From owner-freebsd-bugs@FreeBSD.ORG Sun Jan 20 21:10:01 2008 Return-Path: Delivered-To: freebsd-bugs@hub.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id C713016A41B for ; Sun, 20 Jan 2008 21:10:01 +0000 (UTC) (envelope-from gnats@FreeBSD.org) Received: from freefall.freebsd.org (freefall.freebsd.org [IPv6:2001:4f8:fff6::28]) by mx1.freebsd.org (Postfix) with ESMTP id B705513C455 for ; Sun, 20 Jan 2008 21:10:01 +0000 (UTC) (envelope-from gnats@FreeBSD.org) Received: from freefall.freebsd.org (gnats@localhost [127.0.0.1]) by freefall.freebsd.org (8.14.2/8.14.2) with ESMTP id m0KLA1Sc082223 for ; Sun, 20 Jan 2008 21:10:01 GMT (envelope-from gnats@freefall.freebsd.org) Received: (from gnats@localhost) by freefall.freebsd.org (8.14.2/8.14.1/Submit) id m0KLA1O8082222; Sun, 20 Jan 2008 21:10:01 GMT (envelope-from gnats) Resent-Date: Sun, 20 Jan 2008 21:10:01 GMT Resent-Message-Id: <200801202110.m0KLA1O8082222@freefall.freebsd.org> Resent-From: FreeBSD-gnats-submit@FreeBSD.org (GNATS Filer) Resent-To: freebsd-bugs@FreeBSD.org Resent-Reply-To: FreeBSD-gnats-submit@FreeBSD.org, Louis Mamakos Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id C206E16A417 for ; Sun, 20 Jan 2008 21:02:03 +0000 (UTC) (envelope-from louie@transsys.com) Received: from ringworld.transsys.com (ringworld.transsys.com [144.202.0.15]) by mx1.freebsd.org (Postfix) with ESMTP id AF4AE13C46B for ; Sun, 20 Jan 2008 21:02:03 +0000 (UTC) (envelope-from louie@transsys.com) Received: by ringworld.transsys.com (Postfix, from userid 1001) id 209125C5C; Sun, 20 Jan 2008 15:30:30 -0500 (EST) Message-Id: <20080120203030.209125C5C@ringworld.transsys.com> Date: Sun, 20 Jan 2008 15:30:30 -0500 (EST) From: Louis Mamakos To: FreeBSD-gnats-submit@FreeBSD.org X-Send-Pr-Version: 3.113 Cc: Subject: kern/119839: ng_netflow can consume large sums of memory if export hook isn't connected X-BeenThere: freebsd-bugs@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list Reply-To: Louis Mamakos List-Id: Bug reports List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sun, 20 Jan 2008 21:10:01 -0000 >Number: 119839 >Category: kern >Synopsis: ng_netflow can consume large sums of memory if export hook isn't connected >Confidential: no >Severity: non-critical >Priority: medium >Responsible: freebsd-bugs >State: open >Quarter: >Keywords: >Date-Required: >Class: doc-bug >Submitter-Id: current-users >Arrival-Date: Sun Jan 20 21:10:01 UTC 2008 >Closed-Date: >Last-Modified: >Originator: Louis Mamakos >Release: FreeBSD 6.2-STABLE i386 >Organization: Serendipity scheduling and management >Environment: System: FreeBSD ringworld.transsys.com 6.2-STABLE FreeBSD 6.2-STABLE #9: Sat Feb 24 13:13:48 EST 2007 louie@ringworld.transsys.com:/data/obj.usr/src/sys/SMP i386 Dell 2550, RELENG_6 from some time ago, i386 Also observed on: FreeBSD 6.3-PRERELEASE (NET4801) #1: Wed Dec 12 21:33:26 EST 2007, soekris 5501, i386 >Description: Using the ng_netflow netgraph module to monitor interesting flows through a FreeBSD based router using flowctl(8). Notice after a while, the number of entries grow without apparent bound. One on system, I observed more than 55,000 entries. The problem is that the code that periodically runs through the entries to expire them is never started unless the export hook is connected to something. In my case, it was easy to simply connect it to the ng_hole netgraph module to discard the flow export and have the expiration callout started. >How-To-Repeat: Configure netflow, don't connect anything to the export hook. ngctl mkpeer ipfw: netflow 10 iface0 ngctl name ipfw:10 catchall ngctl msg catchall: setdlt { iface=0 dlt=12 } ngctl msg catchall: settimeouts { inactive=3 active=300 } >Fix: Do this: ngctl mkpeer catchall: hole export sink ngctl name catchall:export netflowSink This is minimally a documentation bug. Possibly, the ng_netflow module out to expire flows immediately, without waiting for an export hook to be connected, but I suppose that might be a matter of taste/opinion. >Release-Note: >Audit-Trail: >Unformatted: