# Traffic Shaping causes a kernel panic

## Safrax

I'm using 2.6.9-rc1-mm1 and I've tried 2.6.8.1 vanilla both panic after a seemingly random amount of time with QoS enabled.  I'm using a vanilla Wondershaper script with a barebones kernel.  The only services running on the router are iptables, courier-imap, pdnsd, apache2, cron, distccd, cpudyn, and sshd.  The panics happen only after QoS is enabled.  This is all running on a VIA ME6000 Mini-ITX C3@600MHz pc with 512mb of ram an intel nic, and a 40gb hd.  The ram is NOT the culprit unless I've gotten two bad sticks and it was just changed out today (128 -> 512).

I would give a kernel trace but its so long it goes off the screen.

I need this fixed soon otherwise I'm going to be forced to go back to OpenBSD for my routing and traffic shaping needs.

iptables.sh

```

#!/bin/sh

#

# Save this to /root/iptables-gw

#

# For a system to function as a firewall the kernel has to be told to forward

# packets between interfaces, i.e., it needs to be a router. Since you'll save

# the running config with 'iptables save' for RedHat to reinstate at the next

# boot IP fordarding must be enabled by other than this script for production

# use. That's best done by editing /etc/sysctl.conf and setting:

#

# net.ipv4.ip_forward = 1

#

# Since that file will only be read at boot, you can uncomment the following

# line to enable forwarding on the fly for initial testing. Just remember that

# the saved iptables data won't include the command.

#

echo 1 > /proc/sys/net/ipv4/ip_forward

#

# Once the rule sets are to your liking you can easily arrange to have them

# installed at boot on a Redhat box (7.1 or later). Save the rules with:

#

# service iptables save

#

# which saves the running ruleset to /etc/sysconfig/iptables. When

# /etc/init.d/iptables executes it will see the file and restore the rules.

#

# I find it easier to modify this file and run it (make sure it is executable

# with 'chmod +x iptables-gw') to change the rulesets, rather than

# modifying the running rules. That way I have a readable record

# of the firewall configuration.

#

# Set an absolute path to IPTABLES and define the interfaces.

#

IPT=iptables

#

# OUTSIDE is the outside or untrusted interface that connects to the Internet

# and INSIDE is, well that ought to be obvious.

#

OUTSIDE=eth0

INSIDE=eth1

INSIDE_IP=172.16.1.254

#

# Clear out any existing firewall rules, and any chains that might have

# been created. Then set the default policies.

#

$IPT -F

$IPT -F INPUT

$IPT -F OUTPUT

$IPT -F FORWARD

$IPT -F -t mangle

$IPT -F -t nat

$IPT -X

$IPT -P INPUT DROP

$IPT -P OUTPUT ACCEPT

$IPT -P FORWARD ACCEPT

#

# Begin setting up the rulesets. First define some rule chains to handle

# exception conditions. These chains will receive packets that we aren't

# willing to pass. Limiters on logging are used so as to not to swamp the

# firewall in a DOS scenario.

#

# silent - Just dop the packet

# tcpflags - Log packets with bad flags, most likely an attack

# firewalled - Log packets that that we refuse, possibly from an attack

#

$IPT -N silent

$IPT -A silent -j DROP

$IPT -N tcpflags

$IPT -A tcpflags -m limit --limit 15/minute -j LOG --log-prefix TCPflags:

$IPT -A tcpflags -j DROP

$IPT -N firewalled

$IPT -A firewalled -m limit --limit 15/minute -j LOG --log-prefix Firewalled:

$IPT -A firewalled -j DROP

#

# Use NPAT if you have a dynamic IP. Otherwise comment out the following

# line and use the Source NAT below.

#

#$IPT -t nat -A POSTROUTING -o $OUTSIDE -j MASQUERADE

#

# Use Source NAT if to do the NPAT you have a static IP or netblock.

# Remember to change the IP to be that of your OUTSIDE NIC.

#

$IPT -t nat -A POSTROUTING -o $OUTSIDE -j SNAT --to 66.38.26.91

#

# These are all TCP flag combinations that should never, ever, occur in the

# wild. All of these are illegal combinations that are used to attack a box

# in various ways.

#

$IPT -A INPUT -p tcp --tcp-flags ALL FIN,URG,PSH -j tcpflags

$IPT -A INPUT -p tcp --tcp-flags ALL ALL -j tcpflags

$IPT -A INPUT -p tcp --tcp-flags ALL SYN,RST,ACK,FIN,URG -j tcpflags

$IPT -A INPUT -p tcp --tcp-flags ALL NONE -j tcpflags

$IPT -A INPUT -p tcp --tcp-flags SYN,RST SYN,RST -j tcpflags

