From owner-freebsd-stable@FreeBSD.ORG Sat Dec 9 18:41:39 2006 Return-Path: X-Original-To: freebsd-stable@freebsd.org Delivered-To: freebsd-stable@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [69.147.83.52]) by hub.freebsd.org (Postfix) with ESMTP id B4D1916A40F for ; Sat, 9 Dec 2006 18:41:39 +0000 (UTC) (envelope-from adrenalinup@gmail.com) Received: from nf-out-0910.google.com (nf-out-0910.google.com [64.233.182.189]) by mx1.FreeBSD.org (Postfix) with ESMTP id 67B2F43C9E for ; Sat, 9 Dec 2006 18:40:33 +0000 (GMT) (envelope-from adrenalinup@gmail.com) Received: by nf-out-0910.google.com with SMTP id x37so1422682nfc for ; Sat, 09 Dec 2006 10:41:37 -0800 (PST) DomainKey-Signature: a=rsa-sha1; q=dns; c=nofws; s=beta; d=gmail.com; h=received:message-id:date:from:to:subject:cc:in-reply-to:mime-version:content-type:content-transfer-encoding:content-disposition:references; b=eZ7fl+XOQg3Z6/KjkS3M3X3XFh2/Yz7/swaE4EO6fEwRzteyYzFqDSAhIQxfbKcg6v4m0nvRhD3/YxqvLXGErAxQBFZ8h5Hjjp3H70hA6ufVXrQiqm/yoF5+1GM/bLSJ8+1aq/ndUTJfWWK4Uctd2VkaFluyF0i4rMsJNRr1oIw= Received: by 10.82.107.15 with SMTP id f15mr84990buc.1165689697078; Sat, 09 Dec 2006 10:41:37 -0800 (PST) Received: by 10.82.159.9 with HTTP; Sat, 9 Dec 2006 10:41:37 -0800 (PST) Message-ID: Date: Sat, 9 Dec 2006 20:41:37 +0200 From: "Nicolae Namolovan" To: bu7cher@yandex.ru In-Reply-To: <457AFB11.000008.22473@colgate.yandex.ru> MIME-Version: 1.0 Content-Type: text/plain; charset=ISO-8859-1; format=flowed Content-Transfer-Encoding: 7bit Content-Disposition: inline References: <457AFB11.000008.22473@colgate.yandex.ru> Cc: freebsd-stable@freebsd.org Subject: Re: [ipfw] Dynamic rules grow indefinitely.. X-BeenThere: freebsd-stable@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: Production branch of FreeBSD source code List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sat, 09 Dec 2006 18:41:39 -0000 My god ! sysctl net.inet.ip.fw.dyn_keepalive=0 seem to help ! In few minutes I got "ipfw -d list | wc -l" from 5708 to 3250 and it continue to decrease.. 2033 now.. haha.. great.. 876 wow.. stabilizing.. now float arround 1000, perfect ! Strange, why only me(?) get this problem.. Isn't net.inet.ip.fw.dyn_keepalive=1 by default ? Here is mine /var/run/dmesg.boot: Copyright (c) 1992-2006 The FreeBSD Project. Copyright (c) 1979, 1980, 1983, 1986, 1988, 1989, 1991, 1992, 1993, 1994 The Regents of the University of California. All rights reserved. FreeBSD 6.1-RELEASE-p10 #1: Tue Nov 28 19:16:58 UTC 2006 root@...:/usr/obj/usr/src/sys/GRIVEI Timecounter "i8254" frequency 1193182 Hz quality 0 CPU: Intel(R) Core(TM)2 CPU 6600 @ 2.40GHz (2400.01-MHz 686-class CPU) Origin = "GenuineIntel" Id = 0x6f6 Stepping = 6 Features=0xbfebfbff Features2=0xe3bd,CX16,,> AMD Features=0x20100000 AMD Features2=0x1 Cores per package: 2 real memory = 2146304000 (2046 MB) avail memory = 2099568640 (2002 MB) ACPI APIC Table: FreeBSD/SMP: Multiprocessor System Detected: 2 CPUs cpu0 (BSP): APIC ID: 0 cpu1 (AP): APIC ID: 1 ioapic0: Changing APIC ID to 2 ioapic0 irqs 0-23 on motherboard kbd1 at kbdmux0 acpi0: on motherboard acpi0: Power Button (fixed) Timecounter "ACPI-fast" frequency 3579545 Hz quality 1000 acpi_timer0: <24-bit timer at 3.579545MHz> port 0x408-0x40b on acpi0 cpu0: on acpi0 acpi_perf0: on cpu0 acpi_throttle0: on cpu0 cpu1: on acpi0 