[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[Xen-users] Kernel panic -- FC5, xen 3.0.2-3 and iptables/shorewall



I've been struggling to get xen going on FC5 ever since I upgrade a
machine from FC4 to FC5 and xen 2 to xen 3.

The machine seems to work fine, including creating guests and the virtual
interfaces. Networking is fine, etc.

But, when I use iptables (via Shorewall), I get a kernel panic almost
immediately when attempting network IO. If I ssh into the box, it will
take a few screeens of data before panicing. If I connect to the samba
server on the machine from a windows client, the panic is immediate.

I've tried loading netbk, blkbk, and netloop in the initrd. I've tried
building all of the iptables modules into the kernel. So far, I'm unable
to use iptables/shorewall without a panic.

I don't have a serial terminal connected, so I haven't captured the xen
output, but it looks similar to other network panics I've seen on this
list. Something like "kernel not syncing" and something about an
interrupt.

kernel and xen versions are:

2.6.17-1.2174_FC5xen0 #1 SMP Tue Aug 8 17:03:19 EDT 2006 i686 athlon i386
GNU/Linux

xen-3.0.2-3.FC5

These are packages from the standard FC5 rpms.

Any ideas?

My list of modules with and without iptables is below:

Without iptables
---------------
Module                  Size  Used by
bridge                 51673  0
ipv6                  246497  22
autofs4                24773  1
it87                   23269  0
hwmon_vid               6721  1 it87
hwmon                   7493  1 it87
i2c_isa                 9409  1 it87
hidp                   24257  2
l2cap                  30401  5 hidp
bluetooth              53285  2 hidp,l2cap
sunrpc                149245  1
video                  19525  0
button                 10705  0
battery                13381  0
ac                      8901  0
lp                     16393  0
parport_pc             29669  1
parport                38409  2 lp,parport_pc
ohci_hcd               24157  0
sis900                 27072  0
i2c_sis630             11469  0
mii                     9409  1 sis900
i2c_sis96x              9669  0
i2c_core               24769  4 it87,i2c_isa,i2c_sis630,i2c_sis96x
serio_raw              11077  0
r8169                  32585  0
dm_snapshot            20845  0
dm_zero                 6081  0
dm_mirror              25105  0
dm_mod                 58457  11 dm_snapshot,dm_zero,dm_mirror
raid5                  35137  1
xor                    18377  1 raid5
ext3                  125641  8
jbd                    57813  1 ext3