$IPT -A INPUT -p tcp --tcp-flags SYN,FIN SYN,FIN -j tcpflags

#

# Allow selected ICMP types and drop the rest.

#

$IPT -A INPUT -p icmp --icmp-type 0 -j ACCEPT

$IPT -A INPUT -p icmp --icmp-type 3 -j ACCEPT

$IPT -A INPUT -p icmp --icmp-type 11 -j ACCEPT

$IPT -A INPUT -p icmp --icmp-type 8 -m limit --limit 1/second -j ACCEPT

$IPT -A INPUT -p icmp -j firewalled

#

# Don't leak SMB traffic onto the Internet. We've slipped the surly bonds of windows

# and are dancing on the silvery wings of Linux.

#

$IPT -A FORWARD -p udp --dport 137 -j silent

$IPT -A FORWARD -p udp --dport 138 -j silent

$IPT -A FORWARD -p udp --dport 139 -j silent

$IPT -A FORWARD -p udp --dport 445 -j silent

#

# If you want to be able to connect via SSH from the Internet

# uncomment the next line.

#

$IPT -A INPUT -i $OUTSIDE -d 0/0 -p tcp --dport 22 -j ACCEPT

# DNS

#$IPT -A INPUT -i $OUTSIDE -d 0/0 -p udp --sport 53 -j ACCEPT

# Email

$IPT -A INPUT -i $OUTSIDE -d 0/0 -p tcp --dport 2342 -j ACCEPT

# Allow Gentoo to transfer files

$IPT -A INPUT -i $OUTSIDE -d 0/0 -p tcp --sport 8080 -j ACCEPT

#allow int network to talk to router

$IPT -A INPUT -i eth1 -d 0/0 -p tcp --dport 22 -j ACCEPT

# DNS

$IPT -A INPUT -i eth1 -d 0/0 -p udp --sport 53 -j ACCEPT

# Email

$IPT -A INPUT -i eth1 -d 0/0 -p tcp --dport 2342 -j ACCEPT

$IPT -A INPUT -i eth1 -d 0/0 -p tcp --dport 8080 -j ACCEPT

$IPT -A INPUT -i eth1 -d 0/0 -p tcp --dport 3632 -j ACCEPT

#

# Examples of Port forwarding.

#

# The first forwards HTTP traffic to 10.0.0.10

# The second forwards SSH to 10.0.0.10

# The third forwards a block of tcp and udp ports (2300-2400) to 10.0.0.10

#

# Remember that if you intend to forward something that you'll also

# have to add a rule to permit the inbound traffic.

#

#$IPT -t nat -A PREROUTING -i $OUTSIDE -p tcp --dport 80 -j DNAT --to 10.0.0.10

#$IPT -t nat -A PREROUTING -i $OUTSIDE -p tcp --dport 22 -j DNAT --to 10.0.0.10

#$IPT -t nat -A PREROUTING -i $OUTSIDE -p tcp --dport 2300:2400 -j DNAT --to 10.0.0.10

#$IPT -t nat -A PREROUTING -i $OUTSIDE -p udp --dport 2300:2400 -j DNAT --to 10.0.0.10

## DESKTOP

$IPT -t nat -A PREROUTING -i $OUTSIDE -p udp --dport 6112 -j DNAT --to 172.16.1.69

$IPT -t nat -A PREROUTING -i $OUTSIDE -p tcp --dport 6881 -j DNAT --to 172.16.1.69

$IPT -t nat -A PREROUTING -i $OUTSIDE -p tcp --dport 32456:32550 -j DNAT --to 172.16.1.69

$IPT -t nat -A PREROUTING -i $OUTSIDE -p tcp --dport 3389 -j DNAT --to 172.16.1.69

## LAPTOP

$IPT -t nat -A PREROUTING -i $OUTSIDE -p tcp --dport 50000:50001 -j DNAT --to 172.16.1.100

$IPT -t nat -A PREROUTING -i $OUTSIDE -p tcp --dport 6999 -j DNAT --to 172.16.1.100

#

# Examples of allowing inbound for the port forwarding examples above.

#

#$IPT -A INPUT -i $OUTSIDE -d 0/0 -p tcp --dport 80 -j ACCEPT

#$IPT -A INPUT -i $OUTSIDE -d 0/0 -p tcp --dport 2300:2400 -j ACCEPT

#$IPT -A INPUT -i $OUTSIDE -d 0/0 -p udp --dport 2300:2400 -j ACCEPT

#

## DESKTOP ALLOW

$IPT -A INPUT -i $OUTSIDE -d 0/0 -p tcp --dport 6112 -j ACCEPT

$IPT -A INPUT -i $OUTSIDE -d 0/0 -p tcp --dport 6881 -j ACCEPT

$IPT -A INPUT -i $OUTSIDE -d 0/0 -p tcp --dport 32456:32550 -j ACCEPT

$IPT -A INPUT -i $OUTSIDE -d 0/0 -p tcp --dport 3389 -j ACCEPT

## LAPTOP ALLOW

$IPT -A INPUT -i $OUTSIDE -d 0/0 -p tcp --dport 50000:50001 -j ACCEPT

$IPT -A INPUT -i $OUTSIDE -d 0/0 -p tcp --dport 6999 -j ACCEPT

# The loopback interface is inheritly trustworthy. Don't disable it or

# a number of things on the firewall will break.

#

$IPT -A INPUT -i lo -j ACCEPT

#

# Uncomment the following if the inside machines are trustworthy and

# there are services on the firewall, like DNS, web, etc., that they need to

# access. And remember to change the IP to be that of the INSIDE interface

# of the firewall.

#

$IPT -A INPUT -i $INSIDE -d $INSIDE_IP -j ACCEPT

#

# If you are running a DHCP server on the firewall uncomment the next line

#

#$IPT -A INPUT -i $INSIDE -d 255.255.255.255 -j ACCEPT

#

# Allow packets that are part of an established connection to pass

# through the firewall. This is required for normal Internet activity

# by inside clients.

#

##### Potential problem

$IPT -A INPUT -m state --state RELATED,ESTABLISHED -j ACCEPT

#

# Anything that hasn't already matched gets logged and then dropped.

#

$IPT -A INPUT -j firewalled

