[ipfw] Dynamic rules grow indefinitely..
Nicolae Namolovan
adrenalinup at gmail.com
Sat Dec 9 10:41:39 PST 2006
My god ! sysctl net.inet.ip.fw.dyn_keepalive=0 seem to help !
In few minutes I got "ipfw -d list | wc -l" from 5708 to 3250 and it
continue to decrease.. 2033 now.. haha.. great.. 876 wow..
stabilizing.. now float arround 1000, perfect !
Strange, why only me(?) get this problem.. Isn't
net.inet.ip.fw.dyn_keepalive=1 by default ?
Here is mine /var/run/dmesg.boot:
Copyright (c) 1992-2006 The FreeBSD Project.
Copyright (c) 1979, 1980, 1983, 1986, 1988, 1989, 1991, 1992, 1993, 1994
The Regents of the University of California. All rights reserved.
FreeBSD 6.1-RELEASE-p10 #1: Tue Nov 28 19:16:58 UTC 2006
root at ...:/usr/obj/usr/src/sys/GRIVEI
Timecounter "i8254" frequency 1193182 Hz quality 0
CPU: Intel(R) Core(TM)2 CPU 6600 @ 2.40GHz (2400.01-MHz 686-class CPU)
Origin = "GenuineIntel" Id = 0x6f6 Stepping = 6
Features=0xbfebfbff<FPU,VME,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,CLFLUSH,DTS,ACPI,MMX,FXSR,SSE,SSE2,SS,HTT,TM,PBE>
Features2=0xe3bd<SSE3,RSVD2,MON,DS_CPL,VMX,EST,TM2,<b9>,CX16,<b14>,<b15>>
AMD Features=0x20100000<NX,LM>
AMD Features2=0x1<LAHF>
Cores per package: 2
real memory = 2146304000 (2046 MB)
avail memory = 2099568640 (2002 MB)
ACPI APIC Table: <GBT GBTUACPI>
FreeBSD/SMP: Multiprocessor System Detected: 2 CPUs
cpu0 (BSP): APIC ID: 0
cpu1 (AP): APIC ID: 1
ioapic0: Changing APIC ID to 2
ioapic0 <Version 2.0> irqs 0-23 on motherboard
kbd1 at kbdmux0
acpi0: <GBT GBTUACPI> on motherboard
acpi0: Power Button (fixed)
Timecounter "ACPI-fast" frequency 3579545 Hz quality 1000
acpi_timer0: <24-bit timer at 3.579545MHz> port 0x408-0x40b on acpi0
cpu0: <ACPI CPU> on acpi0
acpi_perf0: <ACPI CPU Frequency Control> on cpu0
acpi_throttle0: <ACPI CPU Throttling> on cpu0
cpu1: <ACPI CPU> on acpi0
acpi_throttle1: <ACPI CPU Throttling> on cpu1
acpi_throttle1: failed to attach P_CNT
device_attach: acpi_throttle1 attach returned 6
acpi_button0: <Power Button> on acpi0
pcib0: <ACPI Host-PCI bridge> port 0xcf8-0xcff on acpi0
pci0: <ACPI PCI bus> on pcib0
pci0: <serial bus, USB> at device 26.0 (no driver attached)
pci0: <serial bus, USB> at device 26.1 (no driver attached)
pci0: <serial bus, USB> at device 26.7 (no driver attached)
pci0: <multimedia> at device 27.0 (no driver attached)
pcib1: <ACPI PCI-PCI bridge> irq 16 at device 28.0 on pci0
pci1: <ACPI PCI bus> on pcib1
pcib2: <ACPI PCI-PCI bridge> irq 19 at device 28.3 on pci0
pci2: <ACPI PCI bus> on pcib2
atapci0: <JMicron JMB363 SATA300 controller> port
0x6000-0x6007,0x6400-0x6403,0x6800-0x6807,0x6c00-0x6c03,0x7000-0x700f
mem 0xfa000000-0xfa001fff irq 19 at device 0.0 on pci2
ata2: <ATA channel 0> on atapci0
ata3: <ATA channel 1> on atapci0
ata4: <ATA channel 2> on atapci0
pcib3: <ACPI PCI-PCI bridge> irq 16 at device 28.4 on pci0
pci3: <ACPI PCI bus> on pcib3
pci3: <network, ethernet> at device 0.0 (no driver attached)
pci0: <serial bus, USB> at device 29.0 (no driver attached)
pci0: <serial bus, USB> at device 29.1 (no driver attached)
pci0: <serial bus, USB> at device 29.2 (no driver attached)
pci0: <serial bus, USB> at device 29.7 (no driver attached)
