fragments processing
Max
maximos at als.nnov.ru
Fri May 20 13:27:50 UTC 2016
Hello, Kristof.
20.05.2016 11:53, Kristof Provost пишет:
> Hi Max,
>
>
> On 19 May 2016, at 19:49, Max wrote:
>> The number of used frags (almost) never decreases. I don't have
>> enough experience in programming. But I guess that the problem may be
>> in "frag->fr_timeout = time_second;" in pf_fillup_fragment()
>> (pf_norm.c). It should be "frag->fr_timeout = time_uptime;".
>> Actually, I don't now the difference between those variables. So,
>> correct me if I'm wrong.
>>
> I think you’re right. If I’m reading the code right time_second is
> unix time,
> but time_uptime is the number of seconds the system has been up.
>
> Either one should work, but we have to be consistent.
> The rest of the code seems to use time_uptime, so this untested patch
> should fix your problem.
>
> diff --git a/sys/netpfil/pf/pf_norm.c b/sys/netpfil/pf/pf_norm.c
> index a2841a2..dbc8818 100644
> --- a/sys/netpfil/pf/pf_norm.c
> +++ b/sys/netpfil/pf/pf_norm.c
> @@ -374,7 +374,7 @@ pf_fillup_fragment(struct pf_fragment_cmp *key,
> struct pf_frent *frent,
> }
>
> *(struct pf_fragment_cmp *)frag = *key;
> - frag->fr_timeout = time_second;
> + frag->fr_timeout = time_uptime;
> frag->fr_maxlen = frent->fe_len;
> TAILQ_INIT(&frag->fr_queue);
>
I rebuilt the kernel. It seems the problem is gone.
>> P.P.S. I confirm the bug
>> https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=201519.
>
> It’s on my list, but unfortunately it’s a very long list.
I'll wait for the patch. Thank you.
>
> Regards,
> Kristof
Here are some statistics:
# sh -c "while true ; do date; { vmstat -z; pfctl -si; } | sed -n
'1p;/frag/p'; echo; sleep 5; done"
Fri May 20 13:07:11 MSK 2016
ITEM SIZE LIMIT USED FREE REQ FAIL SLEEP
pf frags: 120, 0, 0, 132, 71, 0, 0
pf frag entries: 40, 5000, 0, 600, 147, 0, 0
fragment 4 0.0/s
...
Fri May 20 16:07:16 MSK 2016
ITEM SIZE LIMIT USED FREE REQ FAIL SLEEP
pf frags: 120, 0, 0, 132, 761, 0, 0
pf frag entries: 40, 5000, 0, 600, 1531, 0, 0
fragment 4 0.0/s
Fri May 20 16:07:21 MSK 2016
ITEM SIZE LIMIT USED FREE REQ FAIL SLEEP
pf frags: 120, 0, 1, 131, 771, 0, 0
pf frag entries: 40, 5000, 1, 599, 1551, 0, 0
fragment 5 0.0/s
...
Fri May 20 16:07:56 MSK 2016
ITEM SIZE LIMIT USED FREE REQ FAIL SLEEP
pf frags: 120, 0, 1, 131, 771, 0, 0
pf frag entries: 40, 5000, 1, 599, 1551, 0, 0
fragment 5 0.0/s
Fri May 20 16:08:01 MSK 2016
ITEM SIZE LIMIT USED FREE REQ FAIL SLEEP
pf frags: 120, 0, 0, 132, 771, 0, 0
pf frag entries: 40, 5000, 0, 600, 1551, 0, 0
fragment 5 0.0/s
...
Fri May 20 16:11:12 MSK 2016
ITEM SIZE LIMIT USED FREE REQ FAIL SLEEP
pf frags: 120, 0, 0, 132, 771, 0, 0
pf frag entries: 40, 5000, 0, 600, 1551, 0, 0
fragment 5 0.0/s
Fri May 20 16:11:17 MSK 2016
ITEM SIZE LIMIT USED FREE REQ FAIL SLEEP
pf frags: 120, 0, 1, 131, 781, 0, 0
pf frag entries: 40, 5000, 1, 599, 1571, 0, 0
fragment 6 0.0/s
...
Fri May 20 16:11:42 MSK 2016
ITEM SIZE LIMIT USED FREE REQ FAIL SLEEP
pf frags: 120, 0, 1, 131, 781, 0, 0
pf frag entries: 40, 5000, 1, 599, 1571, 0, 0
fragment 6 0.0/s
Fri May 20 16:11:47 MSK 2016
ITEM SIZE LIMIT USED FREE REQ FAIL SLEEP
pf frags: 120, 0, 0, 132, 781, 0, 0
pf frag entries: 40, 5000, 0, 600, 1571, 0, 0
fragment 6 0.0/s
More information about the freebsd-pf
mailing list