```

kernel .config

```

cat .config

#

# Automatically generated make config: don't edit

# Linux kernel version: 2.6.9-rc1-mm1

# Fri Aug 27 19:26:10 2004

#

CONFIG_X86=y

CONFIG_MMU=y

CONFIG_UID16=y

CONFIG_GENERIC_ISA_DMA=y

#

# Code maturity level options

#

CONFIG_EXPERIMENTAL=y

CONFIG_CLEAN_COMPILE=y

CONFIG_BROKEN_ON_SMP=y

#

# General setup

#

CONFIG_SWAP=y

CONFIG_SYSVIPC=y

# CONFIG_POSIX_MQUEUE is not set

# CONFIG_BSD_PROCESS_ACCT is not set

CONFIG_SYSCTL=y

# CONFIG_AUDIT is not set

CONFIG_LOG_BUF_SHIFT=14

# CONFIG_HOTPLUG is not set

# CONFIG_IKCONFIG is not set

CONFIG_EMBEDDED=y

# CONFIG_KALLSYMS is not set

CONFIG_FUTEX=y

CONFIG_EPOLL=y

# CONFIG_IOSCHED_NOOP is not set

CONFIG_IOSCHED_AS=y

# CONFIG_IOSCHED_DEADLINE is not set

# CONFIG_IOSCHED_CFQ is not set

CONFIG_CC_OPTIMIZE_FOR_SIZE=y

#

# Loadable module support

#

CONFIG_MODULES=y

CONFIG_MODULE_UNLOAD=y

# CONFIG_MODULE_FORCE_UNLOAD is not set

CONFIG_OBSOLETE_MODPARM=y

CONFIG_MODVERSIONS=y

CONFIG_KMOD=y

#

# Processor type and features

#

CONFIG_X86_PC=y

# CONFIG_X86_ELAN is not set

# CONFIG_X86_VOYAGER is not set

# CONFIG_X86_NUMAQ is not set

# CONFIG_X86_SUMMIT is not set

# CONFIG_X86_BIGSMP is not set

# CONFIG_X86_VISWS is not set

# CONFIG_X86_GENERICARCH is not set

# CONFIG_X86_ES7000 is not set

# CONFIG_M386 is not set

# CONFIG_M486 is not set

# CONFIG_M586 is not set

# CONFIG_M586TSC is not set

# CONFIG_M586MMX is not set

# CONFIG_M686 is not set

# CONFIG_MPENTIUMII is not set

# CONFIG_MPENTIUMIII is not set

# CONFIG_MPENTIUMM is not set

# CONFIG_MPENTIUM4 is not set

# CONFIG_MK6 is not set

# CONFIG_MK7 is not set

# CONFIG_MK8 is not set

# CONFIG_MCRUSOE is not set

# CONFIG_MWINCHIPC6 is not set

# CONFIG_MWINCHIP2 is not set

# CONFIG_MWINCHIP3D is not set

CONFIG_MCYRIXIII=y

# CONFIG_MVIAC3_2 is not set

# CONFIG_X86_GENERIC is not set

CONFIG_X86_CMPXCHG=y

CONFIG_X86_XADD=y

CONFIG_X86_L1_CACHE_SHIFT=5

CONFIG_RWSEM_XCHGADD_ALGORITHM=y

CONFIG_X86_WP_WORKS_OK=y

CONFIG_X86_INVLPG=y

CONFIG_X86_BSWAP=y

CONFIG_X86_POPAD_OK=y

CONFIG_X86_ALIGNMENT_16=y

CONFIG_X86_USE_PPRO_CHECKSUM=y

CONFIG_X86_USE_3DNOW=y

# CONFIG_HPET_TIMER is not set

# CONFIG_SMP is not set

# CONFIG_PREEMPT is not set

# CONFIG_X86_UP_APIC is not set

CONFIG_X86_TSC=y

# CONFIG_X86_MCE is not set

# CONFIG_TOSHIBA is not set

# CONFIG_I8K is not set

# CONFIG_MICROCODE is not set

CONFIG_X86_MSR=y

# CONFIG_X86_CPUID is not set

#

# Firmware Drivers

#

# CONFIG_EDD is not set

CONFIG_NOHIGHMEM=y

# CONFIG_HIGHMEM4G is not set

# CONFIG_HIGHMEM64G is not set

# CONFIG_MATH_EMULATION is not set

CONFIG_MTRR=y

# CONFIG_EFI is not set

# CONFIG_REGPARM is not set

#

# Performance-monitoring counters support

#

# CONFIG_PERFCTR is not set

# CONFIG_KEXEC is not set

#

# Power management options (ACPI, APM)

#

CONFIG_PM=y

# CONFIG_PM_DEBUG is not set

# CONFIG_SOFTWARE_SUSPEND is not set

#

# ACPI (Advanced Configuration and Power Interface) Support

#

CONFIG_ACPI=y

CONFIG_ACPI_BOOT=y

CONFIG_ACPI_INTERPRETER=y

# CONFIG_ACPI_SLEEP is not set

# CONFIG_ACPI_AC is not set

# CONFIG_ACPI_BATTERY is not set

CONFIG_ACPI_BUTTON=y

CONFIG_ACPI_FAN=y

CONFIG_ACPI_PROCESSOR=y

CONFIG_ACPI_THERMAL=y

# CONFIG_ACPI_ASUS is not set

# CONFIG_ACPI_TOSHIBA is not set

# CONFIG_ACPI_DEBUG is not set

CONFIG_ACPI_BUS=y

CONFIG_ACPI_EC=y

CONFIG_ACPI_POWER=y

CONFIG_ACPI_PCI=y

CONFIG_ACPI_SYSTEM=y

# CONFIG_X86_PM_TIMER is not set

#

# APM (Advanced Power Management) BIOS Support

#

# CONFIG_APM is not set

#

# CPU Frequency scaling

#

CONFIG_CPU_FREQ=y

# CONFIG_CPU_FREQ_PROC_INTF is not set

CONFIG_CPU_FREQ_DEFAULT_GOV_PERFORMANCE=y

# CONFIG_CPU_FREQ_DEFAULT_GOV_USERSPACE is not set

CONFIG_CPU_FREQ_GOV_PERFORMANCE=y

CONFIG_CPU_FREQ_GOV_POWERSAVE=y

CONFIG_CPU_FREQ_GOV_USERSPACE=y

