TCP packets remain unsent

Ian Smith smithi at nimnet.asn.au
Sat Mar 29 17:12:48 UTC 2014 

On Sat, 29 Mar 2014 15:02:29 +0100, Willy Offermans wrote:
 > Dear FreeBSD friends,
 > 
 > On Fri, Mar 28, 2014 at 05:25:54PM +0100, Willy Offermans wrote:
 > > Dear FreeBSD friends,
 > > 
 > > I have a problem with my relatively new FreeBSD server. I came across the
 > > problem when sending e-mails of larger size and copying files with scp.
 > > The e-mails were not sent out because of time-out error and the copying was
 > > extremely slow, though successful after a while. I already started a thread
 > > on this topic on freebsd-current. See
 > > http://docs.freebsd.org/mail/current/freebsd-current.html, topic
 > > sendmail Broken Pipe Error. I got some help to narrow down the
 > > error: Sending out e-mails of larger size stops at some point. TCP packets
 > > were not transferred to the smarthost causing a timeout error. There were
 > > still some TCP packets waiting to be sent.
 > > 
 > > My system is a HP ProLiant Gen8 MicroServer with FreeBSD 10.0-STABLE #0
 > > r261266M. The server has two network cards:
[..]
 > > Before the time out error occurs, the CPU loading of natd and dhcpd is
 > > steadily increasing to extreme values to my opinion:
 > > 
 > > PID USERNAME    THR PRI NICE   SIZE    RES STATE   C   TIME    WCPU COMMAND
 > > 
 > >  1235 root          1  93    0 28908K  2144K RUN     0  54:05  71.78% natd
 > >  1614 dhcpd         1   4    0 26784K 14936K RUN     0  29:24  38.77% dhcpd
[..]
 > I could narrow down the cause of the error:
 > 
 > If I remove the following line from my firewall rules, I could sent out
 > e-mails without issues.
 > 
 >  /sbin/ipfw add 50 divert natd all from any to any via bge0
 > 
 > I do not know yet how things are related, but I will dig into it.
 > 
 > If someone has a hint, please respond to the list.

Is your system running IPv6?  Sendmail will prefer using ip6 if enabled.

You need to use 'ip4' rather than 'all' with divert; natd (and I assume, 
ipfw nat?) doesn't like ip6 packets being sent its way.

Also, ipfw nat and natd both use libalias(3) which doesn't work with 
TSO; check that's turned off with ifconfig.  See ipfw(8) /BUGS section.

Just guesswork, Ian

More information about the freebsd-stable mailing list