From owner-freebsd-fs@freebsd.org Sun Jan 1 21:09:05 2017 Return-Path: Delivered-To: freebsd-fs@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id CC18DC9BB7F for ; Sun, 1 Jan 2017 21:09:05 +0000 (UTC) (envelope-from julien@perdition.city) Received: from relay-b01.edpnet.be (relay-b01.edpnet.be [212.71.1.221]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client CN "edpnet.email", Issuer "Go Daddy Secure Certificate Authority - G2" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 59BC41FBB for ; Sun, 1 Jan 2017 21:09:05 +0000 (UTC) (envelope-from julien@perdition.city) X-ASG-Debug-ID: 1483304932-0a7ff54cf0a2e5c0001-dE2xID Received: from mordor.lan ([213.219.148.14]) by relay-b01.edpnet.be with ESMTP id lJWDV5dC6qStqvMS (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=NO); Sun, 01 Jan 2017 22:08:53 +0100 (CET) X-Barracuda-Envelope-From: julien@perdition.city X-Barracuda-Effective-Source-IP: UNKNOWN[213.219.148.14] X-Barracuda-Apparent-Source-IP: 213.219.148.14 Date: Sun, 1 Jan 2017 22:08:52 +0100 From: Julien Cigar To: Rick Macklem Cc: "freebsd-fs@FreeBSD.org" Subject: Re: nfsuserd + jails mbufs leak ? Message-ID: <20170101210852.GT15696@mordor.lan> X-ASG-Orig-Subj: Re: nfsuserd + jails mbufs leak ? References: <20161231143932.GS15696@mordor.lan> MIME-Version: 1.0 Content-Type: multipart/signed; micalg=pgp-sha512; protocol="application/pgp-signature"; boundary="TJ9V72hR/LoebVea" Content-Disposition: inline In-Reply-To: User-Agent: Mutt/1.7.1 (2016-10-04) X-Barracuda-Connect: UNKNOWN[213.219.148.14] X-Barracuda-Start-Time: 1483304932 X-Barracuda-Encrypted: ECDHE-RSA-AES256-GCM-SHA384 X-Barracuda-URL: https://212.71.1.221:443/cgi-mod/mark.cgi X-Barracuda-Scan-Msg-Size: 2130 X-Virus-Scanned: by bsmtpd at edpnet.be X-Barracuda-BRTS-Status: 1 X-Barracuda-Bayes: INNOCENT GLOBAL 0.5000 1.0000 0.0000 X-Barracuda-Spam-Score: 0.00 X-Barracuda-Spam-Status: No, SCORE=0.00 using global scores of TAG_LEVEL=1000.0 QUARANTINE_LEVEL=1000.0 KILL_LEVEL=6.0 tests= X-Barracuda-Spam-Report: Code version 3.2, rules version 3.2.3.35500 Rule breakdown below pts rule name description ---- ---------------------- -------------------------------------------------- X-BeenThere: freebsd-fs@freebsd.org X-Mailman-Version: 2.1.23 Precedence: list List-Id: Filesystems List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sun, 01 Jan 2017 21:09:05 -0000 --TJ9V72hR/LoebVea Content-Type: text/plain; charset=utf-8 Content-Disposition: inline Content-Transfer-Encoding: quoted-printable On Sat, Dec 31, 2016 at 10:01:17PM +0000, Rick Macklem wrote: > Julien Cigar wrote: > >I just upgraded a bunch of machines from 10.0 to 10.3. Those machines > >have a lot of jails with NFS shares (mounted on the HOST), for example: > [stuff snipped] > >On the hosts since I upgraded to 10.3 I'm seeing tons of: > >Dec 31 14:29:33 duvel nfsuserd:[675]: req from ip=3D0xc0a80a21 port=3D618 > > > >It is not clear to me yet why I'm getting this, but from what I > >understand it's because requests are not coming from 127.0.0.1 but from > >the jail ip (192.168.10.x in my case).. Parallel to this I'm observing a > >constant increase of mbufs usage so that at some point in time I'm > >getting an exhaustion of mbufs: > Yes, nfsuserd only accepts upcalls from 127.0.0.1 (about the only time a > reserved port# actually means anything). > As such, it doesn't work when you have jails. > I came up with a patch that switched nfsuserd to using AF_LOCAL, but the > person testing this at the time had hangs, so I never committed it to hea= d, etc. > (I don't know what the mbuf leak is, but since it is busted and useless, = I don't > think fixing the leak is necessary.;-) >=20 > Your choices are: > 1 - As you mentioned, don't run nfsuserd. If you are using FreeBSD and/or= Linux > clients, this should work once you set vfs.nfsd.enablestringtouid (o= r whatever > it is called) to 1. > 2 - I had a patch that added an option to nfsuserd that allowed specifica= tion of > a different ip address (unfortunately, I don't have this old patch h= andy, but > might be able to find it at the end of this week. Email if you want = me to find it.) >=20 > rick Thank you for those enlightenments :) I just turned off nfsuserd and everything works as expected..! Perhaps this should be mentionned in the BUGS section in nfsuserd(8) (?) Julien --=20 Julien Cigar Belgian Biodiversity Platform (http://www.biodiversity.be) PGP fingerprint: EEF9 F697 4B68 D275 7B11 6A25 B2BB 3710 A204 23C0 No trees were killed in the creation of this message. However, many electrons were terribly inconvenienced. --TJ9V72hR/LoebVea Content-Type: application/pgp-signature; name="signature.asc" -----BEGIN PGP SIGNATURE----- iQIzBAABCgAdFiEE7vn2l0to0nV7EWolsrs3EKIEI8AFAlhpb+EACgkQsrs3EKIE I8AuaRAArjSxd4V5ucoKqlvtqzQyzGZiC9OOwU7irGuVrTbkSEd1f82itlzQtYTo Jt35xW0Eorssh9kWw5BzBoHgtpeNAOz1AYcrDx99LeTBXwSYxUvMJuV7YGKse7y2 egM4+ZVU5l2FG71dFCxnFG8ZavKZMH808I7THSVe3CIDBvXQd+yJCqg3lGpXACXi jT1OCkzRpNYjTRv4OCdmoxNIUAInX9YP8Cd3BDWZiB3OR3zGavnFqAxzdbjPom+H OfMETKxE9TPgw5fRvQAGO4D6TiCZhuLUxdkbYM9rCX5yqoO4f0DW47ewVbZYiR20 6hWq+oiXYnQuC2rok8+ZbrU1tV6ATFSmsEZjk8HSqpp8bSdMFjrvyAQa+bkYnqtg P2oSOOfDCSVqc76CXIgbMoXls76/TI9DCh76d6DhL/UvuSfw5xmhGIV/7KJkTh+4 VHdMALXriGyO/NcpmRAUiou5w8pWE2gZGW8wNYrtsm9VSNTKHwUxwp66+wvtz6VH x1ZRwpWxaOS1ohZkD30pnPZTv7/c54l7nxXu1nk5EJEIQvUfVl8ybC5wyIqKS1fd b0MNaS12psd4w53eTYOOWpJsUnX+W5BFIUyO4xO/9OgIRTDPsdOnxgh47YXONyYV JWpPRh0CgBkcdmLFrorfOGFRtnU6gA+/f/BZJsKu8QXKf5vYDGY= =/LPX -----END PGP SIGNATURE----- --TJ9V72hR/LoebVea--