# CONFIG_CPU_FREQ_GOV_ONDEMAND is not set

# CONFIG_CPU_FREQ_24_API is not set

CONFIG_CPU_FREQ_TABLE=y

#

# CPUFreq processor drivers

#

# CONFIG_X86_ACPI_CPUFREQ is not set

# CONFIG_X86_POWERNOW_K6 is not set

# CONFIG_X86_POWERNOW_K7 is not set

# CONFIG_X86_POWERNOW_K8 is not set

# CONFIG_X86_GX_SUSPMOD is not set

# CONFIG_X86_SPEEDSTEP_CENTRINO is not set

# CONFIG_X86_SPEEDSTEP_ICH is not set

# CONFIG_X86_SPEEDSTEP_SMI is not set

# CONFIG_X86_P4_CLOCKMOD is not set

# CONFIG_X86_CPUFREQ_NFORCE2 is not set

# CONFIG_X86_LONGRUN is not set

CONFIG_X86_LONGHAUL=y

#

# Bus options (PCI, PCMCIA, EISA, MCA, ISA)

#

CONFIG_PCI=y

# CONFIG_PCI_GOBIOS is not set

# CONFIG_PCI_GOMMCONFIG is not set

# CONFIG_PCI_GODIRECT is not set

CONFIG_PCI_GOANY=y

CONFIG_PCI_BIOS=y

CONFIG_PCI_DIRECT=y

CONFIG_PCI_MMCONFIG=y

# CONFIG_PCI_LEGACY_PROC is not set

# CONFIG_PCI_NAMES is not set

CONFIG_ISA=y

# CONFIG_EISA is not set

# CONFIG_MCA is not set

# CONFIG_SCx200 is not set

#

# Executable file formats

#

CONFIG_BINFMT_ELF=y

# CONFIG_BINFMT_AOUT is not set

# CONFIG_BINFMT_MISC is not set

#

# Device Drivers

#

#

# Generic Driver Options

#

CONFIG_STANDALONE=y

CONFIG_PREVENT_FIRMWARE_BUILD=y

#

# Memory Technology Devices (MTD)

#

# CONFIG_MTD is not set

#

# Parallel port support

#

# CONFIG_PARPORT is not set

#

# Plug and Play support

#

# CONFIG_PNP is not set

#

# Block devices

#

# CONFIG_BLK_DEV_FD is not set

# CONFIG_BLK_DEV_XD is not set

# CONFIG_BLK_CPQ_DA is not set

# CONFIG_BLK_CPQ_CISS_DA is not set

# CONFIG_BLK_DEV_DAC960 is not set

# CONFIG_BLK_DEV_UMEM is not set

# CONFIG_BLK_DEV_LOOP is not set

# CONFIG_BLK_DEV_NBD is not set

# CONFIG_BLK_DEV_SX8 is not set

# CONFIG_BLK_DEV_RAM is not set

# CONFIG_LBD is not set

# CONFIG_CDROM_PKTCDVD is not set

#

# ATA/ATAPI/MFM/RLL support

#

CONFIG_IDE=y

CONFIG_BLK_DEV_IDE=y

#

# Please see Documentation/ide.txt for help/info on IDE drives

#

# CONFIG_BLK_DEV_IDE_SATA is not set

# CONFIG_BLK_DEV_HD_IDE is not set

CONFIG_BLK_DEV_IDEDISK=y

CONFIG_IDEDISK_MULTI_MODE=y

# CONFIG_BLK_DEV_IDECD is not set

# CONFIG_BLK_DEV_IDETAPE is not set

# CONFIG_BLK_DEV_IDEFLOPPY is not set

# CONFIG_IDE_TASK_IOCTL is not set

CONFIG_IDE_TASKFILE_IO=y

#

# IDE chipset support/bugfixes

#

# CONFIG_IDE_GENERIC is not set

# CONFIG_BLK_DEV_CMD640 is not set

CONFIG_BLK_DEV_IDEPCI=y

CONFIG_IDEPCI_SHARE_IRQ=y

# CONFIG_BLK_DEV_OFFBOARD is not set

CONFIG_BLK_DEV_GENERIC=y

# CONFIG_BLK_DEV_OPTI621 is not set

# CONFIG_BLK_DEV_RZ1000 is not set

CONFIG_BLK_DEV_IDEDMA_PCI=y

# CONFIG_BLK_DEV_IDEDMA_FORCED is not set

CONFIG_IDEDMA_PCI_AUTO=y

# CONFIG_IDEDMA_ONLYDISK is not set

CONFIG_BLK_DEV_ADMA=y

# CONFIG_BLK_DEV_AEC62XX is not set

# CONFIG_BLK_DEV_ALI15X3 is not set

# CONFIG_BLK_DEV_AMD74XX is not set

# CONFIG_BLK_DEV_ATIIXP is not set

# CONFIG_BLK_DEV_CMD64X is not set

# CONFIG_BLK_DEV_TRIFLEX is not set

# CONFIG_BLK_DEV_CY82C693 is not set

# CONFIG_BLK_DEV_CS5520 is not set

# CONFIG_BLK_DEV_CS5530 is not set

# CONFIG_BLK_DEV_HPT34X is not set

# CONFIG_BLK_DEV_HPT366 is not set

# CONFIG_BLK_DEV_SC1200 is not set

# CONFIG_BLK_DEV_PIIX is not set

# CONFIG_BLK_DEV_IT8212 is not set

# CONFIG_BLK_DEV_NS87415 is not set

# CONFIG_BLK_DEV_PDC202XX_OLD is not set

# CONFIG_BLK_DEV_PDC202XX_NEW is not set

# CONFIG_BLK_DEV_SVWKS is not set

# CONFIG_BLK_DEV_SIIMAGE is not set

# CONFIG_BLK_DEV_SIS5513 is not set

# CONFIG_BLK_DEV_SLC90E66 is not set

# CONFIG_BLK_DEV_TRM290 is not set

CONFIG_BLK_DEV_VIA82CXXX=y

# CONFIG_IDE_ARM is not set

# CONFIG_IDE_CHIPSETS is not set

CONFIG_BLK_DEV_IDEDMA=y

# CONFIG_IDEDMA_IVB is not set

CONFIG_IDEDMA_AUTO=y

# CONFIG_BLK_DEV_HD is not set

#

# SCSI device support

#

# CONFIG_SCSI is not set

#

# Old CD-ROM drivers (not SCSI, not IDE)

#

# CONFIG_CD_NO_IDESCSI is not set

#

# Multi-device support (RAID and LVM)

#

# CONFIG_MD is not set

#

# Fusion MPT device support

#

#

# IEEE 1394 (FireWire) support

#

# CONFIG_IEEE1394 is not set

#

# I2O device support

#

# CONFIG_I2O is not set

#

# Networking support

#

CONFIG_NET=y

