Date: Sun, 20 Jan 2008 15:30:30 -0500 (EST) From: Louis Mamakos <louie@transsys.com> To: FreeBSD-gnats-submit@FreeBSD.org Subject: kern/119839: ng_netflow can consume large sums of memory if export hook isn't connected Message-ID: <20080120203030.209125C5C@ringworld.transsys.com> Resent-Message-ID: <200801202110.m0KLA1O8082222@freefall.freebsd.org>
next in thread | raw e-mail | index | archive | help
>Number: 119839
>Category: kern
>Synopsis: ng_netflow can consume large sums of memory if export hook isn't connected
>Confidential: no
>Severity: non-critical
>Priority: medium
>Responsible: freebsd-bugs
>State: open
>Quarter:
>Keywords:
>Date-Required:
>Class: doc-bug
>Submitter-Id: current-users
>Arrival-Date: Sun Jan 20 21:10:01 UTC 2008
>Closed-Date:
>Last-Modified:
>Originator: Louis Mamakos
>Release: FreeBSD 6.2-STABLE i386
>Organization:
Serendipity scheduling and management
>Environment:
System: FreeBSD ringworld.transsys.com 6.2-STABLE FreeBSD 6.2-STABLE #9: Sat Feb 24 13:13:48 EST 2007 louie@ringworld.transsys.com:/data/obj.usr/src/sys/SMP i386
Dell 2550, RELENG_6 from some time ago, i386
Also observed on: FreeBSD 6.3-PRERELEASE (NET4801) #1: Wed Dec 12 21:33:26 EST 2007,
soekris 5501, i386
>Description:
Using the ng_netflow netgraph module to monitor interesting flows through a FreeBSD based
router using flowctl(8). Notice after a while, the number of entries grow without apparent
bound. One on system, I observed more than 55,000 entries.
The problem is that the code that periodically runs through the entries to expire them is
never started unless the export hook is connected to something. In my case, it was easy
to simply connect it to the ng_hole netgraph module to discard the flow export and have
the expiration callout started.
>How-To-Repeat:
Configure netflow, don't connect anything to the export hook.
ngctl mkpeer ipfw: netflow 10 iface0
ngctl name ipfw:10 catchall
ngctl msg catchall: setdlt { iface=0 dlt=12 }
ngctl msg catchall: settimeouts { inactive=3 active=300 }
>Fix:
Do this:
ngctl mkpeer catchall: hole export sink
ngctl name catchall:export netflowSink
This is minimally a documentation bug. Possibly, the ng_netflow module out to expire flows
immediately, without waiting for an export hook to be connected, but I suppose that might be
a matter of taste/opinion.
>Release-Note:
>Audit-Trail:
>Unformatted:
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20080120203030.209125C5C>