From owner-freebsd-security Fri Aug 18 16:13:31 2000 Delivered-To: freebsd-security@freebsd.org Received: from gnu.IN-Berlin.DE (gnu.in-berlin.de [192.109.42.4]) by hub.freebsd.org (Postfix) with ESMTP id CF15037B422 for ; Fri, 18 Aug 2000 16:13:28 -0700 (PDT) Received: from uriela.in-berlin.de (root@servicia.in-berlin.de [193.175.21.3]) by gnu.IN-Berlin.DE (8.10.1/8.10.1) with ESMTP id e7INDRj22034 for ; Sat, 19 Aug 2000 01:13:27 +0200 (CEST) (envelope-from server.nostromo.in-berlin.de!ripley@servicia.in-berlin.de) Received: by uriela.in-berlin.de (Smail-3.2.0.102 1998-Aug-2 #2) id m13PvKI-0058FpC; Sat, 19 Aug 2000 01:13:26 +0200 (CEST) Received: (from ripley@localhost) by server.nostromo.in-berlin.de (8.9.3/8.9.3) id AAA42946 for freebsd-security@FreeBSD.ORG; Sat, 19 Aug 2000 00:57:52 +0200 (CEST) (envelope-from ripley) Date: Sat, 19 Aug 2000 00:57:52 +0200 From: "H. Eckert" To: freebsd-security@FreeBSD.ORG Subject: Re: [Q] why does my firewall degrade Web performance? Message-ID: <20000819005752.A42236@server.nostromo.in-berlin.de> References: <200008171558.JAA23163@nomad.yogotech.com> Mime-Version: 1.0 Content-Type: text/plain; charset=iso-8859-1 Content-Disposition: inline Content-Transfer-Encoding: 8bit User-Agent: Mutt/1.2i In-Reply-To: ; from jwyatt@rwsystems.net on Fri, Aug 18, 2000 at 09:36:43AM -0500 Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org Quoting James Wyatt (jwyatt@rwsystems.net): > Doesn't load average count the average number of processes waiting on > (or in) a 'run' state? Don't the ipfw functions get performed by the > kernel? If so, wouldn't the only rise in load average be from a > secondary effect on 'coalmine canary' like programs? If you aren't > running apache or lotsa sendmail or something would loadave even go up > much under heavy load? Well, yes. But look at "top" which monitors active processes: last pid: 42568; load averages: 0.11, 0.06, 0.01 up 57+22:27:13 00:44:58 48 processes: 1 running, 47 sleeping CPU states: 0.4% user, 0.0% nice, 0.0% system, 0.0% interrupt, 99.6% idle Mem: 10M Active, 5768K Inact, 9596K Wired, 3428K Cache, 3394K Buf, 488K Free Swap: 254M Total, 30M Used, 224M Free, 12% Inuse As you can see in the output, my machine is 99.6% idle. If there's a lot of network activity at the kernel level going on, it is shown as system or interrupt load. So one can easily see how busy the machine is, even if there's no user process actively using up CPU cycles. Greetings, Ripley -- H. Eckert, 10777 Berlin, Germany, http://me.in-berlin.de/~nostromo/ ISO 8859-1: Ä=Ae, Ö=Oe, Ü=Ue, ä=ae, ö=oe, ü=ue, ß=sz. "(Technobabbel)" (Jetrel) - "Müssen wir uns diesen Schwachsinn wirklich anhören?" (Neelix) To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message