#

# Networking options

#

CONFIG_PACKET=y

CONFIG_PACKET_MMAP=y

# CONFIG_NETLINK_DEV is not set

CONFIG_UNIX=y

# CONFIG_NET_KEY is not set

CONFIG_INET=y

# CONFIG_IP_MULTICAST is not set

CONFIG_IP_ADVANCED_ROUTER=y

# CONFIG_IP_MULTIPLE_TABLES is not set

# CONFIG_IP_ROUTE_MULTIPATH is not set

# CONFIG_IP_ROUTE_TOS is not set

# CONFIG_IP_ROUTE_VERBOSE is not set

# CONFIG_IP_PNP is not set

# CONFIG_NET_IPIP is not set

# CONFIG_NET_IPGRE is not set

# CONFIG_ARPD is not set

CONFIG_SYN_COOKIES=y

# CONFIG_INET_AH is not set

# CONFIG_INET_ESP is not set

# CONFIG_INET_IPCOMP is not set

# CONFIG_INET_TUNNEL is not set

#

# IP: Virtual Server Configuration

#

# CONFIG_IP_VS is not set

# CONFIG_IPV6 is not set

CONFIG_NETFILTER=y

# CONFIG_NETFILTER_DEBUG is not set

#

# IP: Netfilter Configuration

#

CONFIG_IP_NF_CONNTRACK=y

CONFIG_IP_NF_FTP=y

CONFIG_IP_NF_IRC=y

# CONFIG_IP_NF_TFTP is not set

# CONFIG_IP_NF_AMANDA is not set

# CONFIG_IP_NF_QUEUE is not set

CONFIG_IP_NF_IPTABLES=y

CONFIG_IP_NF_MATCH_LIMIT=y

CONFIG_IP_NF_MATCH_IPRANGE=y

CONFIG_IP_NF_MATCH_MAC=y

# CONFIG_IP_NF_MATCH_PKTTYPE is not set

# CONFIG_IP_NF_MATCH_MARK is not set

CONFIG_IP_NF_MATCH_MULTIPORT=y

# CONFIG_IP_NF_MATCH_TOS is not set

# CONFIG_IP_NF_MATCH_RECENT is not set

# CONFIG_IP_NF_MATCH_ECN is not set

# CONFIG_IP_NF_MATCH_DSCP is not set

# CONFIG_IP_NF_MATCH_AH_ESP is not set

# CONFIG_IP_NF_MATCH_LENGTH is not set

# CONFIG_IP_NF_MATCH_TTL is not set

# CONFIG_IP_NF_MATCH_TCPMSS is not set

# CONFIG_IP_NF_MATCH_HELPER is not set

CONFIG_IP_NF_MATCH_STATE=y

CONFIG_IP_NF_MATCH_CONNTRACK=y

# CONFIG_IP_NF_MATCH_OWNER is not set

CONFIG_IP_NF_FILTER=y

CONFIG_IP_NF_TARGET_REJECT=y

CONFIG_IP_NF_NAT=y

CONFIG_IP_NF_NAT_NEEDED=y

CONFIG_IP_NF_TARGET_MASQUERADE=y

# CONFIG_IP_NF_TARGET_REDIRECT is not set

# CONFIG_IP_NF_TARGET_NETMAP is not set

# CONFIG_IP_NF_TARGET_SAME is not set

# CONFIG_IP_NF_NAT_LOCAL is not set

# CONFIG_IP_NF_NAT_SNMP_BASIC is not set

CONFIG_IP_NF_NAT_IRC=y

CONFIG_IP_NF_NAT_FTP=y

CONFIG_IP_NF_MANGLE=y

# CONFIG_IP_NF_TARGET_TOS is not set

# CONFIG_IP_NF_TARGET_ECN is not set

# CONFIG_IP_NF_TARGET_DSCP is not set

CONFIG_IP_NF_TARGET_MARK=y

# CONFIG_IP_NF_TARGET_CLASSIFY is not set

CONFIG_IP_NF_TARGET_LOG=y

# CONFIG_IP_NF_TARGET_ULOG is not set

# CONFIG_IP_NF_TARGET_TCPMSS is not set

# CONFIG_IP_NF_ARPTABLES is not set

# CONFIG_IP_NF_RAW is not set

# CONFIG_IP_NF_MATCH_ADDRTYPE is not set

# CONFIG_IP_NF_MATCH_REALM is not set

# CONFIG_IP_NF_CT_ACCT is not set

# CONFIG_IP_NF_MATCH_SCTP is not set

# CONFIG_IP_NF_CT_PROTO_SCTP is not set

#

# SCTP Configuration (EXPERIMENTAL)

#

# CONFIG_IP_SCTP is not set

# CONFIG_ATM is not set

# CONFIG_BRIDGE is not set

# CONFIG_VLAN_8021Q is not set

# CONFIG_DECNET is not set

# CONFIG_LLC2 is not set

# CONFIG_IPX is not set

# CONFIG_ATALK is not set

# CONFIG_X25 is not set

# CONFIG_LAPB is not set

# CONFIG_NET_DIVERT is not set

# CONFIG_ECONET is not set

# CONFIG_WAN_ROUTER is not set

# CONFIG_NET_HW_FLOWCONTROL is not set

#

# QoS and/or fair queueing

#

CONFIG_NET_SCHED=y

# CONFIG_NET_SCH_CLK_JIFFIES is not set

CONFIG_NET_SCH_CLK_GETTIMEOFDAY=y

# CONFIG_NET_SCH_CLK_CPU is not set

CONFIG_NET_SCH_CBQ=y

CONFIG_NET_SCH_HTB=y

CONFIG_NET_SCH_HFSC=y

CONFIG_NET_SCH_PRIO=y

CONFIG_NET_SCH_RED=y

CONFIG_NET_SCH_SFQ=y

# CONFIG_NET_SCH_TEQL is not set

# CONFIG_NET_SCH_TBF is not set

# CONFIG_NET_SCH_GRED is not set

# CONFIG_NET_SCH_DSMARK is not set

# CONFIG_NET_SCH_NETEM is not set

CONFIG_NET_SCH_INGRESS=y

CONFIG_NET_QOS=y

CONFIG_NET_ESTIMATOR=y

CONFIG_NET_CLS=y