With iptables
-------------
Module                  Size  Used by
bridge                 51673  0
ipv6                  246497  22
autofs4                24773  1
it87                   23269  0
hwmon_vid               6721  1 it87
hwmon                   7493  1 it87
i2c_isa                 9409  1 it87
hidp                   24257  2
l2cap                  30401  5 hidp
bluetooth              53285  2 hidp,l2cap
sunrpc                149245  1
video                  19525  0
button                 10705  0
battery                13381  0
ac                      8901  0
lp                     16393  0
parport_pc             29669  1
parport                38409  2 lp,parport_pc
ohci_hcd               24157  0
sis900                 27072  0
i2c_sis630             11469  0
mii                     9409  1 sis900
i2c_sis96x              9669  0
i2c_core               24769  4 it87,i2c_isa,i2c_sis630,i2c_sis96x
serio_raw              11077  0
r8169                  32585  0
dm_snapshot            20845  0
dm_zero                 6081  0
dm_mirror              25105  0
dm_mod                 58457  11 dm_snapshot,dm_zero,dm_mirror
raid5                  35137  1
xor                    18377  1 raid5
ext3                  125641  8
jbd                    57813  1 ext3
[root@zeus ~]# cat lsmod_with_shorewall
Module                  Size  Used by
xt_tcpudp               7233  13
xt_state                6209  8
xt_pkttype              5953  4
iptable_raw             6209  0
xt_CLASSIFY             5953  0
xt_CONNMARK             6465  0
xt_MARK                 6465  0
xt_length               6081  0
xt_connmark             6081  0
xt_physdev              6481  0
xt_policy               7617  8
xt_multiport            7233  4
xt_conntrack            6593  0
ipt_ULOG               11845  0
ipt_TTL                 6337  0
ipt_ttl                 5953  0
ipt_TOS                 6337  0
ipt_tos                 5825  0
ipt_TCPMSS              8129  0
ipt_SAME                6593  0
ipt_REJECT              9281  4
ipt_REDIRECT            6209  0
ipt_recent             14285  0
ipt_owner               6081  0
ipt_NETMAP              6209  0
ipt_MASQUERADE          7745  0
ipt_LOG                10177  7
ipt_iprange             5953  0
ipt_hashlimit          13001  0
ipt_ECN                 7105  0
ipt_ecn                 6337  0
ipt_DSCP                6337  0
ipt_dscp                5825  0
ipt_CLUSTERIP          12612  0
ipt_ah                  5953  0
ipt_addrtype            5953  0
ip_nat_irc              6721  0
ip_nat_tftp             5953  0
ip_nat_ftp              7361  0
ip_conntrack_irc       10801  1 ip_nat_irc
ip_conntrack_tftp       8377  1 ip_nat_tftp
ip_conntrack_ftp       11697  1 ip_nat_ftp
iptable_nat            11333  0
ip_nat                 21485  8
ipt_SAME,ipt_REDIRECT,ipt_NETMAP,ipt_MASQUERADE,ip_nat_irc,ip_nat_tftp,ip_nat_ftp,iptable_nat
ip_conntrack           54177  13
xt_state,xt_CONNMARK,xt_connmark,xt_conntrack,ipt_MASQUERADE,ip_nat_irc,ip_nat_tftp,ip_nat_ftp,ip_conntrack_irc,ip_conntrack_tftp,ip_conntrack_ftp,iptable_nat,ip_nat
nfnetlink              10841  2 ip_nat,ip_conntrack
iptable_mangle          6977  1
iptable_filter          7105  1
ip_tables              17157  4
iptable_raw,iptable_nat,iptable_mangle,iptable_filter
x_tables               18117  37
xt_tcpudp,xt_state,xt_pkttype,xt_CLASSIFY,xt_CONNMARK,xt_MARK,xt_length,xt_connmark,xt_physdev,xt_policy,xt_multiport,xt_conntrack,ipt_ULOG,ipt_TTL,ipt_ttl,ipt_TOS,ipt_tos,ipt_TCPMSS,ipt_SAME,ipt_REJECT,ipt_REDIRECT,ipt_recent,ipt_owner,ipt_NETMAP,ipt_MASQUERADE,ipt_LOG,ipt_iprange,ipt_hashlimit,ipt_ECN,ipt_ecn,ipt_DSCP,ipt_dscp,ipt_CLUSTERIP,ipt_ah,ipt_addrtype,iptable_nat,ip_tables
bridge                 51673  0
ipv6                  246497  22
autofs4                24773  1
it87                   23269  0
hwmon_vid               6721  1 it87
hwmon                   7493  1 it87
i2c_isa                 9409  1 it87
hidp                   24257  2
l2cap                  30401  5 hidp
bluetooth              53285  2 hidp,l2cap
sunrpc                149245  1
video                  19525  0
button                 10705  0
battery                13381  0
ac                      8901  0
lp                     16393  0
parport_pc             29669  1
parport                38409  2 lp,parport_pc
ohci_hcd               24157  0
sis900                 27072  0
i2c_sis630             11469  0
mii                     9409  1 sis900
i2c_sis96x              9669  0
i2c_core               24769  4 it87,i2c_isa,i2c_sis630,i2c_sis96x
serio_raw              11077  0
r8169                  32585  0
dm_snapshot            20845  0
dm_zero                 6081  0
dm_mirror              25105  0
dm_mod                 58457  11 dm_snapshot,dm_zero,dm_mirror
raid5                  35137  1
xor                    18377  1 raid5
ext3                  125641  8
jbd                    57813  1 ext3



_______________________________________________
Xen-users mailing list
Xen-users@xxxxxxxxxxxxxxxxxxx
http://lists.xensource.com/xen-users


 


Rackspace

Lists.xenproject.org is hosted with RackSpace, monitoring our
servers 24x7x365 and backed by RackSpace's Fanatical Support®.