety:

IF=$1

/sbin/route delete default
/sbin/route add 10.1.0.0/16 10.2.0.1
/sbin/route add default -iface $IF

that's it. now what is important here, is that the network and gateway in the second line are wrong for this network configuration.
in particular, 10.2.0.1 is not directly reachable.
it's worth noting that this configuration would hang the machine only if used for the very first time.
if used after the correct configuration, it would not make machine hang.
e.g., if i boot a machine, set up a tunnel with "up_script wrong_script.sh" and then ping an external host, the machine hangs.
however, if i boot, set up a tunnel with "up_script right_script.sh" (at this point the tunnel works as expected and external host is pingable),
then tear it down, replace "up_script right_script.sh" with "up_script wrong_script.sh", the machine does not hang and external host is not pingable (no route to host).

my guess is that this incorrect route somehow messes up routing table.

> 
> Here are the relevant configs:
> 
>> /usr/local/etc/mpd/mpd.conf:
>>
>> default:
>>         load vpn
>>
>> vpn:
>>         new -i ng0 vpn vpn
>>         set iface disable on-demand
>>         set iface idle 0
>> # disconnect the client after 8 hours
>>         set iface session 28800
>>         #set iface route 192.168.2.0/24
>>         set bundle disable multilink
>>         set bundle authname my_username
>>         set bundle password my_password
>>         set link yes acfcomp protocomp
>>         set link no pap chap
>>         set link accept pap
>>         set link mtu 1460
>> # If remote machine is NT you need this..
>> #       set link enable no-orig-auth
>>         set link keep-alive 10 75
>>         set ipcp no vjcomp
>>
>> /usr/local/etc/mpd/mpd.links:
>> vpn:
>>         set link type pptp
>>         set pptp self ZZZ
>>         set pptp peer YYY
>>         set pptp enable originate incoming outcall
>>         set pptp disable windowing
>>
>>
>> where:
>>    ZZZ my ethernet IP address
>>    YYY ip address of TCP peer
>>
> 
> Thank you very much in advance,
> 



-- 
Deomid Ryabkov aka Rojer
myself at rojer.pp.ru
rojer at sysadmins.ru
ICQ: 8025844
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/x-pkcs7-signature
Size: 3295 bytes
Desc: S/MIME Cryptographic Signature
Url : http://lists.freebsd.org/pipermail/freebsd-hackers/attachments/20061225/a3557d6b/smime.bin

More information about the freebsd-hackers mailing list