# CONFIG_NET_CLS_TCINDEX is not set

# CONFIG_NET_CLS_ROUTE4 is not set

# CONFIG_NET_CLS_ROUTE is not set

# CONFIG_NET_CLS_FW is not set

CONFIG_NET_CLS_U32=y

# CONFIG_CLS_U32_PERF is not set

# CONFIG_NET_CLS_IND is not set

# CONFIG_NET_CLS_RSVP is not set

# CONFIG_NET_CLS_RSVP6 is not set

# CONFIG_NET_CLS_ACT is not set

CONFIG_NET_CLS_POLICE=y

#

# Network testing

#

# CONFIG_NET_PKTGEN is not set

# CONFIG_KGDBOE is not set

# CONFIG_NETPOLL is not set

# CONFIG_NETPOLL_RX is not set

# CONFIG_NETPOLL_TRAP is not set

# CONFIG_NET_POLL_CONTROLLER is not set

# CONFIG_HAMRADIO is not set

# CONFIG_IRDA is not set

# CONFIG_BT is not set

CONFIG_NETDEVICES=y

# CONFIG_DUMMY is not set

# CONFIG_BONDING is not set

# CONFIG_EQUALIZER is not set

# CONFIG_TUN is not set

#

# ARCnet devices

#

# CONFIG_ARCNET is not set

#

# Ethernet (10 or 100Mbit)

#

CONFIG_NET_ETHERNET=y

CONFIG_MII=y

# CONFIG_HAPPYMEAL is not set

# CONFIG_SUNGEM is not set

# CONFIG_NET_VENDOR_3COM is not set

# CONFIG_LANCE is not set

# CONFIG_NET_VENDOR_SMC is not set

# CONFIG_NET_VENDOR_RACAL is not set

#

# Tulip family network device support

#

# CONFIG_NET_TULIP is not set

# CONFIG_AT1700 is not set

# CONFIG_DEPCA is not set

# CONFIG_HP100 is not set

# CONFIG_NET_ISA is not set

CONFIG_NET_PCI=y

# CONFIG_PCNET32 is not set

# CONFIG_AMD8111_ETH is not set

# CONFIG_ADAPTEC_STARFIRE is not set

# CONFIG_AC3200 is not set

# CONFIG_APRICOT is not set

# CONFIG_B44 is not set

# CONFIG_FORCEDETH is not set

# CONFIG_CS89x0 is not set

# CONFIG_DGRS is not set

# CONFIG_EEPRO100 is not set

CONFIG_E100=y

CONFIG_E100_NAPI=y

# CONFIG_FEALNX is not set

# CONFIG_NATSEMI is not set

# CONFIG_NE2K_PCI is not set

# CONFIG_8139CP is not set

# CONFIG_8139TOO is not set

# CONFIG_SIS900 is not set

# CONFIG_EPIC100 is not set

# CONFIG_SUNDANCE is not set

# CONFIG_TLAN is not set

CONFIG_VIA_RHINE=y

# CONFIG_VIA_RHINE_MMIO is not set

# CONFIG_VIA_VELOCITY is not set

# CONFIG_NET_POCKET is not set

#

# Ethernet (1000 Mbit)

#

# CONFIG_ACENIC is not set

# CONFIG_DL2K is not set

# CONFIG_E1000 is not set

# CONFIG_NS83820 is not set

# CONFIG_HAMACHI is not set

# CONFIG_YELLOWFIN is not set

# CONFIG_R8169 is not set

# CONFIG_SK98LIN is not set

# CONFIG_TIGON3 is not set

#

# Ethernet (10000 Mbit)

#

# CONFIG_IXGB is not set

# CONFIG_S2IO is not set

#

# Token Ring devices

#

# CONFIG_TR is not set

#

# Wireless LAN (non-hamradio)

#

# CONFIG_NET_RADIO is not set

#

# Wan interfaces

#

# CONFIG_WAN is not set

# CONFIG_FDDI is not set

# CONFIG_HIPPI is not set

# CONFIG_PPP is not set

# CONFIG_SLIP is not set

# CONFIG_SHAPER is not set

# CONFIG_NETCONSOLE is not set

#

# ISDN subsystem

#

# CONFIG_ISDN is not set

#

# Telephony Support

#

# CONFIG_PHONE is not set

#

# Input device support

#

CONFIG_INPUT=y

#

# Userland interfaces

#

# CONFIG_INPUT_MOUSEDEV is not set

# CONFIG_INPUT_JOYDEV is not set

# CONFIG_INPUT_TSDEV is not set

# CONFIG_INPUT_EVDEV is not set

# CONFIG_INPUT_EVBUG is not set

#

# Input I/O drivers

#

# CONFIG_GAMEPORT is not set

CONFIG_SOUND_GAMEPORT=y

CONFIG_SERIO=y

CONFIG_SERIO_I8042=y

# CONFIG_SERIO_SERPORT is not set

# CONFIG_SERIO_CT82C710 is not set

# CONFIG_SERIO_PCIPS2 is not set

# CONFIG_SERIO_RAW is not set

#

# Input Device Drivers

#

CONFIG_INPUT_KEYBOARD=y

CONFIG_KEYBOARD_ATKBD=y

# CONFIG_KEYBOARD_SUNKBD is not set

# CONFIG_KEYBOARD_LKKBD is not set

# CONFIG_KEYBOARD_XTKBD is not set

# CONFIG_KEYBOARD_NEWTON is not set

# CONFIG_INPUT_MOUSE is not set

# CONFIG_INPUT_JOYSTICK is not set

# CONFIG_INPUT_TOUCHSCREEN is not set

CONFIG_INPUT_MISC=y

CONFIG_INPUT_PCSPKR=y

# CONFIG_INPUT_UINPUT is not set

#

# Character devices

#

CONFIG_VT=y

CONFIG_VT_CONSOLE=y

CONFIG_HW_CONSOLE=y

# CONFIG_SERIAL_NONSTANDARD is not set

#

# Serial drivers

#

# CONFIG_SERIAL_8250 is not set

#

# Non-8250 serial port support

#

CONFIG_UNIX98_PTYS=y