pcib4: <ACPI PCI-PCI bridge> at device 30.0 on pci0
pci4: <ACPI PCI bus> on pcib4
pci4: <display, VGA> at device 0.0 (no driver attached)
xl0: <3Com 3c905C-TX Fast Etherlink XL> port 0x9000-0x907f mem
0xf7008000-0xf700807f irq 18 at device 2.0 on pci4
miibus0: <MII bus> on xl0
ukphy0: <Generic IEEE 802.3u media interface> on miibus0
ukphy0: 10baseT, 10baseT-FDX, 100baseTX, 100baseTX-FDX, auto
xl0: Ethernet address: 00:04:76:26:3c:f3
isab0: <PCI-ISA bridge> at device 31.0 on pci0
isa0: <ISA bus> on isab0
atapci1: <GENERIC ATA controller> port
0xb400-0xb407,0xb800-0xb803,0xbc00-0xbc07,0xc000-0xc003,0xc400-0xc40f,0xc800-0xc80f
irq 19 at device 31.2 on pci0
ata5: <ATA channel 0> on atapci1
ata6: <ATA channel 1> on atapci1
pci0: <serial bus, SMBus> at device 31.3 (no driver attached)
atapci2: <GENERIC ATA controller> port
0xd000-0xd007,0xd400-0xd403,0xd800-0xd807,0xdc00-0xdc03,0xe000-0xe00f,0xe400-0xe40f
irq 19 at device 31.5 on pci0
ata7: <ATA channel 0> on atapci2
ata8: <ATA channel 1> on atapci2
orm0: <ISA Option ROMs> at iomem 0xc0000-0xc7fff,0xc8000-0xc87ff on isa0
sc0: <System console> at flags 0x100 on isa0
sc0: VGA <16 virtual consoles, flags=0x300>
vga0: <Generic ISA VGA> at port 0x3c0-0x3df iomem 0xa0000-0xbffff on isa0
ata0 at port 0x1f0-0x1f7,0x3f6 irq 14 on isa0
ata1 at port 0x170-0x177,0x376 irq 15 on isa0
atkbdc0: <Keyboard controller (i8042)> at port 0x60,0x64 on isa0
atkbd0: <AT Keyboard> irq 1 on atkbdc0
kbd0 at atkbd0
atkbd0: [GIANT-LOCKED]
Timecounters tick every 1.000 msec
ipfw2 (+ipv6) initialized, divert loadable, rule-based forwarding
disabled, default to deny, logging disabled
ad4: 76318MB <SAMSUNG HD080HJ ZH100-41> at ata2-master SATA300
SMP: AP CPU #1 Launched!
Trying to mount root from ufs:/dev/ad4s1a
######
pciconf -lv
#####
hostb0 at pci0:0:0: class=0x060000 card=0x50001458 chip=0x29a08086
rev=0x02 hdr=0x00
vendor = 'Intel Corporation'
class = bridge
subclass = HOST-PCI
none0 at pci0:26:0: class=0x0c0300 card=0x50041458 chip=0x28348086
rev=0x02 hdr=0x00
vendor = 'Intel Corporation'
class = serial bus
subclass = USB
none1 at pci0:26:1: class=0x0c0300 card=0x50041458 chip=0x28358086
rev=0x02 hdr=0x00
vendor = 'Intel Corporation'
class = serial bus
subclass = USB
none2 at pci0:26:7: class=0x0c0320 card=0x50061458 chip=0x283a8086
rev=0x02 hdr=0x00
vendor = 'Intel Corporation'
class = serial bus
subclass = USB
none3 at pci0:27:0: class=0x040300 card=0xa0021458 chip=0x284b8086
rev=0x02 hdr=0x00
vendor = 'Intel Corporation'
class = multimedia
pcib1 at pci0:28:0: class=0x060400 card=0x00000040 chip=0x283f8086
rev=0x02 hdr=0x01
vendor = 'Intel Corporation'
class = bridge
subclass = PCI-PCI
pcib2 at pci0:28:3: class=0x060400 card=0x00000040 chip=0x28458086
rev=0x02 hdr=0x01
vendor = 'Intel Corporation'
class = bridge
subclass = PCI-PCI
pcib3 at pci0:28:4: class=0x060400 card=0x00000040 chip=0x28478086
rev=0x02 hdr=0x01
vendor = 'Intel Corporation'
class = bridge
subclass = PCI-PCI
none4 at pci0:29:0: class=0x0c0300 card=0x50041458 chip=0x28308086
rev=0x02 hdr=0x00
vendor = 'Intel Corporation'
class = serial bus
subclass = USB
none5 at pci0:29:1: class=0x0c0300 card=0x50041458 chip=0x28318086
rev=0x02 hdr=0x00
vendor = 'Intel Corporation'
