Ipfw: pullup failed
-
Can anyone help me i keep on seeing this error? is this has an effect on my network slowdown?
ipfw: pullup failed
ipfw: pullup failed
ipfw: pullup failed
ipfw: pullup failed
ipfw: pullup failed
ipfw: pullup failed
ipfw: pullup failed
ipfw: pullup failed
ipfw: pullup failedi kept seeing this on my pfsense box.
i can provide additional information -
From the ipfw man page:
"There are circumstances where fragmented datagrams are unconditionally dropped. TCP packets are dropped if they do not contain at least 20 bytes of TCP header, UDP packets are dropped if they do not contain a full 8 byte UDP header, and ICMP packets are dropped if they do not contain 4 bytes of ICMP header, enough to specify the ICMP type, code, and checksum. These packets are simply logged as "pullup failed'' since there may not be enough good data in the packet to produce a meaningful log entry."
The IPFW message implies that you are seeing low-level network problems with truncated packets. What does netstat -i and netstat -s | grep frag show?
-
Wow, thanks for the meaningfull info. so in that case is this fine? i have attached the screenshot of netstat -s
-
Run it from pfSense, not from your Windows box.
-
@KOM:
Run it from pfSense, not from your Windows box.
Will this help?and we are getting a very slow internet throughout, im thinking that my LAN card is already broken
| tcp:
6289138 packets sent
2732264 data packets (287772502 bytes)
2777 data packets (1631446 bytes) retransmitted
61 data packets unnecessarily retransmitted
0 resends initiated by MTU discovery
3321026 ack-only packets (0 delayed)
0 URG only packets
0 window probe packets
0 window update packets
233461 control packets
6274463 packets received
3003033 acks (for 287200544 bytes)
157645 duplicate acks
0 acks for unsent data
3095058 packets (281010761 bytes) received in-sequence
1314 completely duplicate packets (457477 bytes)
8 old duplicate packets
2 packets with some dup. data (626 bytes duped)
378 out-of-order packets (108303 bytes)
9 packets (0 bytes) of data after window
0 window probes
36 window update packets
1092 packets received after close
0 discarded for bad checksums
0 discarded for bad header offset fields
0 discarded because packet too short
0 discarded due to memory problems
12398 connection requests
209774 connection accepts
0 bad connection attempts
0 listen queue overflows
295 ignored RSTs in the windows
222152 connections established (including accepts)
223042 connections closed (including 12220 drops)
1818 connections updated cached RTT on close
1853 connections updated cached RTT variance on close
959 connections updated cached ssthresh on close
63 embryonic connections dropped
2764628 segments updated rtt (of 2743764 attempts)
3198 retransmit timeouts
89 connections dropped by rexmit timeout
0 persist timeouts
0 connections dropped by persist timeout
0 Connections (fin_wait_2) dropped because of timeout
139 keepalive timeouts
118 keepalive probes sent
21 connections dropped by keepalive
1594451 correct ACK header predictions
1988824 correct data packet header predictions
209773 syncache entries added
619 retransmitted
817 dupsyn
31 dropped
209774 completed
0 bucket overflow
0 cache overflow
6 reset
10 stale
55 aborted
0 badack
0 unreach
0 zone failures
209804 cookies sent
72 cookies received
38 hostcache entries added
0 bucket overflow
12 SACK recovery episodes
76 segment rexmits in SACK recovery episodes
107457 byte rexmits in SACK recovery episodes
2136 SACK options (SACK blocks) received
170 SACK options (SACK blocks) sent
0 SACK scoreboard overflow
0 packets with ECN CE bit set
0 packets with ECN ECT(0) bit set
0 packets with ECN ECT(1) bit set
0 successful ECN handshakes
0 times ECN reduced the congestion window
0 packets with valid tcp-md5 signature received
0 packets with invalid tcp-md5 signature received