# CONFIG_LEGACY_PTYS is not set

# CONFIG_QIC02_TAPE is not set

#

# IPMI

#

# CONFIG_IPMI_HANDLER is not set

#

# Watchdog Cards

#

# CONFIG_WATCHDOG is not set

CONFIG_HW_RANDOM=y

# CONFIG_NVRAM is not set

CONFIG_RTC=y

# CONFIG_DTLK is not set

# CONFIG_R3964 is not set

# CONFIG_APPLICOM is not set

# CONFIG_SONYPI is not set

#

# Ftape, the floppy tape device driver

#

# CONFIG_FTAPE is not set

CONFIG_AGP=y

# CONFIG_AGP_ALI is not set

# CONFIG_AGP_ATI is not set

# CONFIG_AGP_AMD is not set

# CONFIG_AGP_AMD64 is not set

# CONFIG_AGP_INTEL is not set

# CONFIG_AGP_INTEL_MCH is not set

# CONFIG_AGP_NVIDIA is not set

# CONFIG_AGP_SIS is not set

# CONFIG_AGP_SWORKS is not set

CONFIG_AGP_VIA=y

# CONFIG_AGP_EFFICEON is not set

# CONFIG_DRM is not set

# CONFIG_MWAVE is not set

# CONFIG_RAW_DRIVER is not set

# CONFIG_HPET is not set

# CONFIG_HANGCHECK_TIMER is not set

#

# I2C support

#

# CONFIG_I2C is not set

#

# Dallas's 1-wire bus

#

# CONFIG_W1 is not set

#

# Misc devices

#

# CONFIG_IBM_ASM is not set

#

# Multimedia devices

#

# CONFIG_VIDEO_DEV is not set

#

# Digital Video Broadcasting Devices

#

# CONFIG_DVB is not set

#

# Graphics support

#

# CONFIG_FB is not set

# CONFIG_VIDEO_SELECT is not set

#

# Console display driver support

#

CONFIG_VGA_CONSOLE=y

# CONFIG_MDA_CONSOLE is not set

CONFIG_DUMMY_CONSOLE=y

#

# Sound

#

# CONFIG_SOUND is not set

#

# USB support

#

# CONFIG_USB is not set

#

# USB Gadget Support

#

# CONFIG_USB_GADGET is not set

#

# File systems

#

CONFIG_EXT2_FS=m

# CONFIG_EXT2_FS_XATTR is not set

# CONFIG_EXT3_FS is not set

# CONFIG_JBD is not set

# CONFIG_REISER4_FS is not set

CONFIG_REISERFS_FS=y

# CONFIG_REISERFS_CHECK is not set

# CONFIG_REISERFS_PROC_INFO is not set

# CONFIG_REISERFS_FS_XATTR is not set

# CONFIG_JFS_FS is not set

# CONFIG_XFS_FS is not set

# CONFIG_MINIX_FS is not set

# CONFIG_ROMFS_FS is not set

# CONFIG_QUOTA is not set

# CONFIG_AUTOFS_FS is not set

# CONFIG_AUTOFS4_FS is not set

#

# CD-ROM/DVD Filesystems

#

# CONFIG_ISO9660_FS is not set

# CONFIG_UDF_FS is not set

#

# DOS/FAT/NT Filesystems

#

# CONFIG_MSDOS_FS is not set

# CONFIG_VFAT_FS is not set

# CONFIG_NTFS_FS is not set

#

# Pseudo filesystems

#

CONFIG_PROC_FS=y

CONFIG_PROC_KCORE=y

CONFIG_SYSFS=y

CONFIG_DEVFS_FS=y

CONFIG_DEVFS_MOUNT=y

# CONFIG_DEVFS_DEBUG is not set

# CONFIG_DEVPTS_FS_XATTR is not set

# CONFIG_TMPFS is not set

# CONFIG_HUGETLBFS is not set

# CONFIG_HUGETLB_PAGE is not set

CONFIG_RAMFS=y

#

# Miscellaneous filesystems

#

# CONFIG_ADFS_FS is not set

# CONFIG_AFFS_FS is not set

# CONFIG_HFS_FS is not set

# CONFIG_HFSPLUS_FS is not set

# CONFIG_BEFS_FS is not set

# CONFIG_BFS_FS is not set

# CONFIG_EFS_FS is not set

# CONFIG_CRAMFS is not set

# CONFIG_VXFS_FS is not set

# CONFIG_HPFS_FS is not set

# CONFIG_QNX4FS_FS is not set

# CONFIG_SYSV_FS is not set

# CONFIG_UFS_FS is not set

#

# Network File Systems

#

# CONFIG_NFS_FS is not set

# CONFIG_NFSD is not set

# CONFIG_EXPORTFS is not set

# CONFIG_SMB_FS is not set

# CONFIG_CIFS is not set

# CONFIG_NCP_FS is not set

# CONFIG_CODA_FS is not set

# CONFIG_AFS_FS is not set

#

# Partition Types

#

# CONFIG_PARTITION_ADVANCED is not set

CONFIG_MSDOS_PARTITION=y

#

# Native Language Support

#

# CONFIG_NLS is not set

#

# Profiling support

#

# CONFIG_PROFILING is not set

#

# Kernel hacking

#

# CONFIG_DEBUG_KERNEL is not set

# CONFIG_FRAME_POINTER is not set

# CONFIG_EARLY_PRINTK is not set

# CONFIG_4KSTACKS is not set

#

# Security options

#

# CONFIG_KEYS is not set

# CONFIG_SECURITY is not set

#

# Cryptographic options

#

# CONFIG_CRYPTO is not set

#

# Library routines

#

# CONFIG_CRC_CCITT is not set

CONFIG_CRC32=y

# CONFIG_LIBCRC32C is not set

CONFIG_X86_BIOS_REBOOT=y