class = serial bus
subclass = USB
none6 at pci0:29:2: class=0x0c0300 card=0x50041458 chip=0x28328086
rev=0x02 hdr=0x00
vendor = 'Intel Corporation'
class = serial bus
subclass = USB
none7 at pci0:29:7: class=0x0c0320 card=0x50061458 chip=0x28368086
rev=0x02 hdr=0x00
vendor = 'Intel Corporation'
class = serial bus
subclass = USB
pcib4 at pci0:30:0: class=0x060401 card=0x00000050 chip=0x244e8086
rev=0xf2 hdr=0x01
vendor = 'Intel Corporation'
device = '82801BA/CA/DB/DBL/EB/ER/FB (ICH2/3/4/4/5/5/6), 6300ESB
Hub Interface to PCI Bridge'
class = bridge
subclass = PCI-PCI
isab0 at pci0:31:0: class=0x060100 card=0x50011458 chip=0x28108086
rev=0x02 hdr=0x00
vendor = 'Intel Corporation'
class = bridge
subclass = PCI-ISA
atapci1 at pci0:31:2: class=0x01018f card=0xb0021458 chip=0x28208086
rev=0x02 hdr=0x00
vendor = 'Intel Corporation'
class = mass storage
subclass = ATA
none8 at pci0:31:3: class=0x0c0500 card=0x50011458 chip=0x283e8086
rev=0x02 hdr=0x00
vendor = 'Intel Corporation'
class = serial bus
subclass = SMBus
atapci2 at pci0:31:5: class=0x010185 card=0xb0021458 chip=0x28258086
rev=0x02 hdr=0x00
vendor = 'Intel Corporation'
class = mass storage
subclass = ATA
atapci0 at pci2:0:0: class=0x010185 card=0xb0001458 chip=0x2363197b
rev=0x02 hdr=0x00
class = mass storage
subclass = ATA
none9 at pci3:0:0: class=0x020000 card=0xe0001458 chip=0x436411ab rev=0x12 hdr=0x00
vendor = 'Marvell Semiconductor (Was: Galileo Technology Ltd)'
class = network
subclass = ethernet
none10 at pci4:0:0: class=0x030000 card=0xbeefdead chip=0x00d41013
rev=0x01 hdr=0x00
vendor = 'Cirrus Logic'
device = 'CL-GD5464 Laguna 3D VisualMedia Graphics Accel'
class = display
subclass = VGA
xl0 at pci4:2:0: class=0x020000 card=0x100010b7 chip=0x920010b7 rev=0x78 hdr=0x00
vendor = '3COM Corp, Networking Division'
device = '3C905C-TX Fast EtherLink for PC Management NIC'
class = network
subclass = ethernet
#######
ifconfig
#######
xl0: flags=8843<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST> mtu 1500
options=9<RXCSUM,VLAN_MTU>
inet 83... netmask 0xfffffff0 broadcast 83....
ether 00:04:76:26:3c:f3
media: Ethernet autoselect (100baseTX <full-duplex>)
status: active
lo0: flags=8049<UP,LOOPBACK,RUNNING,MULTICAST> mtu 16384
inet 127.0.0.1 netmask 0xff000000
Andrey V. Elsukov, thank you a lot !
On 12/9/06, Andrey V. Elsukov <bu7cher at yandex.ru> wrote:
> >It is a web server with ~130req/s, problems seem to start after
> >upgrading to a new hardware.
> >FreeBSD 6.1-RELEASE-p10
>
> Can you show your /var/run/dmesg.boot, and output of `pciconf -lv` and ifconfig?
>
> >After a hour it will grow more and more.. The day before yesterday I
> >got 20 000 dynamic rules ;o) (I was forced to increase
> >net.inet.ip.fw.dyn_max because I start to got errors in syslogs).
>
> Try this:
> # sysctl -w net.inet.ip.fw.dyn_keepalive=0
>
> --
> WBR, Andrey V. Elsukov
> _______________________________________________
> freebsd-stable at freebsd.org mailing list
> http://lists.freebsd.org/mailman/listinfo/freebsd-stable
> To unsubscribe, send any mail to "freebsd-stable-unsubscribe at freebsd.org"
>
--
Best regards,
Nicolae Namolovan.
More information about the freebsd-stable
mailing list