0 packets with tcp-md5 signature mismatch
0 packets with unexpected tcp-md5 signature received
0 packets without expected tcp-md5 signature received
udp:
414943 datagrams received
0 with incomplete header
0 with bad data length field
0 with bad checksum
0 with no checksum
14044 dropped due to no socket
157574 broadcast/multicast datagrams undelivered
0 dropped due to full socket buffers
0 not for hashed pcb
243325 delivered
235923 datagrams output
0 times multicast source filter matched
sctp:
0 input packets
0 datagrams
0 packets that had data
0 input SACK chunks
0 input DATA chunks
0 duplicate DATA chunks
0 input HB chunks
0 HB-ACK chunks
0 input ECNE chunks
0 input AUTH chunks
0 chunks missing AUTH
0 invalid HMAC ids received
0 invalid secret ids received
0 auth failed
0 fast path receives all one chunk
0 fast path multi-part data
0 output packets
0 output SACKs
0 output DATA chunks
0 retransmitted DATA chunks
0 fast retransmitted DATA chunks
0 FR's that happened more than once to same chunk
0 output HB chunks
0 output ECNE chunks
0 output AUTH chunks
0 ip_output error counter
Packet drop statistics:
0 from middle box
0 from end host
0 with data
0 non-data, non-endhost
0 non-endhost, bandwidth rep only
0 not enough for chunk header
0 not enough data to confirm
0 where process_chunk_drop said break
0 failed to find TSN
0 attempt reverse TSN lookup
0 e-host confirms zero-rwnd
0 midbox confirms no space
0 data did not match TSN
0 TSN's marked for Fast Retran
Timeouts:
0 iterator timers fired
0 T3 data time outs
0 window probe (T3) timers fired
0 INIT timers fired
0 sack timers fired
0 shutdown timers fired
0 heartbeat timers fired
0 a cookie timeout fired
0 an endpoint changed its cookiesecret
0 PMTU timers fired
0 shutdown ack timers fired
0 shutdown guard timers fired
0 stream reset timers fired
0 early FR timers fired
0 an asconf timer fired
0 auto close timer fired
0 asoc free timers expired
0 inp free timers expired
0 packet shorter than header
0 checksum error
0 no endpoint for port
0 bad v-tag
0 bad SID
0 no memory
0 number of multiple FR in a RTT window
0 RFC813 allowed sending
0 RFC813 does not allow sending
0 times max burst prohibited sending
0 look ahead tells us no memory in interface
0 numbers of window probes sent
0 times an output error to clamp down on next user send
0 times sctp_senderrors were caused from a user
0 number of in data drops due to chunk limit reached
0 number of in data drops due to rwnd limit reached
0 times a ECN reduced the cwnd
0 used express lookup via vtag
0 collision in express lookup
0 times the sender ran dry of user data on primary
0 same for above
0 sacks the slow way
0 window update only sacks sent
0 sends with sinfo_flags !=0
0 unordered sends
0 sends with EOF flag set
0 sends with ABORT flag set
0 times protocol drain called
0 times we did a protocol drain
0 times recv was called with peek
0 cached chunks used
0 cached stream oq's used
0 unread messages abandonded by close
0 send burst avoidance, already max burst inflight to net
0 send cwnd full avoidance, already max burst inflight to net
0 number of map array over-runs via fwd-tsn's
ip:
52119993 total packets received
2 bad header checksums
0 with size smaller than minimum
0 with data size < data length
0 with ip length > max ip packet size
0 with header length < data size
0 with data length < header length
0 with bad options
0 with incorrect version number
0 fragments received
0 fragments dropped (dup or out of space)
0 fragments dropped after timeout
0 packets reassembled ok
6904891 packets for this host
1 packet for unknown/unsupported protocol
21931990 packets forwarded (0 packets fast forwarded)
2804 packets not forwardable
0 packets received for unknown multicast group
0 redirects sent
6748199 packets sent from this host
0 packets sent with fabricated ip header
0 output packets dropped due to no bufs, etc.
