From owner-freebsd-bugs Sun May 27 14:25:47 2001 Delivered-To: freebsd-bugs@freebsd.org Received: from elvis.mu.org (elvis.mu.org [216.33.66.196]) by hub.freebsd.org (Postfix) with ESMTP id B945637B423 for ; Sun, 27 May 2001 14:25:44 -0700 (PDT) (envelope-from billf@elvis.mu.org) Received: by elvis.mu.org (Postfix, from userid 1098) id 6BA6B81D07; Sun, 27 May 2001 16:25:34 -0500 (CDT) Date: Sun, 27 May 2001 16:25:34 -0500 From: Bill Fumerola To: Pekka Savola Cc: freebsd-bugs@FreeBSD.org Subject: Re: kern/27661: >1000 ipfw rules and heavy traffic crash the system Message-ID: <20010527162534.J37979@elvis.mu.org> References: <20010527135954.F37979@elvis.mu.org> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline User-Agent: Mutt/1.2.5i In-Reply-To: ; from pekkas@netcore.fi on Sun, May 27, 2001 at 11:23:18PM +0300 X-Operating-System: FreeBSD 4.3-FEARSOME-20010328 i386 Sender: owner-freebsd-bugs@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org On Sun, May 27, 2001 at 11:23:18PM +0300, Pekka Savola wrote: > On Sun, 27 May 2001, Bill Fumerola wrote: > > On Sat, May 26, 2001 at 11:20:02PM -0700, Pekka Savola wrote: > > > > > Subject: Re: kern/27661: >1000 ipfw rules and heavy traffic crash the system > > > > I've put 3000 non-matching (and counting+matching) rules on systems > > while pushing max traffic before without locking up. > > I'm sure you're talking about serious traffic here, countable in > dozens of megabits, as this appears to be a requirement in this scenario. At one point, two machines chatting over gig-E, at another point using lo0. All of my tests were done with [n]ttcp. > > Please compile a non-SMP kernel and see if you have better luck. > > > > Also, try and push the traffic over lo0 and see if that makes a > > difference. > > This may not have been the problem; when debugging this, I had found out > the problem with ipfw traffic limiting (hard freezing) too (see the 5 May > thread on -stable mentioned in previous mail). The freezing continued > without SMP on. For the death of me I can't remember whether it was > traffic limiter or huge number of rules that caused the crashes on UP > system (at that time I didn't know _what_ was causing them anyway). > > Unfortunately, this is a production system, and there's pretty little > amount of testing I can do; especially as soft freezes by >1000 rules seem > to create a lot of FS inconsistancies as a byproduct when booting, > always requiring rather painful restoration of some files from the > backups. So its not happening anymore? You can afford for the production machine to go down randomly when it hits enough traffic but not in a controlled environment (or did you just shorten/simplify your ruleset)? In any event, until I get a scenario in which I (or someone else) can reproduce this (and I've done my tests with SMP w/o trouble, it was just a hunch), I have nothing more to say regarding this bug. -- Bill Fumerola - security yahoo / Yahoo! inc. - fumerola@yahoo-inc.com / billf@FreeBSD.org To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-bugs" in the body of the message