```

wondershaper

```

#!/bin/bash

# Wonder Shaper

# please read the README before filling out these values

#

# Set the following values to somewhat less than your actual download

# and uplink speed. In kilobits. Also set the device that is to be shaped.

DOWNLINK=1260

UPLINK=205

DEV=eth0

# low priority OUTGOING traffic - you can leave this blank if you want

# low priority source netmasks

NOPRIOHOSTSRC=80

# low priority destination netmasks

NOPRIOHOSTDST=

# low priority source ports

NOPRIOPORTSRC=

# low priority destination ports

NOPRIOPORTDST=

# Now remove the following two lines :-)

#echo Please read the documentation in 'README' first :-\)

#exit

#########################################################

if [ "$1" = "status" ]

then

        tc -s qdisc ls dev $DEV

        tc -s class ls dev $DEV

        exit

fi

# clean existing down- and uplink qdiscs, hide errors

tc qdisc del dev $DEV root    2> /dev/null > /dev/null

tc qdisc del dev $DEV ingress 2> /dev/null > /dev/null

if [ "$1" = "stop" ]

then

        exit

fi

###### uplink

# install root CBQ

tc qdisc add dev $DEV root handle 1: cbq avpkt 1000 bandwidth 10mbit

# shape everything at $UPLINK speed - this prevents huge queues in your

# DSL modem which destroy latency:

# main class

tc class add dev $DEV parent 1: classid 1:1 cbq rate ${UPLINK}kbit \

allot 1500 prio 5 bounded isolated

# high prio class 1:10:

tc class add dev $DEV parent 1:1 classid 1:10 cbq rate ${UPLINK}kbit \

   allot 1600 prio 1 avpkt 1000

# bulk and default class 1:20 - gets slightly less traffic,

#  and a lower priority:

tc class add dev $DEV parent 1:1 classid 1:20 cbq rate $[9*$UPLINK/10]kbit \

   allot 1600 prio 2 avpkt 1000

# 'traffic we hate'

tc class add dev $DEV parent 1:1 classid 1:30 cbq rate $[8*$UPLINK/10]kbit \

   allot 1600 prio 2 avpkt 1000

# all get Stochastic Fairness:

tc qdisc add dev $DEV parent 1:10 handle 10: sfq perturb 10

tc qdisc add dev $DEV parent 1:20 handle 20: sfq perturb 10

tc qdisc add dev $DEV parent 1:30 handle 30: sfq perturb 10

# start filters

# TOS Minimum Delay (ssh, NOT scp) in 1:10:

tc filter add dev $DEV parent 1:0 protocol ip prio 10 u32 \

      match ip tos 0x10 0xff  flowid 1:10

# ICMP (ip protocol 1) in the interactive class 1:10 so we

# can do measurements & impress our friends:

tc filter add dev $DEV parent 1:0 protocol ip prio 11 u32 \

        match ip protocol 1 0xff flowid 1:10

# prioritize small packets (<64 bytes)

tc filter add dev $DEV parent 1: protocol ip prio 12 u32 \

   match ip protocol 6 0xff \

   match u8 0x05 0x0f at 0 \

   match u16 0x0000 0xffc0 at 2 \

   flowid 1:10

# some traffic however suffers a worse fate

for a in $NOPRIOPORTDST

do

        tc filter add dev $DEV parent 1: protocol ip prio 14 u32 \

           match ip dport $a 0xffff flowid 1:30

done

for a in $NOPRIOPORTSRC

do

        tc filter add dev $DEV parent 1: protocol ip prio 15 u32 \

           match ip sport $a 0xffff flowid 1:30

done

for a in $NOPRIOHOSTSRC

do

        tc filter add dev $DEV parent 1: protocol ip prio 16 u32 \

           match ip src $a flowid 1:30

done

for a in $NOPRIOHOSTDST

do

        tc filter add dev $DEV parent 1: protocol ip prio 17 u32 \

           match ip dst $a flowid 1:30

done

# rest is 'non-interactive' ie 'bulk' and ends up in 1:20

tc filter add dev $DEV parent 1: protocol ip prio 18 u32 \

   match ip dst 0.0.0.0/0 flowid 1:20

########## downlink #############

# slow downloads down to somewhat less than the real speed  to prevent

# queuing at our ISP. Tune to see how high you can set it.

# ISPs tend to have *huge* queues to make sure big downloads are fast

#

# attach ingress policer:

tc qdisc add dev $DEV handle ffff: ingress

# filter *everything* to it (0.0.0.0/0), drop everything that's

# coming in too fast:

tc filter add dev $DEV parent ffff: protocol ip prio 50 u32 match ip src \

   0.0.0.0/0 police rate ${DOWNLINK}kbit burst 10k drop flowid :1

```

Note to mods:  If this would be better in networking please move it.

----------

## Safrax

Bump

----------

## original_PQ

This is a known bug which is not yet fixed in the stable version.

http://lkml.org/lkml/2004/8/15/98

I have 2.6.8.1, paniced, applied the patch, no panic. I guess the latest pre/rc/snapshot has it fixed too.

----------

## Safrax

I'll give this a try, thanks for the link.

----------

## Safrax

Still doesn't fix the panic, it just makes it take a bit longer to happen.

----------

## DocterD

Use the latest Love Sources. They include the QoS Patch.

Edit: I've uploaded only the Patch for you

http://home.arcor.de/collinso/Patches/qos-fix.patch

----------

## Safrax

Thanks DocterD but I've already applied the patch.  It helps in that instead of dying a few minutes after I enable the wondershaper script it dies an hour or so after enabling.  I'm trying to get some kind of bugreport I can post to the kernel mailing list but whenever the crashes happen I just get a hex series of stuff.

Testing 2.6.8.1-love1.. so far so good.

----------

## C.M

Did the Love-kernel work? Hope the patch makes it into the gentoo-dev-sources soon.   :Sad: 

----------

## Safrax

Yeah love sources did work.

----------

## perseguidor

I get the same panics on gentoo-dev-sources-2.6.8-r4, but 2.6.8.1-ck9 don't seem to have this problem at all. Just letting you know.

----------

## Petyr

Was this bug fixed in 2.6.9? I recently bumped my system from 2.6.5 to 2.6.9-r4 and it started crashing on me after a couple hours. I have QoS stuff going and mad BT downloads. I started thinking something was wrong with my hardware but after seeing this...

Regards,

Petyr

----------