19 output packets discarded due to no route
7 output datagrams fragmented
21 fragments created
0 datagrams that can't be fragmented
0 tunneling packets that can't find gif
0 datagrams with bad address in header
icmp:
2951 calls to icmp_error
0 errors not generated in response to an icmp message
Output histogram:
echo reply: 301
destination unreachable: 2782
time exceeded: 169
0 messages with bad code fields
0 messages less than the minimum length
0 messages with bad checksum
0 messages with bad length
0 multicast echo requests ignored
0 multicast timestamp requests ignored
Input histogram:
echo reply: 214740
destination unreachable: 444
echo: 301
301 message responses generated
0 invalid return addresses
0 no return routes
ICMP address mask responses are disabled
igmp:
1 message received
0 messages received with too few bytes
0 messages received with wrong TTL
0 messages received with bad checksum
1 V1/V2 membership query received
0 V3 membership queries received
0 membership queries received with invalid field(s)
1 general query received
0 group queries received
0 group-source queries received
0 group-source queries dropped
0 membership reports received
0 membership reports received with invalid field(s)
0 membership reports received for groups to which we belong
0 V3 reports received without Router Alert
2 membership reports sent
ipsec:
0 inbound packets violated process security policy
0 inbound packets failed due to insufficient memory
0 invalid inbound packets
0 outbound packets violated process security policy
0 outbound packets with no SA available
0 outbound packets failed due to insufficient memory
0 outbound packets with no route available
0 invalid outbound packets
0 outbound packets with bundled SAs
0 mbufs coalesced during clone
0 clusters coalesced during clone
0 clusters copied during clone
0 mbufs inserted during makespace
ah:
0 packets shorter than header shows
0 packets dropped; protocol family not supported
0 packets dropped; no TDB
0 packets dropped; bad KCR
0 packets dropped; queue full
0 packets dropped; no transform
0 replay counter wraps
0 packets dropped; bad authentication detected
0 packets dropped; bad authentication length
0 possible replay packets detected
0 packets in
0 packets out
0 packets dropped; invalid TDB
0 bytes in
0 bytes out
0 packets dropped; larger than IP_MAXPACKET
0 packets blocked due to policy
0 crypto processing failures
0 tunnel sanity check failures
esp:
0 packets shorter than header shows
0 packets dropped; protocol family not supported
0 packets dropped; no TDB
0 packets dropped; bad KCR
0 packets dropped; queue full
0 packets dropped; no transform
0 packets dropped; bad ilen
0 replay counter wraps
0 packets dropped; bad encryption detected
0 packets dropped; bad authentication detected
0 possible replay packets detected
0 packets in
0 packets out
0 packets dropped; invalid TDB
0 bytes in
0 bytes out
0 packets dropped; larger than IP_MAXPACKET
0 packets blocked due to policy
0 crypto processing failures
0 tunnel sanity check failures
ipcomp:
0 packets shorter than header shows
0 packets dropped; protocol family not supported
0 packets dropped; no TDB
0 packets dropped; bad KCR
0 packets dropped; queue full
0 packets dropped; no transform
0 replay counter wraps
0 packets in
0 packets out
0 packets dropped; invalid TDB
0 bytes in
0 bytes out
0 packets dropped; larger than IP_MAXPACKET
0 packets blocked due to policy
0 crypto processing failures
0 packets sent uncompressed; size < compr. algo. threshold
0 packets sent uncompressed; compression was useless
pim:
0 messages received
0 bytes received
0 messages received with too few bytes
0 messages received with bad checksum
0 messages received with bad version
0 data register messages received
0 data register bytes received
0 data register messages received on wrong iif
0 bad registers received
0 data register messages sent
0 data register bytes sent
carp:
0 packets received (IPv4)
0 packets received (IPv6)
0 packets discarded for wrong TTL
0 packets shorter than header
0 discarded for bad checksums
0 discarded packets with a bad version
0 discarded because packet too short
0 discarded for bad authentication
0 discarded for bad vhid
0 discarded because of a bad address list
0 packets sent (IPv4)
0 packets sent (IPv6)
0 send failed due to mbuf memory error
pfsync:
0 packets received (IPv4)
0 packets received (IPv6)
0 clear all requests received
0 state inserts received
0 state inserted acks received
0 state updates received
0 compressed state updates received
0 uncompressed state requests received
0 state deletes received
0 compressed state deletes received
0 fragment inserts received
0 fragment deletes received
0 bulk update marks received
0 TDB replay counter updates received
0 end of frame marks received
0 packets discarded for bad interface
0 packets discarded for bad ttl
0 packets shorter than header
0 packets discarded for bad version
0 packets discarded for bad HMAC
0 packets discarded for bad action
0 packets discarded for short packet
0 states discarded for bad values
0 stale states
0 failed state lookup/inserts
0 packets sent (IPv4)
0 packets sent (IPv6)
0 clear all requests sent
0 state inserts sent
0 state inserted acks sent
0 state updates sent
0 compressed state updates sent
0 uncompressed state requests sent
0 state deletes sent
0 compressed state deletes sent
0 fragment inserts sent
0 fragment deletes sent
0 bulk update marks sent
0 TDB replay counter updates sent
0 end of frame marks sent
0 failures due to mbuf memory error
0 send errors
arp:
2605 ARP requests sent
25483 ARP replies sent
103700 ARP requests received
1257 ARP replies received
104957 ARP packets received
2984 total packets dropped due to no ARP entry
1458 ARP entrys timed out
0 Duplicate IPs seen
ip6:
1711 total packets received
0 with size smaller than minimum
0 with data size < data length
0 with bad options
0 with incorrect version number
0 fragments received
0 fragments dropped (dup or out of space)
0 fragments dropped after timeout
0 fragments that exceeded limit
0 packets reassembled ok
125 packets for this host
0 packets forwarded
0 packets not forwardable
0 redirects sent
45 packets sent from this host
0 packets sent with fabricated ip header
0 output packets dropped due to no bufs, etc.