acpi_throttle1: on cpu1 acpi_throttle1: failed to attach P_CNT device_attach: acpi_throttle1 attach returned 6 acpi_button0: on acpi0 pcib0: port 0xcf8-0xcff on acpi0 pci0: on pcib0 pci0: at device 26.0 (no driver attached) pci0: at device 26.1 (no driver attached) pci0: at device 26.7 (no driver attached) pci0: at device 27.0 (no driver attached) pcib1: irq 16 at device 28.0 on pci0 pci1: on pcib1 pcib2: irq 19 at device 28.3 on pci0 pci2: on pcib2 atapci0: port 0x6000-0x6007,0x6400-0x6403,0x6800-0x6807,0x6c00-0x6c03,0x7000-0x700f mem 0xfa000000-0xfa001fff irq 19 at device 0.0 on pci2 ata2: on atapci0 ata3: on atapci0 ata4: on atapci0 pcib3: irq 16 at device 28.4 on pci0 pci3: on pcib3 pci3: at device 0.0 (no driver attached) pci0: at device 29.0 (no driver attached) pci0: at device 29.1 (no driver attached) pci0: at device 29.2 (no driver attached) pci0: at device 29.7 (no driver attached) pcib4: at device 30.0 on pci0 pci4: on pcib4 pci4: at device 0.0 (no driver attached) xl0: <3Com 3c905C-TX Fast Etherlink XL> port 0x9000-0x907f mem 0xf7008000-0xf700807f irq 18 at device 2.0 on pci4 miibus0: on xl0 ukphy0: on miibus0 ukphy0: 10baseT, 10baseT-FDX, 100baseTX, 100baseTX-FDX, auto xl0: Ethernet address: 00:04:76:26:3c:f3 isab0: at device 31.0 on pci0 isa0: on isab0 atapci1: port 0xb400-0xb407,0xb800-0xb803,0xbc00-0xbc07,0xc000-0xc003,0xc400-0xc40f,0xc800-0xc80f irq 19 at device 31.2 on pci0 ata5: on atapci1 ata6: on atapci1 pci0: at device 31.3 (no driver attached) atapci2: port 0xd000-0xd007,0xd400-0xd403,0xd800-0xd807,0xdc00-0xdc03,0xe000-0xe00f,0xe400-0xe40f irq 19 at device 31.5 on pci0 ata7: on atapci2 ata8: on atapci2 orm0: at iomem 0xc0000-0xc7fff,0xc8000-0xc87ff on isa0 sc0: at flags 0x100 on isa0 sc0: VGA <16 virtual consoles, flags=0x300> vga0: at port 0x3c0-0x3df iomem 0xa0000-0xbffff on isa0 ata0 at port 0x1f0-0x1f7,0x3f6 irq 14 on isa0 ata1 at port 0x170-0x177,0x376 irq 15 on isa0 atkbdc0: at port 0x60,0x64 on isa0 atkbd0: irq 1 on atkbdc0 kbd0 at atkbd0 atkbd0: [GIANT-LOCKED] Timecounters tick every 1.000 msec ipfw2 (+ipv6) initialized, divert loadable, rule-based forwarding disabled, default to deny, logging disabled ad4: 76318MB at ata2-master SATA300 SMP: AP CPU #1 Launched! Trying to mount root from ufs:/dev/ad4s1a ###### pciconf -lv ##### hostb0@pci0:0:0: class=0x060000 card=0x50001458 chip=0x29a08086 rev=0x02 hdr=0x00 vendor = 'Intel Corporation' class = bridge subclass = HOST-PCI none0@pci0:26:0: class=0x0c0300 card=0x50041458 chip=0x28348086 rev=0x02 hdr=0x00 vendor = 'Intel Corporation' class = serial bus subclass = USB none1@pci0:26:1: class=0x0c0300 card=0x50041458 chip=0x28358086 rev=0x02 hdr=0x00 vendor = 'Intel Corporation' class = serial bus subclass = USB none2@pci0:26:7: class=0x0c0320 card=0x50061458 chip=0x283a8086 rev=0x02 hdr=0x00 vendor = 'Intel Corporation' class = serial bus subclass = USB none3@pci0:27:0: class=0x040300 card=0xa0021458 chip=0x284b8086 rev=0x02 hdr=0x00 vendor = 'Intel Corporation' class = multimedia pcib1@pci0:28:0: class=0x060400 card=0x00000040 chip=0x283f8086 rev=0x02 hdr=0x01 vendor = 'Intel Corporation' class = bridge subclass = PCI-PCI pcib2@pci0:28:3: class=0x060400 card=0x00000040 chip=0x28458086 rev=0x02 hdr=0x01 vendor = 'Intel Corporation' class = bridge subclass = PCI-PCI pcib3@pci0:28:4: class=0x060400 