From owner-freebsd-questions Tue Jan 29 4:21:47 2002 Delivered-To: freebsd-questions@freebsd.org Received: from mip.co.za (puck.mip.co.za [209.212.106.44]) by hub.freebsd.org (Postfix) with ESMTP id E2F9337B405 for ; Tue, 29 Jan 2002 04:21:31 -0800 (PST) Received: from patrick (patrick.mip.co.za [10.3.13.181]) by mip.co.za (8.9.3/8.9.3) with SMTP id OAA93290; Tue, 29 Jan 2002 14:21:08 +0200 (SAST) (envelope-from patrick@mip.co.za) From: "Patrick O'Reilly" To: "Walter Hop" Cc: "FreeBSD Question List" Subject: RE: ipfw and dymmynet - packets getting into tight loops, or what? (no solution) Date: Tue, 29 Jan 2002 14:27:10 +0200 Message-ID: MIME-Version: 1.0 Content-Type: text/plain; charset="US-ASCII" Content-Transfer-Encoding: 7bit X-Priority: 3 (Normal) X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook IMO, Build 9.0.2416 (9.0.2911.0) Importance: Normal X-MimeOLE: Produced By Microsoft MimeOLE V5.50.4133.2400 In-Reply-To: <4987117478.20020129130536@binity.com> Sender: owner-freebsd-questions@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.ORG > From: Walter Hop [mailto:walter@binity.com] > > [in reply to patrick@mip.co.za, 29/01/2002] > > > Here is part of my firewall ruleset, as shown by 'ipfw show': > > ---------------------------------- > > 01000 30954 18484949 divert 8660 ip from any to any via xl0 > > 01000 101831 17836728 divert 8661 ip from any to any via xl1 > > > > 10010 50595268 38817317697 pipe 110 tcp from any to > x.x.x.10 25 out xmit xl1 > > 10011 1921940 103490898 pipe 110 tcp from any 25 to > x.x.x.10 out xmit xl1 > > 10012 2723 123257 pipe 111 tcp from x.x.x.10 25 to > any in recv xl1 > > 10013 383 305398 pipe 111 tcp from x.x.x.10 to > any 25 in recv xl1 > > ---------------------------------- > > > > * I'm running natd on both interfaces > > I suspect this is a problem with natd, as I am experiencing a > very similar > problem. > > I use natd to share my dialup connection. Now that connection tends to > stall for a minute or so every few hours. In such a > situation, natd cannot > "output" the packet and starts looping. This creates > gigabytes of traffic > (which is only counted, not REALLY transmitted), while this > is going on > natd is using up 98% CPU. The situation becomes normal again when the > connection is responsive again and natd can rewrite its packets. Walter, my symptoms are similar. In my case the interface is 100MB NIC into a HUB. Collisions on the hub might well cause transmission problems. True to your description, my counter did seem to accumulate in fits and starts, and not in one continuous smooth progression. And the natd daemon was chomping processing time too: ------------------- su-2.05# ps -ax | grep natd 226 ?? Ss 0:09.33 /sbin/natd -f /etc/natd.conf -n xl0 -p 8660 236 ?? Ss 20:05.66 /sbin/natd -f /etc/natd.conf -n xl1 -p 8661 ------------------- > > Maybe the ipfw pipe causes the same problem, as natd cannot transmit > packets quick enough (and starts looping). > Seems possible - Now that I have removed the pipe, but am still running natd, the problem seems to go away. > Is natd using up a large percentage of your CPU as well? > Could you try to > do a tcpdump on the xl1 interface when it is under stress, to > see which > packets are going through it? I did netstat -i earlier and got this: -------------------- su-2.05# netstat -i Name Mtu Network Address Ipkts Ierrs Opkts Oerrs Coll xl0 1500 00:04:76:10:0e:f9 71837 0 68030 0 17 xl0 1500 196.35.144.14 196.35.144.146 1473 - 8022 - - xl1 1500 00:04:76:10:0e:c3 109511 0 98530 0 506 xl1 1500 196.23.158 196.23.158.1 582 - 8476 - - -------------------- - certainly nowhere near the 50 million packets reported by 'ipfw show'! > > Are the packets tenthousands of repetitive similar packets? > If so, natd > might be the source. What happens if you kill natd for a > second? Does the > packet flood stop? > > (I haven't solved this problem myself; also we might be talking about > different issues, if so I apologize) > I think you're onto something here - hopefully someone smarter than me will have a solution. BTW: I wonder if it would help to fiddle "options HZ" in the kernel config - mine is still at the default 100 which, I suppose, is somewhat tardy on a 100Mb interface! Patrick. To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-questions" in the body of the message