81 output packets discarded due to no route
0 output datagrams fragmented
0 fragments created
0 datagrams that can't be fragmented
0 packets that violated scope rules
125 multicast packets which we don't join
Input histogram:
hop by hop: 261
UDP: 1185
ICMP6: 265
Mbuf statistics:
0 one mbuf
1711 one ext mbuf
0 two or more ext mbuf
0 packets whose headers are not contiguous
0 tunneling packets that can't find gif
0 packets discarded because of too many headers
1060 failures of source address selection
source addresses on a non-outgoing I/F
1060 addresses scope=f
Source addresses selection rule applied:
1060 same address
icmp6:
0 calls to icmp6_error
0 errors not generated in response to an icmp6 message
0 errors not generated because of rate limitation
Output histogram:
neighbor solicitation: 21
MLDv2 listener report: 18
0 messages with bad code fields
0 messages < minimum length
0 bad checksums
0 messages with bad length
Input histogram:
router advertisement: 132
neighbor advertisement: 8
Histogram of error messages to be generated:
0 no route
0 administratively prohibited
0 beyond scope
0 address unreachable
0 port unreachable
0 packet too big
0 time exceed transit
0 time exceed reassembly
0 erroneous header field
0 unrecognized next header
0 unrecognized option
0 redirect
0 unknown
0 message responses generated
0 messages with too many ND options
0 messages with bad ND options
0 bad neighbor solicitation messages
0 bad neighbor advertisement messages
0 bad router solicitation messages
0 bad router advertisement messages
0 bad redirect messages
0 path MTU changes
ipsec6:
0 inbound packets violated process security policy
0 inbound packets failed due to insufficient memory
0 invalid inbound packets
0 outbound packets violated process security policy
0 outbound packets with no SA available
0 outbound packets failed due to insufficient memory
0 outbound packets with no route available
0 invalid outbound packets
0 outbound packets with bundled SAs
0 mbufs coalesced during clone
0 clusters coalesced during clone
0 clusters copied during clone
0 mbufs inserted during makespace
rip6:
0 messages received
0 checksum calculations on inbound
0 messages with bad checksum
0 messages dropped due to no socket
0 multicast messages dropped due to no socket
0 messages dropped due to full socket buffers
0 delivered
0 datagrams output
pfkey:
36 requests sent from userland
3328 bytes sent from userland
histogram by message type:
register: 2
x_spdadd: 18
x_spddelete: 16
0 messages with invalid length field
0 messages with invalid version field
0 messages with invalid message type field
0 messages too short
0 messages with memory allocation failure
0 messages with duplicate extension
0 messages with invalid extension type
0 messages with invalid sa type
0 messages with invalid address extension
36 requests sent to userland
3712 bytes sent to userland
histogram by message type:
register: 2
x_spdadd: 18
x_spddelete: 16
0 messages toward single socket
34 messages toward all sockets
2 messages toward registered sockets
0 messages with memory allocation failure | -
I'm not sure what your problem is. You don't seem to have excess fragmentation. You could try swapping out the NIC and see if it goes away but I have no other suggestions.