card=0x00000040 chip=0x28478086 rev=0x02 hdr=0x01 vendor = 'Intel Corporation' class = bridge subclass = PCI-PCI none4@pci0:29:0: class=0x0c0300 card=0x50041458 chip=0x28308086 rev=0x02 hdr=0x00 vendor = 'Intel Corporation' class = serial bus subclass = USB none5@pci0:29:1: class=0x0c0300 card=0x50041458 chip=0x28318086 rev=0x02 hdr=0x00 vendor = 'Intel Corporation' class = serial bus subclass = USB none6@pci0:29:2: class=0x0c0300 card=0x50041458 chip=0x28328086 rev=0x02 hdr=0x00 vendor = 'Intel Corporation' class = serial bus subclass = USB none7@pci0:29:7: class=0x0c0320 card=0x50061458 chip=0x28368086 rev=0x02 hdr=0x00 vendor = 'Intel Corporation' class = serial bus subclass = USB pcib4@pci0:30:0: class=0x060401 card=0x00000050 chip=0x244e8086 rev=0xf2 hdr=0x01 vendor = 'Intel Corporation' device = '82801BA/CA/DB/DBL/EB/ER/FB (ICH2/3/4/4/5/5/6), 6300ESB Hub Interface to PCI Bridge' class = bridge subclass = PCI-PCI isab0@pci0:31:0: class=0x060100 card=0x50011458 chip=0x28108086 rev=0x02 hdr=0x00 vendor = 'Intel Corporation' class = bridge subclass = PCI-ISA atapci1@pci0:31:2: class=0x01018f card=0xb0021458 chip=0x28208086 rev=0x02 hdr=0x00 vendor = 'Intel Corporation' class = mass storage subclass = ATA none8@pci0:31:3: class=0x0c0500 card=0x50011458 chip=0x283e8086 rev=0x02 hdr=0x00 vendor = 'Intel Corporation' class = serial bus subclass = SMBus atapci2@pci0:31:5: class=0x010185 card=0xb0021458 chip=0x28258086 rev=0x02 hdr=0x00 vendor = 'Intel Corporation' class = mass storage subclass = ATA atapci0@pci2:0:0: class=0x010185 card=0xb0001458 chip=0x2363197b rev=0x02 hdr=0x00 class = mass storage subclass = ATA none9@pci3:0:0: class=0x020000 card=0xe0001458 chip=0x436411ab rev=0x12 hdr=0x00 vendor = 'Marvell Semiconductor (Was: Galileo Technology Ltd)' class = network subclass = ethernet none10@pci4:0:0: class=0x030000 card=0xbeefdead chip=0x00d41013 rev=0x01 hdr=0x00 vendor = 'Cirrus Logic' device = 'CL-GD5464 Laguna 3D VisualMedia Graphics Accel' class = display subclass = VGA xl0@pci4:2:0: class=0x020000 card=0x100010b7 chip=0x920010b7 rev=0x78 hdr=0x00 vendor = '3COM Corp, Networking Division' device = '3C905C-TX Fast EtherLink for PC Management NIC' class = network subclass = ethernet ####### ifconfig ####### xl0: flags=8843 mtu 1500 options=9 inet 83... netmask 0xfffffff0 broadcast 83.... ether 00:04:76:26:3c:f3 media: Ethernet autoselect (100baseTX ) status: active lo0: flags=8049 mtu 16384 inet 127.0.0.1 netmask 0xff000000 Andrey V. Elsukov, thank you a lot ! On 12/9/06, Andrey V. Elsukov wrote: > >It is a web server with ~130req/s, problems seem to start after > >upgrading to a new hardware. > >FreeBSD 6.1-RELEASE-p10 > > Can you show your /var/run/dmesg.boot, and output of `pciconf -lv` and ifconfig? > > >After a hour it will grow more and more.. The day before yesterday I > >got 20 000 dynamic rules ;o) (I was forced to increase > >net.inet.ip.fw.dyn_max because I start to got errors in syslogs). > > Try this: > # sysctl -w net.inet.ip.fw.dyn_keepalive=0 > > -- > WBR, Andrey V. Elsukov > _______________________________________________ > freebsd-stable@freebsd.org mailing list > http://lists.freebsd.org/mailman/listinfo/freebsd-stable > To unsubscribe, send any mail to "freebsd-stable-unsubscribe@freebsd.org" > -- Best regards, Nicolae Namolovan.