From owner-freebsd-pf@FreeBSD.ORG Tue May 3 12:42:25 2011 Return-Path: Delivered-To: freebsd-pf@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 6D9181065677 for ; Tue, 3 May 2011 12:42:25 +0000 (UTC) (envelope-from jdc@koitsu.dyndns.org) Received: from qmta07.emeryville.ca.mail.comcast.net (qmta07.emeryville.ca.mail.comcast.net [76.96.30.64]) by mx1.freebsd.org (Postfix) with ESMTP id 4A3728FC15 for ; Tue, 3 May 2011 12:42:24 +0000 (UTC) Received: from omta23.emeryville.ca.mail.comcast.net ([76.96.30.90]) by qmta07.emeryville.ca.mail.comcast.net with comcast id ezsm1g0031wfjNsA70iQZE; Tue, 03 May 2011 12:42:24 +0000 Received: from koitsu.dyndns.org ([67.180.84.87]) by omta23.emeryville.ca.mail.comcast.net with comcast id f0iM1g00H1t3BNj8j0iMp6; Tue, 03 May 2011 12:42:24 +0000 Received: by icarus.home.lan (Postfix, from userid 1000) id 4B220102C31; Tue, 3 May 2011 05:42:21 -0700 (PDT) Date: Tue, 3 May 2011 05:42:21 -0700 From: Jeremy Chadwick To: Vincent Hoffman Message-ID: <20110503124221.GB13811@icarus.home.lan> References: <20110503015854.GA31444@icarus.home.lan> <20110503084800.GB9657@insomnia.benzedrine.cx> <20110503091619.GA39329@icarus.home.lan> <4DBFCB8D.10105@unsane.co.uk> MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <4DBFCB8D.10105@unsane.co.uk> User-Agent: Mutt/1.5.21 (2010-09-15) Cc: freebsd-stable@freebsd.org, freebsd-pf@freebsd.org Subject: Re: RELENG_8 pf stack issue (state count spiraling out of control) X-BeenThere: freebsd-pf@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: "Technical discussion and general questions about packet filter \(pf\)" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 03 May 2011 12:42:25 -0000 On Tue, May 03, 2011 at 10:31:57AM +0100, Vincent Hoffman wrote: > On 03/05/2011 10:16, Jeremy Chadwick wrote: > > > > Sadly I don't see a way with bsnmpd(8) to monitor things like interrupt > > usage, etc. otherwise I'd be graphing that. The more monitoring the > > better; at least then I could say "wow, interrupts really did shoot > > through the roof -- the box went crazy!" and RMA the thing. :-) > > > you could use net-mgmt/bsnmp-regex although I dont know what the > overhead for that is like. Thanks for the tip. I've investigated that plugin before, and its implementation model seems like a very hackish way to accomplish something that should ultimately be done inside of bsnmpd(8) itself via native C. It's good for parsing a single log file via tail -F (not "tail -f" like the man page indicates), but it doesn't scale well. bsnmpd(8) just needs to be enhanced and fixed, and I know there's efforts underway by syrinx@ to do exactly that. I have chatted with her about some existing problems with bsnmpd(8) and its SNMP parser, and have chatted with philip@ about a pf-related bug with bsnmp(8) (but I can't remember what the details of that one is; I have a file with the info around here somewhere...) There was also a recent commit to net-mgmt/net-snmp that pertains to *properly* monitoring swap, which makes me wonder if net-mgmt/bsnmp-ucd (which a lot of people, myself included, rely on) also does the wrong thing. http://www.freebsd.org/cgi/query-pr.cgi?pr=153179 http://www.freebsd.org/cgi/cvsweb.cgi/ports/net-mgmt/net-snmp/files/patch-memory_freebsd.c Things like this make me question my graphs and my monitoring data pretty much every time I look at them. -- | Jeremy Chadwick jdc@parodius.com | | Parodius Networking http://www.parodius.com/ | | UNIX Systems Administrator Mountain View, CA, USA | | Making life hard for others since 1977. PGP 4BD6C0CB |